Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy & Security Maturity Model. Levels of Maturity MaturityCriteria 1-All traffic between POS & HIM is encrypted using TLS -POS & HIM nodes are mutually.

Published byRalf Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy & Security Maturity Model. Levels of Maturity MaturityCriteria 1-All traffic between POS & HIM is encrypted using TLS -POS & HIM nodes are mutually."— Presentation transcript:

1 Privacy & Security Maturity Model

2 Levels of Maturity MaturityCriteria 1-All traffic between POS & HIM is encrypted using TLS -POS & HIM nodes are mutually authenticated at the device level. -Mirrored audits are collected between the HIM and infrastructure services whenever PHI is conveyed. 2-Level 1 + -All traffic between all systems (POS, HIM & backing services) is encrypted using TLS. -All nodes are mutually authenticated at the device level -Audits contain the X.509 Subject field of the requesting party 3-Level 2 + -POS systems are able to assert user identity, location and purpose of use to the HIM -Mirrored audits are collected between all parties (POS > HIM & HIM > Service) -POS systems are able to send relevant audits to central audit-repository -All audits contain the asserted user identity, location and purpose of use. 4 (a)-Level 3 + -POS systems are able to supply an appropriate “confidentialityCode” on XDS queries (POS acts as PDP) -POS systems are able to demonstrate correct interpretation of “confidentialityCode” in XDS responses (POS acts as PEP) 4 (b)-Level 4 + -Infrastructure is capable of interpreting a filtering results (XDS Registry or HIM acts as a PEP/PDP) -Infrastructure is capable of maintaining a list of policy directives (HIM or other acts as a PIP)

3 Profile Speak MaturityATNAXUABPPCBPPC + Enforcement 1X*X 2XX 3XXX 4 (a)XXXXX* 4 (b)XXXXX * - Partial compliance across entire infrastructure

4 Node Authentication (NA)

5 How it Works: NA All actors carrying PI over non-isolated network must implement Get Documents Challenge w/PublicKey Public Key CRL?

6 X Enterprise User Assertion Provides a mechanism for asserting a user identity Typically WS-SEC + SAML Can be used on any WS-* transaction The X-Service User may determine the contents of the identity assertion

7 X-Assertion Provider (clinic.com) How it works: XUA X-Service Provider X-Service User User Authentication Provider Document Consumer Document Registry Registry Stored Query (ITI-18) Provide X-User Assertion (dsmith@clinic.com) (ITI-40) Dr. Smith dsmith EUA / Other Auth: dsmith Audit Repository Get X-User Assertion for dsmith Record Audit (dsmith@clinic.com) (ITI-20) User: dsmith ?

8 XUA (ish) Alternatives For REST interfaces Use IUA – Internet User Assertion Other options from POS <> HIM (which the HIM can map to XUA) OAuth JWT Tokens WS-Trust based assertions Any format which conveys “User” at “Clinic” querying “because”

9 Sample Purpose of Use Codes OSCAR uses this list as a POU source. Just another vector used in the policy decision process CodePurpose TREATMENTTreatment – Information will be used for treating the patient OPERATIONSHealthcare Operations – Used for record maintenance PSYCHOTHERAPYUse or disclosure of psychotherapy notes FAMILYDisclose to a family member or relative EMERGENCYPatient is not able to give direct consent due to incapacity or an emergency REQUESTAt the request of the patient. RESEARCHTo perform one or more operations on information for conducting scientific research. PRESENTUse and disclosure with the individual present.

10 BPPC? Basic Patient Privacy Constraints Content & Enforcement Profile Content = BPPC Consent Document CDA document documenting expression of consent ITI TF Vol. 3 Option = BPPC Enforcement Option DOC source MUST populate confidentiality code with an acceptable policy. DOC consumer MAY populate confidentiality code in query DOC consumer MUST enforce any confidentialityCodes received (must not disclose documents carrying codes not understood) DOC Registry may enforce confidentialityCode query parameter BPPC option implemented on DOC_SOURCE and DOC_CONSUMER roles One or more “policies” are defined by the affinity domain (logically) “Share with Clinic A” “Share with Project Y” (optional) Sources attach one or more policies to a shared file Consumers apply the policy Based on current user roles Based on current site

11 BPPC During Setup of an Affinity Domain 1.2.3.4 IDNamePolicy Legalese Share With Clinic AClinic A Privacy Policy.PDF 1.2.3.5Share With Project YProject Y Privacy Policy.PDF

12 BPPC @ OpenHIE Maturity Level 4 (a) When Joining a POS to the HIE PolicyConfig.xml IDName 1.2.3.4Share With Clinic A 1.2.3.5Share With Project Y DoctorsAllow: View, Import, Export, Disclose EveryoneDeny: View, Import, Export, Disclose Not Configured (Everyone is Denied All Access Rights) -Each POS configures their system to adhere to policies (application specific behavior) -Each POS must be validated prior to receiving their certificate from an HIE administrator / privacy officer

13 BPPC @ OpenHIE Maturity Level 4 (a) John Smith 1980-05-20 123 Main Street West Hamilton jsmith@myoscar.ca 1 John Smith 1980-05-20 123 Main Street West Hamilton jsmith@myoscar.ca 0 John Smith 1980-05-20 123 Main Street West Hamilton jsmith@myoscar.ca 211 1 @ MyOSCAR 211 @ Clinic A Share Extract Apply Policy 1.2.3.4 ITI-42 ITI-9 211 @ Clinic A 0 @ Affinity Domain ITI-18 PID: 0 @ Affinity Domain Policy: 1.2.3.4 Policy.xml

14 BPPC @ OpenHIE Maturity Level 4 (a) 1.User wishes to share document 2.User customizes content A.IF CDA Extract: Content for export is selected B.IF PDF / Blob : A PDF/A of the content is produced 3.(optional) User selects consent policies which apply to the document or a default is applied 4.(optional) User agreement with policy legalese is displayed and agreed to, if A.user has never submitted a BPPC consent document for the selected policy(ies), or B.BPPC consent has expired 5.A PIX message is sent to resolve the local identifier to an enterprise identifier 6.An XDS submission set containing the BPPC consent document is sent to the affinity domain 7.An XDS submission set containing the appropriate “confidentialityCode” entries and the payload selected in #2 is sent to the affinity domain. Sample Process

15 Maturity Level 4 (b) Very robust implementation User identity is conveyed to infrastructure Infrastructure (XDS registry / repository) consult PIP and enforce policies prior to disclosure Granular policies can be defined Only share with provider X Only share in an Emergency Only share Discharge Summaries if the purpose of use is for Treatment

16 OpenHIE Maturity Level 4 (b) Share Extract Apply Policy 1.2.3.4 ITI-42 ITI-9 211 @ Clinic A 0 @ Affinity Domain ITI-18 Dr. X is asking: PID: 0 @ Affinity Domain Policy: 1.2.3.4 Purpose: TREATMENT Policy.xml Get Consent Policies Assert I am Dr. X Assert I am using data for TREATMENT Request Token Apply Policies PID: 0 @ Affinity Domain PIP

17 OpenHIE Maturity Level 4 (b) Policy Information Point (PIP) Could be a PHR or patient facing service Simplifies the BPPC policy list Can be “Share with Stone Church”, or “Share with my Family Health Team” … Which providers are in “Family Health Team” is deter Patient can easily modify consent access independent of XDS meta-data (i.e. document meta-data is always “Share With Family Health Team”) Could be a flat-file Could be an administrative service like the HIM

18 What can I do at each maturity level? Objective1234a4b Identify which POS executed a particular query on a specific date/time*XXXX Identify which records were disclosed to a POS system*XXXX Identify which user accessed which patient record at a particular date/timeXXX Identify which clinic a particular user was operating in when they accessed a record XXX Block all users from accessing an entire patient profile (big on/off switch)XX Block a specific user / clinic from accessing an entire patient profile*X Block a specific user / clinic from accessing any one document*X Block a specific user / clinic from accessing entire profile, except in case of emergency *X Centrally manage policy behaviorsX

19 What do *we* (OpenHIE) have to do? Maturity LevelGAP 1-OpenHIE 1.0 compatible -Ensure that TLS (NA) and audit trail is setup “out of the box” on backing systems 2-OpenHIE 1.0 can be configured to behave this way -Ensure that TLS is used between HIM and backing server -Ensure that POS systems send audits before they get their key 3-HIM would have to be able to audit the server side of the POS audit -Ensure HIM can pass XUA soap headers through routes / mediators 4 (a)-Ensure HIM enforces “confidentialityCode” is passed from POS or a default is supplied 4 (b)-One of: -Implement HIM mediator to apply PIP policies (in a HIM is PDP/PEP model) -Install an XDS registry which can acts as a PDP/PEP (HIEOS for example) -(Optional) Implement a fancy PIP management system (or use a flat file)

20 What do our *POS* vendors have to do? Maturity LevelGAP 1-Ensure client TLS certs can be installed -Ensure client can “speak” XDS/PIX or some transformable format 2-Nothing more than Level 1 3-Ensure client can send audits in some form to the HIM -Ensure client can convey : User ID, Clinic/Organization, and POU to the HIM in some form 4 (a)-Ensure client can add allowed consent policy filter to document filter (if HIM can’t perform this function) -Ensure client adheres to returned policies identified in the response message 4 (b)-Nothing – infrastructure enforces policy -(optional) Client can implement a “supply other POU” functionality to do BTG

Download ppt "Privacy & Security Maturity Model. Levels of Maturity MaturityCriteria 1-All traffic between POS & HIM is encrypted using TLS -POS & HIM nodes are mutually."

Similar presentations

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
XDS Security ITI Technical Committee May 27, 2006.

XDS Security ITI Technical Committee May 27, 2006.
IHE Profile Proposal: Dynamic Configuration Management October, 2013.

IHE Profile Proposal: Dynamic Configuration Management October, 2013.
Extending XDW in Cross-Community Editor: Charles Parisot Notes for the March 19 th, 2013 – ITI Tech Committee.

Extending XDW in Cross-Community Editor: Charles Parisot Notes for the March 19 th, 2013 – ITI Tech Committee.
Course 5: IHS NHIE Overview and Patient Data Viewer February 1, 2011.

Course 5: IHS NHIE Overview and Patient Data Viewer February 1, 2011.
Proposed Technical Architecture for California HIE Services Walter Sujansky Sujansky & Associates, LLC Presentation to NHIN-Direct Security and Trust Work.

Proposed Technical Architecture for California HIE Services Walter Sujansky Sujansky & Associates, LLC Presentation to NHIN-Direct Security and Trust Work.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.

Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Distributing Images: Cross-enterprise Document Sharing for Imaging (XDS-I) Access to Radiology Information (ARI) Retrieve Information for Display (RID)

Distributing Images: Cross-enterprise Document Sharing for Imaging (XDS-I) Access to Radiology Information (ARI) Retrieve Information for Display (RID)
Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
IHE Radiology –2007What IHE Delivers 1 Christoph Dickmann IHE Technical Committee March 2007 Cross Domain Review PCC.

IHE Radiology –2007What IHE Delivers 1 Christoph Dickmann IHE Technical Committee March 2007 Cross Domain Review PCC.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Similar presentations

Ads by Google