technical network loeber
TRANSCRIPT
1
First US-German Summit on Primary Care
Current Implementation and Technologiesof a Secure Network für 50,000 Physiciansin Germany
Frank LöberCIO/ CTO HÄVG Rechenzentrum
Washington, 9th April 2010
2
Agenda
Initial Situation in Germany – Facts & Figures
Overview current solution in Germany for 50,000 Physicians
Current Situation & Next Steps
3
Initial Situation in GermanyFact & Figures
4
Initial Situation in GermanyFact & Figures
� New reimbursement system (payment system) since June 2008
� 50,000 familiy physicians & 70,000,000 sick fund covered people
� 160 sick funds, recently substantial decrease in number due to mergers
� 60 different software-solutions (doctor´s IT-system) for familiy physicians with different operating systems
� Different ways of communication (paper, CD-Rom, online)
� High requirements for data protection for transmission and storage
� Main medical data to transfer: reimbursement items, diagnoses, drugs, referrals, form-data
5
Hausaerzte-verband
(Clearing)
Send medical data by software
Check & clearing data & create and send billing file
Initial Situation in Germany Billing Process in new reimbursement system
Physician
Sick FundCheck billing file & Payment
Create billing & send it & do payment
Receive billing & Payment
Documenting medical data (diagnoses, drugs ..)
6
Initial Situation in GermanyDifferent business needs for different parties
� Physicians: No additional costs for hard- & software, software must be easy to use
� Software-Developers / Manufacturers:Easy integration, installation & configuration of new software
� Hausaerzteverband:scalable solutions, authenfication of physicians, exchange medical data between family and special physicians, increase quality of primary care
� Sick Funds:Reduce costs of drugs and remedies, increase quality of primary care
7
Initial Situation in Germany Legal Requirements for protection & authentification
High requirements for data protection & authentification:
� Files with medical and personal data must be encrypted
� Transmission must be encrypted
� Files with medical data must be signed by a physician
8
Initial Situation in Germany Conclusion
Regarding all business needs of all parties means:
�Development of a specific software-module („Core“) without GUI for integration in existing software-solutions
�Development of requirements and technical specifications for existing software-manufacturers
�Develop own software with GUI for physicians with basic functions to manage our contracts (stand alone solution)
�Usage of this software is part of our contracts
�Develop own data-center
�Develop own infrastructure to connect doctors for data exchange
9
Developed Solution in Germany for 50,000 Physicians
10
Transmission & Encryption
11
2 ways of online transmission:
Current Solution – Encryption & Transmission Medical Data from doctor´s practice to data center
Hardware-Router with certicate of doctor´s practice
Software-VPN with certicate of doctor´s
practice
12
Current Solution – Encryption & Transmission Transmission Encryption
Secure Communication between doctors practice and our data-center based on legal requirements using:
� IPSec-Tunnels
� Secure TLS-Connections
� Key-Exchange-Protocol: Diffie-Hellman
� Digital Certificates: X.509 (v3) Certificates with 2048 Bit key-length
� Software VPN is based on OpenVPN (open source)
13
Current Solution – Encryption & Transmission File Encryption
� Medical data (reimbursement items, drugs, …) will be compressed and encrypted with a hybrid method before transmission
� Payload (Content of the file) will be symmetric encrypted with AES (Advanced Encryption Standard) with 256 Bit key-length
� Encryption Key will be asymmetric encrypted with the public certificate of the receiver with 2048 Bit key-length by SHA1-RSA
� Data will only decrypted in our data-center
14
Core-Module
15
Doctor´s IT-System
OpenVPN
Database
Core-Functions
Core
Contract1
Modules
Online-Updates
HTTPS VPNKonnektorXMLSOAP
Usable on clients,
servers and as ASP-Solution
Modular specific Contract-Data using open source database SQLite
Software Run Time Environment Interface
Contract2
Contract3
Data-Center
Current Solution – Core-ModuleOverview Technical Solution
Doctor`s Practice
16
Core
Current Solution – Core-ModuleFunctions
� Validate medical data in doctor´s practice
� Provide steering algorithms i.e. substitutionsfor low priced drugs
� Provide specific data i.e. special catalogues of ICD10-diagnoses
� Provide Online-Services i.e. „check enrolled patients“
� Encrypt medical data before transmission
� Receive daily-updates
� No graphical user interface
� Easy to integrate in existing software solutions
� Defined data structure for medical data
Existing Software with GUI
Core
17
Example for drug substitution
18
Current Solution – Core-ModuleExample for Substitution Drugs I / III
19
Current Solution – Core-ModuleExample for Substitution Drugs II / III
20
Current Solution – Core-ModuleExample for Substitution Drugs III / III
21
Authentification
22
Current Solution – AuthentificationDoctor & Practice
Authentification is used for following purposes
� Identification
� Signing medical data
Current Solution: Rollout of software-based certificates
Planned: Rollout of hardware-based certificates (health professional card)
23
Data-Center
24
� Provide Online-Services i.e. „check enrolled patients“
� Receive data from the physicians
� Approval & Decryption & Clearing & Storage
� Billing & Accounting-Services
� Provide Online-Updates
� Interfaces to several Sick Funds for data exchange
� Exchange Data in XML
� Multiple & Mass Data Processing
� Provide Trust Center to manage certificates
Current Solution – Data-CenterOverview of Services
25
Current Situation & Next Steps
26
Current Situation & Next StepsUsing our system since June 2008
� 2,000 physicians using Hardware-Router, 8,000 physicians using Software-VPN for transmission encryption
� 10,000 integrated Cores in existing 35 software-solutions
� 6,000,000 insured persons are enrolled in the new system
� 500,000,000 medical data, diagnoses, drugs, remedies, referrals every 3 months to validate
27
Current Situation & Next Steps
� Provide Core-Module in Java
� Provide Core-Module as ASP-Solution
� Provide billings for doctors online as PDF to download
� 30,000 physicians and 30,000,000 insured persons in the new system
���� And…. It will work!!!
28
Questions & Answers
29
Thanks for your attention