SlideShare a Scribd company logo

Remote Health Technology- E Healthcare Technology

Download as PPT, PDF
S
saranya188949

Remote Health Technology

Engineering
1 of 32
Confidentiality and Security for e-Health C. Peter Waegemann CEO, Medical Records Institute (MRI) Chairman and Acting Director, Centre for the Advancement of Electronic Health Records (CAEHR) UK Chair, Standards Committee ASTM E31 on Healthcare Informatics Chair, US TAG to ISO TC 215 on Health Informatics Chair, ISO TC 215 Task Force on Consumer Interests Vice Chair, Mobile Healthcare Alliance (MoHCA)
What is e-Health? • Internet-enabled Healthcare Applications – Consumer Health Information – Personal Health Records – Internet-based Services (e-Pharmacy, e-Care (incl. email and e-communication, etc.) • Electronic Health Record (EHR) Systems • Administrative and Financial Health Systems
Importance of Healthcare Security • Confidentiality/Data Security • What if something goes wrong? – System’s Failure (Crash or virus causes loss of data) – Outside force damages (hacker, other) – Disaster • Design Issues (Signature, authentication, others) • Compliance Issues
How is Healthcare Security Different From Other Industries? • Not bilateral conditions • Regulated (US: HIPAA and other regulations) • Community interest • Legal issues
e-Health Security Issues • Security for (Patient) Confidentiality • Security that Enables Electronic Health Records – Authentication – Data Integrity • Systems Security – Secure Transmission – Secure Processing – Secure Storage – Etc.
General Security Standards 200+ Standards for Internet and General Information Systems Authentication • Identification • Signature • Non-repudiation Data Integrity • Encryption • Data Integrity Process • Permanence System Security •Communication •Processing •Storage • Permanence Internet Security •Personal Health Records •Secure Internet Services Healthcare-specific Security Standards
Security on the Internet • Reliability of Health Information on the Net • Trust to e-care • Trust to e-pharmacy
Personal Health Records • Secure Documentation • Secure Storage • Relationship Between the Consumer/Patient and the Website Organization
ASTM E2211 • Data Mining: For IIHI, PCHR suppliers shall allow consumers to choose if and how any personally identifiable information collected from them may be used. These choices shall be presented in a manner requiring that the consumer give specific permission for use of such data. • Policies: The PCHR supplier shall allow a consumer or other authorized individual easy access at any point in the PCHR application to the policies and standards to which the PCHR supplier site adheres, as well as their associated charges, if any. • Access: A PCHR supplier shall provide the consumer with the ability to access data within the PCHR in order to verify its correctness or to contest its accuracy and completeness, or both. Access policies shall describe the turnaround time related to such requests (time from request to access), shall specify associated charges, and shall include instructions for contesting and correcting inaccurate or incomplete data. • Integrity—A PCHR supplier must be able to assure data integrity through audit trails and other security methods and shall disclose its quality assurance policies regarding maintenance of data integrity. • Retention—The PCHR supplier’s disclosure statement shall state the length of time that the information will be stored and maintained.
Confidentiality • Confidentiality is Governed by Local/National Legislation and Provider Policies
E31.17 Privacy, Confidentiality and Access Chair: Mary Alice Hanken (mahanken@u.washington.edu) Scope: To develop standards that address access, privacy, confidentiality and data security of health information in its many forms and locations. E 1869 Guide for Confidentiality, Privacy, Access and Data Security Principles for Health Information Including Computer Based Patient Records E 1986 Standard Guide for Information Access Privileges to Health Information E 1987 Standard Guide for Individual Rights Regarding Health Information E 1988 Standard Guide for the Training Persons Who Have Access to Health Information PS 115 Provisional Standard Specification for Security Audit and Disclosure Logs for Use in Health Information Systems •Standards Under Development Draft PS 105 Provisional Standard Guide for Amendments to Health Information Draft Standard for Utilization and Retention of Encrypted Signature Certificates
Security for EHR Systems • Documentation Method • Authentication • Data Integrity • Systems Security
Mobile Health- care Communication and Computing Device Any (small) portable and unobtrusive computing and/or telecommunications device that assists in the collection, retrieval or communication of data relevant to medical care
Mobile communications devices and healthcare • Situation: – Mobile wireless devices are entering hospitals and other health care environments – Device support applications providing increased productivity and decreased medical errors – Past issues with wireless equipment give cause for concern and caution regarding potential issues in their usage – Some institutions have issued bans • What is the appropriate security? • What security standards are needed?
RF Wireless already seen in hospital • Paging • Cellular (incl: Blackberry, RIM) • Wireless LAN (WiFi) • Wireless Medical Telemetry System (WMTS) • Bluetooth • Radio/TV stations
Personal Area Network Local Area Network Wide Area/Mobile Network 802.15.1: Bluetooth 1Mb/s 802.11_ 11-54Mb/s Cellular voice, data 30-100kb/s 30m 100m VoIP Connectivity Networking 150m >1000m >5000m Metropolitan Area Network 802.16 100Mb/s Wireless technology/application
What Are General Mobile Health Computing (MHCD) Applications? A. Handheld (Point-of-Care) Information Accessing Devices B. Intermittently Connected Computing Devices C. Locally (Always) Connected Computing Devices D. Long-Range Connected Computing Devices
EMI/EMC • Three Approaches • Lack of Data on Risk • Varies by Technology: WiFi not as dangerous • Ad-hoc Testing
Has the Content Changed Since a Signature Has Been Affixed? • Need for Determination of Lower Threshold • Signature is to be Changed When Document is Changed or Deteriorated
Signature Type Identification Encryption Data Integrity Signature Action Document Architecture Digital Signature Universally with PKI – Registration Authority – Capture through Token or biometrically Asymmetric with private and public keys – Certificates from CAs Hash Function Full guaranteed integrity – full non- repudiation Conscienscious signing Binding, compliant with healthcare attributes; amendments managed Electronic Signature (1) Bilateral identification with tokens or biometrically Symmetric encryption MAC Conscienscious signing Binding, compliant with healthcare attributes; amendments managed Electronic Signature (2) Bilateral identification with passwords Symmetric encryption MAC or less Conscienscious signing Electronic Signature (3) System/enter- prise-wide ID only with passwords or similar Symmetric encryption Through audit trail and log- on systems Electronic Signature (4) Passwords Electronic Signature (5) Self- proclaimed yes Electronic Signature (6) Self- proclaimed By default
Biometric Identification • Identification of Body Parts – Fingerprint – Retina Scan – Face Scan – Hand Scan • Identification of Person-specific Processes – Keystroke Recognition – Speech Pattern – Writing/Signature
Beginning with e-Prescribing. Leveraging better ways of identifying ourselves to other services Courtesy Andrew Barbash, MD
System Security • Information Flow (Chain of Trust) • End-to-End (Point of Origination to Point of Access Security) • Stewardship Issues • Accountability • Audit • Access Control • Encryption • Trusted Data Stores • Trusted Communications • Data/Function Classification • User/Role Clearances • Non-repudiation • Signature Architecture • Back-up/Recovery
Performance • Response Time – Systems failure if practitioner can do it faster and there are no other benefits – Dependent on database and technical approaches • Database server is bottleneck • Underlying Technology and Presentation/Navigation Issues • Scaling
Reliability: Unscheduled Downtime 99.9% Availability 99.999% Availability 8.76 unscheduled hours of non-availability 5.25 Minutes per Year
US National Standards • HIPAA • E31.20 Data and System Security for Health Information • E1714-00 Standard Guide for Properties of a Universal Healthcare Identifier (UHID) • E1762-95 Standard Guide for Electronic Authentication of Health Care Information • E1985-98 Standard Guide for User Authentication and Authorization • E2084-00 Standard Specification for Authentication of Healthcare Information Using Digital Signatures • E2085-00a Standard Guide on Security Framework for Healthcare Information • E2086-00 Standard Guide for Internet and Intranet Healthcare Security • E2212-02a Standard Practice Healthcare Certificate Policy • E31.22 Health Information Transcription and Documentation • E1902-02 Standard Guide for Management of the Confidentiality and Security of Dictation, Transcription, and Transcribed Health Records
Regional and International Standards • CEN TC 251 • ISO TC 215 • Others
 There is a notable contrast between sectors regarding inappropriate access to patient records by authorized users within the organization  IHDSOs are very concerned  Solo/Small practices are much less concerned  The greatest concern of the Solo/Small practices is ‘Access to patient record information by unauthorized users’  The Ambulatory sectors are less concerned about ‘Violations of data security policies and practices’ www.medrecinst.com/resources/survey/survey03/index.shtml Survey
Data Security Guidelines, Standards, or Features Implemented or Planned  In general, the use of data security protections is fairly high for:  Access control methods  Protection of data over networks  Protection of data within the enterprise  The area where data security protection is least implemented is authentication of users.
 IHDSOs have significantly higher levels of implementation; Hospitals are slightly above average; Medium/Large practices are about average; and Solo/Small practices fall significantly below average  IHDSOs are especially strong in implementing data security protection within the enterprise (i.e., policies and practices, backup/recovery procedures, and Audit logs)  In contrast, Solo/Small practices are weakest in implementing data security protection within the enterprise Data Security Guidelines, Standards, or Features Implemented or Planned
Summary • How long will it take to implement a fully operable electronic health record? – A long road ahead • The same applies to security standards • Practical security standards needed to cover the current status of EHR developments
Copies of these slides may be obtained by emailing peterw@medrecinst.com Attend: Mobile Healthcare Conference September 8-10 2003 Minneapolis Hilton TEHRE 2003 London, England 2-3 December 2003 in conjunction with International ICT Marketplace Survey on Electronic Health Record Usage and Trends http://www.medrecinst.com/resources/survey2002/index.shtml www.medrecinst.com

Recommended

Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
Armin Torres
 
Use of mobile device in health care setting
Use of mobile device in health care settingUse of mobile device in health care setting
Use of mobile device in health care setting
Dr. Samir Sawli
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
SophiaPalmira
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
Standards of dental informatics, security issues
Standards of dental informatics, security issuesStandards of dental informatics, security issues
Standards of dental informatics, security issues
Ebtissam Al-Madi
 
Managing Fraud and Compliance in Healthcare
Managing Fraud and Compliance in HealthcareManaging Fraud and Compliance in Healthcare
Managing Fraud and Compliance in Healthcare
Mike Wons
 
Managing Compliance in Healthcare
Managing Compliance in HealthcareManaging Compliance in Healthcare
Managing Compliance in Healthcare
Mike Wons
 
How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptx
Shandevinda
 

Recommended

Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
Armin Torres
 
Use of mobile device in health care setting
Use of mobile device in health care settingUse of mobile device in health care setting
Use of mobile device in health care setting
Dr. Samir Sawli
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
SophiaPalmira
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
Standards of dental informatics, security issues
Standards of dental informatics, security issuesStandards of dental informatics, security issues
Standards of dental informatics, security issues
Ebtissam Al-Madi
 
Managing Fraud and Compliance in Healthcare
Managing Fraud and Compliance in HealthcareManaging Fraud and Compliance in Healthcare
Managing Fraud and Compliance in Healthcare
Mike Wons
 
Managing Compliance in Healthcare
Managing Compliance in HealthcareManaging Compliance in Healthcare
Managing Compliance in Healthcare
Mike Wons
 
How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptx
Shandevinda
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
OnRamp
 
Midwest Regional Health - EHR
Midwest Regional Health - EHRMidwest Regional Health - EHR
Midwest Regional Health - EHR
WILLIE GREER
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
CMDLearning
 
How to Architect Smarter Systems for Healthcare
How to Architect Smarter Systems for HealthcareHow to Architect Smarter Systems for Healthcare
How to Architect Smarter Systems for Healthcare
Real-Time Innovations (RTI)
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
Health IT Conference – iHT2
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
Ali Youssef
 
Leveraging emerging standards for patient engagement pcha
Leveraging emerging standards for patient engagement pchaLeveraging emerging standards for patient engagement pcha
Leveraging emerging standards for patient engagement pcha
mHealth2015
 
Iot, cloud and healthcare - Challenges and Opportunities
Iot, cloud and healthcare - Challenges and OpportunitiesIot, cloud and healthcare - Challenges and Opportunities
Iot, cloud and healthcare - Challenges and Opportunities
Arash Ghadar
 
Iotcloudandhealthcare nv-161130085731
Iotcloudandhealthcare nv-161130085731Iotcloudandhealthcare nv-161130085731
Iotcloudandhealthcare nv-161130085731
Aravindharamanan S
 
Week 7 issues and challenges
Week 7 issues and challengesWeek 7 issues and challenges
Week 7 issues and challenges
Roy Dahildahil
 
Cis, nur 3563, cruzan, strickland, bowman, blankenship
Cis, nur 3563, cruzan, strickland, bowman, blankenshipCis, nur 3563, cruzan, strickland, bowman, blankenship
Cis, nur 3563, cruzan, strickland, bowman, blankenship
AmyH1
 
Patient Access to Implantable Cardiac Rhythm Device Data
Patient Access to Implantable Cardiac Rhythm Device DataPatient Access to Implantable Cardiac Rhythm Device Data
Patient Access to Implantable Cardiac Rhythm Device Data
David Lee Scher, MD
 
Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability
Nrip Nihalani
 
Healthcare Highlights: HIT Drivers and Trends
Healthcare Highlights: HIT Drivers and TrendsHealthcare Highlights: HIT Drivers and Trends
Healthcare Highlights: HIT Drivers and Trends
William Buddy Gillespie ITIL Certified
 
Effective Systems Management for Healthcare
Effective Systems Management for HealthcareEffective Systems Management for Healthcare
Effective Systems Management for Healthcare
SolarWinds
 
Health Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsHealth Information Technology & Nursing Informatics
Health Information Technology & Nursing Informatics
Jil Wright
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
 
Aging Services and Health Informatics
Aging Services and Health InformaticsAging Services and Health Informatics
Aging Services and Health Informatics
Michael Bice
 
Role of information technology on health
Role of information technology on healthRole of information technology on health
Role of information technology on health
Nisha Yadav
 
4D Geospatial Analytics in Digital Healthcare PDF
4D Geospatial Analytics in Digital Healthcare PDF4D Geospatial Analytics in Digital Healthcare PDF
4D Geospatial Analytics in Digital Healthcare PDF
Nigel Tebbutt 奈杰尔 泰巴德
 
Seizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksSeizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networks
IJECEIAES
 
Artificial intelligence presentation2-171219131633.pdf
Artificial intelligence presentation2-171219131633.pdfArtificial intelligence presentation2-171219131633.pdf
Artificial intelligence presentation2-171219131633.pdf
Kira Dess
 

More Related Content

Similar to Remote Health Technology- E Healthcare Technology

How to Architect Smarter Systems for Healthcare
How to Architect Smarter Systems for HealthcareHow to Architect Smarter Systems for Healthcare
How to Architect Smarter Systems for Healthcare
Real-Time Innovations (RTI)
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
Ali Youssef
 
Cis, nur 3563, cruzan, strickland, bowman, blankenship
Cis, nur 3563, cruzan, strickland, bowman, blankenshipCis, nur 3563, cruzan, strickland, bowman, blankenship
Cis, nur 3563, cruzan, strickland, bowman, blankenship
AmyH1
 
Effective Systems Management for Healthcare
Effective Systems Management for HealthcareEffective Systems Management for Healthcare
Effective Systems Management for Healthcare
SolarWinds
 

Similar to Remote Health Technology- E Healthcare Technology (20)

Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
 
Midwest Regional Health - EHR
Midwest Regional Health - EHRMidwest Regional Health - EHR
Midwest Regional Health - EHR
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
 
How to Architect Smarter Systems for Healthcare
How to Architect Smarter Systems for HealthcareHow to Architect Smarter Systems for Healthcare
How to Architect Smarter Systems for Healthcare
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
 
Leveraging emerging standards for patient engagement pcha
Leveraging emerging standards for patient engagement pchaLeveraging emerging standards for patient engagement pcha
Leveraging emerging standards for patient engagement pcha
 
Iot, cloud and healthcare - Challenges and Opportunities
Iot, cloud and healthcare - Challenges and OpportunitiesIot, cloud and healthcare - Challenges and Opportunities
Iot, cloud and healthcare - Challenges and Opportunities
 
Iotcloudandhealthcare nv-161130085731
Iotcloudandhealthcare nv-161130085731Iotcloudandhealthcare nv-161130085731
Iotcloudandhealthcare nv-161130085731
 
Week 7 issues and challenges
Week 7 issues and challengesWeek 7 issues and challenges
Week 7 issues and challenges
 
Cis, nur 3563, cruzan, strickland, bowman, blankenship
Cis, nur 3563, cruzan, strickland, bowman, blankenshipCis, nur 3563, cruzan, strickland, bowman, blankenship
Cis, nur 3563, cruzan, strickland, bowman, blankenship
 
Patient Access to Implantable Cardiac Rhythm Device Data
Patient Access to Implantable Cardiac Rhythm Device DataPatient Access to Implantable Cardiac Rhythm Device Data
Patient Access to Implantable Cardiac Rhythm Device Data
 
Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability
 
Healthcare Highlights: HIT Drivers and Trends
Healthcare Highlights: HIT Drivers and TrendsHealthcare Highlights: HIT Drivers and Trends
Healthcare Highlights: HIT Drivers and Trends
 
Effective Systems Management for Healthcare
Effective Systems Management for HealthcareEffective Systems Management for Healthcare
Effective Systems Management for Healthcare
 
Health Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsHealth Information Technology & Nursing Informatics
Health Information Technology & Nursing Informatics
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
 
Aging Services and Health Informatics
Aging Services and Health InformaticsAging Services and Health Informatics
Aging Services and Health Informatics
 
Role of information technology on health
Role of information technology on healthRole of information technology on health
Role of information technology on health
 
4D Geospatial Analytics in Digital Healthcare PDF
4D Geospatial Analytics in Digital Healthcare PDF4D Geospatial Analytics in Digital Healthcare PDF
4D Geospatial Analytics in Digital Healthcare PDF
 

Recently uploaded

Seizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksSeizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networks
IJECEIAES
 
Artificial intelligence presentation2-171219131633.pdf
Artificial intelligence presentation2-171219131633.pdfArtificial intelligence presentation2-171219131633.pdf
Artificial intelligence presentation2-171219131633.pdf
Kira Dess
 
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
soginsider
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
Alexander Litvinenko
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
drjose256
 
Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...
IJECEIAES
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manual
BalamuruganV28
 

Recently uploaded (20)

Seizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksSeizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networks
 
Artificial intelligence presentation2-171219131633.pdf
Artificial intelligence presentation2-171219131633.pdfArtificial intelligence presentation2-171219131633.pdf
Artificial intelligence presentation2-171219131633.pdf
 
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Working Principle of Echo Sounder and Doppler Effect.pdf
Working Principle of Echo Sounder and Doppler Effect.pdfWorking Principle of Echo Sounder and Doppler Effect.pdf
Working Principle of Echo Sounder and Doppler Effect.pdf
 
Interfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdfInterfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdf
 
UNIT-2 image enhancement.pdf Image Processing Unit 2 AKTU
UNIT-2 image enhancement.pdf Image Processing Unit 2 AKTUUNIT-2 image enhancement.pdf Image Processing Unit 2 AKTU
UNIT-2 image enhancement.pdf Image Processing Unit 2 AKTU
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
 
Passive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.pptPassive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.ppt
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...
 
Diploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfDiploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdf
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptx
 
engineering chemistry power point presentation
engineering chemistry power point presentationengineering chemistry power point presentation
engineering chemistry power point presentation
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manual
 
Circuit Breakers for Engineering Students
Circuit Breakers for Engineering StudentsCircuit Breakers for Engineering Students
Circuit Breakers for Engineering Students
 
21scheme vtu syllabus of visveraya technological university
21scheme vtu syllabus of visveraya technological university21scheme vtu syllabus of visveraya technological university
21scheme vtu syllabus of visveraya technological university
 
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
 
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfInvolute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
 

Remote Health Technology- E Healthcare Technology

  • 1. Confidentiality and Security for e-Health C. Peter Waegemann CEO, Medical Records Institute (MRI) Chairman and Acting Director, Centre for the Advancement of Electronic Health Records (CAEHR) UK Chair, Standards Committee ASTM E31 on Healthcare Informatics Chair, US TAG to ISO TC 215 on Health Informatics Chair, ISO TC 215 Task Force on Consumer Interests Vice Chair, Mobile Healthcare Alliance (MoHCA)
  • 2. What is e-Health? • Internet-enabled Healthcare Applications – Consumer Health Information – Personal Health Records – Internet-based Services (e-Pharmacy, e-Care (incl. email and e-communication, etc.) • Electronic Health Record (EHR) Systems • Administrative and Financial Health Systems
  • 3. Importance of Healthcare Security • Confidentiality/Data Security • What if something goes wrong? – System’s Failure (Crash or virus causes loss of data) – Outside force damages (hacker, other) – Disaster • Design Issues (Signature, authentication, others) • Compliance Issues
  • 4. How is Healthcare Security Different From Other Industries? • Not bilateral conditions • Regulated (US: HIPAA and other regulations) • Community interest • Legal issues
  • 5. e-Health Security Issues • Security for (Patient) Confidentiality • Security that Enables Electronic Health Records – Authentication – Data Integrity • Systems Security – Secure Transmission – Secure Processing – Secure Storage – Etc.
  • 6. General Security Standards 200+ Standards for Internet and General Information Systems Authentication • Identification • Signature • Non-repudiation Data Integrity • Encryption • Data Integrity Process • Permanence System Security •Communication •Processing •Storage • Permanence Internet Security •Personal Health Records •Secure Internet Services Healthcare-specific Security Standards
  • 7. Security on the Internet • Reliability of Health Information on the Net • Trust to e-care • Trust to e-pharmacy
  • 8. Personal Health Records • Secure Documentation • Secure Storage • Relationship Between the Consumer/Patient and the Website Organization
  • 9. ASTM E2211 • Data Mining: For IIHI, PCHR suppliers shall allow consumers to choose if and how any personally identifiable information collected from them may be used. These choices shall be presented in a manner requiring that the consumer give specific permission for use of such data. • Policies: The PCHR supplier shall allow a consumer or other authorized individual easy access at any point in the PCHR application to the policies and standards to which the PCHR supplier site adheres, as well as their associated charges, if any. • Access: A PCHR supplier shall provide the consumer with the ability to access data within the PCHR in order to verify its correctness or to contest its accuracy and completeness, or both. Access policies shall describe the turnaround time related to such requests (time from request to access), shall specify associated charges, and shall include instructions for contesting and correcting inaccurate or incomplete data. • Integrity—A PCHR supplier must be able to assure data integrity through audit trails and other security methods and shall disclose its quality assurance policies regarding maintenance of data integrity. • Retention—The PCHR supplier’s disclosure statement shall state the length of time that the information will be stored and maintained.
  • 10. Confidentiality • Confidentiality is Governed by Local/National Legislation and Provider Policies
  • 11. E31.17 Privacy, Confidentiality and Access Chair: Mary Alice Hanken (mahanken@u.washington.edu) Scope: To develop standards that address access, privacy, confidentiality and data security of health information in its many forms and locations. E 1869 Guide for Confidentiality, Privacy, Access and Data Security Principles for Health Information Including Computer Based Patient Records E 1986 Standard Guide for Information Access Privileges to Health Information E 1987 Standard Guide for Individual Rights Regarding Health Information E 1988 Standard Guide for the Training Persons Who Have Access to Health Information PS 115 Provisional Standard Specification for Security Audit and Disclosure Logs for Use in Health Information Systems •Standards Under Development Draft PS 105 Provisional Standard Guide for Amendments to Health Information Draft Standard for Utilization and Retention of Encrypted Signature Certificates
  • 12. Security for EHR Systems • Documentation Method • Authentication • Data Integrity • Systems Security
  • 13. Mobile Health- care Communication and Computing Device Any (small) portable and unobtrusive computing and/or telecommunications device that assists in the collection, retrieval or communication of data relevant to medical care
  • 14. Mobile communications devices and healthcare • Situation: – Mobile wireless devices are entering hospitals and other health care environments – Device support applications providing increased productivity and decreased medical errors – Past issues with wireless equipment give cause for concern and caution regarding potential issues in their usage – Some institutions have issued bans • What is the appropriate security? • What security standards are needed?
  • 15. RF Wireless already seen in hospital • Paging • Cellular (incl: Blackberry, RIM) • Wireless LAN (WiFi) • Wireless Medical Telemetry System (WMTS) • Bluetooth • Radio/TV stations
  • 16. Personal Area Network Local Area Network Wide Area/Mobile Network 802.15.1: Bluetooth 1Mb/s 802.11_ 11-54Mb/s Cellular voice, data 30-100kb/s 30m 100m VoIP Connectivity Networking 150m >1000m >5000m Metropolitan Area Network 802.16 100Mb/s Wireless technology/application
  • 17. What Are General Mobile Health Computing (MHCD) Applications? A. Handheld (Point-of-Care) Information Accessing Devices B. Intermittently Connected Computing Devices C. Locally (Always) Connected Computing Devices D. Long-Range Connected Computing Devices
  • 18. EMI/EMC • Three Approaches • Lack of Data on Risk • Varies by Technology: WiFi not as dangerous • Ad-hoc Testing
  • 19. Has the Content Changed Since a Signature Has Been Affixed? • Need for Determination of Lower Threshold • Signature is to be Changed When Document is Changed or Deteriorated
  • 20. Signature Type Identification Encryption Data Integrity Signature Action Document Architecture Digital Signature Universally with PKI – Registration Authority – Capture through Token or biometrically Asymmetric with private and public keys – Certificates from CAs Hash Function Full guaranteed integrity – full non- repudiation Conscienscious signing Binding, compliant with healthcare attributes; amendments managed Electronic Signature (1) Bilateral identification with tokens or biometrically Symmetric encryption MAC Conscienscious signing Binding, compliant with healthcare attributes; amendments managed Electronic Signature (2) Bilateral identification with passwords Symmetric encryption MAC or less Conscienscious signing Electronic Signature (3) System/enter- prise-wide ID only with passwords or similar Symmetric encryption Through audit trail and log- on systems Electronic Signature (4) Passwords Electronic Signature (5) Self- proclaimed yes Electronic Signature (6) Self- proclaimed By default
  • 21. Biometric Identification • Identification of Body Parts – Fingerprint – Retina Scan – Face Scan – Hand Scan • Identification of Person-specific Processes – Keystroke Recognition – Speech Pattern – Writing/Signature
  • 22. Beginning with e-Prescribing. Leveraging better ways of identifying ourselves to other services Courtesy Andrew Barbash, MD
  • 23. System Security • Information Flow (Chain of Trust) • End-to-End (Point of Origination to Point of Access Security) • Stewardship Issues • Accountability • Audit • Access Control • Encryption • Trusted Data Stores • Trusted Communications • Data/Function Classification • User/Role Clearances • Non-repudiation • Signature Architecture • Back-up/Recovery
  • 24. Performance • Response Time – Systems failure if practitioner can do it faster and there are no other benefits – Dependent on database and technical approaches • Database server is bottleneck • Underlying Technology and Presentation/Navigation Issues • Scaling
  • 25. Reliability: Unscheduled Downtime 99.9% Availability 99.999% Availability 8.76 unscheduled hours of non-availability 5.25 Minutes per Year
  • 26. US National Standards • HIPAA • E31.20 Data and System Security for Health Information • E1714-00 Standard Guide for Properties of a Universal Healthcare Identifier (UHID) • E1762-95 Standard Guide for Electronic Authentication of Health Care Information • E1985-98 Standard Guide for User Authentication and Authorization • E2084-00 Standard Specification for Authentication of Healthcare Information Using Digital Signatures • E2085-00a Standard Guide on Security Framework for Healthcare Information • E2086-00 Standard Guide for Internet and Intranet Healthcare Security • E2212-02a Standard Practice Healthcare Certificate Policy • E31.22 Health Information Transcription and Documentation • E1902-02 Standard Guide for Management of the Confidentiality and Security of Dictation, Transcription, and Transcribed Health Records
  • 27. Regional and International Standards • CEN TC 251 • ISO TC 215 • Others
  • 28.  There is a notable contrast between sectors regarding inappropriate access to patient records by authorized users within the organization  IHDSOs are very concerned  Solo/Small practices are much less concerned  The greatest concern of the Solo/Small practices is ‘Access to patient record information by unauthorized users’  The Ambulatory sectors are less concerned about ‘Violations of data security policies and practices’ www.medrecinst.com/resources/survey/survey03/index.shtml Survey
  • 29. Data Security Guidelines, Standards, or Features Implemented or Planned  In general, the use of data security protections is fairly high for:  Access control methods  Protection of data over networks  Protection of data within the enterprise  The area where data security protection is least implemented is authentication of users.
  • 30.  IHDSOs have significantly higher levels of implementation; Hospitals are slightly above average; Medium/Large practices are about average; and Solo/Small practices fall significantly below average  IHDSOs are especially strong in implementing data security protection within the enterprise (i.e., policies and practices, backup/recovery procedures, and Audit logs)  In contrast, Solo/Small practices are weakest in implementing data security protection within the enterprise Data Security Guidelines, Standards, or Features Implemented or Planned
  • 31. Summary • How long will it take to implement a fully operable electronic health record? – A long road ahead • The same applies to security standards • Practical security standards needed to cover the current status of EHR developments
  • 32. Copies of these slides may be obtained by emailing peterw@medrecinst.com Attend: Mobile Healthcare Conference September 8-10 2003 Minneapolis Hilton TEHRE 2003 London, England 2-3 December 2003 in conjunction with International ICT Marketplace Survey on Electronic Health Record Usage and Trends http://www.medrecinst.com/resources/survey2002/index.shtml www.medrecinst.com