SlideShare a Scribd company logo

Fred GWU Grad Certificate class project

Download as DOC, PDF
W Fred Seigneur
W Fred Seigneur

One of several documents describing an earlier version of the Secure Computing InFrastructure (SCIF) architecture and embodiment for a medical applicaton

Engineering
1 of 10
Mammoth, Inc. Project Proposal Prototype System Architecture In the Prototype system, Doctors’ hand held terminals will be simulated by laptop computers running a web browser and using 802.11b wireless access. Connection from a doctor’s device to the applications server will be via the Internet. However, we will consider the Internet a hostile communications medium and our architecture protects against exposure from the public Internet by using IPSEC. The diagram from the Policy section is repeated below as Figure 1 for reference. Figure 1. Relationships between entities in system. Medical Group Referred to Member of Doctor Hospital Practices at Outsources Tests to Outsources Tests to Independent Laboratory Is Tested by Patient Outpatient at Inpatient at Patient of Primary Care Provider of Specialist Care Provider of Only two Medical Groups, each with at least two doctors and 3 patients will be included in the Prototype. No Hospital or Independent Laboratory will be modeled in the Prototype. All data will be pre-loaded into the Prototype database. The Prototype will include no on-line input of data. The intent of the prototype is to demonstrate that sensitive patient data is only allowed to be accessed by authorized doctors over secure connections.
Mammoth, Inc. Project Proposal Prototype System Architecture Figure 2 below shows the logical architecture of the prototype. Figure 2. Prototype Logical Architecture Since the equipment in the logical prototype will likely is not available, the prototype physical architecture is shown in Figure 3 below. Laptops will be used to simulate each of two doctors from two Medical Groups. One host will serve web pages for both Medical Groups.
Mammoth, Inc. Project Proposal Prototype System Architecture Figure 3. Prototype Physical Architecture Data will be stored on disk on the Linux host. Doctors will authenticate themselves using userid and password. Data will only be provided to Doctors who are authorized to access it, based on their login. SSL or other encryption will protect all data transfers from being observed while it traverses the Internet or the wireless Access Point. Furthermore sensitive patient data will only be transmitted using PGP encryption using the public key of the Doctor who is logged in. Thus, even if an authorized Doctor’s userid and password are compromised, the data will be useless unless the perpetrator alsh has the Doctor’s private key and pass phrase. Appropriate PGP keys will be installed on devices for each doctor. If an unauthorized user acquires the laptop the thief will still need the doctor’s userid, password and pass-phrase.
Exhibit A Privacy Policy In the case of medical information, the issue is potential violation of the Doctor-Patient confidence, which is a privilege protected by law. The violation of this privilege can result in loss of a doctor’s or group of doctor’s right to practice medicine as well as damage suits from patients, and possible criminal charges. Therefore, we make the following assumptions: · Doctors, Hospitals, Labs and their professional and support personnel are aware of the risks of violating patient privacy. The requirement on Medsoft/Mammoth is to ensure that automated systems developed and marketed by the Medsoft/Mammoth team do not compromise Doctor-Patient Privilege. · Individual client organizations (Doctors’ Offices) may exercise their own Privacy Policy. Individual users, who are certified by the procedures and mechanisms described in the Concept of Operations and elsewhere in this document, are at liberty to reveal or protect information obtained from automated systems just as they are with existing paper and automated records. Description of Subjects and Objects In order to define a Privacy Policy, we first defined Subjects, Objects and Relationships, which were then used to create rules defining cases where it is acceptable for information relating to a specific patient to be revealed to a particular Medical Group/Doctor. The diagram below is an initial model of the entities involved in transactions involving Medsoft. The principal actors (subjects) are the Doctor and the Patient. The objects to be protected are medical records relating to individual patients. Other entities in the model are Medical Groups, Hospitals and Independent Laboratories. Sensitive patient information is maintained by each of these entities, with all rights to such information being authorized by the Patient and protected by Doctor-Patient Privilege. A-1 Mammoth, Inc. Proprietary Information
Exhibit A Privacy Policy Practices at Outsources Tests to Outsources Tests to Is Tested by Medical Group Referred to Member of Patient of Each Patient has at least (and most often only) one Primary Care Physician. Normally insurance companies require that there be a single Primary Care Physician, although the Patient has the right to create this relationship with more than one Doctor. This model accommodates such a situation, however, in this case the Privacy Policy permits Patient information to be shared only by written consent of the Patient. Within this model, all doctors are considered to belong to one and only one Medical Group. Doctors who provide service independently from such a group are considered to belong to a group of one, that particular Doctor’s practice. Other Medical Groups/Doctors may provide specialist care to the patient after a referral from the patient’s Doctor. While a Patient has the right to consul a specialist independently (without being referred by a Primary Care Physician), this case is modeled identically to the case where a Patient independently consults more than one Medical Group/Doctor. A-2 Mammoth, Inc. Proprietary Information Doctor Hospital Independent Laboratory Patient Outpatient at Inpatient at Primary Care Provider of Specialist Care Provider of
Exhibit A Privacy Policy Hospitals provide inpatient and outpatient care to Patients. The inpatient or outpatient relationship between Patient and Hospital is established by the Doctor’s act of admitting the Patient to the Hospital (as an inpatient), or referring the Patient to the Hospital for outpatient services. The authority to admit Patients to a Hospital is based on the fact that one or more Doctors in a Medical Group Practices at a particular Hospital. Similarly, a Doctor who is a Member of a Medical Group may (through the Medical Group) Outsource Tests to an Independent Laboratory. The term Independent Laboratory is a generic term for all such organizations that do blood work, x-rays, etc. Such organizations may also provide interpretative services (such as a radiologist’s reading of an X-ray or Cat Scan). Patient Information Access Policy Patient Information Stored by Patient Information Provided to Access to Patient Information Permitted Only If Medical Group Doctor Doctor is currently a Member of Medical Group AND Patient is currently a Patient of Medical Group Hospital Medical Group Patient was admitted as an Inpatient at Hospital by a Doctor who is a Member of the requesting Medical Group which Practices at the Hospital OR Patient was referred as an Outpatient at Hospital by a Doctor who is a Member of a Medical Group which Practices at the Hospital OR Patient authorizes information release by Hospital to Medical Group (in writing). A-3 Mammoth, Inc. Proprietary Information
Exhibit A Privacy Policy Patient Information Access Policy Patient Information Stored by Patient Information Provided to Access to Patient Information Permitted Only If Independent Laboratory Medical Group Note: parentheses below denote grouping of logical operations (The requesting Medical Group Outsources Tests to Independent Laboratory for Patient. AND The specific test(s) for the specific Patient for which results are being requested was/were outsourced to the Independent Laboratory by a Doctor who is a Member of the requesting Medical Group) OR Patient authorizes information release by Independent Laboratory to Medical Group (in writing). Medical Group Other Medical Group Patient was Referred to the other Medical Group by a Doctor who is a Member of the requesting Medical Group OR Patient authorizes the other Medical Group to release information to the requesting Medical Group (in writing). A-4 Mammoth, Inc. Proprietary Information
Exhibit B Security Policy All access to and modification to information secured under this Security Policy will: · Be limited to authorized individuals and procedures protected under the Security Mechanisms, which implement the Privacy Policy defined in Exhibit A, above and this Security Policy. · Be in accordance with the Clark-Wilson Integrity Model, which is restated (from the referenced document) for clarity in Tables 1, 2 and 3 below. The Draft System Architecture document, above, explains how trusted Transformation Procedures (TPs) are developed using Mammoth’s development procedures and executed in a secure environment, using the Mammoth Secure Server Card (SSC). More details will be provided in the next draft of this White Paper. Table 1 Clark-Wilson Integrity Model Definitions Acronym Expansion Meaning CDI Constrained Data Item A set of data items that have been validated (by a TP) and are in accordance with specifications. IVP Integrity Verification Procedure An integrity verification procedure is used to demonstrate that CDIs are valid and are in accordance with specifications. IVPs can be computer code or they can be manual procedures. Audit work programs are classic examples of IVPs, as are input validation programs. TP Transformation Procedure A transformation procedure transforms a set of valid data items (CDI) into another valid set. It may also transform non-validated data items (UDI) into valid data (CDI). This means that a transformation procedure must itself have the properties of a CDI. UDI Unconstrained Data Item A UDI is a set of data items that have not been validated or proved to comply with specifications. B-1 Mammoth, Inc. Proprietary Information
Exhibit B Security Policy Table 2 Clark-Wilson Integrity Model The Five Certification Rules Rule Number Rule C1 All IVP’s must properly ensure that all CDI’s are in a valid state at the time the IVP is run. C2 All TP’s must be certified to be valid. That is, they must take a CDI to a valid final state, given that it is in a valid state to begin with. For each TP, and each set of CDI’s that it may manipulate, the Security Officer must specify a “relation”, defines that execution. A relation is thus of the form: (TPi, (CDIa, CDIb, CDIc...)), where the list of CDI’s defines a particular set of arguments for which the TP has been certified. C3 The list of relations in E2 must be certified to meet the separation of duty requirement. C4 All TP’s must be certified to write to an append-only CDI (the log) all information necessary to permit the nature of the operation to be reconstructed. C5 Any TP that takes a UDI as an input value must be certified to perform only valid transformation, or else no transformations, for any possible value of the UDI. The transformation should take the input from a UDI to a CDI, or the UDI commercial is rejected. B-2 Mammoth, Inc. Proprietary Information
Exhibit B Security Policy Table 3 Clark-Wilson Integrity Model The Four Enforcement Rules Rule Number Rule E1 The system must maintain the list of relations specified in rule C2, and must ensure that the only manipulation of any CDI is by a TP, where the TP is operating on the CDI as specified in some relation. E2 The system must maintain a list of relationships of the form: (UserID, TPi, (CDIa, CDIb, CDIc.)), which relates to a user, a TP, and the data objects that TP may reference on behalf of that user. It must ensure that only executions described in one of the relations are performed. E3 The system must authenticate the identity of each user attempting to execute a TP. E4 Only the agent permitted to certify entities may change the list of such entities associated with other entities: specifically, the list of TP’s associated with a CDI and the list of users associated with a TP. An agent that can certify an entity may not have any execute rights with respect to that entity. B-3 Mammoth, Inc. Proprietary Information

Recommended

Understanding basics of software development and healthcare
Understanding basics of software development and healthcareUnderstanding basics of software development and healthcare
Understanding basics of software development and healthcareBharadwaj PV
 
Health confidence HIS
Health confidence HISHealth confidence HIS
Health confidence HISIDT systems
 
Add posting content Birla
Add posting content BirlaAdd posting content Birla
Add posting content BirlaShree Birla
 
The Electronic Medical Record - David Beausang
The Electronic Medical Record - David BeausangThe Electronic Medical Record - David Beausang
The Electronic Medical Record - David Beausanghealthcareisi
 
Presentation 2010 mMD EMR\\EHR
Presentation 2010 mMD EMR\\EHRPresentation 2010 mMD EMR\\EHR
Presentation 2010 mMD EMR\\EHRedwardabrown3
 
Patient prescription management system
Patient prescription management systemPatient prescription management system
Patient prescription management systemMohand Sakr
 
IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...
IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...
IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...IRJET Journal
 
Hospital Management System Abstract 2017
Hospital Management System Abstract 2017Hospital Management System Abstract 2017
Hospital Management System Abstract 2017ioshean
 

Recommended

Understanding basics of software development and healthcare
Understanding basics of software development and healthcareUnderstanding basics of software development and healthcare
Understanding basics of software development and healthcareBharadwaj PV
 
Health confidence HIS
Health confidence HISHealth confidence HIS
Health confidence HISIDT systems
 
Add posting content Birla
Add posting content BirlaAdd posting content Birla
Add posting content BirlaShree Birla
 
The Electronic Medical Record - David Beausang
The Electronic Medical Record - David BeausangThe Electronic Medical Record - David Beausang
The Electronic Medical Record - David Beausanghealthcareisi
 
Presentation 2010 mMD EMR\\EHR
Presentation 2010 mMD EMR\\EHRPresentation 2010 mMD EMR\\EHR
Presentation 2010 mMD EMR\\EHRedwardabrown3
 
Patient prescription management system
Patient prescription management systemPatient prescription management system
Patient prescription management systemMohand Sakr
 
IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...
IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...
IRJET- Analysis of Hospital Resources with Mortality Rates using Apriori ...IRJET Journal
 
Hospital Management System Abstract 2017
Hospital Management System Abstract 2017Hospital Management System Abstract 2017
Hospital Management System Abstract 2017ioshean
 
Hospital management system business case
Hospital management system business caseHospital management system business case
Hospital management system business caseNeelam Priya
 
Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management SystemRashmikaJava
 
Health Data Share Service System using REST
Health Data Share Service System using RESTHealth Data Share Service System using REST
Health Data Share Service System using RESTtheijes
 
IRJET-Cloud Based Patient Referral System
IRJET-Cloud Based Patient Referral SystemIRJET-Cloud Based Patient Referral System
IRJET-Cloud Based Patient Referral SystemIRJET Journal
 
"Hospital Management"
"Hospital Management""Hospital Management"
"Hospital Management"vivek kct
 
Public health information technology standards overview
Public health information technology standards overviewPublic health information technology standards overview
Public health information technology standards overviewSundak Ganesan
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technologyDr.Vijay Talla
 
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)Glenn A. Mamary
 
Srs hospital management
Srs hospital managementSrs hospital management
Srs hospital managementmaamir farooq
 
Hospital management software presentataion
Hospital management software presentataionHospital management software presentataion
Hospital management software presentataionShree Birla
 
[PPT] Hospital management system - Quanta-his
[PPT] Hospital management system - Quanta-his[PPT] Hospital management system - Quanta-his
[PPT] Hospital management system - Quanta-hisBirlamedisoft Pvt. Ltd
 
KeyStandards_FinalPresentation_04162015
KeyStandards_FinalPresentation_04162015KeyStandards_FinalPresentation_04162015
KeyStandards_FinalPresentation_04162015Haritej Reddy Yeramreddy
 
Integrated Hospital Management System
Integrated Hospital Management SystemIntegrated Hospital Management System
Integrated Hospital Management SystemAsker Ibne Firoz
 
OpenERP Health & Hospital Management System
OpenERP Health & Hospital Management SystemOpenERP Health & Hospital Management System
OpenERP Health & Hospital Management SystemApagen Solutions Pvt. Ltd.
 
Java presentation
Java presentationJava presentation
Java presentationShaikat Saha
 
Hospital IT
Hospital ITHospital IT
Hospital ITdrsandeeptiss
 
Feasibility Study of Hospital Management System
Feasibility Study of Hospital Management SystemFeasibility Study of Hospital Management System
Feasibility Study of Hospital Management SystemNeelam Priya
 
Electronic Health Records Integration with Corrections Case Management
Electronic Health Records Integration with Corrections Case ManagementElectronic Health Records Integration with Corrections Case Management
Electronic Health Records Integration with Corrections Case ManagementDavid Martin
 
Patient record management system by custom soft
Patient record management system by custom softPatient record management system by custom soft
Patient record management system by custom softCustom Soft
 
PSS bisnis plan
PSS bisnis planPSS bisnis plan
PSS bisnis planplan4b2b
 
Arelis Correa, Manager Global Talent Acquisition
Arelis Correa, Manager Global Talent AcquisitionArelis Correa, Manager Global Talent Acquisition
Arelis Correa, Manager Global Talent AcquisitionJeanie Allgood, CDR
 
We Are Social - 未来看点2013
We Are Social - 未来看点2013We Are Social - 未来看点2013
We Are Social - 未来看点2013We Are Social Singapore
 

More Related Content

What's hot

Hospital management system business case
Hospital management system business caseHospital management system business case
Hospital management system business caseNeelam Priya
 
Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management SystemRashmikaJava
 
Health Data Share Service System using REST
Health Data Share Service System using RESTHealth Data Share Service System using REST
Health Data Share Service System using RESTtheijes
 
IRJET-Cloud Based Patient Referral System
IRJET-Cloud Based Patient Referral SystemIRJET-Cloud Based Patient Referral System
IRJET-Cloud Based Patient Referral SystemIRJET Journal
 
"Hospital Management"
"Hospital Management""Hospital Management"
"Hospital Management"vivek kct
 
Public health information technology standards overview
Public health information technology standards overviewPublic health information technology standards overview
Public health information technology standards overviewSundak Ganesan
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technologyDr.Vijay Talla
 
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)Glenn A. Mamary
 
Srs hospital management
Srs hospital managementSrs hospital management
Srs hospital managementmaamir farooq
 
Hospital management software presentataion
Hospital management software presentataionHospital management software presentataion
Hospital management software presentataionShree Birla
 
[PPT] Hospital management system - Quanta-his
[PPT] Hospital management system - Quanta-his[PPT] Hospital management system - Quanta-his
[PPT] Hospital management system - Quanta-hisBirlamedisoft Pvt. Ltd
 
Integrated Hospital Management System
Integrated Hospital Management SystemIntegrated Hospital Management System
Integrated Hospital Management SystemAsker Ibne Firoz
 
Feasibility Study of Hospital Management System
Feasibility Study of Hospital Management SystemFeasibility Study of Hospital Management System
Feasibility Study of Hospital Management SystemNeelam Priya
 
Electronic Health Records Integration with Corrections Case Management
Electronic Health Records Integration with Corrections Case ManagementElectronic Health Records Integration with Corrections Case Management
Electronic Health Records Integration with Corrections Case ManagementDavid Martin
 
Patient record management system by custom soft
Patient record management system by custom softPatient record management system by custom soft
Patient record management system by custom softCustom Soft
 

What's hot (19)

Hospital management system business case
Hospital management system business caseHospital management system business case
Hospital management system business case
 
Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management System
 
Health Data Share Service System using REST
Health Data Share Service System using RESTHealth Data Share Service System using REST
Health Data Share Service System using REST
 
IRJET-Cloud Based Patient Referral System
IRJET-Cloud Based Patient Referral SystemIRJET-Cloud Based Patient Referral System
IRJET-Cloud Based Patient Referral System
 
"Hospital Management"
"Hospital Management""Hospital Management"
"Hospital Management"
 
Public health information technology standards overview
Public health information technology standards overviewPublic health information technology standards overview
Public health information technology standards overview
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technology
 
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)
Hunterdon-afb2c83b09250cd10d8b7d9c89a66924(1)
 
Srs hospital management
Srs hospital managementSrs hospital management
Srs hospital management
 
Hospital management software presentataion
Hospital management software presentataionHospital management software presentataion
Hospital management software presentataion
 
[PPT] Hospital management system - Quanta-his
[PPT] Hospital management system - Quanta-his[PPT] Hospital management system - Quanta-his
[PPT] Hospital management system - Quanta-his
 
KeyStandards_FinalPresentation_04162015
KeyStandards_FinalPresentation_04162015KeyStandards_FinalPresentation_04162015
KeyStandards_FinalPresentation_04162015
 
Integrated Hospital Management System
Integrated Hospital Management SystemIntegrated Hospital Management System
Integrated Hospital Management System
 
OpenERP Health & Hospital Management System
OpenERP Health & Hospital Management SystemOpenERP Health & Hospital Management System
OpenERP Health & Hospital Management System
 
Java presentation
Java presentationJava presentation
Java presentation
 
Hospital IT
Hospital ITHospital IT
Hospital IT
 
Feasibility Study of Hospital Management System
Feasibility Study of Hospital Management SystemFeasibility Study of Hospital Management System
Feasibility Study of Hospital Management System
 
Electronic Health Records Integration with Corrections Case Management
Electronic Health Records Integration with Corrections Case ManagementElectronic Health Records Integration with Corrections Case Management
Electronic Health Records Integration with Corrections Case Management
 
Patient record management system by custom soft
Patient record management system by custom softPatient record management system by custom soft
Patient record management system by custom soft
 

Viewers also liked

PSS bisnis plan
PSS bisnis planPSS bisnis plan
PSS bisnis planplan4b2b
 
Arelis Correa, Manager Global Talent Acquisition
Arelis Correa, Manager Global Talent AcquisitionArelis Correa, Manager Global Talent Acquisition
Arelis Correa, Manager Global Talent AcquisitionJeanie Allgood, CDR
 
Technology for creativity at tallis latest
Technology for creativity at tallis latestTechnology for creativity at tallis latest
Technology for creativity at tallis latestJon Nicholls
 
NILF2009: Final Entertainment Bash
NILF2009: Final Entertainment BashNILF2009: Final Entertainment Bash
NILF2009: Final Entertainment BashAmit Ranjan
 
Learning in an Online World
Learning in an Online WorldLearning in an Online World
Learning in an Online WorldJudy O'Connell
 
Content Used to Be King - Now what?
Content Used to Be King - Now what?Content Used to Be King - Now what?
Content Used to Be King - Now what?Judy O'Connell
 
Growth hacking at Entrepreneurshit
Growth hacking at EntrepreneurshitGrowth hacking at Entrepreneurshit
Growth hacking at EntrepreneurshitAgustin Cuenca
 
Motivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMMMotivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMMLeo de Sousa
 
User Experience - it's not all about the user
User Experience - it's not all about the userUser Experience - it's not all about the user
User Experience - it's not all about the userAnders Liljedal
 
tqs-2015-q2-hi-wof
tqs-2015-q2-hi-woftqs-2015-q2-hi-wof
tqs-2015-q2-hi-wofToby Wilson
 
Acumulado distrital-hasta-v-valida
Acumulado distrital-hasta-v-validaAcumulado distrital-hasta-v-valida
Acumulado distrital-hasta-v-validaHenry Duran
 

Viewers also liked (14)

PSS bisnis plan
PSS bisnis planPSS bisnis plan
PSS bisnis plan
 
Arelis Correa, Manager Global Talent Acquisition
Arelis Correa, Manager Global Talent AcquisitionArelis Correa, Manager Global Talent Acquisition
Arelis Correa, Manager Global Talent Acquisition
 
We Are Social - 未来看点2013
We Are Social - 未来看点2013We Are Social - 未来看点2013
We Are Social - 未来看点2013
 
Technology for creativity at tallis latest
Technology for creativity at tallis latestTechnology for creativity at tallis latest
Technology for creativity at tallis latest
 
NILF2009: Final Entertainment Bash
NILF2009: Final Entertainment BashNILF2009: Final Entertainment Bash
NILF2009: Final Entertainment Bash
 
Learning in an Online World
Learning in an Online WorldLearning in an Online World
Learning in an Online World
 
Content Used to Be King - Now what?
Content Used to Be King - Now what?Content Used to Be King - Now what?
Content Used to Be King - Now what?
 
Growth hacking at Entrepreneurshit
Growth hacking at EntrepreneurshitGrowth hacking at Entrepreneurshit
Growth hacking at Entrepreneurshit
 
Motivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMMMotivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMM
 
User Experience - it's not all about the user
User Experience - it's not all about the userUser Experience - it's not all about the user
User Experience - it's not all about the user
 
Sarah Bovine
Sarah BovineSarah Bovine
Sarah Bovine
 
tqs-2015-q2-hi-wof
tqs-2015-q2-hi-woftqs-2015-q2-hi-wof
tqs-2015-q2-hi-wof
 
ERLINm
ERLINmERLINm
ERLINm
 
Acumulado distrital-hasta-v-valida
Acumulado distrital-hasta-v-validaAcumulado distrital-hasta-v-valida
Acumulado distrital-hasta-v-valida
 

Similar to Fred GWU Grad Certificate class project

Computer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health RecordComputer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health RecordRebotto89
 
Conceptual model final
Conceptual model finalConceptual model final
Conceptual model finaltomcook8
 
Computer based patient record for anaesthesia
Computer based patient record for anaesthesiaComputer based patient record for anaesthesia
Computer based patient record for anaesthesiaDr. Ravikiran H M Gowda
 
Nur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrNur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrdublin11
 
Week 1 dq1
Week 1 dq1Week 1 dq1
Week 1 dq1SNikki
 
Blockchain-Based AI-Assisted Hospital Management System
Blockchain-Based AI-Assisted Hospital Management SystemBlockchain-Based AI-Assisted Hospital Management System
Blockchain-Based AI-Assisted Hospital Management SystemIRJET Journal
 
Final case study
Final case studyFinal case study
Final case studyDeepika Das
 
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla borokayla_ann_30
 
PATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM projectPATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM projectLaud Randy Amofah
 
Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23Deven McGraw
 
Unified Medical Data Platform focused on Accuracy
Unified Medical Data Platform focused on AccuracyUnified Medical Data Platform focused on Accuracy
Unified Medical Data Platform focused on AccuracyQuahog Life Sciences
 
It's time for open source design in healthcare
It's time for open source design in healthcareIt's time for open source design in healthcare
It's time for open source design in healthcareUXDXConf
 
IRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical RecordsIRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical RecordsIRJET Journal
 
IRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical RecordsIRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical RecordsIRJET Journal
 
Health Informatics, ambiquitous Devices for Health Monitoring
Health Informatics, ambiquitous Devices for Health MonitoringHealth Informatics, ambiquitous Devices for Health Monitoring
Health Informatics, ambiquitous Devices for Health MonitoringBikram Thapa
 

Similar to Fred GWU Grad Certificate class project (20)

Computer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health RecordComputer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health Record
 
Conceptual model final
Conceptual model finalConceptual model final
Conceptual model final
 
Computer based patient record for anaesthesia
Computer based patient record for anaesthesiaComputer based patient record for anaesthesia
Computer based patient record for anaesthesia
 
Nur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrNur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehr
 
Week 1 dq1
Week 1 dq1Week 1 dq1
Week 1 dq1
 
Blockchain-Based AI-Assisted Hospital Management System
Blockchain-Based AI-Assisted Hospital Management SystemBlockchain-Based AI-Assisted Hospital Management System
Blockchain-Based AI-Assisted Hospital Management System
 
Final case study
Final case studyFinal case study
Final case study
 
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
 
PATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM projectPATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM project
 
Kairon overview
Kairon overviewKairon overview
Kairon overview
 
Audit trails
Audit trailsAudit trails
Audit trails
 
Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23
 
Unified Medical Data Platform focused on Accuracy
Unified Medical Data Platform focused on AccuracyUnified Medical Data Platform focused on Accuracy
Unified Medical Data Platform focused on Accuracy
 
Scary acronyms
Scary acronymsScary acronyms
Scary acronyms
 
MEDBLOCK
MEDBLOCKMEDBLOCK
MEDBLOCK
 
Evaluation of A CIS
Evaluation of A CISEvaluation of A CIS
Evaluation of A CIS
 
It's time for open source design in healthcare
It's time for open source design in healthcareIt's time for open source design in healthcare
It's time for open source design in healthcare
 
IRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical RecordsIRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical Records
 
IRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical RecordsIRJET- MedBlock System for Securing Medical Records
IRJET- MedBlock System for Securing Medical Records
 
Health Informatics, ambiquitous Devices for Health Monitoring
Health Informatics, ambiquitous Devices for Health MonitoringHealth Informatics, ambiquitous Devices for Health Monitoring
Health Informatics, ambiquitous Devices for Health Monitoring
 

More from W Fred Seigneur

1995 roads report_broschure-the_advent_of_client-server_telephony_networks
1995 roads report_broschure-the_advent_of_client-server_telephony_networks1995 roads report_broschure-the_advent_of_client-server_telephony_networks
1995 roads report_broschure-the_advent_of_client-server_telephony_networksW Fred Seigneur
 
Secure Computing Architecture for Medical Software System Application
Secure Computing Architecture for Medical Software System ApplicationSecure Computing Architecture for Medical Software System Application
Secure Computing Architecture for Medical Software System ApplicationW Fred Seigneur
 
Ashburn medical group screens
Ashburn medical group screensAshburn medical group screens
Ashburn medical group screensW Fred Seigneur
 
Kick starter project secure computing infrastructure for real-time embedded ...
Kick starter project secure computing infrastructure for real-time embedded ...Kick starter project secure computing infrastructure for real-time embedded ...
Kick starter project secure computing infrastructure for real-time embedded ...W Fred Seigneur
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5W Fred Seigneur
 
Cyber security innovation_imho v4
Cyber security innovation_imho v4Cyber security innovation_imho v4
Cyber security innovation_imho v4W Fred Seigneur
 
Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4W Fred Seigneur
 
Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4W Fred Seigneur
 
Cyber security innovation_imho v3
Cyber security innovation_imho v3Cyber security innovation_imho v3
Cyber security innovation_imho v3W Fred Seigneur
 
Cyber securityinnovationimho v3
Cyber securityinnovationimho v3Cyber securityinnovationimho v3
Cyber securityinnovationimho v3W Fred Seigneur
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imhoW Fred Seigneur
 

More from W Fred Seigneur (14)

1995 roads report_broschure-the_advent_of_client-server_telephony_networks
1995 roads report_broschure-the_advent_of_client-server_telephony_networks1995 roads report_broschure-the_advent_of_client-server_telephony_networks
1995 roads report_broschure-the_advent_of_client-server_telephony_networks
 
Secure Computing Architecture for Medical Software System Application
Secure Computing Architecture for Medical Software System ApplicationSecure Computing Architecture for Medical Software System Application
Secure Computing Architecture for Medical Software System Application
 
Ashburn medical group screens
Ashburn medical group screensAshburn medical group screens
Ashburn medical group screens
 
Db relationships
Db relationshipsDb relationships
Db relationships
 
Mamouth white paper
Mamouth white paperMamouth white paper
Mamouth white paper
 
Kick starter project secure computing infrastructure for real-time embedded ...
Kick starter project secure computing infrastructure for real-time embedded ...Kick starter project secure computing infrastructure for real-time embedded ...
Kick starter project secure computing infrastructure for real-time embedded ...
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5
 
Cyber security innovation_imho v4
Cyber security innovation_imho v4Cyber security innovation_imho v4
Cyber security innovation_imho v4
 
Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4
 
Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4Cyber Security Innovation IMHO v4
Cyber Security Innovation IMHO v4
 
Cyber security innovation_imho v3
Cyber security innovation_imho v3Cyber security innovation_imho v3
Cyber security innovation_imho v3
 
Cyber securityinnovationimho v3
Cyber securityinnovationimho v3Cyber securityinnovationimho v3
Cyber securityinnovationimho v3
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
 
Kingdom ofgod
Kingdom ofgod Kingdom ofgod
Kingdom ofgod
 

Recently uploaded

main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 

Recently uploaded (20)

Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 

Fred GWU Grad Certificate class project

  • 1. Mammoth, Inc. Project Proposal Prototype System Architecture In the Prototype system, Doctors’ hand held terminals will be simulated by laptop computers running a web browser and using 802.11b wireless access. Connection from a doctor’s device to the applications server will be via the Internet. However, we will consider the Internet a hostile communications medium and our architecture protects against exposure from the public Internet by using IPSEC. The diagram from the Policy section is repeated below as Figure 1 for reference. Figure 1. Relationships between entities in system. Medical Group Referred to Member of Doctor Hospital Practices at Outsources Tests to Outsources Tests to Independent Laboratory Is Tested by Patient Outpatient at Inpatient at Patient of Primary Care Provider of Specialist Care Provider of Only two Medical Groups, each with at least two doctors and 3 patients will be included in the Prototype. No Hospital or Independent Laboratory will be modeled in the Prototype. All data will be pre-loaded into the Prototype database. The Prototype will include no on-line input of data. The intent of the prototype is to demonstrate that sensitive patient data is only allowed to be accessed by authorized doctors over secure connections.
  • 2. Mammoth, Inc. Project Proposal Prototype System Architecture Figure 2 below shows the logical architecture of the prototype. Figure 2. Prototype Logical Architecture Since the equipment in the logical prototype will likely is not available, the prototype physical architecture is shown in Figure 3 below. Laptops will be used to simulate each of two doctors from two Medical Groups. One host will serve web pages for both Medical Groups.
  • 3. Mammoth, Inc. Project Proposal Prototype System Architecture Figure 3. Prototype Physical Architecture Data will be stored on disk on the Linux host. Doctors will authenticate themselves using userid and password. Data will only be provided to Doctors who are authorized to access it, based on their login. SSL or other encryption will protect all data transfers from being observed while it traverses the Internet or the wireless Access Point. Furthermore sensitive patient data will only be transmitted using PGP encryption using the public key of the Doctor who is logged in. Thus, even if an authorized Doctor’s userid and password are compromised, the data will be useless unless the perpetrator alsh has the Doctor’s private key and pass phrase. Appropriate PGP keys will be installed on devices for each doctor. If an unauthorized user acquires the laptop the thief will still need the doctor’s userid, password and pass-phrase.
  • 4. Exhibit A Privacy Policy In the case of medical information, the issue is potential violation of the Doctor-Patient confidence, which is a privilege protected by law. The violation of this privilege can result in loss of a doctor’s or group of doctor’s right to practice medicine as well as damage suits from patients, and possible criminal charges. Therefore, we make the following assumptions: · Doctors, Hospitals, Labs and their professional and support personnel are aware of the risks of violating patient privacy. The requirement on Medsoft/Mammoth is to ensure that automated systems developed and marketed by the Medsoft/Mammoth team do not compromise Doctor-Patient Privilege. · Individual client organizations (Doctors’ Offices) may exercise their own Privacy Policy. Individual users, who are certified by the procedures and mechanisms described in the Concept of Operations and elsewhere in this document, are at liberty to reveal or protect information obtained from automated systems just as they are with existing paper and automated records. Description of Subjects and Objects In order to define a Privacy Policy, we first defined Subjects, Objects and Relationships, which were then used to create rules defining cases where it is acceptable for information relating to a specific patient to be revealed to a particular Medical Group/Doctor. The diagram below is an initial model of the entities involved in transactions involving Medsoft. The principal actors (subjects) are the Doctor and the Patient. The objects to be protected are medical records relating to individual patients. Other entities in the model are Medical Groups, Hospitals and Independent Laboratories. Sensitive patient information is maintained by each of these entities, with all rights to such information being authorized by the Patient and protected by Doctor-Patient Privilege. A-1 Mammoth, Inc. Proprietary Information
  • 5. Exhibit A Privacy Policy Practices at Outsources Tests to Outsources Tests to Is Tested by Medical Group Referred to Member of Patient of Each Patient has at least (and most often only) one Primary Care Physician. Normally insurance companies require that there be a single Primary Care Physician, although the Patient has the right to create this relationship with more than one Doctor. This model accommodates such a situation, however, in this case the Privacy Policy permits Patient information to be shared only by written consent of the Patient. Within this model, all doctors are considered to belong to one and only one Medical Group. Doctors who provide service independently from such a group are considered to belong to a group of one, that particular Doctor’s practice. Other Medical Groups/Doctors may provide specialist care to the patient after a referral from the patient’s Doctor. While a Patient has the right to consul a specialist independently (without being referred by a Primary Care Physician), this case is modeled identically to the case where a Patient independently consults more than one Medical Group/Doctor. A-2 Mammoth, Inc. Proprietary Information Doctor Hospital Independent Laboratory Patient Outpatient at Inpatient at Primary Care Provider of Specialist Care Provider of
  • 6. Exhibit A Privacy Policy Hospitals provide inpatient and outpatient care to Patients. The inpatient or outpatient relationship between Patient and Hospital is established by the Doctor’s act of admitting the Patient to the Hospital (as an inpatient), or referring the Patient to the Hospital for outpatient services. The authority to admit Patients to a Hospital is based on the fact that one or more Doctors in a Medical Group Practices at a particular Hospital. Similarly, a Doctor who is a Member of a Medical Group may (through the Medical Group) Outsource Tests to an Independent Laboratory. The term Independent Laboratory is a generic term for all such organizations that do blood work, x-rays, etc. Such organizations may also provide interpretative services (such as a radiologist’s reading of an X-ray or Cat Scan). Patient Information Access Policy Patient Information Stored by Patient Information Provided to Access to Patient Information Permitted Only If Medical Group Doctor Doctor is currently a Member of Medical Group AND Patient is currently a Patient of Medical Group Hospital Medical Group Patient was admitted as an Inpatient at Hospital by a Doctor who is a Member of the requesting Medical Group which Practices at the Hospital OR Patient was referred as an Outpatient at Hospital by a Doctor who is a Member of a Medical Group which Practices at the Hospital OR Patient authorizes information release by Hospital to Medical Group (in writing). A-3 Mammoth, Inc. Proprietary Information
  • 7. Exhibit A Privacy Policy Patient Information Access Policy Patient Information Stored by Patient Information Provided to Access to Patient Information Permitted Only If Independent Laboratory Medical Group Note: parentheses below denote grouping of logical operations (The requesting Medical Group Outsources Tests to Independent Laboratory for Patient. AND The specific test(s) for the specific Patient for which results are being requested was/were outsourced to the Independent Laboratory by a Doctor who is a Member of the requesting Medical Group) OR Patient authorizes information release by Independent Laboratory to Medical Group (in writing). Medical Group Other Medical Group Patient was Referred to the other Medical Group by a Doctor who is a Member of the requesting Medical Group OR Patient authorizes the other Medical Group to release information to the requesting Medical Group (in writing). A-4 Mammoth, Inc. Proprietary Information
  • 8. Exhibit B Security Policy All access to and modification to information secured under this Security Policy will: · Be limited to authorized individuals and procedures protected under the Security Mechanisms, which implement the Privacy Policy defined in Exhibit A, above and this Security Policy. · Be in accordance with the Clark-Wilson Integrity Model, which is restated (from the referenced document) for clarity in Tables 1, 2 and 3 below. The Draft System Architecture document, above, explains how trusted Transformation Procedures (TPs) are developed using Mammoth’s development procedures and executed in a secure environment, using the Mammoth Secure Server Card (SSC). More details will be provided in the next draft of this White Paper. Table 1 Clark-Wilson Integrity Model Definitions Acronym Expansion Meaning CDI Constrained Data Item A set of data items that have been validated (by a TP) and are in accordance with specifications. IVP Integrity Verification Procedure An integrity verification procedure is used to demonstrate that CDIs are valid and are in accordance with specifications. IVPs can be computer code or they can be manual procedures. Audit work programs are classic examples of IVPs, as are input validation programs. TP Transformation Procedure A transformation procedure transforms a set of valid data items (CDI) into another valid set. It may also transform non-validated data items (UDI) into valid data (CDI). This means that a transformation procedure must itself have the properties of a CDI. UDI Unconstrained Data Item A UDI is a set of data items that have not been validated or proved to comply with specifications. B-1 Mammoth, Inc. Proprietary Information
  • 9. Exhibit B Security Policy Table 2 Clark-Wilson Integrity Model The Five Certification Rules Rule Number Rule C1 All IVP’s must properly ensure that all CDI’s are in a valid state at the time the IVP is run. C2 All TP’s must be certified to be valid. That is, they must take a CDI to a valid final state, given that it is in a valid state to begin with. For each TP, and each set of CDI’s that it may manipulate, the Security Officer must specify a “relation”, defines that execution. A relation is thus of the form: (TPi, (CDIa, CDIb, CDIc...)), where the list of CDI’s defines a particular set of arguments for which the TP has been certified. C3 The list of relations in E2 must be certified to meet the separation of duty requirement. C4 All TP’s must be certified to write to an append-only CDI (the log) all information necessary to permit the nature of the operation to be reconstructed. C5 Any TP that takes a UDI as an input value must be certified to perform only valid transformation, or else no transformations, for any possible value of the UDI. The transformation should take the input from a UDI to a CDI, or the UDI commercial is rejected. B-2 Mammoth, Inc. Proprietary Information
  • 10. Exhibit B Security Policy Table 3 Clark-Wilson Integrity Model The Four Enforcement Rules Rule Number Rule E1 The system must maintain the list of relations specified in rule C2, and must ensure that the only manipulation of any CDI is by a TP, where the TP is operating on the CDI as specified in some relation. E2 The system must maintain a list of relationships of the form: (UserID, TPi, (CDIa, CDIb, CDIc.)), which relates to a user, a TP, and the data objects that TP may reference on behalf of that user. It must ensure that only executions described in one of the relations are performed. E3 The system must authenticate the identity of each user attempting to execute a TP. E4 Only the agent permitted to certify entities may change the list of such entities associated with other entities: specifically, the list of TP’s associated with a CDI and the list of users associated with a TP. An agent that can certify an entity may not have any execute rights with respect to that entity. B-3 Mammoth, Inc. Proprietary Information