Purpose of HIPAA Administrative Simplification - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Purpose of HIPAA Administrative Simplification

Description:

to improve ... the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment ... – PowerPoint PPT presentation

Number of Views:129
Avg rating:3.0/5.0
Slides: 26
Provided by: DonJor5
Learn more at: http://www.hl7.org
Category:

less

Transcript and Presenter's Notes

Title: Purpose of HIPAA Administrative Simplification


1
Purpose of HIPAA Administrative Simplification
  • to improve ... the efficiency and effectiveness
    of the health care system, by encouraging the
    development of a health information system
    through the establishment of standards and
    requirements for the electronic transmission of
    certain health information. from the statute

2
(No Transcript)
3
(No Transcript)
4
(No Transcript)
5
Security/Privacy Services
  • A group of related services that, together,
    facilitate the integrity, confidentiality,
    interoperability and automation of healthcare
    information exchange in a SOA-based healthcare IT
    environment.
  • They address issues of entity authentication,
    authorization, access control and accountability.
  • Owned by Security TC, but
  • Cross discipline, cross domain approach.

6
Scope and Purpose
  • Security-as-a-Service within an SOA-oriented
    architecture implies the decomposition and
    decoupling of complex security processes that are
    typically integrated across infrastructure and
    applications into a set of encapsulated,
    loosely-coupled security/privacy services.

7
Scope and Purpose
  • Security-as-a-Service within an SOA-oriented
    architecture implies the decomposition and
    decoupling of complex security processes that are
    typically integrated across infrastructure and
    applications into a set of encapsulated,
    loosely-coupled security/privacy services.

8
Why do we care?
  • Encourages the deployment of interoperable
    services and applications
  • Reduces the cost of application development
  • Facilitates the automation of certain healthcare
    business processes

9
Scenario Clinician Needs Patient Data
  • From viewpoint of Requestor/Recipient- Requesting
  • Where is the patient data? Whos the custodian?
  • In what format can the data be sent?
  • What courier services are available?
  • How do I submit a request?
  • From viewpoint of Healthcare Information
    Custodian
  • Who is requesting the data?
  • Why should I let them see it?
  • Do the Requestors privileges match my Policy?
  • Courier Service
  • Deliver to intended recipient
  • Dont allow tampering
  • Maintain confidentiality
  • From viewpoint of Requestor/Recipient- Receiving
  • Who sent it? Do I trust them?
  • Has it been tampered with?
  • Can I understand what the Author intended to say?

10
Functional Capabilities
  • To include security/privacy functionality
    essential to enable or facilitate
    interoperability and automation including
    identity management, trust management, privilege
    and access management, auditing, etc. These would
    be as constrained as possible while still
    providing a complementary set of security
    services.
  • Identity and credentials of a resource requestor
    that can be authenticated must be transported to
    an resource access decision point where
    appropriate authorization policy is applied, an
    access control decision is enforced and all
    required audit events are recorded.
    Confidentiality of PHI is maintained at all times.

11
Example Open Source EHR-S Function
HL7 EHR-S Function I.1.6Basic NHIN Access
HealthcareApplications/Components
Trust Registry
HealthcareFramework
Directory Access
Trust Network
Privacy
Communications
Authentication
CrossIndustryFramework
Identity Management
Security/ Encryption
Audit Services
Eclipse Base Framework
Execution Environment
Operating System
Computer Hardware
12
Example Vendor ePrescription Sub-Profile
Vendors use the Healthcare Framework to build
specialized profiles and applications like
ePrescribing. Installable Eclipse plug-ins
encapsulate the functions required to support
profiles and applications.
13
OverviewConceptual Healthcare Service
Architecture
Healthcare Service Bus (HSB)
Health Information Network
Health Information NetworkInfrastructure Services
Interoperability Services
Patient Information Services
Public Health Information Services
?
HL7 V3
?
?
Hospital, LTC,CCC, EPR
PhysicianOffice EMR
Lab System(LIS)
RadiologyCenterPACS/RIS
PharmacySystem
Public HealthServices
EHR Viewer
Physician/Provider
Physician/Provider
Physician/Provider
Lab Clinician
Radiologist
Pharmacist
Public Health Provider
POINT OF SERVICE
14
Overview--Healthcare Service Architecture
Health Information Network
PhysicianOffice EMR
Physician/Provider
POINT OF SERVICE
15
Open Health IT - HSB Messaging Stack
Healthcare Applications
HSB Support Services
Healthcare ProcessModel Execution Engine
LocalHealthcare Services
xHIN Protocols
xHIN Protocols
xHIN Protocols
xHIN Protocols
SOAP
SOAP
SOAP
SOAP
HTTP
HTTP
HTTP-S/MIME
HTTP
HTTP
Healthcare Service Bus
TCP/IP
Network Hardware
16
(No Transcript)
17
xHIN Identity Transport
Transport Envelope (http, smtp, file, )
SOAP Envelope
SOAP Header
wssSecurity
Sender ID Structural Role
Policy-based (Tier 0) Web Service Access Decision
Digital Signature (transport)
SenderFunctional Role
SAML Assertion Role
Encrypted(transport)
SAML Assertion Other
SenderOther
Other
Other
Policy-based (Tier 1) Target Object Access
Decision
SOAP Body
Query
Encrypted(transport,optional)
Document
Other
18
xHIN extensible Health Information Network
TM
  • The xHIN technology represents both an
    architecture and a set of functional
    specifications that exhibits two essential
    attributes
  • the ability to facilitate automation of clinical
    and business processes, and
  • high extensibilitythe ease with which xHIN-based
    health information networks can be deployed,
    expanded and enhanced.

19
Security/Privacy Services
  • May include
  • Integrity
  • Confidentiality
  • Identity Management
  • Access Control/Privilege Management
  • Access Decision Service
  • Access Policy Provisioning Service
  • Audit
  • Privacy
  • Security
  • Entity Registry Service
  • Facilitates the location of an entitys PKI
    information and other information required to
    accomplish the exchange of healthcare
    information.
  • Credential Authentication Service
  • Credential Binding Service
  • Credentials may be bound to an Identity
  • Trust Correlation Service
  • De-identification, Re-identification,
    Pseudnonymization

20
Entity Registry Service
  • PKI identity services for entities are likely to
    be provided by many different parties- private,
    commercial and government. The Entity Registry
    Service facilitates the location of an entitys
    PKI information and other information required to
    accomplish the exchange of healthcare
    information. The entity data may be maintained
    by an Identity Provider. This service may
    leverage the EIS.

21
Access Control/Privilege Management
  • Access Decision Service
  • Taking into account asserted identity/credentials,
    target resource and other factors, returns a
    decision allowing or denying access to the target
    resource.
  • May leverage Identity Authentication and
    Credential Authentication Services
  • Access Policy Provisioning

22
Next Steps
  • Reference/Resource Compilation
  • Mailing List
  • Telecon Schedule
  • Sub-service Prioritization
  • Initial Drafts

23
Eclipse OHF Architecture Overview
Internet
Display
Devices
Eclipse
Telecom
Automotive
Healthcare
Runtime
UI
Workbench Services
Non-core Servicesand Plug-ins
Business Intelligence and Modeling
Resources
JFace
Data Tools
Basic XML Services
SWT
Development Tools
Text
Update
Help
Rules Processing
Dynamic Code/Schema Management
Security (OSGi)
Smart Token Support
Wireless Support
Metering
Eclipse Core
Windows or Linux OS
Computer Hardware
24
Eclipse OHF Architecture Overview
Internet
Display
Devices
Eclipse
Applications
Healthcare
Runtime
UI
Workbench Services
Non-core Servicesand Plug-ins
Open Healthcare Framework
Business Intelligence and Modeling
Resources
JFace
Data Tools
Basic XML Services
SWT
Development Tools
XML Processing
Voice Services Support
HIPAA Support
Trust-based Network Support
EHR Support
Text
Update
Help
Web Service Support
Administrative Tools
Rules Processing
Dynamic Code/Schema Management
Security (OSGi)
Smart Token Support
Wireless Support
Metering
Eclipse Core
Windows or Linux OS
Computer Hardware
25
Eclipse OHF Architecture Overview
Internet
Display
Devices
Training
Clinical Testing
Knowledge Services
ePrescription
Practice Management
CCR Client
Telecom Services
Payer Services
Clinical Data Capture Support
Administrative Support
Dictation/Transcription
Registry Services
Trust Services Support
Patient Services
Applications
XML Processing
Voice Services Support
HIPAA Support
Trust-based Network Support
EHR Support
Web Service Support
Administrative Tools
Open Healthcare Framework
Dynamic Code/Schema Management
Rules Processing
Security (OSGi)
Smart Token Support
Wireless Support
Metering
Eclipse Core
Windows or Linux OS
Computer Hardware
Write a Comment
User Comments (0)
About PowerShow.com