![Page 1: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/1.jpg)
Using HL7’s CCOW Standard to Create Secure
Information Solutions Colorado Healthcare Information
Systems Society (CHIMSS)January 12, 2001
Robert SeligerPresident and CEO, SentillionCo-Chair HL7 CCOW Committee Copyright© 2001 Sentillion, Inc.
All Rights Reserved
![Page 2: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/2.jpg)
Secure?
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 3: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/3.jpg)
Agenda
• HIPAA
• Digital Security
• CCOW
• Practical Security Solutions
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 4: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/4.jpg)
HIPAA
Final regulations published December 28, 2000
See: http://www.hhs.gov/ocr/hipaa.html
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 5: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/5.jpg)
HIPAA: Situation Statement
According to the American Health Information Management Association (AHIMA), an average of 150 people ‘‘from nursing staff to x-ray technicians, to billing clerks’’ have access to a patient’s medical records during the course of a typical hospitalization.** Standards for Privacy of Individually Identifiable Health Information; Final Rule, December 28, 2000, U.S. Dept. of Health and Human Services.Copyright© 2001 Sentillion, Inc.
All Rights Reserved
![Page 6: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/6.jpg)
HIPAA: Approach
• Ensure the rights that an individual who is a
subject of individually identifiable health
information should have.
• Specify the procedures that should be established
for the exercise of such rights.
• Define the uses and disclosures of such
information that should be authorized or required.
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 7: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/7.jpg)
HIPAA: Scope
1. Care, services, or supplies related to the health of an individual.
2. Health information maintained/transmitted electronically or via any other form or medium.
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 8: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/8.jpg)
HIPAA: Philosophy
We do not prescribe the particular measures that covered entities must take to meet this standard, because the nature of the required policies and procedures will vary with the size of the covered entity and the type of activities that the covered entity undertakes. (That is, as with other provisions of this rule, this requirement is ‘‘scalable.’’)* Standards for Privacy of Individually Identifiable
Health Information; Final Rule, December 28, 2000, U.S. Dept. of Health and Human Services.Copyright© 2001 Sentillion, Inc.
All Rights Reserved
![Page 9: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/9.jpg)
HIPAA: Enforcement
HSS’s Office for Civil Rights:
1. Voluntary
2. Civil monetary penalties and referrals for criminal prosecution.
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 10: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/10.jpg)
Digital Security
Authentication
Encryption
Non-Repudiation
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 11: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/11.jpg)
Digital Signatures
Secure Hash
Secure Hash
Value
Encrypt Value
Value
COMPARE
by Private key by Public key
ReceiverSender
Original message
Signed Message
ValueDecrypt
Copyright ©Jung Joo-won, 1996, http://simac.kaist.ac.kr/~jwjung/seminar/ssl-ca-inst/slides.en
Verified message
![Page 12: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/12.jpg)
Digital Encryption
Encrypt
by Public key by Private key
ReceiverSender
Original message
Encrypted Message
Decrypt
Decrypted message
Copyright ©Jung Joo-won, 1996, http://simac.kaist.ac.kr/~jwjung/seminar/ssl-ca-inst/slides.en
![Page 13: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/13.jpg)
Where Do Keys Reside?
Private Keys:
A “smart” card
Embedded in a device
On your personal computer
Public Keys:
In a file in “raw” form
In a signed file, known as a digital certificate
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 14: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/14.jpg)
Digital SignatureInherent Limitations
The verification process only establishes that the private
key of the person whose public key is specified in the
digital certificate was used to affix the digital signature.
This verification process is a post-signing mechanism and
does not correspond to the trusted witnessing mechanism
established within the traditional signature environment. *
* Non-Repudiation in the Digital Environment, Adrian McCullagh and William Caelli, First Monday, www.firstmonday.dk
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 15: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/15.jpg)
CCOW
Multiple disparate applications:
labs, meds, cardiology, scheduling, billing, etc.
Users in need of easy access to data and tools:
physicians, nurses, therapists, administrators, etc.
Kiosk as well as personal workstations:
hospitals, clinics, offices, homes, etc.
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 16: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/16.jpg)
CCOW StatusANSI certified standard published by Health Level Seven
Uptake: 3M, Agilent, Bionetrix, CoreChange, Care Data Systems, Drager, DR Systems, Eclipsys, GE/Marquette, Medcon, Medscape, McKessonHBOC, Presideo, SpaceLabs/Burdick, Stockell, many others in 2001
Sites:Rex (1000), Marshfield Clinic (6500), St. Joes (1500), St. Als (2000), Cottage (2000), etc.
Co-Chairs:Robert Seliger, Sentillion (founding co-chair)Barry Royer, Siemens (SMS)Michael Macalusso, McKessonHBOC
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 17: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/17.jpg)
What They’re Saying …
“Originally an ad hoc group created to solve the problem of insuring common context between different applications in simultaneous use on the desktop, CCOW is capturing extremely important space in web browser and user security areas.”*
* CHIM Standards Insight, Feb. 7, 2000
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 18: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/18.jpg)
Example: Patient Link
Nancy Furlow
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 19: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/19.jpg)
Demonstration
Show it!
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 20: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/20.jpg)
Architecture
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 21: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/21.jpg)
Architecture
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 22: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/22.jpg)
Architecture
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 23: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/23.jpg)
Theory of Operation: Patient Link
(1) User selects the patient of interest using any application on the clinical desktop.
1
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 24: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/24.jpg)
Theory of Operation: Patient Link
(2) Application tells the context manager to start a context change transaction and sets the context data to indicate the newly selected patient.
2
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 25: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/25.jpg)
3
Theory of Operation: Patient Link
(3) Context manager tells patient mapping agent that a context change is occurring; mapping agent supplies the context manager with other identifiers by which the patient is known.
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 26: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/26.jpg)
4
Theory of Operation: Patient Link
4
(4) Context manager tells the other applications that a new patient context has been proposed. The context manager surveys the applications to determine whether each can apply the new context.
4
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 27: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/27.jpg)
5
Theory of Operation: Patient Link
5
(5) Each application indicates whether or not it can apply the new context.
5
5
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 28: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/28.jpg)
5
5
Theory of Operation: Patient Link
(6) If one or more of the applications prefers not to, or cannot, apply the new context, the user is asked to decide whether to continue, cancel, or break the link. Otherwise, context change continues automatically.
6
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 29: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/29.jpg)
5
5
Theory of Operation: Patient Link
(7) Context manager tells each application to apply the new context, or that the transaction has been canceled. If apply, then each applications tunes to the new patient context.
77
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 30: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/30.jpg)
User Link
Conceptually, same as Patient Link:
Context change transaction
User mapping agent
Incorporates secure “Chain of Trust”:
Digitally signed communication between programs
No exchange of user passwords
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 31: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/31.jpg)
Chain of Trust
Theory of Operation: User Link
(1) User signs on (enters logon name, password, swipes security card, etc.)
1
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 32: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/32.jpg)
Chain of Trust
2
Theory of Operation: User Link
(2) Application authenticates the user and tells context manager the user’s logon name; authentication data is not passed on to the context manager.
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 33: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/33.jpg)
Chain of Trust
Theory of Operation: User Link
(3) Context manager tells mapping agent context change is occurring; mapping agent supplies the context manager with other logon names for the user as known to each application.
3
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 34: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/34.jpg)
Chain of Trust
Theory of Operation: User Link
(4) Context manager tells other applications that there is a new user context. 4
44
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 35: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/35.jpg)
Chain of Trust
Theory of Operation: User Link
(5) Each application gets user’s application-specific logon name from the context manager.
55 5
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 36: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/36.jpg)
Chain of Trust
Theory of Operation: User Link
(6) Context manager tells each application to apply the new context, or that the transaction has been canceled. If apply, then each applications tunes to the new user context.
66
6
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 37: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/37.jpg)
Practical Security SolutionsHIPAA Requirements & Implications
Requirements:
Authenticate user access of patient records
Audit user access of patient records
Upon request, inform patients of access to records
Implications:
Effective administrative processes
Practical security solutions
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 38: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/38.jpg)
Practical Security SolutionsThe Setting
• A building or campus of buildings
• A network within and between these buildings
• Connected to the Internet
• Caregivers, ancillary workers, patients, visitors, salesmen, etc.
• Computers everywhere
• Myriad patient-related applications
• Busy peopleCopyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 39: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/39.jpg)
Practical Security SolutionsKey Considerations
Physical Protection
If can’t get at it, can’t have it
Limited Trust
If minimize dependencies, minimize exposure
User Friendliness
If easy to comply, people will
System Understandability
If don’t know how it works, won’t know if it works
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 40: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/40.jpg)
CCOW-Based SecurityRobust User Authentication
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 41: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/41.jpg)
CCOW-Based SecuritySingle Sign-On
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 42: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/42.jpg)
CCOW-Based SecurityRoaming User Certificate
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 43: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/43.jpg)
CCOW-Based SecurityContext-Based Auditing
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 44: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/44.jpg)
CCOW-Based SecurityContext-Based Audit Reports
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 45: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/45.jpg)
CCOW-Based SecurityContext-Based Access Controls
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 46: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/46.jpg)
CCOW-Based SecuritySecure Network Appliance
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 47: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/47.jpg)
CCOW-Based SecurityCentralized Administration
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 48: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/48.jpg)
CCOW-Based SecuritySummary
Need
Authenticate User Access
Audit User Access
Inform Patients of Access
Physical Protection
Limited Trust
User Friendliness
System Understandability
Solution
User Authenticator
Context Audit Logs
Context Reporting
Network Appliance
Central Administration
Single sign-on
CCOW Standard
Copyright© 2001 Sentillion, Inc.All Rights Reserved
![Page 49: Using HL7’s CCOW Standard to Create Secure Information Solutions Colorado Healthcare Information Systems Society (CHIMSS) January 12, 2001 Robert Seliger](https://reader035.vdocuments.us/reader035/viewer/2022062806/56649ebd5503460f94bc6f23/html5/thumbnails/49.jpg)
Conclusion
• HIPAA
• Digital Security
• CCOW
• Practical Security Solutions
Copyright© 2001 Sentillion, Inc.All Rights Reserved