Internet2 Health Sciences Security SIG Possible Collaborations - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Internet2 Health Sciences Security SIG Possible Collaborations

Description:

AAMC American Association of Medical Colleges Group on Information Resources. NIH ... AMIA American Medical Informatics Association. eHealthinitiative, NHII ... – PowerPoint PPT presentation

Number of Views:193
Avg rating:3.0/5.0
Slides: 20
Provided by: jerer
Category:

less

Transcript and Presenter's Notes

Title: Internet2 Health Sciences Security SIG Possible Collaborations


1
Internet2 Health Sciences Security SIG Possible
Collaborations
  • Jere Retzer, Internet2 Health Sciences Security
    SIG Chair,
  • retzerj_at_ohsu.edu
  • August 3, 2003

2
Overview
  • Why an Internet2 Health Sciences Initiative
  • Why a Health Sciences Security SIG
  • How health sciences security is different (and
    the same) as university security
  • Who are the players?
  • What are the opportunities?

3
Why Internet2 Health Sciences
  • Internet2 Mission Develop and deploy advanced
    network applications and technologies,
    accelerating the creation of tomorrows Internet.
  • Health sciences selected as a key applications
    focus due to the leading edge demands posed by
    the health sciences security, high end imaging,
    very large and complex data sets

4
The Health Sciences Challenge
  • Networking Health Prescriptions for the Internet
    by the National Research Council NAP.edu, 2000
  • Health care called the trillion dollar cottage
    industry -- perhaps most knowledge-intensive
    industry about where banking was in the 1960s
  • Across the board, in health care, health
    education, public health, research, security
    cited as an important barrier

5
Health Sciences Challenge 2
  • 1999 Institute of Medicine To Err is Human
    estimates 44,000 98,000 accidental US deaths
    annually due to medical errors
  • Hospitals more dangerous than highways
  • Many preventable with computer systems such as
    electronic patient records, and computerized
    physician order entry
  • Culture evolved around paper records before
    privacy and security became concerns

6
Health Sciences Challenge 3
  • Explosive growth of high end imaging and genetic
    data petabytes of valuable and often sensitive
    data

7
Why a Health Sciences Security SIG
  • Promote policies, practices, and projects that
    overcome security and privacy-related barriers to
    the adoption of emerging Internet technologies in
    the health sciences.
  • While the health sciences are especially fertile
    for advanced applications like interactive
    digital video, large-scale data mining,
    simulation, imaging and remote instrumentation
    that can benefit from Internet2, the need to
    ensure the security and privacy of patient data
    has slowed the adoption of these high value
    applications
  • http//health.internet2.edu/WorkingGroups/Securit
    y.html

8
HIPAA http//www.hhs.gov/ocr/hipaa/
  • Health Insurance Portability and Accountability
    Act of 1996 requires privacy and security in
    three parts transaction code sets, privacy and
    security
  • Privacy rule compliance date April 14, 2003
  • Final security rule published Feb 20, 2003,
    compliance required April 21, 2005 (small plans
    have extra year)
  • Most of us who have been involved with security
    for a while would call these mainly good common
    sense
  • Requires risk analysis, physical security, backup
    and disaster recovery in addition to system
    security

9
Health Sciences and University Security the
Same, but Different
  • Both want to use leading edge applications
  • Both need to protect privacy students, patients
  • Both want inter-institutional access, remote and
    mobile access
  • But HS often needs to add security to advanced
    apps
  • Protected Health Information (PHI) is mission
    critical for HS
  • HS relationships involve PHI, need RBAC and
    auditability

10
HS Need High Performance Apps
  • Real-time, interactive video emerging as a
    mission critical application
  • But PHI must be encrypted
  • Need policies, procedures, forms
  • Needs to be simple, reliable
  • Needs to work through firewalls
  • Emerging need real-time monitoring, supervision
    and control of high end imaging, monitoring and
    diagnostic devices

11
Complex Systems Relationships
Academic Medical Center
Physicians
Government
Patient Records (Paper)
LAB
Admitting
Research
Law Enforcement
EMR
Labs
Residents
HL7
Insurance
Accounting
Billing
Patients
Radiology
Transcription
Pharmacy
Pathology
PACS
Marketing
12
Access to Protected Health Information (PHI)
  • The main order of business for health care
  • An extremely valuable asset
  • Must be encrypted across the Internet
  • Complicated by HIPAA
  • Most would like Role-Based Access and Control
    (RBAC)
  • Must provide ability to audit access and tell
    patient who saw their record
  • Special rules for emergencies, law enforcement,
    AIDS, or on patient request
  • Researchers have special rules to de-identify
    data

13
Mobile/Wireless Devices
  • Use is taking off in health care
  • Present all the usual security headaches
  • How do you control access to PHI once it gets
    into a PDA?
  • How do you audit access?
  • How do you ensure it is accurate or current?

14
Electronic Mail
  • Over two thirds of surveyed patients would like
    to use e-mail to communicate with their
    physician, and physicians like it too, however
  • E-mail is not secure, timely, or assured
  • Generally stored and transmitted in the clear
    employer and family access issues
  • How do you know the doc even read it, or when?
  • How do you even know it got there and some error
    didnt get inserted in the text? (Do not take
    with aspirin)
  • How do you get it into the patients record?

15
So, is HS Security Different?
  • The fundamental issues are really the same
  • The need for security is more critical in some
    cases, particularly for PHI
  • Access issues are significantly more complex
  • But weve already begun to demonstrate
    standards-based middleware can work
  • In some cases, I think HS is simply the first to
    confront issues that education in general will
    need to confront in the future

16
Who are the Players?
  • Educause/Internet2 Security Task Force
  • Internet2 Medical Middleware - Shibboleth
  • AAMC American Association of Medical Colleges
    Group on Information Resources
  • NIH
  • NLM National Library of Medicine
  • NCRR National Center for Research Resources
  • NIBIB National Institute for Biomedical Imaging
    and Bioengineering
  • NCI National Cancer Institute
  • HHS AHRQ Agency for Healthcare Research
    Quality

17
The Players - 2
  • NIST National Institute for Standards
    Technology
  • AMIA American Medical Informatics Association
  • eHealthinitiative, NHII
  • HL7 Health Level 7 working group
  • WEDI Workgroup on Electronic Data Interchange
  • HIMSS - Healthcare Information and Management
    Systems Society
  • RSNA Radiological Society of North America
  • Corporate GE, Phillips, Siemens, Johnson
    Johnson, EI Lilly, Pfizer

18
What are the Opportunities?
  • Security at line speed
  • Standards-based access between entities
  • Role-based
  • Auditable
  • Verified integrity
  • Security everywhere

19
An Invitation
  • Join the healthsec_at_internet2.edu e-mail list
  • Please dive in the need is great and money is
    possible for worthy projects
  • Please join us at the Internet2 Fall Member
    Meeting in Indianapolis in October for an
    organizational discussion of the Internet2 Health
    Sciences SIG (to be scheduled)
Write a Comment
User Comments (0)
About PowerShow.com