1 / 20

Security Infrastructure and National Patient Summary

Security Infrastructure and National Patient Summary. Mats Hagner. Project Manager Carelink AB Mats.hagner@carelink.se. Carelink. A national association in Sweden, promoting eHealth Currently owned by the county councils and local authorities. Development

opal
Download Presentation

Security Infrastructure and National Patient Summary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Infrastructure and National Patient Summary Mats Hagner. Project Manager Carelink AB Mats.hagner@carelink.se

  2. Carelink • A national association in Sweden, promoting eHealth • Currently owned by the county councils and local authorities. Development Manage and coordinate national projects to develop common solutions – ICT support for health and social care System maintenance Maintain and further develop functionality and quality in already existing common ICT solutions.

  3. BIP Basic services for Information Provision ”An important current development is the removal of individual functions from a large number of e-Health solutions and the development of general or national common solutions.” National Strategy for eHealth

  4. Vision • A unified way to handle patient data with full information security within and between organisations.

  5. Rules and regulations • Legislation • New Patient Data Act • Regulations • National Board on Health and welfare (Socialstyrelsen) • Data Inspection Board • Patient data • Each health care principal is responsible for controlling access to patient data

  6. Prerequisites • Securely identified user • eID + HealthCare Certificate • Need for patient data • Engagement in care activity • Consent • Log –follow up

  7. Current security solutions • Users in every system • Heavy administration • Non dynamic Care professional

  8. Tools • Service Oriented ArchitectureSOA Service (provider) Service (consumer) Request Response Message Information exchange between separated services in a standardized, secure and controlled manner.

  9. BIP • Web services • Authentication • Access control - ABAC • Consent • …… • Based on OASIS-standards as XACML, SAML • Builds on national security solution (SITHS) • Specified in national ”standard” • Developed in cooperation with IT-industry • First official version of the technical specifications ready in june 2007

  10. ABAC - Attribute Based Access Control Resource(Patient data) Actor(Healthcare professional) Control Apply rules Actor attributes Resource attributes ID Organization Medicalspeciality Date Patient ID Organization Medical speciality Date Rules

  11. Example of rule for patient data access • Rule-ID=1 • Actor • Profession=Orthopedist • Organizational unit=Division 3 • Classification=Orthopaedia • Activity • Read • Write • Resource • Organizational unit=Division 3 • Classification=Orthopaedia • Criteria • Valid=2004-11-01 • Decision by • Unit manager NN

  12. Authentication Access Control IT-service Log Log in Client TicketIDAttributes Organizational boundaries

  13. Private Care prov. County Council B County Council A e-Health application e-Health application Local access decisions e-Health application Patient data transfer BIP BIP e-Health application BIP

  14. BIP – Summary • Service Oriented Architecture • Strong authentication – PKI • Attribute Based Access Control – ABAC • Procurement process starts in june 2007 • Planning to start implementation 3Q 2008

  15. Swedish National Patient Summary A summary of important patient information warning, medication, lab tests etc. Viewing only – no updating. Integrated into care applications or used via separate client

  16. Basic conditions Big sunk investment in electronic medical record Decentralized health-care and decision rights Highly diversified IT systems High level of computer literacy • 21 county councils/regions run hospitals and primary care • 290 local authorities provide at home services and ”special accommodations” • Large number of private care companies • Early adapters of electronic medical records • Limited coordination resulting in a highly diversified IT landscape with solitaire systems, many brands and limited ability to communicate • Almost all hospitals, primary care units and home care units fully digitalized • User computer literacy is high

  17. Why a National Patient Summary? Patients • Increased wish to manage own healthcare and care processes • Increased Internet literacy Enhanced efficiency and healthcare quality Regional use • Exchange between county councils and municipalities. • Highly demanded from municipalities. • Enhanced healthcare security • Improved decision support and processes • Reduced admin and testing costs • Improved clinical outcomes Need for interoperability and access to patient data Increased mobility between regions and nations • Healthcare guarantees • Healthcare clusters

  18. Design considerations • Constraints • Legal restrictions to transfer patient data across organizational borders • Need for scalability and performance • Minimize changes in existing systems • Coordinate with other national initiatives • A federated and distributed model • Data remains at the source • Local data repositorites on the network rim • Existing local clinical systems and standards remain largely intact • Less legal and no ownership issues • High scalability and performance • No single point of failure • Fast implementation

  19. Based on industrial solution • Based on industrial solution • Utilization of thoroughly tested components • Established base of existing reference installations • Adapt to information model, security infrastructure and legislation • Established methods and tools for implementation • Prime contractor with clear service deliverables • Prime contractor with strong balance sheet and R&Dstrengths • Competence redundancy • Adherence to industrial standards • Reduced costs • Reduced risk – won’t become test bed for new technology • Improved stability • Continuous improvements with reduced R&D costs • Faster and simpler implementation Enable us to focus on using the solution to improve quality and clinical results

  20. Key success factors 1 Build and develop for the healthcare profession Don’t reinvent the wheel – look for what you can copy/buy from your neighbor and upcoming EU standards Coordinate with other national initiatives such as security infrastructure, information model etc. Develop step-wise rather than go for a big bang – there is a lot of learning on the way 2 3 4

More Related