1 / 13

Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution

Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution. Joint NEMA/COCIR/JIRA Security and Privacy Committee John F. Moehrke, GE Medical Systems Chairman of Remote Servicing Focus Group Rob Horn, Agfa Healthcare. What you will learn today.

menefer
Download Presentation

Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet BasedRemote Servicing of Medical Equipment under HIPAA – A standard solution Joint NEMA/COCIR/JIRA Security and Privacy Committee John F. Moehrke, GE Medical Systems Chairman of Remote Servicing Focus Group Rob Horn, Agfa Healthcare

  2. What you will learn today • Remote Servicing is critical • Remote Servicing presents new security risks • Vendors are working on a common solution that will • Reduce administration (Hospital and Vendor) • Improve Accountability • Provide a more secure environment Privacy is the Goal, Security is the way.

  3. Security and Privacy Committee (SPC) • Joint effort by NEMA-MII, COCIR-IT, and JIRA • Mission: Ensure a level of data security and data privacy in the health care sector that: • Meets legally mandated requirements • Can be implemented in ways that are reasonable and appropriate • Reduces Healthcare costs of compliance • Scope: All systems, devices, components, and accessories used in medical imaging informatics • Scope is not exclusive of other products and is expected to be extendable to all Equipment that maintains Protected Health Information (PHI). • To provide a common understanding and solution for complying with data security and data privacy legislation, currently focusing on the European Community, Japan, and the United States of America

  4. Efforts of the SPC • Security and Privacy:An Introduction to HIPAA • Security And Privacy Auditing In Health Care Information Technology • Security and Privacy Requirements forRemote Servicing • Identification and Allocation of Basic Security Rules In Healthcare Imaging Systems • Remote Service Interface-- Solution (A): IPSec over the Internet Using Digital Certificates • All papers available at http://www.nema.org/medical • Current Members: AGFA, GE, Kodak, Konica, Merge Efilm, Otech , Philips, Siemens, Toshiba

  5. Why do Remote Servicing? Benefit to Health Care Provider • Better Availability and Integrity of the systems • Quick response as no Travel involved • Higher quality of service • Knowledge base available at the Vendor • Specialists can be applied to the problem/solution Benefit to Vendor • Lower costs to service equipment • More service offerings (preemptive diagnosis) • Remote Service Centers (RSC) centralize knowledge and expertise

  6. Hospital Remote Servicing today Remote Service Center Hospital Network Vendor X Vendor Y Vendor Z Modem Connections Complex Wired Infrastructure

  7. Hospital Secure Remote Servicing Solution Vendor X Vendor Y Uses Hospital Network Access points Access points Access points Access points Vendor Z Ex. Internet VPN

  8. Hospital Access Control Vendor X 1. Individual Service Personal 1. Individual Service Personnel 1. Individual Service Personal 1. Individual Service Personal 1. Individual Service Personal 2. Device under service 2. Device under service 2. Device under service 2. Device under service 2. Device under service 2. Device under service Vendor Y Vendor Z 3. Access point Edges 3. Access point Edges 3. Access point Edges

  9. Hospital Audit Trails Vendor X 2. Device under service 2. Device under service 2. Device under service 2. Device under service 2. when, and what 2. Device under service Vendor Y Audit Repository Audit Repository Who, what, when Audit Repository Vendor Z 3. Session specifics where and when 3. Access point Edges 3. Access point Edges

  10. Health Care Provider gains Control and Manageability • Control of each session and/or vendor • Rules that restrict where vendor X can go, what tools they can use, when they can connect, etc • Strong Access Point Authentication • Audit trails to provide accountability

  11. Solution “A” • IPSec tunneling over the Internet • ESP/AH – 3DES and SHA1 • IKE – Session Key negotiation • Certificates • 1024 bit RSA certificates • Manually managed certificates • Filtering and Routing rules maintained by the Healthcare facility • Audit trails maintained at RSC • Vendor staff is authenticated at the RSC

  12. Hospital Solution A: IPSec over the Internet using digital certificates Vendor X Vendor Y Vendor Z IPSec Tunnel, ESP+AH 3DES,SHA1 IKE-RSA, PKI out-of-band

  13. Present Status • Solution “A” approved by NEMA, COCIR, and JIRA • Solution A is ready for use at Internet connected sites. • More than a dozen hospitals have installed and began using solution “A” during 2002. • The Focus Group is analyzing other remote servicing solutions. • IPSec that terminates inside the HCF network handling NAT • PPTP for small facilities • L2TP for small facilities

More Related