an application programming interface for the electronic transmission of prescriptions

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

An Application Programming Interface for the Electronic Transmission of

PrescriptionsPresented By: D. P. Mundy

Other Authors: Prof. D. W. Chadwick, Dr E. Ball

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

• Synopsis

• Prescribing in the UK

• The Pilots and Salford Models

• Potential Benefits / Problems

• Present Status

Thanks to:

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Synopsis

• The United Kingdom (UK) National Health Service (NHS)

• NHS Plan– Implement ETP by 2004

• 3 pilot systems – Transcript consortium (Large pharmacies and Pharmed)

– Pharmacy2U consortium (An Internet pharmacy)

– Flexiscript consortium (Microsoft, SchlumbergerSema)

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Salford ETP Project

• Funded by the UK’s Engineering and Physical Sciences Research Council (EPSRC)

• 3 Year Project commenced September 2000

• Carried out in collaboration with Huddersfield University and Hope Hospital, Salford

• £261k funding

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Prescribing in the UK

4. Prescriptions Batched and sent to the PPA

1. Creates & signs Prescription

2. Patient Hands Prescription to Pharmacist (Maybe signed to claim exemption)

5. Prescriptions Processed and payment sent back to Dispenser

3. Drugs Dispensed to Patient, money to dispenser if the patient is not exempt

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Problems with Present Practice• Fraud

– Stolen Prescription Pads, Altered Dispensation Amounts

• Data Integrity– Phone Call Clarification, Illegible Scripts

• Administrative Workload– 578 million prescribed items in 2001

• Efficiency– 60% of Pharmacists believed that the introduction of electronic prescribing

would lead to time savings (Kember Associates, 1999)

• Patient Exemptions / Identification– Pharmacy Check

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

ETP Worldwide

• Denmark– 35 per cent of prescriptions now sent electronically

(Middleton,2000)

• Germany– Electronic health card

• USA– State ETP systems

• UK– Hospital ETP systems and Pharmed trial

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

The Pilots and the Salford Model

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Transcript Consortium Model Transcript Consortium Model

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Transcript Model Perceived Transcript Model Perceived Benefits Benefits

• Patient retains freedom of choice and has control over their own privacy

• No reliance on a central database repository - therefore performance of system similar to present paper based system

• Mirrors present system just reduces fraud and administrative workload for the PPA

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Transcript Model Perceived Transcript Model Perceived Problems Problems

• Barcode Readers Complex and Expensive

• Limit on size of prescription

• Exemptions not automatic

• Lost prescription requires GP callback

• Barcode error rates

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Pharmacy2U Consortium Model Pharmacy2U Consortium Model

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Pharmacy2U Model Perceived Pharmacy2U Model Perceived BenefitsBenefits

• Patient may or may not have freedom of choice

• Very low chance of lost prescriptions

• No paper version of the prescription

• May lead to advanced patient care

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Pharmacy2U Model Perceived Pharmacy2U Model Perceived ProblemsProblems

• DIRECTED Prescriptions may lead to severe consequences for high street pharmacy

• May be a problem with patient acceptance

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Flexiscript Consortium ModelFlexiscript Consortium Model

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

FlexiScript Model Perceived FlexiScript Model Perceived Benefits Benefits

• GP And Pharmacy Applications Interface With Model Without The Need For Additional Hardware

• Patient Retains Freedom of Choice

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

FlexiScript Model Perceived FlexiScript Model Perceived ProblemsProblems

• May be performance issues at the relay

• Patient doesn‘t have complete control over their own privacy and lost script token requires GP callback

• Prescriptions may be stored in the clear

• Exemptions not automatic

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

University of Salford Model University of Salford Model

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

University of Salford Model University of Salford Model Perceived Benefits Perceived Benefits

• Patient retains freedom of choice and has protection of their own privacy

• Automatic Exemption and Authorisation Checking

• In many ways mirrors present system (just electronically)

• Only normal barcode scanners required at the pharmacy

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

University of Salford Model University of Salford Model Perceived ProblemsPerceived Problems

• Lost prescription - requires GP call

• Performance better than Flexiscript model since only encrypting once.(Research currently being undertaken to measure precise advantage)

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Design Issues

• Stakeholder Acceptance– Little change to procedures

• Barcodes - Patient, GP, Pharmacist

• Recovery procedures

– Maintained freedom of choice for patient

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Security Considerations• An Electronic Prescription Processing System must provide:-

– Confidentiality > Encryption/Link Security

– Secure Authentication > Digital Signatures

– Secure Authorisation > Privilege Management Infrastructure

– Integrity > Digital Signatures

– Non-Repudiation of Origin > Digital Signatures

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Security Issue Pharmacy2U Transcript Schlumberger-

Sema

Salford

PatientConfidentiality

Prescriptionsasymmetricallyencrypted forPharmacy (1Encrypt, 1Decryptoperation)

Patient protectshis or her ownprivacy. Noencryptionrequired.Prescriptioncontained in 2-DPDF417Barcode.

Prescriptionsencrypted forprescriptionstore, decryptedthen re-encryptedfor pharmacyrequest.

Patient protectshis or her ownprivacy.Symmetric KeyEncryption (1Encrypt, 1Decryptoperation).Symmetric key inBarcode on paperprescription.

Disadvantages/Benefits

Management ofencryption keypairs, decryptionkeys shared bypharmacists,Patient cannotchoose afterconsultation whothey wish to visit

PDF417 barcodereaders notpresent inpharmacies, moreexpensive thannormal readers,prone to errorsand no recoverymechanism froma unreadablebarcode

Performance ofsystem,prescriptionsmay be held un-encrypted instore,Management ofencryption keypairs, decryptionkeys shared bypharmacists

Improves onothermechanisms.The informationcontained withinthe 1-D barcodecan be recoveredby hand [2].

Security Model Comparison (1)

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Authorisation Controlled byapplication. Noautomaticexemptionchecking.

Controlled byapplication anduse of differenttypes ofprescriptionforms. Noautomaticexemptionchecking.

Controlled byapplication. Noautomaticexemptionchecking.

Provided byPrivilegeManagementInfrastructuredetailed in [13].Authority toprescribe anddispense checkedalong with theauthority of apatient to receiveexemption frompayment.

Issues/Benefits May be weak security mechanisms allowing users whoare not prescribers/dispensers to access the applicationand prescriptions. No automatic exemption checking.

Automaticallycontrolled andmore secure thanthe other systemdesigns

IdentityAuthentication

Digital Signature Digital Signature Digital Signature Digital Signature

Security Issue Pharmacy2U Transcript Schlumberger-

Sema

Salford

Security Model Comparison (2)

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Present Status• An API designed to facilitate the introduction of our

proposed electronic prescription processing system design has been built. Disparate applications can call our API to transfer prescriptions electronically– Described within the paper

• Evaluation Phase– Qualitative Evaluation -Stakeholder Focus Groups

– Quantitative Evaluation - Performance Research

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

The API

• Three subsystems (Prescribing, Dispensing and PPA Operations)

• Works in conjunction with two digitially signed supporting third party class structures

– Security class structure

– Directory configuration class structure

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Security Class Structure

EPP SecurityAbstract Base Class

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

API Operation - Example Prescribing Subsection

initialiseEPP

PrescribingOperations class

(Security,Directory Config)

setupPrescription(Patient details)

addPrescriptionItem(Item details)

signAndStorePrescription()

Prescriber application prints prescription

PrescriptionStore

Access Established

Checks Authorisation

Logged in Security class

Directory Configuration class

getPrescriptionEncryptionKey()

getBarcodeKeyValue()

Joe BloggsAge 24

Paracetamol Differin

Signature

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Further Information

• For further research related to this project please visit

• http:\\sec.isi.salford.ac.uk\

ISSRG Information Systems Security Research Group

Contact: D.Mundy@salford.ac.uk

http://sec.isi.salford.ac.uk

Questions