Pki security and health care
1 / 8

- PowerPoint PPT Presentation

  • Uploaded on

PKI, Security, and Health Care. Rich Guida Director, Information Security. What is the Health Care “Space?”. Point-of-care providers (doctors, clinics, hospitals) Consumers (who receive the care) Insurers Product companies Research institutions Governments. Another way to parse the space.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - raghnall

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Pki security and health care l.jpg
PKI, Security, and Health Care

Rich GuidaDirector, Information Security

What is the health care space l.jpg
What is the Health Care “Space?”

  • Point-of-care providers (doctors, clinics, hospitals)

  • Consumers (who receive the care)

  • Insurers

  • Product companies

  • Research institutions

  • Governments

Another way to parse the space l.jpg
Another way to parse the space

  • Those who typically process patient data (as Personal Health Information – PHI)

    • Point-of-care facilities

    • Insurers

    • Some research institutions

  • Those who typically do not process patient data (as PHI – instead, anonymized)

    • Most product companies and governments (other than for their own employees)

Applicable federal laws regulations l.jpg
Applicable Federal Laws/Regulations

  • Health Insurance Portability and Accountability Act (HIPAA)

    • Confidentiality and integrity of patient data (including PHI)

  • FDA 21 CFR Part 11

    • E-records and e-signatures

  • FDA “Computer Systems Validation” guidance

  • Government Paperwork Elimination Act (GPEA)

  • Electronic Signatures in Global and National Commerce Act (E-SIGN)

Examples of important processes l.jpg
Examples of Important Processes

  • Clinical trials of new drugs/devices

    • Data integrity/authenticity, and where PHI is involved, confidentiality

  • Maintaining quality assurance records on manufacturing and management

    • Data integrity/authenticity

  • Product distribution

    • Data integrity/authenticity – to guard against counterfeits

  • Billing (insurers/point-of-care providers)

    • All of the above

Healthcare security today l.jpg
Healthcare Security Today

  • Mostly userID/password-based for authentication and e-signatures

    • But strong movement towards certificate-based in many areas

  • Diverse environments mean diverse operating systems and practices

  • Health care as a whole is still evolving towards “strong computer security” principles

Goals in using certificates l.jpg
Goals in Using Certificates

  • Single, unified identity for healthcare providers, globally recognized

    • Note: NOT patients!

  • Stronger e-signatures, authentication, encryption

  • Accelerate processes of getting drugs/devices through clinical trials – by reducing paperwork

Today s panel l.jpg
Today’s Panel

  • Terry Zagar from SAFE

    • To discuss the industry-wide initiative focusing on unified credentials based on PKI

    • Includes discussion of SAFE Bridge CA effort

  • John Landwehr from Adobe

    • To discuss how Adobe 6.0 and 7.0 fit in to SAFE’s activities with native PKI functionality