Professor of Information Systems Security

Slides:

Advertisements

Similar presentations

1 HL7 Educational Session – eHealth Week Budapest 2011 © Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.

Advertisements

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

International Telecommunication Union Workshop on Standardization in E-health Geneva, May 2003 The Use of X.509 in E-Healthcare Professor David W.

Security standardization for Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.

International Telecommunication Union Workshop on Standardization in E-health Geneva, May 2003 Security needs in telemedicine Philippe Feuerstein,

Electronic Health Record Systems: What are They, Why have They Failed for so Long, and What Progress is Being Made Now? C. Peter Waegemann CEO, Medical.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

© 2009 Cengage Learning. All Rights Reserved. Electronic Health Records.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

5 TH National HIPAA Summit HIPAA Vendor Readiness SIEMENS/HDX Presentation 1 November 2002 Don Bechtel HDX Compliance Officer Co-chair WEDI SNIP Transactions.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Healthcare smart cards - at last? LifeHouse Mike McCurry Smart Cards Project Manager SCNF 5 November 2002.

Electronic Health Records 3.3 Health. Definition “An electronic health record (EHR) (also electronic patient record/computerised patient record/electronic.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Standard of Electronic Health Record

Mapping standardization with IST research (Deliverable D18 on ‘reverse mapping’) COPRAS Annual Review 15 March 2006 Prof. Tatiana Kovacikova, on behalf.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

From Privacy to Information Governance Dr Petra Wilson Internet Business Solutions Group - Cisco.

DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.

MED INF HIT Integration, Interoperability & Standards ASTM E-31 January 14, 2010 By Imran Khan.

Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.

Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” Marco Carugi.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Digital Preservation across the technologies, strategies, open standards & interoperability aspects including the legal issues Pratik Shrivastava Scientist.

HEALTHCARE NEEDS STANDARDS BUT WHICH AND FOR WHAT?

Justin Richer The MITRE Corporation October 8, 2014 Overview of OAuth 2.0 and Blue Button + REST.

Security and Ethics Safeguards and Codes of Conduct.

BSI Standardisation Efforts in RAS Stephen Cameron Chair, BSI AMT/2 Committee on Robotics University of Oxford JWG5: MedicalWG2: Personal careWG3: Industrial.

Slide No. Topic 3 Introduction 4 Definition 5-8 Process and Procedures 9-10 Benefits 11 Suitability and Safety Technology to be Used I C T.

ISO/IEC JTC 1 SWG Smart Grid

Michael Koss Director, Health and Patient Services Pty Ltd

HIMSS Standards Activities

Information Security, Theory and Practice.

Efficient and secure transborder exchange of patient data

Certification of Trusted Repositories

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.

ISACC Activities Since GSC-16

HIMSS STANDARDS INITIATIVES

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Standard of Electronic Health Record

Legislation, Regulation, Guidelines

Mitigation Principles PROPOSAL OICA/CLEPA

Session 6 – Telecommunications in support of E-Health Conclusions & Recommendations P.A.Probst/Swisscom 11/29/2018.

E-Commerce for Developing Countries (EC-DC)

Cryptography and Network Security

Data and Interoperability:

Clinical Information System Security Policy (CISS Policy)

Sessions 0 & 1 Conclusions & Recommendations

ISACC Activities Since GSC-16

Ideas for RFID and IoT Standardization ?

Identity and Trust Management Platform in DICOM

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

ETSI Standardization Activities on Smart Grids

Session 4 Conclusions & Recommendations

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

T.I.G.E.R. National Healthcare IT Agenda

Session 8 Conclusions & Recommendations

Ideas for RFID and IoT Standardization ?

Session 3: Panel and Audience Discussion Conclusions & Recommendations

Chapter 4: Security Policies

Integrated Security System

Cryptography and Network Security

Session 1 – Introduction to Information Security

Ideas for RFID and IoT Standardization ?

Presentation transcript:

Professor of Information Systems Security Session 5 Patient data, ethical, legal and security issues Conclusions & Recommendations David W Chadwick Professor of Information Systems Security University of Salford 11/20/2018

Presentations in Session Security needs for Telemedicine; Mr Ph. Feuerstein, Radiologie, CH de Mulhouse The use of X.509 in E-Healthcare; Mr D. Chadwick, Contributor to Q 9/17 on directory services & systems, ITU-T Study Group 17 Security standards for health communication from ISO and CEN: Mr G. Klein, Convenor of ISO/TC 215/WG 4, and chairman of CEN/TC 251 E-health legal issues; Mr B. Stanberry, EHTEL (NO SHOW) Standards for Confidentiality and Security in Health Care: Mr P. Waegemann, CEO, Medical Records Institute, Chair, ASTM Standards Committee E31 on Health Informatics; Chair, US TAG to ISO TC 215 on Health Informatics; Vice-Chair, Mobile Healthcare Alliance (MoHCA) 11/20/2018

Highlights from Presentation 1 “Security needs for Telemedicine” Expressed security requirements from a user’s point of view, overviewing: confidentiality, authenticity, integrity, availability, auditability, anonymity and copyright protection Never underestimate the need for standardizing “manware” (by which the speaker meant user aspects of the system) as well as hardware and software Speaker would like a data transfer auto-destruction mechanism if someone attempts un-authorized access to data 11/20/2018

Highlights from Presentation 2 “The Use of X.509 in E-Healthcare” Speaker looked at how X.509 can be used for both strong authentication and strong authorisation It is still an issue how we authenticate patients electronically in a user acceptable manner, and how we allow an authorized relative to pick up an electronic prescription 11/20/2018

Highlights from Presentation 3 “Security standards for health communication from ISO and CEN” Gave an overview of health informatics standards, which are often based on technology standards from ITU-T, ISO and IETF, but.. We don’t only need standards for technologies, but also for trusted third party services, national and international agreements, and responsible users etc. A lot of standardisation work is needed in these softer areas, e.g. defining roles, security management procedures, policies for TTPs etc. 11/20/2018

Highlights from Presentation 4 “E-health legal issues” Original speaker did not show Substitute Martin Denz gave a short talk about EHTEL and EHTEL T6 working group for legal, security and privacy issues EHTEL objective is to promote the widespread use of telematics in E-health. Additional material can be obtained from www.ehtel.org (see written contributions on the final edition CDROM) 11/20/2018

Highlights from Presentation 5 “Standards for Confidentiality and Security in Health Care” A view from the US E-health is different from e-commerce - Bilateral agreements are not acceptable in e-health care More than 200 general electronic security standards, but none apply specifically to e-health Trust in e-healthcare data is an issue – at least 5% of health data on the Internet is wrong Mobile security is needed for palm devices Speaker presented seven levels of electronic signature – lowest is self generated, and strongest is PKI generated 11/20/2018

Overview of issues in the session Users and patients requirements are important, and should not be overlooked or under-estimated e.g. in the US a top down approach to providing mobile access to EHR failed for years, but now doctors are demanding patient records be downloadable to their palm pilots. How do we authenticate professionals and patients in a way they can easily use and accept? Is PKI too difficult? How do we allow patients to authorize others to access their medical data and prescriptions How can patients know they can trust health information on the Internet How can unauthorized users be prevented from access? 11/20/2018

Recommendations We need health specific security standards (which are usually built on existing technology standards such as SSL, X.509 etc.) We need softer standards as well as technology ones, for topics such as: security procedures, trusted third parties, defined roles (privilege attributes), international agreements, long term archiving etc. 11/20/2018

Follow-up actions Action Item Lead Other players Prio Privilege Management and Access Control ITU-T SG 17 ISO TC 215 WG4 CEN TC 251 OASIS High Access Control Policies OASIS IETF GGF Med Standards for Privilege Attributes Internet2 Privilege Allocation Policies ETSI GGF Global Grid Forum  www.ggf.org 11/20/2018

Conclusion There is still plenty of scope for international standardisation effort related to trust and security, not only in health specific technology related topics, but more importantly in the softer topics related to security management and international agreements 11/20/2018