End to End Security

1
Secure Medical Information Exchange (MIX) System
Sead Muftic SETECS Medical Technologies Email
sead.muftic_at_setecs.com Tel 2405352095 SETECS
MIX System Secure Medical Information Exchange
System January 2011
2
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
3
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
4
SETECS MIX System UP Michigan Project
Current Situation
14 participating hospitals (coordinated by
the UPHCN) . . . some have EMR, some
do not Four different EMR
vendorsMcKesson, Meditech, CPSI, Healthland
. . . all four EMR products proprietary and
not interoperable . . . some EMR
products functionally complete, some not
. . . additional IT products in use
Security either does not exist or based on weak
mechanisms . . . no PKI or smart
cards . . . only local, not applied
to interdomain transfers No
automated synchronization and transfers of data
and documents Weak compliance to
medical standards (HIPAA, etc.)
5
SETECS MIX System Response to Requirements
Needs and Requirements
Reliable and unique registration of
patients Accurate authentication of
patients (based on biometrics)
Collection and distribution of demographic,
medical, administrative, financial, and
other data in each hospital Sharing and
transfers of data between hospitals
Registration and authentication of all
professionals in each hospital
Authorization of professionals when accessing and
using medical data Protection of sensitive
data (stored in databases and in transfer)
Protection of medical documents in storage,
transfer, and use
Overall goal (Federal IT Strategic Plan)
Objective 1.1 Privacy and Security
Facilitate electronic exchange, access, and use
of electronic health information while protecting
the privacy and security of patients health
information Objective 1.2 Interoperability
Enable the movement of electronic health
information to where and when it is needed to
support individual health and care needs
6
SETECS MIX System Highlights and Features
Accurate Patient Identification System and Process
Compliance with National Standards
Electronic Exchange of Medical Information
Compatibility with each Sites Existing EMR
Implementations
Secure Method of Accessing and Transferring Data
Role-based Access Control within a Federated
Network
Scalable Network
7
SETECS MIX System Properties
SETECS MIX System
1.) Based on medical IT and Internet security
standards and
technologies 2.) Functionally and
architecturally complete solution 3.) Several
components in each hospital,
linked and combined with existing EMR
products 4.) MIX infrastructure
Regional/Group servers and
Global MIX Server 5.) Modular and
extendible 6.) Easy to install, administer and
maintain
8
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
9
SETECS MIX System Standard Technologies
Medical IT and Security Technologies 1.) HL7
Standard messaging system 2.) MIX SQL
database 3.) Smart card technologies 4.)
PublicKey Infrastructure (PKI) 5.) Secure
Web Services 6.) CCR / CCD Standards
10
SETECS MIX System HL7 Adapters
HL7 Standard Messaging System
System A
System B
Header Segments
Data Segments
Data Types (Compound and Simple)
11
SETECS MIX System Comprehensive SQ Database
MIX SQL Database
System A
System B
MIX DB
MIX DB
Header Segments
Data Segments
Data Attributes
12
SETECS MIX System Database Tables
MIX SQL Database Coding tables
13
SETECS MIX System DB Adapter
MIX SQL Database Data tables
14
SETECS MIX System Patients and Providers
Smart Cards
Smart Card Technologies
Role Provider. Institution SETECS,
Inc. Issued 2009FEB01 Expires 2012FEB01
John Smith MIX Number 123-456-7890 Issued
2009-FEB-12
SMITH, A. JOHN
Patient Smart Card
Smart Card Data demographic, medical, photo,
fingerprint, three certificates, security data
Provider Smart Card
SETECS 256K PIV Smart Card
15
SETECS MIX System CA Server in Hospitals
PublicKey Infrastructures Issuing CA Server
Request
Response
Web Server
Client
User
16
SETECS MIX System Large Scale PKI
PublicKey Infrastructures Multiple Domains
17
SETECS MIX System Single SignOn, SAML Ticket
Secure Web Services
Central Server (PDP)
5
SAML-Res
4
Application Server (PEP)
12345678
Single Sign On
1
3
6
2
18
SETECS MIX System Standard Documents
CCR / CCD Standards
CCD Format (XML standard)
CCR Format
CCR Format
Hospital MIX Server
Hospital MIX Server
Doctor
Doctor
EMR Server
EMR Server
19
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
20
SETECS MIX System MIX Components in Hospitals
MIX System in A Hospital
Hospital MIX Server
MIX Server Admin Station
Security Card
Admin Server
MIX Admin
Portal Server
Hospital MIX SC Station
Hospital MIX Medical Stations
EMR MediTech
EMR McKesson
EMR HealthLand
EMR CPSI
Smart Card Admin
MIX Smart Cards Station
Doctor
Nurse
Admin
Security Card
Security Card
Security Card
Security Card
21
SETECS MIX System Security System in Hospitals
Security System in A Hospital
Hospital Security Server
AAA
CA/PKI
IDMS
Security Server Admin Station
Security Card
Security Admin
Hospital MIX Server
MIX Server Admin Station
Security Card
Admin Server
MIX Admin
Portal Server
22
SETECS MIX System HIE MIX Server
MIX System in A Regional / Group Center
HIE MIX Server (Regional)
Group X-PID
HIE MIX Server Admin Station
Admin
Security Card
Info
MIX Admin
Med Docs and Data
Med Docs and Data
Hospital MIX Server
Hospital MIX Server
Admin
Med Info
Admin
Med Info
23
SETECS MIX System Global MIX Server
Global MIX Server
Unique PIDs
PKI
HL7 Tables
Med Docs and Data
Global X-PID
Global MIX Server
Group MIX Server
Group MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
Patient
24
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
25
SETECS MIX System MIX Admin Station
MIX System in A Hospital
Hospital MIX Server
MIX Server Admin Station
Security Card
Admin Server
MIX Admin
Portal Server
Hospital MIX SC Station
Hospital MIX Medical Stations
Smart Card Admin
MIX Smart Cards Station
EMR MediTech
EMR McKesson
EMR HealthLand
EMR CPSI
Doctor
Nurse
Admin
Security Card
Security Card
Security Card
Security Card
26
SETECS MIX System Registration of Hospital
Entities
27
SETECS MIX System Registration of MIX
Infrastructure
28
SETECS MIX System Managing HL7 Tables
29
SETECS MIX System Managing Personnel
30
SETECS MIX System Managing Patients
31
SETECS MIX System Patients Personal
Information
32
SETECS MIX System Patients Demographic Data
33
SETECS MIX System Patients Medical Data
34
SETECS MIX System Patients Insurance Data
35
SETECS MIX System Patients Emergency Contacts
36
SETECS MIX System Transfers between Hospitals
37
SETECS MIX System Smart Cards Station
MIX System in A Hospital
Hospital MIX Server
MIX Server Admin Station
Security Card
Admin Server
MIX Admin
Portal Server
Hospital MIX SC Station
Hospital MIX Medical Stations
Smart Card Admin
MIX Smart Cards Station
EMR MediTech
EMR McKesson
EMR HealthLand
EMR CPSI
Doctor
Nurse
Admin
Security Card
Security Card
Security Card
Security Card
38
SETECS MIX System Enrollment of Personnel for
Smart Cards
39
SETECS MIX System Enrollment of Patients for
Smart Cards
40
SETECS MIX System Smart Card Requests to HIE
Server
Smart Cards System
Regional Smart Cards DB
Card Issuer
Group MIX Server
Hospital MIX Server
MIX Portal Server
Card Manager
Hospital MIX Station
41
SETECS MIX System HIE MIX Server Admin
Station
HIE MIX Server (Regional)
Group X-PID
HIE MIX Server Admin Station
Admin
Security Card
Info
MIX Admin
Med Docs and Data
Med Docs and Data
Hospital MIX Server
Hospital MIX Server
Admin
Med Info
Admin
Med Info
42
SETECS MIX System Issuing of Smart Cards
43
SETECS MIX System Print/Personalize Smart
Cards
HIE MIX Server (Regional)
Group X-PID
HIE MIX Server Admin Station
Admin
Security Card
Info
MIX Admin
One-step process printing and personalization
of smart cards
Blank cards
44
SETECS MIX System Providers and Patients
Smart Cards
MIX Smart Cards
45
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
46
SETECS MIX System MIX Medical Stations
MIX System in A Hospital
Hospital MIX Server
MIX Server Admin Station
Security Card
Admin Server
MIX Admin
Portal Server
Hospital MIX SC Station
Hospital MIX Medical Stations
Smart Card Admin
MIX Smart Cards Station
EMR MediTech
EMR McKesson
EMR HealthLand
EMR CPSI
Doctor
Nurse
Admin
Security Card
Security Card
Security Card
Security Card
47
SETECS MIX System Portal Interface Patients
and Providers
MIX System in A Hospital
48
SETECS MIX System Portal Interface Various
Events
MIX System in A Hospital
49
SETECS MIX System Portal Interface Transfers
MIX System in A Hospital
50
SETECS MIX System Transfers
MIX System in A Hospital
51
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
52
SETECS MIX System Step 1 Global MIX Server
Global MIX Server
Unique PIDs
PKI
XML Dictionaries
HL7 Tables
Global X-PID
Global MIX Server
Group MIX Server
Group MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
Hospital MIX Server
53
SETECS MIX System
Deployment Steps 1.) Step 1 Install and
activate Global MIX Server 2.) Step 2 Install
and activate HIE MIX Server 3.) Step 3
Install and activate MIX Server in each
Hospital 4.) Step 4 Resolve registration of
personnel (HR databases)
and patients (local EMR systems) 5.)
Step 5 Enroll personnel and issue them smart
cards 6.) Step 6 Establish and enforce
Security Policy 7.) Step 7 Test use of the
MIX system by personnel and patients
54
SETECS MIX System
Deployment Prerequisites 1.) Establish
deployment team (SETECS, MTU, UPHCN,
hospitals) 2.) Specify the details of the
deployment architecture 3.) Complete HL7
coding tables 4.) Review registration data for
patients and professionals 5.) Specify layout
and use of patients smart cards 6.) Create
standard elements for XACML policies 7.)
Specify documents for CCD 8.) EMRs in
hospitals without EMR products 9.) Completion
of HL7 messages for various EMRs
55
SETECS MIX System
Internal System Security 1.) Encryption of
data in MIX database 2.) Encryption of data in
Medical Smart Cards 3.) Use of PIV
authentication protocols 4.) Firewalls and IDP
systems 5.) Reliability (hot backups) and
archiving (cold backups) 6.) Lost, blocked or
terminated smart cards 7.) Privacy of
patients 8.) Security logs and audits 9.)
Limits on data aggregation
56
SETECS MIX System
Overview of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
57
SETECS MIX System
Next Phase Potential Extensions 1.)
Extensions of the MIX system to consumers
(patients) 2.) Extension with laboratory and
imaging data 3.) Extensions to payers and
insurance companies 4.) Extensions to
physicians sector 5.) Extensions to
pharmacies 6.) Extensions to State public
health institutions 7.) Extensions to Federal
public health institutions
58
SETECS MIX System
Conclusions of the Presentation 1.) Current
situation (needs and requirements) 2.)
Technologies 3.) MIX concept, architecture,
and components 4.) MIX administration and
smart cards management 5.) MIX operations and
use 6.) Deployment steps 7.) Next phase
potential extensions
Questions and Discussion
59
Secure Medical Information Exchange (MIX) System
Sead Muftic SETECS Medical Technologies Email
sead.muftic_at_setecs.com Tel 2405352095 SETECS
MIX System Secure Medical Information Exchange
System
January 2011