1 / 7

Document Encryption Profile

Document Encryption Profile. Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Martin Rosner , Paul Koster October 18, 2010. Use cases. Third party opinion in tele-monitoring

benjamin-hyde
Download Presentation

Document Encryption Profile

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Document Encryption Profile Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Martin Rosner, Paul Koster October 18, 2010

  2. Use cases Third party opinion in tele-monitoring • DMO transfers encrypted CDA document to hospital in different affinity domain • Hospital GP accesses the document • GP forwards encrypted document to expert specialist using IHE XDR • Expert specialist accesses document for 2nd opinion Exchanging health records using USB drives • Doctor E-mails record summary to patient as encrypted XD* document • Patient detaches document and saves it on his USB drive • Patient shares encrypted document with healthcare providers

  3. The Problem • Lack of persistent end-to-end encryption for health documents • Distributed heterogeneous environments with multiple intermediaries • Encryption currently at transport level (e.g. IHE ATNA) • Certain transports lack standard solutions (e.g. USB drive) • Need for enabling technology towards addressing meaningful use, privacy legislation, and patient consent directives • Continua Health Alliance, national health networks, etc. foreseen as possible adopters

  4. General approach to proposed workitem • Define document level encryption • Document type agnostic, e.g. CDA and others • Look to S\MIME, IHE PDI, DICOM, and CCR for guidance and lessons learned • Investigate key management and discovery approaches Application Application Document-level encryption Transport Transport

  5. Benefits of proposed approach • Ecosystem benefits • Patient: preserving patient privacy • IT Staff: simplifies often complex security architectures • Care providers: improves compliance to regulations • Supports compliance with data protection legislation (also in Canada and Europe) • Alignment with national programs and other initiatives • NHIND (Stage 1 requirements for Meaningful Use) • align with what is done with SMTP and S/MIME • similar approach but not specific to mail • Complementary to existing transport protocols in health networks • Continua Health Alliance – requirements pointing to confidentiality

  6. Alignment in healthcare • Persistent end-to-end security across heterogeneous HIT environments • Encryption layer between already used document types and transport layer protocols • Open standard for confidentiality of health data in transit or storage • Communication of health information between trusted entities through untrusted or less controlled environments

  7. Alignment with infrastructure standards • Should target robust solution to address all cross enterprise interchange standards • Fitting well with transport standards (e.g. IHE XD*) and application document types (e.g. CDA) with little cross dependencies • Leaving room to be used in combination with document types that have their own encryption method • Alignment with HL7 Structured Documents WG • Content agnostic solution minimizes dependency • Initial alignment in Cambridge last week • Possible inspiration from IHE PDI (Portable Data for Imaging) developed in IHE Radiology domain

More Related