0
A!Digital!Rights!Management!Approach!
to!Securing El t i Health Records
t S       i Electronic H lth R    d

             ...
Electronic!Health!Record!(EHR)
Electronic Health Record (EHR)
                                      •    A!collection!of!e...
Moving!towards!EHR
Existing!access!to!Health!Data
      Existing access to Health Data
" Data!stored!in!island!databases

" Security:!
    " ...
Security!is!an!integral!part!of!EHR
    Security is an integral part of EHR
•    Paper!data!and!data!stores!are!
     inhe...
A!new!approach:!
    Using!Digital Rights Management
                l    h
" Digital!rights!management:
   " information!...
Digital!Rights!Management!for!
                   Healthcare
                       lh
In!Healthcare:
In Healthcare:




 ...
Digital!Rights!Management!for!
                   Healthcare
                       lh
In!Healthcare:
In Healthcare:      ...
Digital!Rights!Management!for!
                   Healthcare
                       lh
In!Healthcare:
In Healthcare:      ...
A!healthcare!facility
A healthcare facility




   R. Safavi-Naini-Summit ‘09- Oct 14, 2009
A!healthcare!facility
A healthcare facility

                               ‘Interpreting’!policies
                      ...
A!healthcare!facility
A healthcare facility

                Workflows
                 •    A!sequence!of!tasks!to!be!
  ...
A!healthcare!facility
A healthcare facility
                              •    A!session!starts!when!a!workflow!is!initiat...
Digital!Rights!Management!for!
                     Healthcare
                         lh
Approach                       ...
Fine grained!control
                   Fine"grained control

•    Policy!statements!are!of!the!
     Policy statements ar...
Technology!Demonstrator:!
              Re-purposing patient data
Aim:
Use!patients’!data!from!Foothills
U     ti t ’ d t ...
Current!System
                         C       S
• Patients’!records!are!stored!in!a!MS!SQL!database
                    ...
The!New!Architecture!

                                   metadata
                                                 Rights...
Scaling!up!to!federated!systems
     Scaling up to federated systems
•   Data"level!Federation                            ...
Scaling!up!to!federated!systems
         Scaling up to federated systems
•   Business"Level!Federation                    ...
Future!direction:
      Taking!the!project!to!the!`Cloud’
        k     h              h ` l d’
" Scalable!design
    " Pa...
Project!details
                     Project details
Participants                                  Publications
• iCIS!Lab...
R. Safavi-Naini-Summit ‘09- Oct 14, 2009
Upcoming SlideShare
Loading in...5
×

Secure Electronic Health Records

881

Published on

Rei Safavi Naini
iCore Chair for Information Security Department of Computer Science, University of Calgary

Presented at the Cybera/CANARIE National Summit 2009, as part of the session "New Frontiers in Data Integration." This session showcased a selection of leading-edge initiatives that are breaking new ground and setting new precedents around the collection and integration of data.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
881
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Secure Electronic Health Records"

  1. 1. A!Digital!Rights!Management!Approach! to!Securing El t i Health Records t S i Electronic H lth R d Rei!Safavi"Naini iCORE Chair!in!Information!Security Department!of!Computer!Science,!U!of!Calgary iCORE Information Security Lab
  2. 2. Electronic!Health!Record!(EHR) Electronic Health Record (EHR) • A!collection!of!electronic!health! data! • In!digital!format!! easy!to!share! across!!network"connected! information!systems! • May!include,! • Demographics!(race,!disabilities..)! • medical history medical!history,! • medication!and!allergies,! immunization!status, • laboratory!test!results,!radiology! images, • billing!information… R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  3. 3. Moving!towards!EHR
  4. 4. Existing!access!to!Health!Data Existing access to Health Data " Data!stored!in!island!databases " Security:! " Mainly!communication!security " Encrypted links Encrypted!links • EHR!is!the!centerpiece!of!an! " No,!or!little!control!on!access integrated!solution!to!effective! and!secure!management!of! " After!logging!to!the!system!all!data! can!be!accessed health!information. " All!doctors!and!nurses!can!access!all! data " Records!can!be!copied,!printed!etc " Other issues Other!issues " Multiple!copies!of!data " Inefficiency,!hard!to!access… R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  5. 5. Security!is!an!integral!part!of!EHR Security is an integral part of EHR • Paper!data!and!data!stores!are! inherently!more!secure inherently more secure • Limited!number • Hard!to!!duplicate..!imperfect!copies • Changes!are!detectable • Hard!to!access • Electronic!data, • Many!copies!instantly • Easy!to!make!copies • Changes!undetectable • Can!be!accessed!from!any!points… – Intranet • private!confidential!data!among! employee – Extranet for outsourced resources Extranet!for!outsourced!resources – Web!Portal • Security!is!a!major!challenge!
  6. 6. A!new!approach:! Using!Digital Rights Management l h " Digital!rights!management: " information!is!distributed!in!a! protected!form " information!can!only!be! accessed!using!a!license " License!contains!terms!and! conditions!in!a!machine" readable!form readable form " usable!only!by!trusted!DRM! agents " compliant!DRM!agents will! refuse!to!perform!any!action! unless!it!is!permitted!by!the! Components!of!a!DRM!System licence. R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  7. 7. Digital!Rights!Management!for! Healthcare lh In!Healthcare: In Healthcare: Organizational! Organizational Policies R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  8. 8. Digital!Rights!Management!for! Healthcare lh In!Healthcare: In Healthcare: • Consent directives can be Consent!directives!can!be! expressed!in!terms!of! attributes. – adapted from the eXtensible adapted!from!the!eXtensible! Access!Control!Markup! Language!(XACML) Organizational! Organizational Policies
  9. 9. Digital!Rights!Management!for! Healthcare lh In!Healthcare: In Healthcare: A!license A license Organizational! Organizational Policies R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  10. 10. A!healthcare!facility A healthcare facility R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  11. 11. A!healthcare!facility A healthcare facility ‘Interpreting’!policies Interpreting policies • consent!directive!+!site! authorization!policies!! subjects,!actions,!etc.! subjects actions etc • We!use!workflows!to!describe! the!activity!within!a!facility – workflows!imply!licenses!to! perform!specific!actions R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  12. 12. A!healthcare!facility A healthcare facility Workflows • A!sequence!of!tasks!to!be! carried!out!in!the!specified!order • Authorization!templates!for! each!task • Each!workflow!realizes!a!specific! Each workflow realizes a specific purpose of data processing – “Treatment!Workflow”! “Treatment!Purpose” Stop Check Diagnose Check Examine OR Second Opinion Start
  13. 13. A!healthcare!facility A healthcare facility • A!session!starts!when!a!workflow!is!initiated • DRM!agents!can!join and!leave a!session! – Only!if!their!currently!logged"in!user!has! l f h l l d h the!privileges!to!run!the!workflow!of!the! session • Licenses are!issued!for!sessions – Any!agent!that!joins!the!session!can!benefit! from!the!license # A!user!can!continue!a!session!with!a! different!agent!if!that!agent!joins!the!session – E.g.!continue!execution!of!the!workflow!on! a!mobile!device Credentials XACML and Roles Req./Resp. Req /Resp Idtity M Id i Mgmt. CDMS License Issuer Wrkflw Mgmt. Mgmt Authorization Org. Polcy O P l Template R. Safavi-Naini-Summit ‘09- Oct 14, 2009 License
  14. 14. Digital!Rights!Management!for! Healthcare lh Approach Advantages • Data!stored!in!encrypted!form • Wholistic approach!to!security!and! – Protection!against!loss!of!disks,!laptops! privacy bypassing!security – Access according to stated policies • Security!for!the!lifetime!of!data • Policies – Data!always!remain!encrypted! – Privacy!policies • in!a!locked!box • Consent!forms!"users – Access!always!through!trusted!agents – S Security!policies it li i • certain!type!in!a!given!context! • Authorization!" organizational • Expressive!languages!to!state! • Policies!are!written!in!machine! requirements readable!form. – Fine"grain!access!control Fine"grain access control • Enforcement! • Security!and!privacy!both – Reference!monitors!to!interpret!policies – Enforcing!privacy!policies • Patients’!consent!directives R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  15. 15. Fine grained!control Fine"grained control • Policy!statements!are!of!the! Policy statements are of the • Alice cannot Alice!cannot, form, – print!!the!record – email!it!to!anyone “role nurse!can read blood!data!for – copy!it! copy it the th purpose of surgery!preparation!! f ti location terminal!x12!!in!room#101” – .. – Access!Britney’s!record – !"#$% as!a!‘nurse’ ! role – Can!!‘read’ Bob’s!test!results!! action ‘purpose’!surgery!prep! purpose! of!access – On!a!‘terminal!x12!in!room!#112’ ! context R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  16. 16. Technology!Demonstrator:! Re-purposing patient data Aim: Use!patients’!data!from!Foothills U ti t ’ d t f F thill • Security!requirements Security requirements Hospital!for!research!purposes – Patients’!private!data – Patients’!consent!directives – Controlling!access!based!on • Multiple!research!projects,!! • Need!to!know Need to know – Teams,!members!with!different!roles – Provide!remote!access! • New!teams!formed,!old!teams! – Link!with!other!health!data! removed • Identify!patients!potential!candidates! for!each!research!study – Management!and!tracking!of!their! records • First!stage!:!HiiTech Hepatology Knowledge!base • In!future:!!other!areas!of!medicine R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  17. 17. Current!System C S • Patients’!records!are!stored!in!a!MS!SQL!database Q • MS!SharePoint!portal!is!used!to!access!and!manage!the!data • Data!can!be!downloaded!by!users!in!the!form!of!MS!InfoPath! forms • S Security: everyone can see all data! it ll d t ! Web S raw data SharePoint health health Data Browser Server Services record d record Identity Id i Management log-in Server credentials
  18. 18. The!New!Architecture! metadata Rights license IRM Management Protectors Server metadata protected + data raw data consent Browser protected Consent protected record records SharePoint DRM Web Server Services Agent Data raw data groups Identity Id tit credentials Management Server
  19. 19. Scaling!up!to!federated!systems Scaling up to federated systems • Data"level!Federation Organization B – Using!a!federated!database! • integrating!the!databases!in!two! Consent organizations Application – Secure!link!for!data!transfer Data • Complete!mutual!trust!between! organization! – to!enforce!consent!directives!(and! ( perhaps!other!local!policies) Organization A • Easy!to!implement! – Use existing support for database Use!existing!support!for!database! Consent federation!in!database!engines Application • Does!not!support!cross" organizational!research!studies!as! Data applications!are!not!connected applications are not connected R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  20. 20. Scaling!up!to!federated!systems Scaling up to federated systems • Business"Level!Federation • Requirements – federation at application level federation!at!application"level – federation!of!identity!management federation of identity management – extending!the!application!to!enable! • standard!solutions!(e.g.!SAML,!Active! forming!cross"organizational!research! Directory) studies – rights!management!federation • Design!alternatives! • Implementation!is!much!more!difficult! Implementation is much more difficult – DRM!trusted!domains:!issuing!a!license!for!a! DRM trusted domains: issuing a license for a main!server!allowing!it!to!issue!local!licenses! – MS!IRM!service!federation,!or!a!custom! in!its!domain – Issuing!a!cross!organizational!license!directly! solution to!the!user!in!the!other!organization Organization A Organization B Rights Mgmnt Rights Mgmnt Server Server Consent Consent SharePoint SharePoint Services Services Data Data Identity Mgmnt Identity Mgmnt Server Server R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  21. 21. Future!direction: Taking!the!project!to!the!`Cloud’ k h h ` l d’ " Scalable!design " Patient!data!stored!in!`cloud’ " Provincial,!National,..!Global!Access " Access according to stated policies Access!according!to!stated!policies " Whose!policy? " Trust!relationships • Universality!of!the!approach " Consent!directives S a app oac ca be used o Similar!approach!can!be!used!for! other!types!of!data " Efficient!enforcement? – The!technology!can!be!used!for! protection!of!any!document " Data!security:!Whose!responsibility? " Encrypted!content R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  22. 22. Project!details Project details Participants Publications • iCIS!Lab • N.!P.!Sheppard,!R.!Safavi"Naini,!M.! Jafari,! – Mohammad!Jafari,!Nicholas! A!Digital!Rights!Management! g g g Sheppard,!Michal!Sramka Sh d Mi h l S k Model!for!Healthcare,!Proceedings! • HiiTeC of!the!IEEE!POLICY’09,!London,!UK. – Chad!Saunders,!Hytham! • N.!P.!Sheppard,!R.!Safavi Naini,!M.! N P Sheppard R Safavi"Naini M Khalil,!Simon!Liu Jafari, • Cybera A!Secure!Electronic!Healthcare! Record!Infrastructure!in!the!Digital! – Patrick!Mann,!Jill!Kowalchuk Rights!Management!Model,! Rights Management Model Technical!Report!2009"939"18,! Department!of!Computer!Science,! • Other!supports:!MITACS,! University!of!Calgary,!2009.! iCORE R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  23. 23. R. Safavi-Naini-Summit ‘09- Oct 14, 2009
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×