Uploaded byalexisivoree
PPTX, PDF139 views

ATLlamas

The document discusses authentication, authorization, and auditing for access to patient medical records. It involves: 1) Authenticating users based on their computer's IP address, with static addresses having full access and others requiring additional authentication like public key infrastructure. 2) Authorizing access to patient data based on three criteria and the user's role, with physicians having full access, private physicians limited access to their patients, and nurses/staff having access only to non-sensitive data. 3) Maintaining audit logs of access for over a decade to monitor for inappropriate access, with study patients flagged for easier auditing.

Embed presentation

Download to read offline
Authentication It’s also based on the beliefis based on the separation of trusting bothof The authentication policy that authentication involves the network the authentication information and the computer it is coming from. all computers on two domains: 2.) everything else 1.) Those computers specifically known to the project as identified by static IP addresses Conventional UserID/Password authentication is adequate if source computer is trusted In other cases, stronger authentication is required
Authentication 1.) Those computers specifically known to the project as identified by static IP addresses Access granted. UserID: Jdoe Welcome to Password: **** Home Telemedicine
Authentication 2.) everything else IfPatients and clinicians accessing from an can access through unknown/unauthorized IP address Public Key Infrastructure (Click on the mouse)
Public Key Infrastructure
Authentication 2.) everything else UserID: Jsmith Password: **** Once certificate is granted, the user can use the login page to enter userID and password to access the home telemedicine.
Encryption
Encryption
Authorization Three step process: 1. Patient categories were defined by 3 criteria relevant to security needs: a. Whether patient has existing relationship with the medical center b. Whether the patient’s primary care physician was credentialed or not by the medical center c. Whether the patient’s Nurse Case Manager was an employee of the medical center or its affiliate.
Authorization 2. Extensive discussions with nurse case managers and doctors to determine which data items each class of care provider needed in order to provide optimal care. 3. The physicians of the medical center will have full access to all data in WebCIS including individual patients in the CM system.
Authorization Private primary care physicians have access only to project specific data on their own patients in the case management system. The medical center’s nurse case managers and nursing staff have access to non-sensitive data on all patients in WebCIS. Affiliate staff will allowed access to nonsensitive data on project patients.
Medical Center Physician Private primary Care Physician Affiliates of the medical center Nurse case manager & nursing staff WebCIS Case management System Patients Under Private PCP Project Patients Patients under medical center physician Non-sensitive data Non-Sensitive data Non-sensitive data Sensitive data Sensitive data Sensitive data
Access Control Once authorization levels were defined, they need to be mapped to the technologically available software access controls in WebCIS and the CM software. The WebCIS system supports access controls by patient, patient-list, patient class and data type. Within WebCIS, patients can be flagged as “VIP”, this is typically done for celebrities and for employees of the medical center and access to it can be restricted. If a user has access to a particular patient, WebCIS can limit that access to non sensitive data, or to specific data types.
Access Control Types of Access Control WebCIS Case Management All Patients ACCESS GRANTED ACCESS GRANTED Non-VIP Patients ACCESS GRANTED Enumerated Patient List ACCESS GRANTED ACCESS GRANTED All Data ACCESS GRANTED ACCESS GRANTED Non-Sensitive Data ACCESS GRANTED Enumerated Data Types ACCESS GRANTED By Patient Type: By data:
Auditing Audit logs of computer access to clinical data in the medical center can be maintained for over a decade. Recorded information includes: user, IP address, patient, data type, access type, and time of access. Audit trails are periodically monitored for inappropriate access.
Sample of Audit log
Auditing In order to facilitate auditing, all patients added to the WebCIS repository specifically for the study will be flagged as VIP. Use of such flags represents a compromise between allowing access to these patients’ data in case of emergency while discouraging inappropriate access not related to the study.
Physical Security All servers containing clinical and evaluation data are housed in the main computer facility in the medical center which is staffed 24 hours a day. It is physically secured with biometric access controlled locks.
Physical Security To reduce tampering with HTUs, the units have neither floppy, nor CD-ROM drives and are configured to prevent installation of unauthorized software.

More Related Content

PPTX
Medical supply chain using blockchain technology
byIndra Kumar
 
PDF
Need a release of information solution which is hipaa compliant ver1 (1)
byvxVistA.org
 
PPT
Personal Health Records - An Overview
byrcostantini
 
DOCX
Confidentiality
bymshaner
 
PPTX
phiconEMR Training Module One
byAnthony O. Oloni, MD, MPH
 
PDF
Article on The Electronic Health Record
byAnurag Deb
 
KEY
Register Patient: Product Features
byTyler Soliday
 
PPTX
IoMT as drug device cloud technology for recovery management
byGuy Vinograd ☁
 
Medical supply chain using blockchain technology
byIndra Kumar
 
Need a release of information solution which is hipaa compliant ver1 (1)
byvxVistA.org
 
Personal Health Records - An Overview
byrcostantini
 
Confidentiality
bymshaner
 
phiconEMR Training Module One
byAnthony O. Oloni, MD, MPH
 
Article on The Electronic Health Record
byAnurag Deb
 
Register Patient: Product Features
byTyler Soliday
 
IoMT as drug device cloud technology for recovery management
byGuy Vinograd ☁
 

What's hot

PDF
UMA as Authorization mechanism for IoT: a healthcare scenario
byDomenico Catalano
 
DOC
Claim Depot
byIntegral Fusion
 
PDF
Medical management system brochure
byMai Mahfouz
 
PPT
Chameleon PCI Presentation
bychristoboshoff
 
PPTX
HXR 2016: Free the Data Access & Integration -Peter Levin, Amida Technology S...
byHxRefactored
 
PDF
Federated architecture
byACCESS Health Digital
 
PPT
CIS- 512 Assignment 4
byMartin Bioh
 
PDF
INFOGRAPHIC: APPLICATIONS OF BLOCKCHAIN IN HEALTHCARE
byAmandeep412
 
PPT
Pmr Droid
byjangjong
 
PDF
Patientory Blockchain Privacy, How is it Achieved?
byPatientory
 
PDF
My Health Records
byHealth73
 
PPTX
E health registration next steps
byleapfrogsolutions
 
PPTX
(2) OAuth 2.0 Client Registration
byanikristo
 
PDF
The three chain links of radius security
byGrafic.guru
 
PDF
Patientory Blockchain Architecture Is Everything Intelligent
byPatientory
 
PPTX
CMS BlueButton On FHIR for Researchers - Presentation to NIH and PCORI Resear...
byMark Scrimshire
 
PPTX
Binary graphics - Medical Resource Imaging System
bybgcl
 
PDF
Project report-482
bySaidurRahmanSabbir1
 
PDF
IRDAI - NHA Joint Working Group: Sub Group on IT
byPankaj Gupta
 
UMA as Authorization mechanism for IoT: a healthcare scenario
byDomenico Catalano
 
Claim Depot
byIntegral Fusion
 
Medical management system brochure
byMai Mahfouz
 
Chameleon PCI Presentation
bychristoboshoff
 
HXR 2016: Free the Data Access & Integration -Peter Levin, Amida Technology S...
byHxRefactored
 
Federated architecture
byACCESS Health Digital
 
CIS- 512 Assignment 4
byMartin Bioh
 
INFOGRAPHIC: APPLICATIONS OF BLOCKCHAIN IN HEALTHCARE
byAmandeep412
 
Pmr Droid
byjangjong
 
Patientory Blockchain Privacy, How is it Achieved?
byPatientory
 
My Health Records
byHealth73
 
E health registration next steps
byleapfrogsolutions
 
(2) OAuth 2.0 Client Registration
byanikristo
 
The three chain links of radius security
byGrafic.guru
 
Patientory Blockchain Architecture Is Everything Intelligent
byPatientory
 
CMS BlueButton On FHIR for Researchers - Presentation to NIH and PCORI Resear...
byMark Scrimshire
 
Binary graphics - Medical Resource Imaging System
bybgcl
 
Project report-482
bySaidurRahmanSabbir1
 
IRDAI - NHA Joint Working Group: Sub Group on IT
byPankaj Gupta
 

Viewers also liked

DOC
Thejoyluckclub 101114190806-phpapp02
bykaylakoehler
 
PPTX
Presentation 1 DeSantis
bychristina2marie
 
PPTX
პრეზენტაცია
byNick Gamtsemlidze
 
PDF
Oferta event factory
bypaulawasiewicz
 
PDF
Forensics: Human Identity Testing in the Applied Genetics Group
byNathan Olson
 
DOC
The joy luck club
byKenneth Anyanwu
 
PDF
Metrology for Identity and Other Nominal Properties
byNathan Olson
 
PDF
The prospects for Nextgen surveillance of pathogens: A view from a Public Hea...
byNathan Olson
 
Thejoyluckclub 101114190806-phpapp02
bykaylakoehler
 
Presentation 1 DeSantis
bychristina2marie
 
პრეზენტაცია
byNick Gamtsemlidze
 
Oferta event factory
bypaulawasiewicz
 
Forensics: Human Identity Testing in the Applied Genetics Group
byNathan Olson
 
The joy luck club
byKenneth Anyanwu
 
Metrology for Identity and Other Nominal Properties
byNathan Olson
 
The prospects for Nextgen surveillance of pathogens: A view from a Public Hea...
byNathan Olson
 

Similar to ATLlamas

PPTX
Data security
byAngela Guzman
 
PPTX
Telemedicine
byNoemi Raule
 
PPTX
Telemedicine: safety and security
byLeizl Guantero-Tomelden
 
PPSX
Hi security in telemedicine
byjbarbudo
 
PPT
Group presentation hippa ppt
byMari Mina
 
PDF
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
byM2SYS Technology
 
PDF
Implementing Physical Security As An Access Control Plan
byAngie Willis
 
PDF
Healthcare Data Integrity and Data Interoperability
byRightPatient®
 
PPTX
Privacy & Confidentiality
byGrace Villareal
 
PPTX
Final Presentation
bychris odle
 
PPTX
Maintaining Patient Data Security at Hospitals.pptx
byMocDoc
 
DOCX
Patient Management system business analyst
byMaheshHundre
 
PDF
A Note on the Security in the Card Management System of the German E-Health Card
byMarcel Winandy
 
PDF
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
byHealth IT Conference – iHT2
 
PDF
8 Mandatory Security Control Categories for Successful Submissions
byICS
 
PPTX
Smart card kantara pids presentation grey
byDan Combs
 
PPTX
Ethical And Legal Aspects Of Health Care
byLajpat Rai
 
PPTX
Scalable and secure sharing of personal health records
bycolourswathi
 
DOCX
Unit VI Case StudyAnimal use in toxicity testing has long been .docx
bydickonsondorris
 
PPTX
Week 1 discussion on confidentiality
bytjefferson81
 
Data security
byAngela Guzman
 
Telemedicine
byNoemi Raule
 
Telemedicine: safety and security
byLeizl Guantero-Tomelden
 
Hi security in telemedicine
byjbarbudo
 
Group presentation hippa ppt
byMari Mina
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
byM2SYS Technology
 
Implementing Physical Security As An Access Control Plan
byAngie Willis
 
Healthcare Data Integrity and Data Interoperability
byRightPatient®
 
Privacy & Confidentiality
byGrace Villareal
 
Final Presentation
bychris odle
 
Maintaining Patient Data Security at Hospitals.pptx
byMocDoc
 
Patient Management system business analyst
byMaheshHundre
 
A Note on the Security in the Card Management System of the German E-Health Card
byMarcel Winandy
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
byHealth IT Conference – iHT2
 
8 Mandatory Security Control Categories for Successful Submissions
byICS
 
Smart card kantara pids presentation grey
byDan Combs
 
Ethical And Legal Aspects Of Health Care
byLajpat Rai
 
Scalable and secure sharing of personal health records
bycolourswathi
 
Unit VI Case StudyAnimal use in toxicity testing has long been .docx
bydickonsondorris
 
Week 1 discussion on confidentiality
bytjefferson81
 

Recently uploaded

PPTX
2026 ADA Standards of Care:Summary of Changes
byDr. Om J Lakhani
 
PDF
Novo protocolo (7) da ABM sobre Políticas de Apoio à AMAMENTAÇÃO em MATERNIDADES
byProf. Marcus Renato de Carvalho
 
PDF
Tarsal Tunnel Syndrome anatomy and management
byMohamed E Elsebaey
 
PPTX
Research Methodology_UNIT_V_Declaration of Helsinki M. Pharm (IIIrd Sem.).pptx
byDHANASHREE KOLHEKAR
 
PDF
Partograph: It is a composite graphical recording of cervical dilatation and ...
byMayuriGamit2
 
PPTX
ATTENTION (PSYCHOLOGY IN NURSING) COGNITIVE PROCESS.pptx
byPahari Sharma
 
PPTX
Acid base disorder and Arterial Blood Gas Analysis .pptx
byDr Sushil Gyawali
 
PPTX
supracondylar humerus fractures (1).pptx
byManasiGabhale
 
PDF
Drug Metabolism (Biotransformation) - Complete Study Module Book (CYP450, Pha...
byShivankan Kakkar
 
PPTX
Maternal and Child Health in Nepal: Public Health Strategies, Challenges & In...
byKAHS
 
PPTX
CELL PHYSIOLOGY: STRUCTURE AND FUNCTIONS
byDR.P.S SUDHAKAR
 
PPTX
Ginger_Research_Presentation_Updated (2).pptx
byMadan Bhandari university and St. Xavier's college , Maitighar
 
PPTX
Emerging Targets in NSCLC beyond EGFR, ALK & ROS .pptx
bySumitKumar452
 
PDF
Filling in the Gaps in Hemophilia Guideline Recommendations: Evidence-Based S...
byi3 Health
 
PDF
Schlosser Hemsley et al RPM Systematic Review ASHA 2025
byBronwyn Hemsley
 
PDF
Microencapsulation and their Application in Novel Drug Delivery
byGOKULAKRISHNAN S
 
PPTX
Holistic Oral Care- Danta Davana and Jihwa nilekhana in Ayurveda: Classical ...
bySudha Sumathy
 
PPT
Next-Generation Solutions to Optimize Glioma Care: Applying The Latest Eviden...
byPVI, PeerView Institute for Medical Education
 
PPTX
quality control.pptx FOR LAB PROFESSIONALS MBBS STUDENTS
byESIC MEDICAL COLLEGE AND HOSPITAL ANDHERI EAST MUMBAI
 
PPTX
ENZYMOLOGY EC2_4.: CLINICAL ENZYMES AS THERAPEUTIC AGENTS: pptx
byESIC MEDICAL COLLEGE AND HOSPITAL ANDHERI EAST MUMBAI
 
2026 ADA Standards of Care:Summary of Changes
byDr. Om J Lakhani
 
Novo protocolo (7) da ABM sobre Políticas de Apoio à AMAMENTAÇÃO em MATERNIDADES
byProf. Marcus Renato de Carvalho
 
Tarsal Tunnel Syndrome anatomy and management
byMohamed E Elsebaey
 
Research Methodology_UNIT_V_Declaration of Helsinki M. Pharm (IIIrd Sem.).pptx
byDHANASHREE KOLHEKAR
 
Partograph: It is a composite graphical recording of cervical dilatation and ...
byMayuriGamit2
 
ATTENTION (PSYCHOLOGY IN NURSING) COGNITIVE PROCESS.pptx
byPahari Sharma
 
Acid base disorder and Arterial Blood Gas Analysis .pptx
byDr Sushil Gyawali
 
supracondylar humerus fractures (1).pptx
byManasiGabhale
 
Drug Metabolism (Biotransformation) - Complete Study Module Book (CYP450, Pha...
byShivankan Kakkar
 
Maternal and Child Health in Nepal: Public Health Strategies, Challenges & In...
byKAHS
 
CELL PHYSIOLOGY: STRUCTURE AND FUNCTIONS
byDR.P.S SUDHAKAR
 
Ginger_Research_Presentation_Updated (2).pptx
byMadan Bhandari university and St. Xavier's college , Maitighar
 
Emerging Targets in NSCLC beyond EGFR, ALK & ROS .pptx
bySumitKumar452
 
Filling in the Gaps in Hemophilia Guideline Recommendations: Evidence-Based S...
byi3 Health
 
Schlosser Hemsley et al RPM Systematic Review ASHA 2025
byBronwyn Hemsley
 
Microencapsulation and their Application in Novel Drug Delivery
byGOKULAKRISHNAN S
 
Holistic Oral Care- Danta Davana and Jihwa nilekhana in Ayurveda: Classical ...
bySudha Sumathy
 
Next-Generation Solutions to Optimize Glioma Care: Applying The Latest Eviden...
byPVI, PeerView Institute for Medical Education
 
quality control.pptx FOR LAB PROFESSIONALS MBBS STUDENTS
byESIC MEDICAL COLLEGE AND HOSPITAL ANDHERI EAST MUMBAI
 
ENZYMOLOGY EC2_4.: CLINICAL ENZYMES AS THERAPEUTIC AGENTS: pptx
byESIC MEDICAL COLLEGE AND HOSPITAL ANDHERI EAST MUMBAI
 

ATLlamas

  • 2.
    Authentication It’s also basedon the beliefis based on the separation of trusting bothof The authentication policy that authentication involves the network the authentication information and the computer it is coming from. all computers on two domains: 2.) everything else 1.) Those computers specifically known to the project as identified by static IP addresses Conventional UserID/Password authentication is adequate if source computer is trusted In other cases, stronger authentication is required
  • 3.
    Authentication 1.) Those computersspecifically known to the project as identified by static IP addresses Access granted. UserID: Jdoe Welcome to Password: **** Home Telemedicine
  • 4.
    Authentication 2.) everything else IfPatientsand clinicians accessing from an can access through unknown/unauthorized IP address Public Key Infrastructure (Click on the mouse)
  • 5.
  • 6.
    Authentication 2.) everything else UserID:Jsmith Password: **** Once certificate is granted, the user can use the login page to enter userID and password to access the home telemedicine.
  • 7.
  • 8.
  • 9.
    Authorization Three step process: 1.Patient categories were defined by 3 criteria relevant to security needs: a. Whether patient has existing relationship with the medical center b. Whether the patient’s primary care physician was credentialed or not by the medical center c. Whether the patient’s Nurse Case Manager was an employee of the medical center or its affiliate.
  • 10.
    Authorization 2. Extensive discussionswith nurse case managers and doctors to determine which data items each class of care provider needed in order to provide optimal care. 3. The physicians of the medical center will have full access to all data in WebCIS including individual patients in the CM system.
  • 11.
    Authorization Private primary carephysicians have access only to project specific data on their own patients in the case management system. The medical center’s nurse case managers and nursing staff have access to non-sensitive data on all patients in WebCIS. Affiliate staff will allowed access to nonsensitive data on project patients.
  • 12.
    Medical Center Physician Private primary Care Physician Affiliates of the medical center Nurse case manager &nursing staff WebCIS Case management System Patients Under Private PCP Project Patients Patients under medical center physician Non-sensitive data Non-Sensitive data Non-sensitive data Sensitive data Sensitive data Sensitive data
  • 13.
    Access Control Once authorizationlevels were defined, they need to be mapped to the technologically available software access controls in WebCIS and the CM software. The WebCIS system supports access controls by patient, patient-list, patient class and data type. Within WebCIS, patients can be flagged as “VIP”, this is typically done for celebrities and for employees of the medical center and access to it can be restricted. If a user has access to a particular patient, WebCIS can limit that access to non sensitive data, or to specific data types.
  • 14.
    Access Control Types ofAccess Control WebCIS Case Management All Patients ACCESS GRANTED ACCESS GRANTED Non-VIP Patients ACCESS GRANTED Enumerated Patient List ACCESS GRANTED ACCESS GRANTED All Data ACCESS GRANTED ACCESS GRANTED Non-Sensitive Data ACCESS GRANTED Enumerated Data Types ACCESS GRANTED By Patient Type: By data:
  • 15.
    Auditing Audit logs ofcomputer access to clinical data in the medical center can be maintained for over a decade. Recorded information includes: user, IP address, patient, data type, access type, and time of access. Audit trails are periodically monitored for inappropriate access.
  • 16.
  • 17.
    Auditing In order tofacilitate auditing, all patients added to the WebCIS repository specifically for the study will be flagged as VIP. Use of such flags represents a compromise between allowing access to these patients’ data in case of emergency while discouraging inappropriate access not related to the study.
  • 18.
    Physical Security All serverscontaining clinical and evaluation data are housed in the main computer facility in the medical center which is staffed 24 hours a day. It is physically secured with biometric access controlled locks.
  • 19.
    Physical Security To reducetampering with HTUs, the units have neither floppy, nor CD-ROM drives and are configured to prevent installation of unauthorized software.