Healthcare Identity Management and Role-based Access in a Federated NHIN - Session 170
Tuesday, April 7, 2:15 PM - 3:15 PM
Convention Center, Room:N 427 c
Richard Moore
John Frazer
Description:
The National Health Information Network requires secure connection of health organizations within and across state borders. Phase Three of the e-Authentication Pilot Project investigates open source and virtual server solutions to address this issue. Learn about the successes and challenges to this pilot project.
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
Health Identity Management & Role-Based Access Control in a Federated NHIN - e-Auth Phase 3
1. Health Identity Management and Role-Based Access Control in a Federated NHIN Model The e-Authentication Project Phase 3 Co-presenters: Richard Moore, President eHealth Ohio and John Fraser, CEO MEDNETWorld.com Presented to: HIMSS 2009
2.
3.
4.
5.
6.
7.
8.
9.
10.
11. Phase 2 Federation Test – MN & OH CHIC Hospital, Portal CHIC Clinic, Connecticut e-Health eHealth Ohio, VMN Test server MN Shibboleth IdP Service Providers Internet Physician Users VMN Shibboleth IdP
12. Examples of Role Identification 397897005 146N00000X, 146M00000X, 146D00000X Emergency Medical Technician Emergency Services 66862007 R 2085XX Radiologist 80584001 P 2084P0800X Psychiatrist 159034004 4 213EXX Podiatrist (DPM) 61207006 CLP 207ZXX Pathologist 33 175F00000X Naturopath 175L00000X Homeopath 112247003 GP 1 204XX, 207XX, 208XX, 209XX MD/Allopath 76231001 GP 7 204XX, 207XX, 208XX, 209XX DO/Osteopath 3842006 5 111NXX Chiropractor (DC) SNOMED CT ABMS CAQH ASTM - NUCC Taxonomy Physician
14. Example Roles between HIEs: User Role from Identity Providers HIE (1) HIE (2) HIE (3) John Fraser BasicMember Richard Moore Administrator Physician A Dr. Smith Physician B First Responder
15.
16.
17.
18. NHIN Connectivity Overview Your existing sites Your organizations network Feds: SSA, DoD, VA, CDC, etc Nationwide Health Information Network - NHIN INTERNET Payers Providers State & Local Health Information Exchanges (HIE)
19.
20. NHIN Foundation – Web Services Standards Used Standard Version Description SOAP (Simple Object Access Protocol) 1.1 Describes XML message standard WSDL (Web Services Description Language) 1.1 Describes the SOAP/Web Services messages MTOM (Message Transmission Optimization Mechanism ) 1.0 SOAP message attachments standard WS-Addressing 1.0 Message routing information HTTP 1.1 Standard web connection for SOAP message exchanges UDDI 3.0.2 Service Registry of NHIN services
21. NHIN Foundation – Web Services Security Standards Used Standard Version Description TLS (Transport Layer Security) 1.0 Similar to SSL – used to encrypt data per connection Digital Certificates x.509v3 Standard digital certificates XML Signature 1.0 Provides digital signature of messages SAML 2.0 Who am I – asserts identity of sender in small XML message
22.
23. Example secure NHIN message* Required in all NHIN SOAP messages (*) standard SAML-secured SOAP message – not NHIN specific Example payload: HL7v3 CCD Message in XML format
24.
25.
26.
27. CHIC & Ohio – Record Locator Service & NHIN CHIC SISU / St.Luke’s VRMC Users NHIN Backbone connecting HIEs Community Security/ Privacy Officers Log Reviews Personal Health Record (PHR) Role Based Access Control Service Community Patient Privacy Manager Audit Database XDS Registry and Repository Patient Clinical Info Retrieval Lookup MEDNET GRID SERVER Immunization Connection eHealth Ohio, VMN Test server LOGIN MEDNET NHIN Gateway Record Locator Query Engine Federated Identity Management Service
28.
29.
30.
31. Help us build our vision! Contact us if interested in learning more about Phase 4 - Open invitation to learn about technology - Open invitation to join us in Phase 4
32.
Editor's Notes
Richard Moore is the owner and president of DME Consulting Services. He has over 30 years experience with Healthcare Information Systems working with many public and private organizations. His broad-based knowledge of health information systems and operations comes from experience working directly with providers, payers, software manufacturers, electronic data interchange organizations, billing services, clearinghouses and government agencies. He is the current president of eHealth Ohio, Inc., a non-profit regional affiliate of the national standards development organization Workgroup for Electronic Data Interchange (WEDI). His primary WEDI focus is HIPAA X12 EDI transactions and he has participated as an author on WEDI testing whitepapers. He is an active participant in the Healthcare Information and Management Systems Society (HIMSS) and is the current Chair of the HIMSS RHIO Liaison Roundtable. He is also a member of the Board of the Central and Southern Ohio HIMSS (CSOHIMSS) Chapter and is the Chapter Advocacy Chairman and the RHIO Liaison for the State of Ohio. He is involved in the Healthcare Information Technology Standards Panel (HITSP) on the Security, Privacy and Infrastructure technical committee (SPI-TC). Also he is a founding member of the Liberty Alliance Health Identity Management Special Interest Group (HIM-SIG). The last three years he has been a project lead for the study on the use of the GSA e-Authentication model for the Nationwide Health Information Network (NHIN) focusing on electronic identity management, secure electronic health information exchange and federated single sign-on. John Fraser founded and is CEO of MEDNETWorld.com based in Minneapolis, Minnesota. MEDNETWorld.com is wiring up health care by providing Record Locator Services, security and privacy technologies and national connectivity to current and emerging health information exchanges. Prior to founding MEDNET in 2006, John Fraser was the co-founder and former CEO of VisionShare Inc, a company building a secure, national infrastructure for claims connectivity and Medicare billing services with over 50% of all U.S. hospitals using their software. Prior to VisionShare, John built MEDNET, a state-wide medical network in Minnesota at the Minnesota Health Data Institute. Prior to the Institute, John built a state-wide Cancer Surveillance system at the Minnesota Department of Health. John has also done stints at Honeywell and Control Data Corporations. John is the co-chair of the Health Identity Management Special Interest Group of the Liberty Alliance (HIM-SIG). John is an avid bicyclist, diver and swimmer, with an undergraduate degree from the University of Minnesota. John holds a private pilot’s license and a 1st degree black belt in Tae Kwon Doe Karate.