Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 presented to the IT Infrastructure Technical Committee A. Estelrich (GIP-DMP)

Slides:

Advertisements

Similar presentations

Connected Health Framework

Advertisements

TMF, Telematikplattform für Medizinische Forschungsnetze e. V. Integrating eHealth and Medical Research The TMF Data Protection Scheme CeHR Regensburg,

September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.

XDS Link-Unlink Support Profile Proposal for 2011/12 presented to the IT Infrastructure Planning Committee José Mussi (JRS Partners – IHE Canada) Karen.

IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.

PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.

Agenda Problem Existing Approaches The e-Lab Is DRM the solution?

Federated Directory Services Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee J. Caumanns, O. Rode, R. Kuhlisch,

EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

IHE Cardiology Status November 2005 Harry Solomon Co-chair, Technical Committee.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

Prof. Reinhold Haux Dr. Markus Wagner The Lower Saxony Bank of Health 23 th of August, 2013.

IHE Patient Care Coordination (PCC) Technical Framework Supplement Patient Plan of Care (PPOC)

IBM Rhapsody Simulation of Distributed PACS and DIR systems Krupa Kuriakose, MASc Candidate.

Meeting The Technical Security Needs Primary and Secondary use of EHR systems Filip De Meyer

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Configuration Management Issues in IHE Asuman Dogac, SRDC, METU, Turkey

What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.

XDS Security ITI Technical Committee May 26, 2006.

Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.

1 IHE ITI White Paper on Access Control WP Review Cycle 1 Chapter 4: Actors and Transactions Chapter 6: Implementation Issues Dr. Jörg Caumanns, Raik Kuhlisch,

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Connecting for Health: Common Framework. 2 What is Connecting for Health? Broad-based, public-private coalition More than 100 collaborators –Providers.

1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile IHE IT Technical and Planning Committee June 15 th – July 15 th 2004.

Sharing Value Sets (SVS Profile) Ana Estelrich GIP-DMP.

Cross-enterprise Document Workflow (XDW) IT Infrastructure Technical Committee Editors: Luca Zalunardo, Arianna Cocchiglia, Arsenal.IT.

Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Review and update of IHE The Future & XDS–I. Overview - IHE Updates IHE Organisational Changes The Infrastructure Domain Radiology Update XDS-I.

1 Data use, data sharing and information governance Geraint Lewis Chief Data Officer, NHS England Mark Golledge Programme Manager in.

Dynamic Document Sharing Detailed Profile Proposal for 2010 presented to the IT Infrastructure Technical Committee Karen Witting November 10, 2009.

1 IHE ITI White Paper on Authorization Volume 1 Rough Cut Outline Jörg Caumanns, Raik Kuhlisch, Oliver Pfaff, Olaf Rode, Christof Strack, Heiko Lemke Berlin,

1 Annual Meeting 2004 CrossRef Publishers International Linking Association, Inc Charles Hotel, Cambridge, MA November 9 th, 2004.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Education Workshop 2007 IHE IT Infrastructure Education John Moehrke GE Healthcare.

Chronic Care Coordination/Community Referral Workflow Brief Profile Proposal for presented to the PCC Planning Committee Jon Hilton, Health.

Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.

Quality, Research and Public Health (QRPH) Domain HIMSS 2009 Interoperability Showcase Planning Co-Chairs: - Ana Estelrich, GIP-DMP - Ana Estelrich, GIP-DMP.

Dynamic Data Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Karen Witting September 30, 2009.

1 IHE ITI White Paper on Authorization Rough Cut Implementation Opportunities for BPPC Dr. Jörg Caumanns, Raik Kuhlisch, Olaf Rode Berlin,

Federated Directory Service (FDS) IHE IT Profile Proposal Sören Bittins (eCR, Fraunhofer ISST) November, 18th 2008.

Educational Template Chapter 11 Data Privacy and Security Ross Fraser Chapter 11 Data Privacy & Security.

1 IHE ITI White Paper on Access Control WP Review Cycle 1 Chapter 1-2: Introduction and State of the Art Dr. Jörg Caumanns, Raik Kuhlisch, Olaf Rode Berlin,

1 IHE ITI White Paper on Access Control Outline of Chapter 4 Jörg Caumanns, Raik Kuhlisch, Olaf Rode TCon,

Federated [Organization] Registry Brief Profile Proposal for 2008/09 presented to the IT Infrastructure Planning Committee J. Caumanns (eCR, Fraunhofer.

Cross-Enterprise Privacy Policy (XPP) Profile Proposal for 2008/09 presented to the IT Infrastructure Technical Committee Sören Bittins (eCR, Fraunhofer.

Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.

Federated Directory Services Revised Proposal for 2009/10 presented to the IT Infrastructure Planning Committee J. Caumanns, O. Rode, R. Kuhlisch, FHGISST.

Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT.

Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.

XDS P2P (revised) Brief Profile Proposal for 2008/09 presented to the IT Infrastructure Planning Committee A. Kassner (IHE-D), J. Caumanns (eCR) 01 October.

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

XDS Security ITI Technical Committee May, XDS Security Use Cases Prevent Indiscriminate attacks (worms, DOS) Normal Patient that accepts XDS participation.

Implementing Purpose Specific Records using IHE XDS Brief White Paper Proposal for 2008/09 presented to the IT Infrastructure Planning Committee J. Caumanns.

Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)

Integrating the Healthcare Enterprise Retrieve Information for Display (RID) Integration Profile Ellie Avraham Kodak Health Imaging IHE IT Infrastructure.

June-September 2009www.ihe.net North American 2010 Connectathon & Interoperability Showcase Series Paul Seifert/ Kinson Ho Solution Architects Agfa HealthCare.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin - Medicity.

Eclipse Foundation, Inc. Eclipse Open Healthcare Framework v1.0 Interoperability Terminology HL7 v2 / v3 DICOM Archetypes Health Records Capture Storage.

IT Infrastructure Plans

IHE Quality, Research and Public Health QRPH domain

High Performance Computing Center – HLRS

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Presentation transcript:

Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 presented to the IT Infrastructure Technical Committee A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST) 18th of November, 2008

IT Infrastructure Technical Committee Editors Ana Estelrich (GIP-DMP)Ana Estelrich (GIP-DMP) Prof. Klaus Pommerening (University of Mainz)Prof. Klaus Pommerening (University of Mainz) Sebastian Semler (TMF e.V.)Sebastian Semler (TMF e.V.) Sören Bittins, Jörg Caumanns (Fraunhofer ISST)Sören Bittins, Jörg Caumanns (Fraunhofer ISST)

IT Infrastructure Technical Committee Motivation Pseudonymisation is often only considered as interesting for second use scenarios but primary cases are also interestingPseudonymisation is often only considered as interesting for second use scenarios but primary cases are also interesting Primary use scenarios:Primary use scenarios: –Pseudonymisation as a potential security mechanism –Reducing the actual protection requirement by decoupling the concrete patient’s identity from the health information Secondary use scenarios (clinical research, public health):Secondary use scenarios (clinical research, public health): –Data leaves the context of the physician where they are protected by professional discretion –The utilisation of anonymisation/pseudonymisation means is mandatory for secondary use scenarios –The concrete identity of the patient is often of no interest

IT Infrastructure Technical Committee Motivation (II) In order to derive solution patterns for a flexible implementation, several models needs to be created and consideredIn order to derive solution patterns for a flexible implementation, several models needs to be created and considered Six models are suggested covering a selection of primary and secondary use casesSix models are suggested covering a selection of primary and secondary use cases

IT Infrastructure Technical Committee Pseudonymisation Models Model 0: Identity Protection for Primary UseModel 0: Identity Protection for Primary Use –Incorporates encryption & pseudonymisation for identity protection Model 1: Identity RemovalModel 1: Identity Removal –For one-time secondary use –Identity is completely anonymised (e. g. for research purposes) Model 2: Multiple data sources, one-time secondary useModel 2: Multiple data sources, one-time secondary use –Aims at linking multiple sources (e. g. XDS registries, repositories) –Incorporates one-way pseudonyms and encryption –= the secondary user cannot tell the identity but can read the data –Purpose: cancer registry

IT Infrastructure Technical Committee Pseudonymisation Models Model 3: One-Time secondary use with re-identificationModel 3: One-Time secondary use with re-identification –Incorporates two TTP, one for substituting the concrete identity, one for the actual pseudonymisation –The PID service knows the identity of the patient but contains no data –The PSEUD service can recover the PID by decrypt the PSN but does not know the concrete identity Model 4: Pseudonymous Research Data PoolModel 4: Pseudonymous Research Data Pool –Is based on Model 3 but incorporates a data pool for research –Pseudonym and medical data are permanently stored in the data pool Model 5: Central DB with many secondary usesModel 5: Central DB with many secondary uses –Potential for research involving a central (clinical) database –The clinical database contains medical data but no identities –Concrete reference to the pseudonymised medical data is established over a TTP being able to assign a PID that is connected to the data

IT Infrastructure Technical Committee Flow-of-Data (Model 2)

IT Infrastructure Technical Committee Outline Identity Protection, Pseudonymisation, Anonymisation (2-3 pages)Identity Protection, Pseudonymisation, Anonymisation (2-3 pages) Pseudonymisation Models (Use Cases) (5-10)Pseudonymisation Models (Use Cases) (5-10) Building Blocks (10-20)Building Blocks (10-20) Implementation and Deployment (10-15)Implementation and Deployment (10-15) Security Considerations (2-4)Security Considerations (2-4) Outline of a privacy Framework (2-4)Outline of a privacy Framework (2-4) Application of Pseudonymisation onto content profiles from PCC and QRPH (4-8)Application of Pseudonymisation onto content profiles from PCC and QRPH (4-8)

IT Infrastructure Technical Committee Standards and Systems ISO TC 215 Pseudonymisation for health InformaticsISO TC 215 Pseudonymisation for health Informatics TMF Pseudonymisation FrameworkTMF Pseudonymisation Framework OASIS WSFEDOASIS WSFED

IT Infrastructure Technical Committee IHE Profile Grouping XUA: for user authenticationXUA: for user authentication XPP: for authorising access to pseudonym generationXPP: for authorising access to pseudonym generation XDS: for secondary use databasesXDS: for secondary use databases XDS: as a prominent example of health resources that can be safeguarded by pseudonyms (primary use)XDS: as a prominent example of health resources that can be safeguarded by pseudonyms (primary use) ATNA: for mutual node authentication and audit trailsATNA: for mutual node authentication and audit trails PIX/PDQ: for providing patient identifiers and attributesPIX/PDQ: for providing patient identifiers and attributes

IT Infrastructure Technical Committee Expected Acceptance Data protection and extended liability issues are gradually moving into the focusData protection and extended liability issues are gradually moving into the focus Cooperative health care networks have a extremely strong demand for compliant solutionsCooperative health care networks have a extremely strong demand for compliant solutions This profile provides essential building-blocks for designing those solutionsThis profile provides essential building-blocks for designing those solutions The eCR Initiative is currently providing and using various of the components presented here for full complianceThe eCR Initiative is currently providing and using various of the components presented here for full compliance Significant potential for cross-border usabilitySignificant potential for cross-border usability May serve as a foundation for a pan-European identity protection frameworkMay serve as a foundation for a pan-European identity protection framework