View
216
Download
3
Category
Preview:
Citation preview
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
An Application Programming Interface for the Electronic Transmission of
PrescriptionsPresented By: D. P. Mundy
Other Authors: Prof. D. W. Chadwick, Dr E. Ball
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
• Synopsis
• Prescribing in the UK
• The Pilots and Salford Models
• Potential Benefits / Problems
• Present Status
Thanks to:
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Synopsis
• The United Kingdom (UK) National Health Service (NHS)
• NHS Plan– Implement ETP by 2004
• 3 pilot systems – Transcript consortium (Large pharmacies and Pharmed)
– Pharmacy2U consortium (An Internet pharmacy)
– Flexiscript consortium (Microsoft, SchlumbergerSema)
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Salford ETP Project
• Funded by the UK’s Engineering and Physical Sciences Research Council (EPSRC)
• 3 Year Project commenced September 2000
• Carried out in collaboration with Huddersfield University and Hope Hospital, Salford
• £261k funding
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Prescribing in the UK
4. Prescriptions Batched and sent to the PPA
1. Creates & signs Prescription
2. Patient Hands Prescription to Pharmacist (Maybe signed to claim exemption)
5. Prescriptions Processed and payment sent back to Dispenser
3. Drugs Dispensed to Patient, money to dispenser if the patient is not exempt
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Problems with Present Practice• Fraud
– Stolen Prescription Pads, Altered Dispensation Amounts
• Data Integrity– Phone Call Clarification, Illegible Scripts
• Administrative Workload– 578 million prescribed items in 2001
• Efficiency– 60% of Pharmacists believed that the introduction of electronic prescribing
would lead to time savings (Kember Associates, 1999)
• Patient Exemptions / Identification– Pharmacy Check
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
ETP Worldwide
• Denmark– 35 per cent of prescriptions now sent electronically
(Middleton,2000)
• Germany– Electronic health card
• USA– State ETP systems
• UK– Hospital ETP systems and Pharmed trial
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
The Pilots and the Salford Model
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Transcript Consortium Model Transcript Consortium Model
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Transcript Model Perceived Transcript Model Perceived Benefits Benefits
• Patient retains freedom of choice and has control over their own privacy
• No reliance on a central database repository - therefore performance of system similar to present paper based system
• Mirrors present system just reduces fraud and administrative workload for the PPA
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Transcript Model Perceived Transcript Model Perceived Problems Problems
• Barcode Readers Complex and Expensive
• Limit on size of prescription
• Exemptions not automatic
• Lost prescription requires GP callback
• Barcode error rates
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Pharmacy2U Consortium Model Pharmacy2U Consortium Model
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Pharmacy2U Model Perceived Pharmacy2U Model Perceived BenefitsBenefits
• Patient may or may not have freedom of choice
• Very low chance of lost prescriptions
• No paper version of the prescription
• May lead to advanced patient care
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Pharmacy2U Model Perceived Pharmacy2U Model Perceived ProblemsProblems
• DIRECTED Prescriptions may lead to severe consequences for high street pharmacy
• May be a problem with patient acceptance
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Flexiscript Consortium ModelFlexiscript Consortium Model
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
FlexiScript Model Perceived FlexiScript Model Perceived Benefits Benefits
• GP And Pharmacy Applications Interface With Model Without The Need For Additional Hardware
• Patient Retains Freedom of Choice
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
FlexiScript Model Perceived FlexiScript Model Perceived ProblemsProblems
• May be performance issues at the relay
• Patient doesn‘t have complete control over their own privacy and lost script token requires GP callback
• Prescriptions may be stored in the clear
• Exemptions not automatic
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
University of Salford Model University of Salford Model
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
University of Salford Model University of Salford Model Perceived Benefits Perceived Benefits
• Patient retains freedom of choice and has protection of their own privacy
• Automatic Exemption and Authorisation Checking
• In many ways mirrors present system (just electronically)
• Only normal barcode scanners required at the pharmacy
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
University of Salford Model University of Salford Model Perceived ProblemsPerceived Problems
• Lost prescription - requires GP call
• Performance better than Flexiscript model since only encrypting once.(Research currently being undertaken to measure precise advantage)
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Design Issues
• Stakeholder Acceptance– Little change to procedures
• Barcodes - Patient, GP, Pharmacist
• Recovery procedures
– Maintained freedom of choice for patient
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Security Considerations• An Electronic Prescription Processing System must provide:-
– Confidentiality > Encryption/Link Security
– Secure Authentication > Digital Signatures
– Secure Authorisation > Privilege Management Infrastructure
– Integrity > Digital Signatures
– Non-Repudiation of Origin > Digital Signatures
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Security Issue Pharmacy2U Transcript Schlumberger-
Sema
Salford
PatientConfidentiality
Prescriptionsasymmetricallyencrypted forPharmacy (1Encrypt, 1Decryptoperation)
Patient protectshis or her ownprivacy. Noencryptionrequired.Prescriptioncontained in 2-DPDF417Barcode.
Prescriptionsencrypted forprescriptionstore, decryptedthen re-encryptedfor pharmacyrequest.
Patient protectshis or her ownprivacy.Symmetric KeyEncryption (1Encrypt, 1Decryptoperation).Symmetric key inBarcode on paperprescription.
Disadvantages/Benefits
Management ofencryption keypairs, decryptionkeys shared bypharmacists,Patient cannotchoose afterconsultation whothey wish to visit
PDF417 barcodereaders notpresent inpharmacies, moreexpensive thannormal readers,prone to errorsand no recoverymechanism froma unreadablebarcode
Performance ofsystem,prescriptionsmay be held un-encrypted instore,Management ofencryption keypairs, decryptionkeys shared bypharmacists
Improves onothermechanisms.The informationcontained withinthe 1-D barcodecan be recoveredby hand [2].
Security Model Comparison (1)
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Authorisation Controlled byapplication. Noautomaticexemptionchecking.
Controlled byapplication anduse of differenttypes ofprescriptionforms. Noautomaticexemptionchecking.
Controlled byapplication. Noautomaticexemptionchecking.
Provided byPrivilegeManagementInfrastructuredetailed in [13].Authority toprescribe anddispense checkedalong with theauthority of apatient to receiveexemption frompayment.
Issues/Benefits May be weak security mechanisms allowing users whoare not prescribers/dispensers to access the applicationand prescriptions. No automatic exemption checking.
Automaticallycontrolled andmore secure thanthe other systemdesigns
IdentityAuthentication
Digital Signature Digital Signature Digital Signature Digital Signature
Security Issue Pharmacy2U Transcript Schlumberger-
Sema
Salford
Security Model Comparison (2)
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Present Status• An API designed to facilitate the introduction of our
proposed electronic prescription processing system design has been built. Disparate applications can call our API to transfer prescriptions electronically– Described within the paper
• Evaluation Phase– Qualitative Evaluation -Stakeholder Focus Groups
– Quantitative Evaluation - Performance Research
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
The API
• Three subsystems (Prescribing, Dispensing and PPA Operations)
• Works in conjunction with two digitially signed supporting third party class structures
– Security class structure
– Directory configuration class structure
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Security Class Structure
EPP SecurityAbstract Base Class
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
API Operation - Example Prescribing Subsection
initialiseEPP
PrescribingOperations class
(Security,Directory Config)
setupPrescription(Patient details)
addPrescriptionItem(Item details)
signAndStorePrescription()
Prescriber application prints prescription
PrescriptionStore
Access Established
Checks Authorisation
Logged in Security class
Directory Configuration class
getPrescriptionEncryptionKey()
getBarcodeKeyValue()
Joe BloggsAge 24
Paracetamol Differin
Signature
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Further Information
• For further research related to this project please visit
• http:\\sec.isi.salford.ac.uk\
ISSRG Information Systems Security Research Group
Contact: D.Mundy@salford.ac.uk
http://sec.isi.salford.ac.uk
Questions
Recommended