integrating the healthcare enterprise audit trail and node authentication profile name of presenter...
TRANSCRIPT
Integrating the Healthcare EnterpriseIntegrating the Healthcare Enterprise
Audit Trail and Node Authentication Profile
Name of PresenterIHE affiliation
HIMSS Annual Conference 2004
Prof. Societies Sponsorship
Healthcare Providers & Vendors
Healthcare IT Standards HL7, DICOM, etc.
General IT Standards Internet, ISO, etc.
Interoperable Healthcare IT Solution Specifications
IHE Integration Profile Interoperable Healthcare IT
Solution Specifications IHE Integration Profile
Interoperable Healthcare IT Solution Specifications
IHE Integration Profile Interoperable Healthcare IT
Solution Specifications IHE Integration Profile
IHE Process
IHE drives healthcare standards based-integration IHE drives healthcare standards based-integration
HIMSS Annual Conference 2004
IHE
EHR- Longitudinal Record
IHE Cardiology
IHE Laboratory
IHE Radiology
IHE
Future Domain
IHE
Future Domain
IHE
IT Infrastructure Intra-Enterprise
Cross-Enterprise
14 Integration Profiles
5 Integration Profile
3 Integration Profiles
9 Integration Profiles
IHE 2004 achievements and expanding scope IHE 2004 achievements and expanding scope
Over 80 vendors involved world-wide, 4 Technical Frameworks31 Integration Profiles, Testing at yearly Connectathons,
Demonstrations at major exhibitions world-wide
Provider-Vendor cooperation to accelerate standards adoption
HIMSS Annual Conference 2004
IHE ProcessIHE Process Users and vendors work together to identify
and design solutions for integration problems
Intensive process with annual cycles:– Identify key healthcare workflows and integration
problems– Research & select standards to specify a solution– Write, review and publish IHE Technical Framework– Perform cross-testing at “Connectathon”– Demonstrations at tradeshows (HIMSS/RSNA…)
HIMSS Annual Conference 2004
A Proven Standards Adoption ProcessA Proven Standards Adoption Process
IHEIntegrationProfiles B
IHEIntegrationProfile A
Easy toIntegrateProducts
IHEConnectathon
ProductWith IHE
IHEDemonstration
User Site
RFPRFP
Standards
IHETechnical
Framework
Product IHE IntegrationProduct IHE IntegrationStatementStatement
IHE IHE ConnectathonConnectathonResultsResults
IHE Integration Profiles at the heart of IHE :– Detailed selection of standards and options each solving a specific integration
problem– A growing set of effective provider/vendor agreed solutions– Vendors can implement with ROI– Providers can deploy with stability
HIMSS Annual Conference 2004
More on IHE IT InfrastructureMore on IHE IT Infrastructure
To learn more about IHE IT Infrastructure
Integrating the Healthcare Enterprise:
www.himss.org/ihe
Read the IHE Brochurehttp://www.himss.org/content/files/IHE_newsletter_final.pdf
HIMSS Annual Conference 2004
Audit Trail and Node Authentication Audit Trail and Node Authentication (ATNA) – Abstract/Scope(ATNA) – Abstract/Scope
HIPAA means more attention and care to protect Patient’s Privacy, and this requires Security.
In Healthcare we have Protected Health Information for patients such as orders, procedure, images, films and reports.
The confidentiality, integrity, and availability of this information must be assured. – authorized persons must have access to medical
data of patients, and the information must not be disclosed otherwise.
HIMSS Annual Conference 2004
Audit Trail and Node Authentication Audit Trail and Node Authentication (ATNA) – Value Proposition(ATNA) – Value Proposition
Assures Authorized users gain access to secure nodes
Verifies that only secure nodes exchange data.
Provides audit facility to Verify compliance with procedures Permit detection of inappropriate behavior Without interfering with time critical activities
HIMSS Annual Conference 2004
ATNA -- EnvironmentATNA -- EnvironmentRequired Physical SecurityRequired Physical Security
Doors, key access, etc. restrict accessDoors, key access, etc. restrict access
Communications and Equipment areCommunications and Equipment arekept in restricted access areaskept in restricted access areas
Access to equipment is controlledAccess to equipment is controlledCabinets, wiring, etc. are protected.Cabinets, wiring, etc. are protected.
HIMSS Annual Conference 2004
ATNA -- EnvironmentATNA -- EnvironmentRequired Network SecurityRequired Network Security
Firewalls, VPN, and other access Firewalls, VPN, and other access controls.controls.
Unauthorized external access is denied.Unauthorized external access is denied.
Additional security facilities may be in Additional security facilities may be in place if warranted by local conditions.place if warranted by local conditions.
HIMSS Annual Conference 2004
ATNA -- Node Authentication Configuration
System A System B
Secure networkSecured Node Secured Node
•Manually managed Node Authentication Certificates
HIMSS Annual Conference 2004
ATNA: Typical Workflow
System A System B
Secured SystemSecure network
• Strong authentication of remote node (digital certificates)• network traffic encryption is not required
Secured System
• Local access control (authentication of user)
• Audit trail with:• Real-time access • Time synchronization
Central Audit TrailRepository
HIMSS Annual Conference 2004
ATNA – Example “Transfer Image” ATNA – Example “Transfer Image” Audit MessageAudit Message <?xml version="1.0" encoding="UTF-8" ?>
- <AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="D:\data\DICOM\security\dicom-audit.xsd">- <EventIdentification EventActionCode="C" EventDateTime="2001-12-17T09:30:47-05:00" EventOutcomeIndicator="0"> <EventID code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <EventTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </EventIdentification>- <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String"
NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant>- <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String"
NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant>- <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String"
NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant>- <AuditSourceIdentification AuditEnterpriseSiteID="String" AuditSourceID="String"> <AuditSourceTypeCode code="1" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </AuditSourceIdentification>- <ParticipantObjectIdentification ParticipantObjectID="String" ParticipantObjectTypeCode="1" ParticipantObjectTypeCodeRole="1" ParticipantObjectDataLifeCycle="1"
ParticipantObjectSensitivity="String"> <ParticipantObjectIDTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <ParticipantObjectName>String</ParticipantObjectName> - <ParticpantObjectDescription> <MPPS ID="String" /> <AccessionNumber ID="String" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> </ParticpantObjectDescription> </ParticipantObjectIdentification>- <ParticipantObjectIdentification ParticipantObjectID="String" ParticipantObjectTypeCode="1" ParticipantObjectTypeCodeRole="1" ParticipantObjectDataLifeCycle="1"
ParticipantObjectSensitivity="String"> <ParticipantObjectIDTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <ParticipantObjectName>String</ParticipantObjectName> </ParticipantObjectIdentification> </AuditMessage>
HIMSS Annual Conference 2004
ATNA – Technical DetailsATNA – Technical Details
Locally defined User Identification, Authentication, and Authorization
Node to Node communications authenticated– HL7 – TLS – Digital Certificates– DICOM – TLS – Digital Certificates– HTTP – TLS – Digital Certificates
Audit Trails– Reliable SYSLOG (Cooked)– IETF Audit Message Schema– DICOM Audit Message details– IHE further clarifications for events not detailed in DICOM
HIMSS Annual Conference 2004
More information….More information….
Web sites: www.himss.org/ihewww.rsna.org/ihe– IHE Rad Technical framework for year 5 – V5.5– IHE IT Technical framework for year 1 – V 1.0
Non-Technical Brochures :– IHE Fact Sheet and IHE FAQ– IHE Integration Profiles: Guidelines for Buyers– IHE Connectathon Results