Upload
barnaby-flowers
View
215
Download
0
Embed Size (px)
Citation preview
1
Integrating the Healthcare EnterpriseIntegrating the Healthcare Enterprise
Audit Trail and Node Authentication Profile
IHE IT Technical and Planning Committee
June 15th – July 15th 2004 - Public Comment
IT Infrastructure – Audit Trail & Node Authentication
2
Prof. Societies Sponsorship
Healthcare Providers & Vendors
Healthcare IT Standards HL7, DICOM, etc.
General IT Standards Internet, ISO, etc.
Interoperable Healthcare IT Solution Specifications
IHE Integration Profile Interoperable Healthcare IT
Solution Specifications IHE Integration Profile
Interoperable Healthcare IT Solution Specifications
IHE Integration Profile Interoperable Healthcare IT
Solution Specifications IHE Integration Profile
IHE Process
IHE drives healthcare standards based-integration IHE drives healthcare standards based-integration
IT Infrastructure – Audit Trail & Node Authentication
3
IHE
EHR- Longitudinal Record
IHE Cardiology
IHE Laboratory
IHE Radiology
IHE
Future Domain
IHE
Future Domain
IHE
IT Infrastructure Intra-Enterprise
Cross-Enterprise
14 Integration Profiles
5 Integration Profile
3 Integration Profiles
9 Integration Profiles
IHE 2004 achievements and expanding scope IHE 2004 achievements and expanding scope
Over 80 vendors involved world-wide, 4 Technical Frameworks31 Integration Profiles, Testing at yearly Connectathons,
Demonstrations at major exhibitions world-wide
Provider-Vendor cooperation to accelerate standards adoption
IT Infrastructure – Audit Trail & Node Authentication
4
IHE ProcessIHE Process Users and vendors work together to identify
and design solutions for integration problems
Intensive process with annual cycles:– Identify key healthcare workflows and integration
problems– Research & select standards to specify a solution– Write, review and publish IHE Technical Framework– Perform cross-testing at “Connectathon”– Demonstrations at tradeshows (HIMSS/RSNA…)
IT Infrastructure – Audit Trail & Node Authentication
5
A Proven Standards Adoption ProcessA Proven Standards Adoption Process
IHEIntegrationProfiles B
IHEIntegrationProfile A
Easy toIntegrateProducts
IHEConnectathon
ProductWith IHE
IHEDemonstration
User Site
RFPRFP
Standards
IHETechnical
Framework
Product IHE IntegrationProduct IHE IntegrationStatementStatement
IHE IHE ConnectathonConnectathonResultsResults
IHE Integration Profiles at the heart of IHE :– Detailed selection of standards and options each solving a specific integration
problem– A growing set of effective provider/vendor agreed solutions– Vendors can implement with ROI– Providers can deploy with stability
IT Infrastructure – Audit Trail & Node Authentication
6
More on IHE IT InfrastructureMore on IHE IT Infrastructure
To learn more about IHE IT Infrastructure
Integrating the Healthcare Enterprise:
www.himss.org/ihe
Read the IHE Brochurehttp://www.himss.org/content/files/IHE_newsletter_final.pdf
IT Infrastructure – Audit Trail & Node Authentication
7
Audit Trail and Node Authentication Audit Trail and Node Authentication (ATNA) – Abstract/Scope(ATNA) – Abstract/Scope
HIPAA means more attention and care to protect Patient’s Privacy, and this requires Security.
In Healthcare we have Protected Health Information for patients such as orders, procedure, images, films and reports.
The confidentiality, integrity, and availability of this information must be assured. – authorized persons must have access to medical
data of patients, and the information must not be disclosed otherwise.
IT Infrastructure – Audit Trail & Node Authentication
8
Audit Trail and Node Authentication Audit Trail and Node Authentication (ATNA) – Value Proposition(ATNA) – Value Proposition
Assures Authorized users gain access to secure nodes
Verifies that only secure nodes exchange data.
Provides audit facility to Verify compliance with procedures Permit detection of inappropriate behavior Without interfering with time critical activities
IT Infrastructure – Audit Trail & Node Authentication
9
ATNA -- EnvironmentATNA -- EnvironmentRequired Physical SecurityRequired Physical Security
Doors, key access, etc. restrict accessDoors, key access, etc. restrict access
Communications and Equipment areCommunications and Equipment arekept in restricted access areaskept in restricted access areas
Access to equipment is controlledAccess to equipment is controlledCabinets, wiring, etc. are protected.Cabinets, wiring, etc. are protected.
IT Infrastructure – Audit Trail & Node Authentication
10
ATNA -- EnvironmentATNA -- EnvironmentRequired Network SecurityRequired Network Security
Firewalls, VPN, and other access Firewalls, VPN, and other access controls.controls.
Unauthorized external access is denied.Unauthorized external access is denied.
Additional security facilities may be in Additional security facilities may be in place if warranted by local conditions.place if warranted by local conditions.
IT Infrastructure – Audit Trail & Node Authentication
11
ATNA -- Node Authentication Configuration
System A System B
Secure networkSecured Node Secured Node
•Manually managed Node Authentication Certificates
IT Infrastructure – Audit Trail & Node Authentication
12
ATNA: Typical Workflow
System A System B
Secured SystemSecure network
• Strong authentication of remote node (digital certificates)• network traffic encryption is not required
Secured System
• Local access control (authentication of user)
• Audit trail with:• Real-time access • Time synchronization
Central Audit TrailRepository
IT Infrastructure – Audit Trail & Node Authentication
13
ATNA – Example “Transfer Image” ATNA – Example “Transfer Image” Audit MessageAudit Message <?xml version="1.0" encoding="UTF-8" ?>
- <AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="D:\data\DICOM\security\dicom-audit.xsd">- <EventIdentification EventActionCode="C" EventDateTime="2001-12-17T09:30:47-05:00" EventOutcomeIndicator="0"> <EventID code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <EventTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </EventIdentification>- <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String"
NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant>- <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String"
NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant>- <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String"
NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant>- <AuditSourceIdentification AuditEnterpriseSiteID="String" AuditSourceID="String"> <AuditSourceTypeCode code="1" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </AuditSourceIdentification>- <ParticipantObjectIdentification ParticipantObjectID="String" ParticipantObjectTypeCode="1" ParticipantObjectTypeCodeRole="1" ParticipantObjectDataLifeCycle="1"
ParticipantObjectSensitivity="String"> <ParticipantObjectIDTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <ParticipantObjectName>String</ParticipantObjectName> - <ParticpantObjectDescription> <MPPS ID="String" /> <AccessionNumber ID="String" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> </ParticpantObjectDescription> </ParticipantObjectIdentification>- <ParticipantObjectIdentification ParticipantObjectID="String" ParticipantObjectTypeCode="1" ParticipantObjectTypeCodeRole="1" ParticipantObjectDataLifeCycle="1"
ParticipantObjectSensitivity="String"> <ParticipantObjectIDTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <ParticipantObjectName>String</ParticipantObjectName> </ParticipantObjectIdentification> </AuditMessage>
IT Infrastructure – Audit Trail & Node Authentication
14
ATNA – Technical DetailsATNA – Technical Details
Locally defined User Identification, Authentication, and Authorization
Node to Node communications authenticated– HL7 – TLS – Digital Certificates– DICOM – TLS – Digital Certificates– HTTP – TLS – Digital Certificates
Audit Trails– Reliable SYSLOG (Cooked)– IETF Audit Message Schema– DICOM Audit Message details– IHE further clarifications for events not detailed in DICOM
IT Infrastructure – Audit Trail & Node Authentication
15
More information….More information…. Web sites: www.himss.org/ihe
www.rsna.org/ihewww.ihe-europe.org
– IHE IT Infrastructure Technical Framework for 2003-IHE IT Infrastructure Technical Framework for 2003-2004 - V 1.0 Final Text2004 - V 1.0 Final Text
– IHE IT Infrastructure Technical Framework Supplements IHE IT Infrastructure Technical Framework Supplements for 2004-2005 – Public Commentsfor 2004-2005 – Public Comments
– Comments atComments at http://forums.rsna.org, IHE forum, http://forums.rsna.org, IHE forum,IT Infrastructure sub-forum, IT Infrastructure sub-forum, until July 15until July 15thth, 2004., 2004.
Non-Technical Brochures :Non-Technical Brochures :– IHE Brochure, IHE Fact Sheet IHE Brochure, IHE Fact Sheet – IHE Connectathon ResultsIHE Connectathon Results– IHE Products Integration StatementsIHE Products Integration Statements