Download - Security Standards under Review for esMD
Security Standards under Review for esMD
Transaction TimelineAn esMD transaction begins with the creation of some type of electronic content (e.g. X12 274, 277, or 275 message or an HPD Plus DSML, CDA, or PDF document). As the content is packaged into a message and sent, security elements are added at points along the timeline dependent on the standard(s) selected and the purpose of the security element. This process is reversed on the receiving end.
Electronic Content Created
Content Stored as a document
XD* Metadata
Content packaged
into payload
Message created
Message Sent
DSG Signature
X12 58 Signature
WS-Security Encryption
(transport level)
CAQH CORE Metadata
Internal Systems Gateway
Message Received
Process Header
Process Payload
X12 58 Signature
WS-Security
CAQH CORE/ XD* Metadata
Process Content
DSG Signature
Internal Systems
GatewayInternet
Store Content
IHE DSGThe Document Digital Signature (DSG) content profile specifies the use of XML Advanced Electronic Signatures (XAdES) for documents that are shared between organizations.
Process Flow for Phase 1 Sending Medical Documentation
Transaction Structure
Extensions to MetadataThis approach would extend existing metadata to support the exchange of the required security information. For esMD, this would require extensions to CAQH CORE and XD* metadata. We would need to work with the relevant organizations to seek inclusion of these changes in future specifications.
Process Flow for UC1 Registration
Transaction Structure
X12 58This standard defines the data formats for authentication, encryption, and assurances in order to provide integrity, confidentiality, and verification and non-repudiation of origin for two levels of exchange of EDI formatted data defined by ASC X12.
Process Flow for UC1 Registration
Transaction Structure
WS-SecurityThis specification extends SOAP Messages to provide three main security capabilities: the ability to send security tokens as part of a message, message integrity, and message confidentiality.
Process Flow for UC1 Registration
Transaction Structure
esMD Security Requirements
Identity Requirements
Requirement Description Registration Send eMDR
Send eMD
Include Sender's public digital certificate in transaction
- Receiver traces certificate to root CA in order to verify sender's identity.- Receiver uses public key and digital signature to verify authenticity.
y y y
Include additional public digital certificates in transaction
- Transaction includes public digital certificates of all other parties of interest.- Receiver traces certificates to root CAs in order to verify identity of all other parties of interest.- Receiver uses public keys and digital signatures to verify authenticity of all other parties of interest.- Receiver uses certificates to verify all delegation of rights artifacts created by other parties of interest.
y n y
Authenticity Requirements
Requirement Description Registration Send eMDR
Send eMD
Include one digital signature in transaction
- Sender signs message- Receiver uses digital signature to verify authenticity of message
y y y
Include additional digital signatures in transaction
- Content creators sign all or portion of payload- Receiver uses digital signatures to verify authenticity of content
y n y
Supports digital signature chains
- Receiver understands the order in which digital signatures were applied - Receiver understand what part of the transaction each digital signature applies to
y n y
Supports long term validation of digital signatures
- Receiver can validate digital signature up to twenty years after signing- Content creator adds time-stamped and CA signed OCSP response or CRL to content at time of creation
n n y
Authority Requirements
Requirement Description Registration Send eMDR
Send eMD
Include single delegation of rights artifacts in transaction
- Party A delegates a right to Party B who may not delegate that right to any other party
n n n
Include multiple delegation of rights artifacts in transaction
- Party A delegates a right to Party B who may delegate that right to Party C
y n y
Supports delegation of rights artifact chains
- Receiver understands the order in which rights were delegated
y n y
Encryption Requirements
Requirement Description Registration Send eMDR
Send eMD
Support encryption of entire payload at point of creation
- Content creator encrypts entire payload n n y (level2)
Support encryption of components of payload at point of creation
- Content creator encrypts portions of the payload
n n y (level 3)
Support encryption of entire payload at send
- Sender encrypts entire payload n n y
Support encryption of components of payload at send
- Sender encrypts portions of the payload n n y(level 2/3)
General Requirements
Category Requirement Description Registration Send eMDR
Send eMD
Location Security elements are included in payload
- Security elements are tied to payload and cannot be easily stripped away
n n y
Existing Standard
Created and maintained by SDO
- Uses existing standard y y y
Applicable Standard
X12 274 - Supports the exchange of provider information
y n n
Applicable Standard
IHE HPD+ - Supports the exchange of provider information
y n n
Applicable Standard
X12 277 - Supports the exchange of requests for additional information regarding a claim
n y n
Applicable Standard
X12 275 - Supports the exchange of additional information regarding a claim
n n y
Applicable Standard
HL7 CDA - Supports the exchange of patient clinical information
n n y
esMD Security Requirements Aligned to Standards by Use Case
Use Case 1: Requirements for Registration
Category Requirement DSG X12 58 WS-Security
Metadata Extension
s
Identity Include Sender's public digital certificate in transaction
y ? y y
Identity Include additional public digital certificates in transaction
y ? y y
Authenticity Include one digital signature in transaction y y y y
Authenticity Include additional digital signatures in transaction
y 2? y y
Authenticity Supports digital signature chains ? 2? y y
Authority Include multiple delegation of rights artifacts in transaction
y n y y
Authority Supports delegation of rights artifact chains ? n y y
Existing Standard Created and maintained by SDO y y y n
Applicable Standard X12 274 ? y y y
Applicable Standards IHE HPD+ y n y y
Use Case 2: Requirements for Sending eMDRs
Category Requirement DSG X12 58 WS-Security
Metadata Extensions
Identity Include Sender's public digital certificate in transaction
y ? y y
Authenticity Include one digital signature in transaction y y y y
Existing Standard Created and maintained by SDO y y y n
Applicable Standard X12 277 ? y y y
Phase 1: Requirements for Sending Electronic Medical Documentation
Category Requirement DSG X12 58 WS-Security
Metadata Extensions
Identity Include Sender's public digital certificate in transaction
y ? y y
Identity Include additional public digital certificates in transaction
y ? y y
Authenticity Include one digital signature in transaction y y y yAuthenticity Include additional digital signatures in
transactiony ? y y
Authenticity Supports digital signature chains ? ? y yAuthenticity Supports long term validation of digital
signaturey ? y y
Authority Include multiple delegation of rights artifacts in transaction
y n y y
Authority Supports delegation of rights artifact chains ? n y yEncryption Support encryption of entire payload at point
of creationn n n n
Encryption Support encryption of components of payload at point of creation
n n n n
Encryption Support encryption of entire payload at send n y y nEncryption Support encryption of components of payload
at sendn y y n
Location Security elements are included in payload y y n nExisting Standard Created and maintained by SDO y y y nApplicable Standard X12 275 ? y y yApplicable Standard HL7 CDA y n y y
esMD Transaction Process Flow by Use Case
Use Case 1: Transaction Process Flow
Registration Request
Delegation of Rights Artifact
Signature of Registration Request
Public Certificate of Registration Requestor
Assertion of Rights
Signature of Assertion
Public Certificate of Assertor
Delegation of Rights Artifact
Registration Request Message
Owner Process Possible Locations and Standards
Assertor of Rights
Create Assertion • Payload: SAML
Sign Assertion • Payload: DSG, CMS, XMLSig, C/XAdES
Attach Public Certificate • Payload: DSG, CMS, XMLSig, C/XAdES
Provide Delegation of Rights Artifact to Registration Requestor
Registration Requestor
Create Registration Request • Payload: X12.277, HPD
Add Delegation of Rights Artifact• Payload: X12.58?, MTOM • Message Header: WS-Security,
Metadata
Sign Registration Request• Payload: X12.58, MTOM• Message Header: WS-Security,
Metadata
Attach Public Certificate• Payload: X12.815?, MTOM• Message Header: WS-Security,
Metadata
Send Registration Request Message
Payer/Payer Contractor
Trace Certificate of Registration Requestor to Root CA
Verify Signature of Registration Request
Verify Delegation of Rights Artifact
Process Registration Request
Use Case 2: Transaction Process Flow
eMDR Message
eMDR
Signature of eMDR
Public Certificate of Payer/Payer Contractor
Owner ProcessPossible Locations and
Standards
Payer/Payer Contractor
Create eMDR • Payload: X12.277
Sign eMDR• Payload: X12.58• Message Header:
WS-Security, Metadata
Attach Public Certificate• Payload: X12.815?• Message Header:
WS-Security, Metadata
Send eMDR Message
eMDR Consumer
Trace Certificate of Payer/Payer Contractor to Root CA
Verify Signature of eMDR
Process eMDR
Phase 1: Transaction Process FlowSigned Medical
Document Bundle
eMDR Response Message
eMDR Response
Document Bundle Attachment
Signature of eMDR Response
Public Certificate of eMDR Consumer
Medical Document Bundle
Signature of Document Bundle
Public Certificate of Document Bundle Owner
Owner ProcessPossible Locations and
Standards
EHR/Provider
Assemble Medical Document Bundle • Payload: PDF, CDA, ZIP
Sign Document Bundle • Payload: DSG, C/XAdES
Attach Public Certificate • Payload: DSG, C/XAdES
Provide Medical Document Bundle Attachment to eMDR Consumer
eMDR Consumer
Create eMDR Response • Payload: X12.275, XD*
Add Document Bundle Attachment • Payload: MTOM
Sign eMDR Response• Payload: X12.58• Message Header: WS-
Security, Metadata
Attach Public Certificate• Payload: X12.815?• Message Header: WS-
Security, Metadata
Send eMDR Response Message
Payer/Payer Contractor
Trace Certificate of eMDR Consumer to Root CA
Verify Signature of eMDR Response
Process eMDR Response
Consume Document Bundle
Appendix: Security Dataset Requirements for both Registering to Receive eMDRs & Sending eMDRs
Signature Artifact
The Signature Artifact (paired with the Public Digital Certificate of the Sender) will enable the message receiver to authenticate the sender, verify message integrity, and prove non-repudiation.
1. Public Digital Certificate of Sender – x.509 certificate issued by a Certificate Authority
2. Signature Artifact – Encrypted hash of the message*
* The exact details of the Signature Artifact are being developed in the esMD Author of Record Initiative.
Public Key of Dr. Smith
Signature Artifact Example
1. Dr. Smith attaches signature artifact to Request to Register to Receive eMDRs
Registration Request
Provider Name: Dr. SmithNPI: 987654Service: Receive eMDRs
MetadataEncrypted Hash: H8K9QTPPublic Digital Certificate of Dr. Smith
checksum function Hash: 987654 signing algorithm
Private Key of Dr. Smith
2. Payer verifies the Request came from Dr. Smith and has not been tampered with
Registration Request
Provider Name: Dr. SmithNPI: 987654Service: Receive eMDRs
MetadataEncrypted Hash: H8K9QTPPublic Digital Certificate of Dr. Smith
checksum function Hash: 987654
signing algorithm
Verify Identity
Hash: 987654
Verify Integrity
Delegation of Rights Artifact
The Delegation of Rights Artifact (paired with the Public Digital Certificate of Subject) enables the Subject to delegate a right to the Sender of a Request such that the Receiver can cryptographically confirm that delegation of rights has occurred.
1. Public Digital Certificate of Subject – x.509 certificate issued by a Certificate Authority
2. Delegation of Rights Artifact – Encrypted hash of an assertion of rights*
* The exact details of the Delegation of Rights Artifact are being developed in the esMD Author of Record Initiative.
Delegation of Rights Example (1/2)
1. Dr. Smith delegates the right to register his NPI to receive eMDRs to Medical Data, Inc.
Registration Request
Provider Name: Dr. Bob SmithNPI: 987654Service: Receive eMDRs
MetadataEncrypted Hash: H8K9QTPPublic Digital Certificate of Medical Data, Inc.Delegation of Rights ArtifactPublic Digital Certificate of Dr. Smith
2. Medical Data, Inc. include their Signature Artifact, Dr. Smith’s Delegation of Rights Artifact, and both Public Digital Certificates in their Request to Register Dr. Smith to Receive eMDRs
Assertion of Rights
Dr. Bob Smith gives Medical Data, Inc. the right to register his NPI to receive eMDRs.Expiration Date: 1/1/2013
MetadataEncrypted Hash: U37G90P
checksum function Hash: 123456 signing algorithm
Private Key of Dr. Smith
Delegation of Rights Example (2/2)
Registration Request
Provider Name: Dr. Bob SmithNPI: 987654Service: Receive eMDRs
MetadataEncrypted Hash: H8K9QTPPublic Digital Certificate of Medical Data, Inc.Delegation of Rights ArtifactPublic Digital Certificate of Dr. Smith
3. Payer verifies Medical Data, Inc. has the right to register Dr. Smith to receive eMDRs
Public Key of Dr. Smith
Assertion of Rights
Dr. Bob Smith gives Medical Data, Inc. the right to register his NPI to receive eMDRs.Expiration Date: 1/1/2013
MetadataEncrypted Hash: U37G90P
checksum function Hash: 123456
signing algorithm Hash: 123456
Verify Right