purpose of hipaa administrative simplification to improve... the efficiency and effectiveness of the...
TRANSCRIPT
Purpose of HIPAA Administrative Simplification
“to improve ... the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain
health information.” –from the statute
Security/Privacy Services
A group of related services that, together, facilitate the integrity, confidentiality, interoperability and automation of healthcare information exchange in a SOA-based healthcare IT environment.
They address issues of entity authentication, authorization, access control and accountability.
Owned by Security TC, but… Cross discipline, cross domain approach.
Scope and Purpose
Security-as-a-Service within an SOA-oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services.
Scope and Purpose
Security-as-a-Service within an SOA-oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services.
Why do we care?
Encourages the deployment of interoperable services and applications
Reduces the cost of application development Facilitates the automation of certain healthcare
business processes
Scenario: Clinician Needs Patient Data
From viewpoint of Requestor/Recipient- Requesting Where is the patient data? Who’s the custodian? In what format can the data be sent? What courier services are available? How do I submit a request?
From viewpoint of Healthcare Information Custodian Who is requesting the data? Why should I let them see it? Do the Requestor’s privileges match my Policy?
Courier Service Deliver to intended recipient Don’t allow tampering Maintain confidentiality
From viewpoint of Requestor/Recipient- Receiving Who sent it? Do I trust them? Has it been tampered with? Can I understand what the Author intended to say?
Functional Capabilities
To include security/privacy functionality essential to enable or facilitate interoperability and automation including identity management, trust management, privilege and access management, auditing, etc. These would be as constrained as possible while still providing a complementary set of security services.
Identity and credentials of a resource requestor that can be authenticated must be transported to an resource access decision point where appropriate authorization policy is applied, an access control decision is enforced and all required audit events are recorded. Confidentiality of PHI is maintained at all times.
Example – Open Source EHR-S Function
Operating System
Computer Hardware
HealthcareApplications/Components
Execution Environment
Eclipse Base Framework
CrossIndustryFramework
HealthcareFramework
HL7 EHR-S Function I.1.6Basic NHIN Access
Trust RegistryTrust Registry
Identity Management
Identity Management
Trust NetworkTrust NetworkDirectory AccessDirectory Access
Security/ EncryptionSecurity/
Encryption
PrivacyPrivacy
Audit Services
Audit Services
CommunicationsCommunicationsAuthentication
Authentication
Example – Vendor ePrescription Sub-Profile
Vendors use the Healthcare Framework to build specialized profiles and applications like ePrescribing.
Installable Eclipse “plug-ins” encapsulate the functions required to support profiles and applications.
Operating System
Computer Hardware
HealthcareApplications/Components
Execution Environment
Eclipse Base Framework
CrossIndustryFramework
HealthcareFramework
HL7 EHR-S Function DC.1.3.1 ePrescribe
Trust RegistryTrust Registry
Identity Management
Identity Management
Trust NetworkTrust Network
HL7 MessagingHL7 MessagingUI - RCPUI - RCP
Directory AccessDirectory Access
ePrescriptionePrescriptionPractice
ManagementComponents
Practice ManagementComponents EHR System
ComponentsEHR SystemComponents
Payer ServicesPayer Services
HL7 VocabularyHL7 Vocabulary
Advanced XML Processing
Advanced XML Processing
Security/ EncryptionSecurity/
Encryption
PrivacyPrivacy
Audit Services
Audit Services
CommunicationsCommunicationsAuthentication
Authentication
Overview—Conceptual Healthcare Service Architecture
Health Information Network
POINT OF SERVICE
Hospital, LTC,CCC, EPR
PhysicianOffice EMR EHR Viewer
Physician/Provider
Physician/Provider
Physician/Provider
Lab System(LIS)
Lab Clinician
RadiologyCenter
PACS/RIS
Radiologist
PharmacySystem
Pharmacist
Public HealthServices
Public Health Provider
HSB Access Node Representative HIN Services
HSB Support Services Open HealthIT Core Initiative
Health Information NetworkInfrastructure Services
Security Management
Provider Registry
Patient Resolution
Service Registry
Privacy Management
Community Management
Interoperability Services
HL7 V3
Terminology
Document Processing
Patient Information Services
De-Identified Patient Data Warehouse
Healthcare Information Exchange
PersonalHealth Record
(PHR)
ElectronicHealth Record
(EHR)
Public Health Information Services
Public Health Reporting
Outbreak Management
Healthcare Service Bus (HSB)
R
R
R
R
R R
R R
R
R Open HealthIT Reference Implementation
Representative Commercial Services
Overview--Healthcare Service Architecture
Health Information Network
POINT OF SERVICE
PhysicianOffice EMR
Physician/Provider
HSB Access Node Representative HIN Services
HSB Support Services Open HealthIT Core Initiative
Healthcare Information Exchange
R Open HealthIT Reference Implementation
Representative Commercial Services
Open Health IT - HSB Messaging Stack
Network Hardware
Healthcare Service Bus
TCP/IP
HTTP
SOAP
xHIN Protocols
LocalHealthcare Services
Healthcare ProcessModel & Execution Engine
Healthcare Applications
HTTP
SOAP
xHIN Protocols
Intranet Healthcare
Services
HTTP-S/MIME
Browser
HTTP
SOAP
xHIN Protocols
Intranet Healthcare
Services
HTTP
SOAP
xHIN Protocols
HSB Support Services
xHIN Identity TransportTransport Envelope (http, smtp, file, …)
SOAP Envelope
SOAP Header
SOAP Body
wss:Security
Encrypted(transport)
Encrypted(transport,optional)
Other
Query
Sender ID +Structural Role
SenderFunctional Role
Policy-based (Tier 1) Target Object Access Decision
Policy-based (Tier 0) Web Service Access Decision
Other
Digital Signature (transport)
SAML Assertion: Role
SAML Assertion: Other SenderOther
Document
Other
xHIN – extensible Health Information Network
The xHIN technology represents both an architecture and a set of functional specifications that exhibits two essential attributes:
the ability to facilitate automation of clinical and business processes, and
high extensibility—the ease with which xHIN-based health information networks can be deployed, expanded and enhanced.
xHIN
oneness
TM
Security/Privacy Services
May include: Integrity Confidentiality Identity Management Access Control/Privilege Management
Access Decision Service Access Policy Provisioning Service
Audit Privacy Security
Entity Registry Service Facilitates the location of an entity’s PKI information and
other information required to accomplish the exchange of healthcare information.
Credential Authentication Service Credential Binding Service
Credentials may be bound to an Identity Trust Correlation Service De-identification, Re-identification, Pseudnonymization
Entity Registry Service
PKI identity services for entities are likely to be provided by many different parties- private, commercial and government. The Entity Registry Service facilitates the location of an entity’s PKI information and other information required to accomplish the exchange of healthcare information. The entity data may be maintained by an Identity Provider. This service may leverage the EIS.
Access Control/Privilege Management
Access Decision Service Taking into account asserted identity/credentials, target
resource and other factors, returns a decision allowing or denying access to the target resource.
May leverage Identity Authentication and Credential Authentication Services
Access Policy Provisioning
Next Steps
Reference/Resource Compilation Mailing List Telecon Schedule Sub-service Prioritization Initial Drafts
Eclipse OHF Architecture Overview
Eclipse Core
Windows or Linux OS
Computer Hardware
DisplayDisplayInterne
tInterne
t
Security (OSGi)
Smart Token Support
Other Plug-ins as needed
Devices
Wireless Support
Class of Plug-ins
Plug-in Communication Channel
Metering
JFace
SWT
Runtime UI
Workbench Services
Resources
TextUpdateHelp
Basic XML Services
Non-core Servicesand Plug-ins
Rules Processing
Dynamic Code/Schema Management
Business Intelligence
and Modeling
Other Plug-ins as needed
Development Tools
Data Tools
Eclipse TelecomAutomotiveHealthcare
Eclipse Core
Windows or Linux OS
Computer Hardware
DisplayDisplayInterne
tInterne
t
Security (OSGi)
Smart Token Support
Other Plug-ins as needed
Devices
Wireless Support
Class of Plug-ins
Plug-in Communication Channel
Metering
JFace
SWT
Runtime UI
Workbench Services
Resources
TextUpdateHelp
Basic XML Services
Non-core Servicesand Plug-ins
Business Intelligence
and Modeling
Other Plug-ins as needed
Development Tools
Data Tools
Eclipse ApplicationsHealthcare
Open Healthcare Framework
HIPAA Support
XML Processing Trust-based
Network Support
Web Service Support
Other Plug-ins as needed
Voice Services Support
Administrative Tools
EHR Support
Rules Processing
Dynamic Code/Schema Management
Eclipse OHF Architecture Overview
Eclipse Core
Open Healthcare Framework
Windows or Linux OS
Computer Hardware
HIPAA Support
DisplayDisplayInterne
tInterne
t
Dynamic Code/Schema Management
Security (OSGi)
Smart Token Support
Other Plug-ins as needed
Applications
Devices
Wireless Support
XML Processing Trust-based
Network Support
Web Service Support
Other Plug-ins as needed
Voice Services Support
Administrative Tools
EHR Support
Class of Plug-ins
Plug-in Communication Channel
Dictation/Transcription
ePrescription
CCR Client
Practice Management
Administrative Support
Training
Telecom Services
Registry Services
Clinical Testing
Payer Services
Trust Services Support
Metering
Knowledge Services
Clinical Data Capture Support
Patient Services
Rules Processing
Eclipse OHF Architecture Overview