Upload
dominic-nixon
View
21
Download
0
Embed Size (px)
DESCRIPTION
Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health 2005, Tromsö May, 24. Content. What is the need of a PKI in the Health sector ? Why do Health organisations implement IT systems ? - PowerPoint PPT Presentation
Citation preview
Page 1
Issues in and perspectives onelectronic authentication
of health professionals
Pascal POITEVIN Marketing and Communication manager
GIP-CPS
e-Health 2005, TromsöMay, 24
Page 2
Content
What is the need of a PKI in the Health sector ?Why do Health organisations implement IT systems ?The PKI definition The Health actors and the exchanges to be secured
The experience of the GIP-CPS, first European public PKICertificates : guarantee of identity, profession, activityRecording, publication Deployment statusExamples of applications The GIP-CPS business development
PKI interoperability issues
Page 3
The HealthCare Information System Why do Health organisations implement IT systems ?
1. To share medical information between all parties assuming some responsibility towards patients
2. To implement public health security information systems (medical watching, epidemiological surveys, clinical research….)
3. To improve administrative and financial management processes
4. To develop continuous access to information and knowledge for the HealthCare system participants
Page 4
What is a PKI ?A Public Key Infrastructure (PKI) manages the space of confidence of the organization, enable to control all the security aspects of the environment :
• users’ authentication, • confidentiality, • data integrity, • non-repudiation of the transactions.
To achieve this goal, the PKI offers the administration services, the generation and diffusion of keys and electronic certificates necessary to the security products (secured e-mail, SSL server and clients, signature software...).
REGISTRATION AUTHORITY
(Med. Assoc., State and Insurance
representatives)
Valid the professional record
CERTIFICATION AUTHORITY
(GIP-CPS)produces cards as well
as associated keys and certificates
PUBLICATION SERVICEHealthCarePROFESSIONAL
CPS PKI Directory
OppositionLists CRL
Page 5
Fournisseurs
Payeu
rs
Care providers
Regulator
Payers
Suppliers
HealthCare Structures HealthCare Professionals
Pharmaceutical laboratories
Pharmacies
Health web sites
Compulsory National Health Insurances
Complementary Health Insurances
Employers
What is the need of a PKI in the Health sector ?Many data exchanges to secure
Page 6
The GIP-CPS « Groupement d’Intérêt Public – Carte de Professionnel de Santé »
It fits the demands for confidence and security in electronic exchanges and sharing of medical data
Its members :
- the French state,
- the 3 compulsory national health insurances,
- the complementary health insurances,
- the professional associations,
- different user organizations.
Page 7
In France, the certification authority of the health sector
Since it was created (in 1993), the GIP-CPS has developed the health professional card (CPS smart card) for the SESAM-Vitale application (the electronic refund claim form exchanged between health professionals and health insurance). Within its card, the GIP-CPS delivers to health professionals certificates usable by all the applications of the health sector allowing :
the authentication, the signature.
Moreover, confidentiality certificates are used for messages’ encoding.
Page 8
The certificate : official « electronic professional identity document »
• Quality of the recording process : rigorous checking of identity and professional skills of the holder (Medical Associations, Stateand Insurance representatives’ visas).
• Publication of valid certificates and revocation list accessible for applications 24/24 and 7/7
• Setting up of a single French health professional repository (RPPS*)
* RPPS : « Répertoire Partagé des Professionnels de Santé »
Confidence guarantee bring by the GIP-CPS
Page 9
The deployment status (16/04/2005 figures)
Valid cards’ holders : 570 506
Liberal sector : 495 382 (8 out of 10 liberal health professional) –Regulated health professionals : 286 924–Employees : 208 458
Health structures : 75 124–Regulated health professionals : 19 571–Employees : 55 553
Page 10
Examples of applications
• Management of medical duties in Dordogne• Access to medical files in medical departments of military units
(health service of the Armies) • Access for liberal professionals to a hospital medical file in Antibes • Shared Patient Medical File between doctors in Lyon (Oncora
network) • Management of working time, secured accesses to buildings and
workstations in a hospital in Angers • e-transmission of the refund claim forms (Sesam-Vitale) :
76 580 000 in January 2005
Page 11
The GIP-CPS business development
• The new national projects (Shared Personal Medical File “DMP”, secured access to health insurance data, electronic prescriptions...) will :
– Stimulate exchanges and sharing of medical electronic data,– Require the protection of these exchanges and data.
• To adapt its offer to these emergent needs, the GIP-CPS enhances its range of certificates with :
– Certificates with software support (being able to be embarked by industries in a USB key, a key server, a personal electronic assistant...),
– Server Certificates.
Page 12
PKI interoperability issues
Necessity of interoperability Why interoperability ? It is a precondition to secured interconnection of applications and networks
How interoperability is checked? by comparison of certification policies, of exploitation procedures and
implemented means
What are the means of implementation ? – Accreditation by national reference organizations– Mutual recognition of PKI at an international level
Interoperability within European countries - Would a European certification authority be of any interest ? - How can we study and experiment interoperability of electronic certificates
with other State members ?
Page 13
Conclusion
Thank you for your attention !
www.gip-cps.fr
Contact for international relationship : [email protected]