Secure Electronic Health Records
 

Secure Electronic Health Records

on

  • 1,240 views

Rei Safavi Naini ...

Rei Safavi Naini
iCore Chair for Information Security Department of Computer Science, University of Calgary

Presented at the Cybera/CANARIE National Summit 2009, as part of the session "New Frontiers in Data Integration." This session showcased a selection of leading-edge initiatives that are breaking new ground and setting new precedents around the collection and integration of data.

Statistics

Views

Total Views
1,240
Views on SlideShare
1,240
Embed Views
0

Actions

Likes
1
Downloads
24
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Secure Electronic Health Records Secure Electronic Health Records Presentation Transcript

  • A!Digital!Rights!Management!Approach! to!Securing El t i Health Records t S i Electronic H lth R d Rei!Safavi"Naini iCORE Chair!in!Information!Security Department!of!Computer!Science,!U!of!Calgary iCORE Information Security Lab
  • Electronic!Health!Record!(EHR) Electronic Health Record (EHR) • A!collection!of!electronic!health! data! • In!digital!format!! easy!to!share! across!!network"connected! information!systems! • May!include,! • Demographics!(race,!disabilities..)! • medical history medical!history,! • medication!and!allergies,! immunization!status, • laboratory!test!results,!radiology! images, • billing!information… R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Moving!towards!EHR
  • Existing!access!to!Health!Data Existing access to Health Data " Data!stored!in!island!databases " Security:! " Mainly!communication!security " Encrypted links Encrypted!links • EHR!is!the!centerpiece!of!an! " No,!or!little!control!on!access integrated!solution!to!effective! and!secure!management!of! " After!logging!to!the!system!all!data! can!be!accessed health!information. " All!doctors!and!nurses!can!access!all! data " Records!can!be!copied,!printed!etc " Other issues Other!issues " Multiple!copies!of!data " Inefficiency,!hard!to!access… R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Security!is!an!integral!part!of!EHR Security is an integral part of EHR • Paper!data!and!data!stores!are! inherently!more!secure inherently more secure • Limited!number • Hard!to!!duplicate..!imperfect!copies • Changes!are!detectable • Hard!to!access • Electronic!data, • Many!copies!instantly • Easy!to!make!copies • Changes!undetectable • Can!be!accessed!from!any!points… – Intranet • private!confidential!data!among! employee – Extranet for outsourced resources Extranet!for!outsourced!resources – Web!Portal • Security!is!a!major!challenge!
  • A!new!approach:! Using!Digital Rights Management l h " Digital!rights!management: " information!is!distributed!in!a! protected!form " information!can!only!be! accessed!using!a!license " License!contains!terms!and! conditions!in!a!machine" readable!form readable form " usable!only!by!trusted!DRM! agents " compliant!DRM!agents will! refuse!to!perform!any!action! unless!it!is!permitted!by!the! Components!of!a!DRM!System licence. R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Digital!Rights!Management!for! Healthcare lh In!Healthcare: In Healthcare: Organizational! Organizational Policies R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Digital!Rights!Management!for! Healthcare lh In!Healthcare: In Healthcare: • Consent directives can be Consent!directives!can!be! expressed!in!terms!of! attributes. – adapted from the eXtensible adapted!from!the!eXtensible! Access!Control!Markup! Language!(XACML) Organizational! Organizational Policies
  • Digital!Rights!Management!for! Healthcare lh In!Healthcare: In Healthcare: A!license A license Organizational! Organizational Policies R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • A!healthcare!facility A healthcare facility R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • A!healthcare!facility A healthcare facility ‘Interpreting’!policies Interpreting policies • consent!directive!+!site! authorization!policies!! subjects,!actions,!etc.! subjects actions etc • We!use!workflows!to!describe! the!activity!within!a!facility – workflows!imply!licenses!to! perform!specific!actions R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • A!healthcare!facility A healthcare facility Workflows • A!sequence!of!tasks!to!be! carried!out!in!the!specified!order • Authorization!templates!for! each!task • Each!workflow!realizes!a!specific! Each workflow realizes a specific purpose of data processing – “Treatment!Workflow”! “Treatment!Purpose” Stop Check Diagnose Check Examine OR Second Opinion Start
  • A!healthcare!facility A healthcare facility • A!session!starts!when!a!workflow!is!initiated • DRM!agents!can!join and!leave a!session! – Only!if!their!currently!logged"in!user!has! l f h l l d h the!privileges!to!run!the!workflow!of!the! session • Licenses are!issued!for!sessions – Any!agent!that!joins!the!session!can!benefit! from!the!license # A!user!can!continue!a!session!with!a! different!agent!if!that!agent!joins!the!session – E.g.!continue!execution!of!the!workflow!on! a!mobile!device Credentials XACML and Roles Req./Resp. Req /Resp Idtity M Id i Mgmt. CDMS License Issuer Wrkflw Mgmt. Mgmt Authorization Org. Polcy O P l Template R. Safavi-Naini-Summit ‘09- Oct 14, 2009 License
  • Digital!Rights!Management!for! Healthcare lh Approach Advantages • Data!stored!in!encrypted!form • Wholistic approach!to!security!and! – Protection!against!loss!of!disks,!laptops! privacy bypassing!security – Access according to stated policies • Security!for!the!lifetime!of!data • Policies – Data!always!remain!encrypted! – Privacy!policies • in!a!locked!box • Consent!forms!"users – Access!always!through!trusted!agents – S Security!policies it li i • certain!type!in!a!given!context! • Authorization!" organizational • Expressive!languages!to!state! • Policies!are!written!in!machine! requirements readable!form. – Fine"grain!access!control Fine"grain access control • Enforcement! • Security!and!privacy!both – Reference!monitors!to!interpret!policies – Enforcing!privacy!policies • Patients’!consent!directives R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Fine grained!control Fine"grained control • Policy!statements!are!of!the! Policy statements are of the • Alice cannot Alice!cannot, form, – print!!the!record – email!it!to!anyone “role nurse!can read blood!data!for – copy!it! copy it the th purpose of surgery!preparation!! f ti location terminal!x12!!in!room#101” – .. – Access!Britney’s!record – !"#$% as!a!‘nurse’ ! role – Can!!‘read’ Bob’s!test!results!! action ‘purpose’!surgery!prep! purpose! of!access – On!a!‘terminal!x12!in!room!#112’ ! context R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Technology!Demonstrator:! Re-purposing patient data Aim: Use!patients’!data!from!Foothills U ti t ’ d t f F thill • Security!requirements Security requirements Hospital!for!research!purposes – Patients’!private!data – Patients’!consent!directives – Controlling!access!based!on • Multiple!research!projects,!! • Need!to!know Need to know – Teams,!members!with!different!roles – Provide!remote!access! • New!teams!formed,!old!teams! – Link!with!other!health!data! removed • Identify!patients!potential!candidates! for!each!research!study – Management!and!tracking!of!their! records • First!stage!:!HiiTech Hepatology Knowledge!base • In!future:!!other!areas!of!medicine R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Current!System C S • Patients’!records!are!stored!in!a!MS!SQL!database Q • MS!SharePoint!portal!is!used!to!access!and!manage!the!data • Data!can!be!downloaded!by!users!in!the!form!of!MS!InfoPath! forms • S Security: everyone can see all data! it ll d t ! Web S raw data SharePoint health health Data Browser Server Services record d record Identity Id i Management log-in Server credentials
  • The!New!Architecture! metadata Rights license IRM Management Protectors Server metadata protected + data raw data consent Browser protected Consent protected record records SharePoint DRM Web Server Services Agent Data raw data groups Identity Id tit credentials Management Server
  • Scaling!up!to!federated!systems Scaling up to federated systems • Data"level!Federation Organization B – Using!a!federated!database! • integrating!the!databases!in!two! Consent organizations Application – Secure!link!for!data!transfer Data • Complete!mutual!trust!between! organization! – to!enforce!consent!directives!(and! ( perhaps!other!local!policies) Organization A • Easy!to!implement! – Use existing support for database Use!existing!support!for!database! Consent federation!in!database!engines Application • Does!not!support!cross" organizational!research!studies!as! Data applications!are!not!connected applications are not connected R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Scaling!up!to!federated!systems Scaling up to federated systems • Business"Level!Federation • Requirements – federation at application level federation!at!application"level – federation!of!identity!management federation of identity management – extending!the!application!to!enable! • standard!solutions!(e.g.!SAML,!Active! forming!cross"organizational!research! Directory) studies – rights!management!federation • Design!alternatives! • Implementation!is!much!more!difficult! Implementation is much more difficult – DRM!trusted!domains:!issuing!a!license!for!a! DRM trusted domains: issuing a license for a main!server!allowing!it!to!issue!local!licenses! – MS!IRM!service!federation,!or!a!custom! in!its!domain – Issuing!a!cross!organizational!license!directly! solution to!the!user!in!the!other!organization Organization A Organization B Rights Mgmnt Rights Mgmnt Server Server Consent Consent SharePoint SharePoint Services Services Data Data Identity Mgmnt Identity Mgmnt Server Server R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Future!direction: Taking!the!project!to!the!`Cloud’ k h h ` l d’ " Scalable!design " Patient!data!stored!in!`cloud’ " Provincial,!National,..!Global!Access " Access according to stated policies Access!according!to!stated!policies " Whose!policy? " Trust!relationships • Universality!of!the!approach " Consent!directives S a app oac ca be used o Similar!approach!can!be!used!for! other!types!of!data " Efficient!enforcement? – The!technology!can!be!used!for! protection!of!any!document " Data!security:!Whose!responsibility? " Encrypted!content R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • Project!details Project details Participants Publications • iCIS!Lab • N.!P.!Sheppard,!R.!Safavi"Naini,!M.! Jafari,! – Mohammad!Jafari,!Nicholas! A!Digital!Rights!Management! g g g Sheppard,!Michal!Sramka Sh d Mi h l S k Model!for!Healthcare,!Proceedings! • HiiTeC of!the!IEEE!POLICY’09,!London,!UK. – Chad!Saunders,!Hytham! • N.!P.!Sheppard,!R.!Safavi Naini,!M.! N P Sheppard R Safavi"Naini M Khalil,!Simon!Liu Jafari, • Cybera A!Secure!Electronic!Healthcare! Record!Infrastructure!in!the!Digital! – Patrick!Mann,!Jill!Kowalchuk Rights!Management!Model,! Rights Management Model Technical!Report!2009"939"18,! Department!of!Computer!Science,! • Other!supports:!MITACS,! University!of!Calgary,!2009.! iCORE R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  • R. Safavi-Naini-Summit ‘09- Oct 14, 2009