1 / 17

HEALTH AFFAIRS

Current Strategy for Healthcare Partner contracts DoD PKI Update DoD Technical ChallengesDoD Web Servers

jerold
Download Presentation

HEALTH AFFAIRS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. Current Strategy for Healthcare Partner contracts DoD PKI Update DoD Technical Challenges DoD Web Servers & Contractors POCs for PKI Transition Plans for Future Assessing Readiness for PKI TRICARE Contractor Users PKI and Access Control

    3. Legacy partners whose contracts are going away in the near term will not be required to use PKI All other partners will implement PKI based on a transition plan to be developed by a work group composed of representatives from TMA Operations, TMA IMT&R, DMDC/DEERS, and their contractors

    4. DoD Instruction 8520.2 released May 2004 * Replaces all previous policy memos Adds concept of “Information Privileged Individual” Exempt when accessing one’s own personal information DoD Milestones DoD has not yet released new milestone dates External Certificate Authorities (ECAs) DoD has only approved one Other two may not be done/ready until end of year

    5. Checking of Certification Revocation List Establishment of three External Certificate Authorities (ECAs) Service deployment of readers & middleware for Common Access Card (CAC)

    6. DEERS Fee/CCD Research* DEERS Security Web Application* DEERS OHI/SIT* DEERS Direct Care PCM Panel Reassignment* DEERS Civilian PCM Panel Reassignment* General Inquiry of DEERS (GIQD)* Defense Online Enrollment System (DOES)* TRICARE - Carson DoD Pharmacy Data Warehouse DoD Pharmacoeconomic Center (PEC) FTP Server TRICARE Duplicate Claims* TRICARE Online (TOL) Enterprise Wide Referral and Authorization System (EWRAS)* Health Care Service Records (HCSR), TRICARE Encounter Data Auditing Systems (TED) Patient Encounter Processing and Reporting (PEPR) TMA Purchased Care* TRICARE Duplicate Claims System* E-Commerce Management Tracking Report Development

    8. PKI Transition Work Group Awaiting DoD milestone requirements Representatives from TMA, DEERS, contractors Develop transition approach and milestones for PKI access to DoD private Web servers Review approach with each contract’s requirements Present current status at each HISM Assess readiness for PKI

    9. Check that browsers can use PKI Check that e-mail systems can use PKI Identify users needing access to DoD private Web servers (currently, require UN/PW) Identify users who may need PKI for e-mail

    10. Estimates received: ~7,000 Received estimates from: HealthNet (TNEX) Humana (TNEX, THPR) Express Scripts (TRRX, TMOP) WPS (TDEFIC) Various (USFHP)

    11. PKI is used for authentication of the user Access for a user must still be authorized by system managers Having a PKI certificate does not mean a user can access a system or that access will be granted

    14. PKI is being implemented by DoD policy to improve information assurance PKI requirement is in the TRICARE Systems Manual that is part of most contracts

    15. PKI is a means of electronic identification that can be used in electronic transactions Provides: Authentication - proof that person is who they claim Privacy (Confidentiality) - assurance that only the intended recipient can access the information Integrity - verification that no unauthorized modification of data has occurred Non-Repudiation - assurance for the legal community that the person sending cannot deny participation

    16. E-mail digital signature & encryption Financial, contractual, and privacy information Acceptance for formal legal purposes Authentication to networks, applications, and Web servers, to support access control Consistent process for identification, usable for every instance Unique to individual

    17. Level of assurance Protection of data Legal acceptance of electronic communications and records Government Paperwork Elimination Act E-SIGN Act DoD policy – Defense-in-Depth If all parties to a contract choose to use electronic signatures and records, E-SIGN generally grants legal recognition to those methods. E-SIGN provides that no contract, signature, or record shall be denied legal effect solely because it is in electronic form. Nor may a contract relating to a transaction be denied legal effect solely because an electronic signature or record was used in its formation (Section 101(a)). E-SIGN expressly permits agencies to require the use of specific technologies (such as specific authentication methods) in connection with Federal procurement contracts (Section 104(b)(4)). If all parties to a contract choose to use electronic signatures and records, E-SIGN generally grants legal recognition to those methods. E-SIGN provides that no contract, signature, or record shall be denied legal effect solely because it is in electronic form. Nor may a contract relating to a transaction be denied legal effect solely because an electronic signature or record was used in its formation (Section 101(a)). E-SIGN expressly permits agencies to require the use of specific technologies (such as specific authentication methods) in connection with Federal procurement contracts (Section 104(b)(4)).

    18. DoD Certificate Authority Issued to users on DoD facilities Approved External Certificate Authorities (ECAs) Meets DoD criteria for processes Issued to users outside DoD facilities that access DoD Web servers or systems Establishes procedures and certificate price Personal verification to get certificate Use of trusted agents, such as public notaries

More Related