Loading in 2 Seconds...
Loading in 2 Seconds...
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Protecting Patient Information in Distributed Environments Carol Burt President & CEO email@example.com
OMG Healthcare TF saw this coming! With the explosion of on-line services, controlling access to personal information is critical! The demands of consumers and the requirements of many government regulations such as HIPAA make it mandatory that fine-grain access policy be viable. “This rule makes sure that private health information doesn't fall victim to the progress of the information and technology age, where an array of data is readily available in computer systems and too often just a keystroke away from being accessed.”April 12, 2001 Press Release HIPAA Privacy Ruling
How do we control access? Terminology: Functions needed to support a secure distributed computing environment. • Authentication • Confidentiality • Integrity • Access Control (Application feature & info filtering)
Authentication How do I know that you are who you say you are? • Password • Physical token - ATM card • Certificate - X.509 • Biometric - Thumb print, Retina scan, …
Using Authentication for Access Control Intranet Authentication
Confidentiality & Integrity Now that I know who you are, how can we communicate in such a way that we know we are communicating privately and our messages aren’t being tampered with? Cryptography Message Digests (hash of the message) Digital Signature (encrypted message digest)
Internet Access Control (SSL & PKI) Confidentiality & Integrity Internet Firewall Authentication
That isn’t good enough! The fact that I know who you are and we can communicate privately doesn’t mean that I should tell you everything I know! Authentication, Confidentiality and Integrity are important, but they are only a part of the technology necessary to protect access to personal information.
How do I know if I should allow you to access the healthcare software functions and/or the patient data that you are requesting? Legislation requires that we allow patients to specify the who, what, when & why parameters related to releasing personal information.
Access Control • Insures that the authenticated subject/user is permitted to access a protected resource. • A protected resource may be some functionality and/or some information • Policies are defined using Access Control Lists (ACL’s), Entitlements, Clearances, Relationships… • Protected resources may be things that are known to infrastructure(messaging) software or things only known to the applications’ business logic.
Access Control - Infrastructure Based Controls access to resources that communications infrastructure is aware of such as applications, services, methods, database, etc.. Example: PatientRecInfo get_cpr_info ( in string person_id); An Infrastructure Security Service can protect the “get_cpr_info” method
Infrastructure Access Control Confidentiality & Integrity Infrastructure Access Control Authentication
Access Control - Business Logic Based Controls access to resources that only business logic is aware of such as sensitive aspects of a patient record (patient hiv info or psychiatric info)| Example: PatientRecInfo get_cpr_info ( in string person_id); Only the business logic can understand the individual elements of the patient record and which aspects are more sensitive…
Feature & Information Filtering Access Control Confidentiality & Integrity Business Logic Access Control Infrastructure Access Control Business Logic Access Control Authentication
Hidden Costs of Embedded Access Control Initial implementation might seem quite simple, but remember, security policy is now embedded in business code! Auditing must also be embedded! • Changes in security policy requires code change, testing, new release and deployment. EXPENSIVE! • Policy is cloned repeatedly throughout applications. RISKY! • Introduction of administrative interfaces or configuration based administration increases code complexity and application specific administrative tools. • Impossible to examine policy or to ensure consistency!
Why Resource Access Decision? Enterprises cannot afford to continue the proliferation of access control mechanisms. They must have a consistent way to define and manage the policy that controls access to services and personal information. That is, security infrastructure must include a standard framework that enables fine-grain access control to be "plugged-in" to software solutions. The Resource Access Decision Facility (RAD) provides that framework.
Common Framework Solution – RAD Component Authentication Business Logic / Access Enforcement Confidentiality & Integrity Infrastructure Access Control Business Logic / Access Enforcement Resource Access Decision Auditing & Administration
RAD Dynamic Attribute Service Access Decision Object Decision Combinator PolicyEvaluator PolicyEvaluator Protecting sensitive information Patient Record Application 4 Access_allowed() 2 5 3 1 • User requests patient record info • Is this person allowed to access patient records? • Get raw results from database(s) for patient • Is this user authorized to all the types of info available? (Script, HIV, Psychiatric, Clinical Trial info)? • Enforce decision! Filter result set based on response
RAD Dynamic Attribute Service Access Decision Object Decision Combinator PolicyEvaluator PolicyEvaluator Customizing user interface Patient Record Application 3 2 Access_allowed() b 4 c a 1 • User requests access to the application • Is this person allowed to access patient records? • Is this person authorized to access all application functions? (rx_update, view_lab, update_lab, menu10…) • Cache authorized feature set and dynamically customize GUI (now you only need a,b,c path for each interaction)
OMG Resource Access Decision Architecture ? Access Decision Object Dynamic Attribute Service Medical Applciation Credential 0 1 Modified Credential ? 3 2 PolicyEvaluator Locator Decision Combinator 4 ? PolicyEvaluator PolicyEvaluator ? ? Policy Policy Policy Admin interface
Separation of Concerns • Business Application • “name” their protected resources and the operations they can perform on them • call access_allowed() providing the the resource name, operation, and user credentials • enforce access decisions • Security services • provides authentication, confidentiality, integrity, infrastructure access control & access to authenticated user credentials • Information protection personnel • administer security service and define access policy • RAD makes the fine-grain access decisions!
Resource Access Decision Benefits • Reduced software development costs • Reduced software maintenance costs • Consolidates security policy for HIPAA compliance reviews, security policy administration, and auditing • Reduces risk of legal action & cost of defense • Demonstrating a commitment to privacy will increase customer loyalty
Product Components iLock Admin iLockRAD iLockRules Admin iLock Tester iLockRules