The electronic prescription of medication inside hospitals (ePrescription) General overview 1

Electronic prescription inside hospitals Medical prescriptions are subject to several conditions concerning shape and content essential: each prescription has to be signed and dated by the prescriber Inside hospitals a deviation is possible: Usage of electronic document Without electronic signature of prescriber But with timestamp and guarantee of integrity of the prescription by a mandated body, eg. the eHealth-platform

Functionalities Needed functionalities for eletronic prescribing: authentication of the prescriber and verification of his quality as a prescriber Timestamping of the prescription within a reasonable time-frame after its creation Guarantee that the prescription cannot be changed after time-stamping, guarantee of integrity Possibility to verify the content of the prescription and guarantee that it has not been changed afterwards

Conditions for the electronic prescription Today only medication prescription by doctor or dentist inside the hospital, so for internal use with the hospital pharmacy In each hospital an agreement has to be signed by the hospital and each prescriber about:: The authentication procedure of the prescriber Done locally inside hospital Can be usernemae/password; eID; certificate;… The procedure of electronic timestamping and guarantee of integrity Procedure/protocol approved by RIZIV/INAMI

Overview Hospital eHealth-platform prescription A prescrition B 1 6 prescription A prescrition B archive hashing 2 hashcode A hashcode B 5 electronic signature 3 timestamp bag 4 elektronic timestamp 6 archive

ePrescription in a hospital Technical info and procedures 6

Design overview

Design Overview

Time stamping individual journal / TS bags

Information in a Timestamp based on RFC-3161 More specifically: The hash code of the TSBag The date and time of the timestamp, generated by the time stamp server The sequence number as generated by the time stamp server The digital signature of all these data, generated by the time stamp server

Handling multiple clinical systems in one hospital

Handling multiple clinical systems in one hospital

Protocol overview

Protocol between timestamp client & server Oasis-DSS protocol with the time stamp profile (see http://www.oasis-open.org/committees/dss/ ) Features of the Timestamp services Accessible through internet Only registered IP-address are authorized (preventing DOS-attack) Protected by a WS-Policy v1.2 Sign Timestamp Sign body Sign BinarySecurityToken (BST) Identification based on the identification certificate (BST)

Requirements of the archive The hospitals and eHealth-platform will need to set up an archive that guarantees that the hospital journal, the TSBags and the timestamps are stored safely and completely unchanged for as long as the hospital journal is to be kept. To accessing the archives the same keys are used (easy to match both archive upon inspection) unique identification of the Timestamp client Date and time of the timestamp Sequence number of the timestamp Archiving period Journal entries, TSBags and timestamps should be archived for 30 years.

Technical Requirements of the archive Goal: store information secure until 2030 How: The timestamp service MUST sign with a key length of at least 2048 bits Minimum SHA-224 MUST be used to hash the prescriptions Recommendation of www.keylength.com (Prof.Quisquater) SHA-256 is used in the reference implementation

eHealth Trusted Timestamp archive Principles of the eHealth-archive The TSA-service stores all requests & replies in the archive. The archive will be kept for the period 30 years. Only for the last 5 years is online consultation possible.

Illustration of both archives

Timestamp Visualizer

Functionality of the time stamp visualizer The doctors in the hospital are legally responsible for the information in the hospital journal. It is likely that the doctors have access to the timestamp visualizer. When the internal staff uses the visualizer, hospital confidentiality rules must be respected e.g. person X has no access to information Y via the operational IT-system, info is not available through the visualizer either.

Architecture of the visualiser User interface in different languages Implementation of a local cache Using XSLT to visualize a prescription Possible to add additional features Plug-ins available for the moment Document viewer Document inspector

Functionality of the time stamp visualizer

Functionality of the time stamp visualizer

Use of the reference implementation

Technical Requirements Two Timestamp service client programs Timestamp Authority Client: TTS Client archive consistency check incl. debugging tools (show bag, show serialNumbers,…) incl. java runtime environment Timestamp Viewer Java 1.6 as programming language Batch-scripts available for Windows Microsoft SQL server 2005 as database system Distributed under Apache 2.0 license

Structure of the TTSClient archive bin batch-scripts to execute conf configuration-files certificates certification of the timestamp server sql sql-statements to create the database doc documentation java java v1.6 runtime environments lib needed jar-files logging contains the different logfiles openssl opensslconf configuration files for openssl sources sources of the programs

How to install the Timestamp client Installation steps: Create the buffer database Create the hospital archive database Configuration of the Timestamp client Install the trusted time stamp client as a service Testing the program Installing the archive consistency checker Incident report registration program

Configuration of the Timestamp client The configuration file (/conf/configuration.txt) Connection to the buffer and archive database Document inspectors Configuration of the classes for the plug-ins Configuration for security and proxy Location of directory where certificates time stamp server are installed URLs of the eHealth-platform trusted time stamp service

Structure of the TS visualizer archive certs certificates needed by the visualizer conf configuration-files I18n language-files jre java v1.6 runtime environments lib needed jar-files plugins available plug-ins for the visualizer xsl XSLT to visualize the prescription

How to install the Timestamp visualizer Installation steps: Add user to the hospital archive database Config of the visualizer (/configuration.txt) Configuration for security / proxy settings URLs of the trusted time stamp service

eHealth procedures

Contact The organization contacts eHealth (ehealth.timestamping@smals.be ) In reply eHealth sends an email with: Explication of the whole test procedure Documents necessary to obtain a certificate Installation guide and binaries of the reference implementation Further questions: ehealth.timestamping@smals.be

Test procedure Obtaining an eHealth-certificate Installation of the certificate in the 'hospital' environment Period of the testing and validation in acceptation Obtaining an eHealth-certificate for production (optional) Period of testing and validation in production The 'hospital' system obtains the authorization to use the time stamping in production mode.

eHealth-Certificates: specifications x509v3 certificate Issued by GovernmentCA (fedict) Current Subject specifications CN = Logical name of the certificate O = Official name of the organization OU = Type of identification no. e.g. CBE / NIHII / … SerialNumber = Identification no. of the organization

eHealth-Certificates: procedure ( 1 / 2 ) The Certificate responsible of the organization creates a Certificate Signing Request (CSR) The legal representative of the organization fills in the proxy form The representative sends the proxy form to Smals Regular mail Smals - Rue du Prince Royal 102 -1050 Bruxelles Email subject: eHealth – identification certificate proxy accesscoordination@smals.be Fax: 02/511.12.42 (Barbara Meyers / Sara Vander Meeren)

eHealth-Certificates: procedure ( 2 / 2 ) The Certificate responsible sends an email with the generated CSR as attachment. subject: eHealth – identification certificate CSR accesscoordination@smals.be As reply on his email, he obtains the public key of the certificate.

Thank you for your attention! Questions?