using hl7’s ccow standard to create secure information solutions colorado healthcare information...

Using HL7’s CCOW Standard to Create Secure

Information Solutions Colorado Healthcare Information

Systems Society (CHIMSS)January 12, 2001

Robert SeligerPresident and CEO, SentillionCo-Chair HL7 CCOW Committee Copyright© 2001 Sentillion, Inc.

All Rights Reserved

Secure?

Copyright© 2001 Sentillion, Inc.All Rights Reserved

Agenda

• HIPAA

• Digital Security

• CCOW

• Practical Security Solutions


HIPAA

Final regulations published December 28, 2000

See: http://www.hhs.gov/ocr/hipaa.html


HIPAA: Situation Statement

According to the American Health Information Management Association (AHIMA), an average of 150 people ‘‘from nursing staff to x-ray technicians, to billing clerks’’ have access to a patient’s medical records during the course of a typical hospitalization.** Standards for Privacy of Individually Identifiable Health Information; Final Rule, December 28, 2000, U.S. Dept. of Health and Human Services.Copyright© 2001 Sentillion, Inc.

All Rights Reserved

HIPAA: Approach

• Ensure the rights that an individual who is a

subject of individually identifiable health

information should have.

• Specify the procedures that should be established

for the exercise of such rights.

• Define the uses and disclosures of such

information that should be authorized or required.


HIPAA: Scope

1. Care, services, or supplies related to the health of an individual.

2. Health information maintained/transmitted electronically or via any other form or medium.


HIPAA: Philosophy

We do not prescribe the particular measures that covered entities must take to meet this standard, because the nature of the required policies and procedures will vary with the size of the covered entity and the type of activities that the covered entity undertakes. (That is, as with other provisions of this rule, this requirement is ‘‘scalable.’’)* Standards for Privacy of Individually Identifiable

Health Information; Final Rule, December 28, 2000, U.S. Dept. of Health and Human Services.Copyright© 2001 Sentillion, Inc.

All Rights Reserved

HIPAA: Enforcement

HSS’s Office for Civil Rights:

1. Voluntary

2. Civil monetary penalties and referrals for criminal prosecution.


Digital Security

Authentication

Encryption

Non-Repudiation


Digital Signatures

Secure Hash

Secure Hash

Value

Encrypt Value

Value

COMPARE

by Private key by Public key

ReceiverSender

Original message

Signed Message

ValueDecrypt

Copyright ©Jung Joo-won, 1996, http://simac.kaist.ac.kr/~jwjung/seminar/ssl-ca-inst/slides.en

Verified message

Digital Encryption

Encrypt

by Public key by Private key

ReceiverSender

Original message

Encrypted Message

Decrypt

Decrypted message

Copyright ©Jung Joo-won, 1996, http://simac.kaist.ac.kr/~jwjung/seminar/ssl-ca-inst/slides.en

Where Do Keys Reside?

Private Keys:

A “smart” card

Embedded in a device

On your personal computer

Public Keys:

In a file in “raw” form

In a signed file, known as a digital certificate


Digital SignatureInherent Limitations

The verification process only establishes that the private

key of the person whose public key is specified in the

digital certificate was used to affix the digital signature.

This verification process is a post-signing mechanism and

does not correspond to the trusted witnessing mechanism

established within the traditional signature environment. *

* Non-Repudiation in the Digital Environment, Adrian McCullagh and William Caelli, First Monday, www.firstmonday.dk


CCOW

Multiple disparate applications:

labs, meds, cardiology, scheduling, billing, etc.

Users in need of easy access to data and tools:

physicians, nurses, therapists, administrators, etc.

Kiosk as well as personal workstations:

hospitals, clinics, offices, homes, etc.


CCOW StatusANSI certified standard published by Health Level Seven

Uptake: 3M, Agilent, Bionetrix, CoreChange, Care Data Systems, Drager, DR Systems, Eclipsys, GE/Marquette, Medcon, Medscape, McKessonHBOC, Presideo, SpaceLabs/Burdick, Stockell, many others in 2001

Sites:Rex (1000), Marshfield Clinic (6500), St. Joes (1500), St. Als (2000), Cottage (2000), etc.

Co-Chairs:Robert Seliger, Sentillion (founding co-chair)Barry Royer, Siemens (SMS)Michael Macalusso, McKessonHBOC


What They’re Saying …

“Originally an ad hoc group created to solve the problem of insuring common context between different applications in simultaneous use on the desktop, CCOW is capturing extremely important space in web browser and user security areas.”*

* CHIM Standards Insight, Feb. 7, 2000


Example: Patient Link

Nancy Furlow


Demonstration

Show it!


Architecture


Theory of Operation: Patient Link

(1) User selects the patient of interest using any application on the clinical desktop.

1



(2) Application tells the context manager to start a context change transaction and sets the context data to indicate the newly selected patient.

2


3


(3) Context manager tells patient mapping agent that a context change is occurring; mapping agent supplies the context manager with other identifiers by which the patient is known.


4


4

(4) Context manager tells the other applications that a new patient context has been proposed. The context manager surveys the applications to determine whether each can apply the new context.

4


5


5

(5) Each application indicates whether or not it can apply the new context.

5

5


5

5


(6) If one or more of the applications prefers not to, or cannot, apply the new context, the user is asked to decide whether to continue, cancel, or break the link. Otherwise, context change continues automatically.

6


5

5


(7) Context manager tells each application to apply the new context, or that the transaction has been canceled. If apply, then each applications tunes to the new patient context.

77


User Link

Conceptually, same as Patient Link:

Context change transaction

User mapping agent

Incorporates secure “Chain of Trust”:

Digitally signed communication between programs

No exchange of user passwords


Chain of Trust

Theory of Operation: User Link

(1) User signs on (enters logon name, password, swipes security card, etc.)

1


Chain of Trust

2


(2) Application authenticates the user and tells context manager the user’s logon name; authentication data is not passed on to the context manager.


Chain of Trust


(3) Context manager tells mapping agent context change is occurring; mapping agent supplies the context manager with other logon names for the user as known to each application.

3


Chain of Trust


(4) Context manager tells other applications that there is a new user context. 4

44


Chain of Trust


(5) Each application gets user’s application-specific logon name from the context manager.

55 5


Chain of Trust


(6) Context manager tells each application to apply the new context, or that the transaction has been canceled. If apply, then each applications tunes to the new user context.

66

6


Practical Security SolutionsHIPAA Requirements & Implications

Requirements:

Authenticate user access of patient records

Audit user access of patient records

Upon request, inform patients of access to records

Implications:

Effective administrative processes

Practical security solutions


Practical Security SolutionsThe Setting

• A building or campus of buildings

• A network within and between these buildings

• Connected to the Internet

• Caregivers, ancillary workers, patients, visitors, salesmen, etc.

• Computers everywhere

• Myriad patient-related applications

• Busy peopleCopyright© 2001 Sentillion, Inc.All Rights Reserved

Practical Security SolutionsKey Considerations

Physical Protection

If can’t get at it, can’t have it

Limited Trust

If minimize dependencies, minimize exposure

User Friendliness

If easy to comply, people will

System Understandability

If don’t know how it works, won’t know if it works


CCOW-Based SecurityRobust User Authentication


CCOW-Based SecuritySingle Sign-On


CCOW-Based SecurityRoaming User Certificate


CCOW-Based SecurityContext-Based Auditing


CCOW-Based SecurityContext-Based Audit Reports


CCOW-Based SecurityContext-Based Access Controls


CCOW-Based SecuritySecure Network Appliance


CCOW-Based SecurityCentralized Administration


CCOW-Based SecuritySummary

Need

Authenticate User Access

Audit User Access

Inform Patients of Access

Physical Protection

Limited Trust

User Friendliness

System Understandability

Solution

User Authenticator

Context Audit Logs

Context Reporting

Network Appliance

Central Administration

Single sign-on

CCOW Standard


Conclusion

• HIPAA

• Digital Security

• CCOW

• Practical Security Solutions


using hl7’s ccow standard to create secure information solutions colorado healthcare information...

Documents

civil rights

rights reservedsecure

private keys

digital certificatecopyright

human services

covered entity

hl7s ccow standard

personal computerpublic