Audit Trail and Node Authentication Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Slides:



Advertisements
Similar presentations
Displayable Reports Profile (DRPT) Marco Eichelberg OFFIS Technical Manager, IHE Europe Cardiology Slides by Harry Solomon, Co-chair, IHE Cardiology Technical.
Advertisements

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.
Pathfinding Session: Cardiology IHE North America Webinar Series 2008 Harry Solomon IHE International Board GE Healthcare.
September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
June 28-29, 2005IHE Interoperability Workshop Keith W. Boone Dictaphone Corporation IHE ITI Technical Comittee Notification of Document Availability (NAV)
IHE Workshop – June 2006What IHE Delivers 1 Cynthia A. Levy Cedara Software IHE Technical Committee Import Reconciliation Workflow Profile.
Retrieve ECG for Display Profile Retrieve ECG for Display Profile John Donnelly IHE-Cardiology Planning Committee.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Post-Processing Workflow Sanjay Jain Co-Chair, Radiology Planning.
September, 2005What IHE Delivers 1 Purchasing & Integrating Radiology Systems Using IHE: A Tutorial & A Real-world Case Kevin ODonnell, Cor Loef, John.
Leveraging IHE to build RHIO Interoperability Charles Parisot GE Healthcare IHE IT Infrastructure Technical Committee co-chair.
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.
Audit Trail and Node Authentication / Consistent Time
Document Digital Signature (DSG) Document Digital Signature (DSG) Gila Pyke / Lori Reed-Fourquet Smart Systems for Health Agency / Identrus IHE ITI Technical.
Care Services Discovery
IHE Radiology Integration Profiles: ▪ Post-Processing Workflow ▪ Reporting Workflow IHE Educational Workshop – June 11-13, 2007 Nikolaus Wirsz, PhD Manager.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
September, 2005What IHE Delivers 1 Portable Data for Imaging - PDI IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
Robert Horn, Agfa Corporation
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers IHE Eye Care Integration Profiles Andrew Casertano Department of Veterans Affairs.
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
Integrating the Healthcare Enterprise
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Configuration Management Issues in IHE Asuman Dogac, SRDC, METU, Turkey
Pathfinding Session: IT Infrastructure for Intra-Enterprise IHE North America Webinar Series 2008 Charles Parisot IT Infrastructure Planning Co-chair GE.
IHE Profile – SOA Analysis: In Progress Update Brian McIndoe December 6, 2010.
DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.
September, 2005What IHE Delivers 1 Radiology Option for Audit Trail and Node Authentication IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert.
Charles Parisot IHE Radioology Planning & Technical Committee GE Medical Systems Information Technologies IHE - A Novel Approach IHE Methodology.
1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile IHE IT Technical and Planning Committee June 15 th – July 15 th 2004.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
Sharing Value Sets (SVS Profile) Ana Estelrich GIP-DMP.
Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.
Document Digital Signature (DSG) Document Digital Signature (DSG) Gila Pyke / Lori Reed-Fourquet Smart Systems for Health Agency / Identrus IHE ITI Technical.
Review and update of IHE The Future & XDS–I. Overview - IHE Updates IHE Organisational Changes The Infrastructure Domain Radiology Update XDS-I.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
DICOM INTERNATIONAL CONFERENCE & SEMINAR Oct 9-11, 2010 Rio de Janeiro, Brazil Security, Privacy & Networking Lawrence Tarbox, Ph.D. Washington University.
IHE Profile – SOA Analysis: In Progress Update Brian McIndoe January 18, 2011.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Education Workshop 2007 IHE IT Infrastructure Education John Moehrke GE Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Portable Data for Imaging - PDI Robert Horn Agfa Healthcare.
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.
IHE IT Infrastructure Domain Update Karen Witting – IBM IT Infrastructure Technical Committee co-chair.
IHE Cardiology Displayable Report (DRPT) Profile Harry Solomon, Tom Dolan February 16, 2005 Rev 0.3.
Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.
DICOM Security Andrei Leontiev, Dynamic Imaging Presentation prepared by: Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington.
September, 2005What IHE Delivers 1 Patient Index and Demographic Implementation Strategies IHE Vendors Workshop 2006 IHE IT Infrastructure Education Rick.
Integrating the Healthcare Enterprise The IHE Process: Developing Standards-based Solutions Kevin O’Donnell Co-chair, IHE Radiology Planning Committee.
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
Integrating the Healthcare Enterprise Retrieve Information for Display (RID) Integration Profile Ellie Avraham Kodak Health Imaging IHE IT Infrastructure.
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
June-September 2009www.ihe.net North American 2010 Connectathon & Interoperability Showcase Series Paul Seifert/ Kinson Ho Solution Architects Agfa HealthCare.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin - Medicity.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Teaching File and Clinical Trial Export John Perry Fujifilm Medical.
Patient Identifier Cross-Referencing for MPI (PIX)
Radiology Option for Audit Trail and Node Authentication Robert Horn
IHE Workshop: Displayable Reports (DRPT)
Integrating the Healthcare Enterprise
IHE: Integrating the Healthcare Enterprise
Presentation transcript:

Audit Trail and Node Authentication Audit Trail and Node Authentication Robert Horn Agfa Healthcare

June 28-29, 2005Interoperability Strategy Workshop2 IT Infrastructure Security Profiles 2004 Consistent Time (CT) Enterprise User Authentication (EUA) 2005 Audit Trail and Note Authentication (ATNA) 2006 Cross-Enterprise User Authentication (XUA) Document Digital Signature (DSG)

June 28-29, 2005Interoperability Strategy Workshop3 Assets being Protected All security systems exist to protect some asset. IHE follows the legal, regulatory, and medical ethics selection of assets: –Patient and staff safety –Patient and staff health –Patient and staff privacy

June 28-29, 2005Interoperability Strategy Workshop4 Consistent Time (CT) Network Time Protocol ( NTP) version 3 (RFC 1305) Actor must support manual configuration: –Manual IP address or hostname for time server –preferably 3 or more servers should be supported –Automatic discovery and broadcast will not be tested Required accuracy: 1 second Optional Secure NTP may be tested Required for use of ATNA, EUA, XUA. All time tags must be time synchronized. See for extensive technical details on the protocol, and your vendor documentation for installation and configuration.

June 28-29, 2005Interoperability Strategy Workshop5 Compatibility with RadiologyBasic Security But, what if I already have systems that support Basic Security? –ATNA + Radiology Option is backward compatible with Basic Security –Integration Statements should change support claim from Basic Security to Radiology Option for ATNA –For some actors there will be scenario requirements for the connectathon. This emulates having a hospital security office setting a security policy. It is not an official recommendation that these requirements are universally applicable.

June 28-29, 2005Interoperability Strategy Workshop6 ATNA IHE Goal IHE makes cross-node security management easy: –Only a simple manual certificate installation is needed, although more sophisticated systems (LDAP, PKI) can be used. –Implementations should separate the authentication, authorization, and accountability functions to accommodate the needs of different locations. –Enforcement is driven by a posteriori audits and real- time visibility, not detailed access controls.

June 28-29, 2005Interoperability Strategy Workshop7 ATNA Network Environments Physically secured networks Explicit physical security preventing access by other nodes, or VPN and VLAN technologies that provide equivalent network isolation. Encryption is not required, only host authentication. Protected networks Physical security that prevents modification or installation of unauthorized equipment The network is shared with other authorized nodes within the enterprise that should not have unrestricted access to patient information. Encryption is required.

June 28-29, 2005Interoperability Strategy Workshop8 ATNA Node Security ATNA specifies some of the capabilities that are needed, e.g. access control. But: –ATNA does not specify policies –ATNA does not specify mechanisms, although other IHE protocols like EUA are obvious candidates. Connectathon performs only rudimentary validation of node security functions.

June 28-29, 2005Interoperability Strategy Workshop9 ATNA Node Authentication X.509 certificates for node identity and keys These will be provided at the Connectathon and may change during the connectathon. TCP/IP Transport Layer Security Protocol (TLS) for node authentication, and optional encryption Actor must be able to configure certificate list of authorized nodes. The connectathon validates use of an explicit list of certificates for authorized machines. ATNA presently specifies mechanisms for HTTP, DICOM, and HL7

June 28-29, 2005Interoperability Strategy Workshop10 Why node authentication? Many systems are shared access, e.g. CT systems, where the machine identity is more important than the operators identity for security purposes. A CT operator is only permitted to update CT records from a CT system. Some systems operate autonomously, e.g. PACS archive. Knowing identity of the PACS administrator on duty is not useful when monitoring PACS activity. There might be nobody logged in. Machine access is usually controlled by the site administration. Even authorized users are not permitted to use personal machines.

June 28-29, 2005Interoperability Strategy Workshop11 ATNA Auditing System Designed for surveillance rather than forensic use. Two audit message formats –IHE Radiology interim format, for backward compatibility with radiology –IETF/DICOM/HL7/ASTM format, for future growth DICOM Supplement 95 IETF RFC-3881 for Common Audit Message ASTM E.214 HL7 Audit Informative documents Both formats are XML encoded messages, permitting extensions using XML standard extension mechanisms.

June 28-29, 2005Interoperability Strategy Workshop12 State of the Message Standards Interim IHE format, mature but limited to only basic radiology uses IETF Audit message format (RFC-3881) Stable, generic See security-audit.xsd

June 28-29, 2005Interoperability Strategy Workshop13 State of the Message Standards DICOM Supplement 95 –RFC-3881format specialized to cover activities by imaging equipment –Frozen Draft for trial implementation The purpose of frozen draft is to find mistakes through trial implementations like this IHE Connectathon. There have been mistakes found already. More mistakes will be found, please report them as you find them. There is a review scheduled for November 2005 by the DICOM committee to make fixes and assess whether it is ready to publish as a standard.

June 28-29, 2005Interoperability Strategy Workshop14 State of the Message Standards IHE Technical Framework First effort at detailing non-imaging activities The purpose of frozen draft is to find mistakes through trial implementations like this IHE Connectathon. There have been mistakes found already. More mistakes will be found, please report them as you find them.

June 28-29, 2005Interoperability Strategy Workshop15 First Mistake Both DICOM Supplement 95 and IHE Technical Framework use: EventID –And should have used EventTypeCode

June 28-29, 2005Interoperability Strategy Workshop16 ATNA Auditable Events Actor-start-stop The starting or stopping of any application or actor. Audit-log-used Reading or modification of any stored audit log Begin-storing-instances The storage of any persistent object, e.g. DICOM instances, is begun Health-service-event Other health service related auditable event. Instances-deleted The deletion of persistent objects. Instances-stored The storage of persistent objects is completed.

June 28-29, 2005Interoperability Strategy Workshop17 ATNA Auditable Events Medication Medication is prescribed, delivered, etc. Mobile-machine-event Mobile equipment is relocated, leaves the network, rejoins the network Order-record-event An order is created, modified, completed. Patient-care-assignment Patient care assignments are created, modified, deleted. Patient-care-episode Auditable patient care episode event that is not specified elsewhere. Patient-record-event Patient care records are created, modified, deleted.

June 28-29, 2005Interoperability Strategy Workshop18 ATNA Auditable Events PHI-export Patient information is exported outside the enterprise, either on media or electronically PHI-import Patient information is imported into the enterprise, either on media or electronically Procedure-record-event A procedure record is created, modified, or deleted. Query-information Any auditable query not otherwise specified. Security-administration Security alerts, configuration changes, etc. Study-object-event A study is created, modified, or deleted. Study-used A study is viewed, read, or similarly used.

June 28-29, 2005Interoperability Strategy Workshop19 Audit Events for XDS The primary audit events for XDS transactions are: –PHI Import (e.g., when data is obtained from the Repository/Registry) –PHI Export (e.g., when a submission set is provided to the Repository/Registry) Details of affinity domain organizational boundaries determine which activities are imports and exports. Other audit events, e.g., user login, also must be reported. There is a separate audit repository for each organization. There is not one audit repository for the entire affinity domain.

June 28-29, 2005Interoperability Strategy Workshop20 ATNA Record Audit Event Reliable Syslog (RFC 3195) is the new transport for Audit Records, although BSD Syslog protocol (RFC 3164) is permitted for backward compatibility with Radiology Basic Security. RFC 3195 implementations exist, but they are new and limited. Some vendors may to prefer RFC 3164 until there are multiple third party implementations of 3195 available. RFC 3195 may evolve based on industry experience with the new implementations. The primary gain from RFC 3195 is guaranteed reliability and security. RFC 3164 is subject to data loss on overloaded networks and eavesdropping on unprotected networks.

June 28-29, 2005Interoperability Strategy Workshop21 An example The following is an example of messages that might be generated during a routine imaging examination. Scenarios are being prepared for some connectathon workflows. Contributions to scenarios are welcomed, especially for the newer IHE disciplines where there is less experience with auditing. Only IHE Radiology has multi-year experience with its use.

June 28-29, 2005Interoperability Strategy Workshop22 A Study is Ordered Order Record created: Identify the person and/or process creating the order Identify the patient Note, this is just a security and privacy log so other order details are not needed. XYZ Actor Order Record

June 28-29, 2005Interoperability Strategy Workshop23 Modality Activity This is issued only by the DSS/Order Filler, not by the modalities. Shows: Identity of Querying Machine Identity of Local responding process Query description and contents DSS/Order Filler Query

June 28-29, 2005Interoperability Strategy Workshop24 Patient Arrives and is Medicated Several events are generated: The patient record is read, The order is read, The procedure record is created, and Medication is given The audit reports indicate the persons and/or processes, and the patient involved. ABC Actor Order Record Procedure Record Medication Event Patient Record

June 28-29, 2005Interoperability Strategy Workshop25 The study is performed Evidence Creator Begin Transferring Instances Procedure Record DSS/ Order Filler Image Manager/ Image Archive Instances Transferred Order Record

June 28-29, 2005Interoperability Strategy Workshop26 Study Performed The Procedure Records track the progress of the MPPS The Instances audit records track the progress of the data The order record reflects the updated order status on completion of the study

June 28-29, 2005Interoperability Strategy Workshop27 The study is read (examine data) Report Creator Begin Transferring Instances Instances Accessed Study Deleted Procedure Record Image Manager/ Image Archive Instances Transferred Query Record

June 28-29, 2005Interoperability Strategy Workshop28 The Study is read This shows the DICOM evidence related transactions. The image manager reports the queries to find the patient record (from a person or prefetch process) and the studies sent to the workstation. The workstation reports the studies received, the studies examined, the update to procedure status, and the final deletion of the unneeded copies of the studies. These are at the level of studies examined, not a detailed listing of each image examined.

June 28-29, 2005Interoperability Strategy Workshop29 The study is read (deliver report) Report Creator Begin Transferring Instances Procedure Record Report Manager Instances Transferred Order Record

June 28-29, 2005Interoperability Strategy Workshop30 The study is read (deliver report) This shows the activity tracking the resulting report: –The report writer reads the procedure schedule, transfers a report to the report manager, and updates the procedure status. –The report manager receives the finished report, and updates the order status.

June 28-29, 2005Interoperability Strategy Workshop31 What it takes to be a secure node The entire host must be secured, not just individual actors. The entire host must have appropriate user access controls for identification, authentication, and authorization. All communications that convey protected information must be authenticated and protected from interception. This means every protocol, not just the IHE transactions. All health information activities should generate audit trails, not just the IHE actors.

June 28-29, 2005Interoperability Strategy Workshop32 What it takes to be a secure node The Secure node is more than add-on auditing capability. The complete work effort includes: Deciding what events should be auditable Instrumenting all applications to detect auditable events and generate audit messages. Ensuring that all communications connections are protected. Establishing a local security mechanism to protect all local resources. Establishing configuration mechanisms for: –Time synchronization using Consistent Time (CT) profile –Certificate management –Network configuration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.