10/29/2000 internet2 health sciences security working group planning jere retzer,...
TRANSCRIPT
10/29/2000
Topics to be discussed
• Background – health science security imperatives• AAMC HIPAA Workshops• I2 Security Roadmap• Where do we go from here?
10/29/2000
Health Sciences Security Imperatives
• Health care sometimes called the “trillion dollar cottage industry” could benefit tremendously from greater use of Internet technology
• NRC Report: Networking Health – Prescriptions for the Internet (www.nap.edu ISBN 0-309-06843-6) evaluated six high payoff uses of Internet technology related to health care found:“…security is a primary concern in virtually all health applications of
the Internet because the extreme sensitivity of personal health information demands high levels of confidentiality…” health care in many ways a worst case industry because of complexity
• Proposed federal regulations to implement HIPAA privacy and security regulations create a two year deadline
10/29/2000
HIPAA Collaboration Underway• Internet2 is partnering with the Association of American Medical Colleges
(www.aamc.org) and the Workgroup for Electronic Data Interchange (www.wedi.org) on a series of workshops to make recommendations, and develop a resource of best practices for healthcare security and privacy policy that will address the impact of HIPAA in Academic Medical Centers
Oct 19-20 OaklandNecessary Conditions for HIPAA-Compliant Policy
Nov 16-17 Duke Barriers
Dec 4-5 Texas A&M How do We Operationalize?
Jan 11-12 NLM (DC)What Solutions Do We Need To Pursue In Order To Move Forward?
10/29/2000
Internet2 Health Sciences Security Roadmap:Background
• Available http://www.internet2.edu/health/Security/security.html• Developed as a way to visualize how advanced Internet technology,
particularly work underway with Internet2 could be applied to help revolutionize health care
• Despite the fact that health care is probably the worlds most knowledge-intensive industry it is one of the least automated:– Most patient records are paper not electronic– Your record is probably scattered among multiple physicians, hospitals,
insurers, laboratories …– Privacy is tenuous at best– Lack of integration degrades care and increases costs: When was the last
time you met with your physician on a complex problem and they actually had all the relevant history and lab tests?
10/29/2000
Internet2 Health Sciences Security Roadmap:Internet2 Can Help
• Identification, Authentication, Authorization, Directories, IPSEC and PKI offer potential solutions to transmission and role-based access to patient-identifiable data
• Complex health care relationships promise to test the limits of PKI scalability. Consider a medical college with:– Visiting physicians– Students– Referring physicians– Contract laboratories and transcription services– Part time providers– Multiple insurers and state/federal agency involvement– Various certifying authorities– Researchers
10/29/2000
Internet2 Health Sciences Security Roadmap: HIPAA Policy, Internet2 Middleware and test networks provide building blocks to
secure traditional health applications
HIPAA
Policy
Middleware:
Identification
Authentication Authorization
Directories
IPSEC PKI
Real World Test Networks
Secure Traditional Applications
10/29/2000
Internet2 Health Sciences Security Roadmap:Internet Health Companies Respond to a Need
• E-health companies, which have enjoyed tremendous growth over the past three years respond to a need. Intel:
“Health care today is in the midst of a revolution. Consumers, increasingly dissatisfied with the current system, are moving health care issues to center stage. The new health consumer is demanding more options and taking more control in determining the course of their health care. Additionally, technology is bringing changes to the health care industry. The advent of the Internet and the declining cost of personal computers are creating increased accessibility to a wider population of Americans. The health care industry is ripe for change and consumers are demanding it.”
• Lack of a standard, interoperable health record however prevents integration.
10/29/2000
Internet2 Health Sciences Security Roadmap:Internet consumer and business services supply critical building block but
lack of standards-based health record creates a gap
HIPAAPolicy
Real World Test Networks
Internet2Middleware
InternetConsumer& Business
Services
StandardsGap
Secure Traditional Applications New Internet Services
10/29/2000
Internet2 Health Sciences Security Roadmap:Over the longer term the Internet could revolutionize health care
Visualize a future where a patient (or their parent/custodian) presents a card or perhaps simply appears before an Internet-connected PC and they are instantly securely identified and on command provided access to all the pieces of their medical record regardless of location, where:– you go to your doctor for treatment of some complex illness and the
doctor actually has access to all the lab results and x-rays!
– you do not have to answer the same questions over and over;
– cancer researchers can access on demand the pathology results, mammograms and other lab data for a million former breast cancer patients (identities protected) who grant access to their data;
– biometric data is used to identify an unconscious accident victim and allow emergency room personnel to unlock the patient’s emergency data to learn about hidden medical conditions.
10/29/2000
Internet2 Health Sciences Security Roadmap:the long term future
Real World Test Networks
HIPAAPolicy
Internet2Middleware
InternetConsumer& Business
Services
Standard, OpenMedical Record
Access to a Global Virtual Record
End-to-end Security
10/29/2000
Discussion
• What collaborations do we want to pursue to begin to realize this roadmap?– PKI test networks?
– Directories?
• What are the deliverables?