TRUST, Washington, D.C. Meeting January 9–10, 2006 Integrative Projects Status Report Janos Sztipanovits.

Slides:

Advertisements

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

Advertisements

Test Automation Success: Choosing the Right People & Process

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Disclosure I, Peter T. Katzmarzyk, PhD, FACSM, have no relationships with commercial interests to disclose. A commercial interest is any entity producing,

Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.

TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.

EHealth Challenges and Opportunities E-health: Multi-disciplinary of E (ICT) and Healthcare, or applied ICT in healthcare (Design oriented), or healthcare.

“Hospital Information System: A Transition to a Health Information System” Kiki Tsitoyanni Presales Manager Soren Hayrabedyan Consultant H-SYSTEMS, Health.

United States-Canada Regulatory Cooperation Council United States-Canada Regulatory Cooperation Council January 30, 2012 Washington D.C

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

Community Information Technology Engagement (CITE): Program Overview

Personalized Medicine Research at the University of Rochester Henry Kautz Department of Computer Science.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

This chapter is extracted from Sommerville’s slides. Text book chapter

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Management Information Systems

WORKSHOP IV Integrating Ethics, Compliance, Privacy and Security into a Single Organizational Initiative Geralyn Kidera JD Senior Vice President Council.

AVU International Conference, Nairobi, Kenya, Nov. 20, 2013 James Glapa-Grossklag, College of the Canyons Kathleen Ludewig Omollo, University of Michigan.

EF on IST in FP6 in Greece Information Day Athens-Thessaloniki, December 2002 The IST Priority in FP6 Erastos Filos

RILEY DAVIS HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HIPAA.

 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.

Co-design Environment for Secure Embedded Systems Matt Eby, Janos L. Mathe, Jan Werner, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Yuan Xue Institute.

State Alliance for e-Health Conference Meeting January 26, 2007.

Architecture: A Plan for How Parts of a Structure Fit Together to Achieve its Purpose William W. Stead, M.D. July 1, 2003 Vanderbilt University Medical.

ONC FACA HIT Standards Committee Clinical Operations Workgroup Hearing on Barriers & Enablers for Medical Device Interoperability March 28, 2011 ~ Washington,

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

TRUST NSF Site Visit, Berkeley, April 27 th - 28 th, 2006 Trust Patient Portal Project – Real Time Patient Monitoring Josh Denny Mike Elkund Philip Kuryloski.

TRUST Review, April 2, 2008 Experimental Platform for Model-Integrated Clinical Information Systems Janos Mathe ‡, Jan Werner ‡, Yonghwan Lee ‡, Akos Ledeczi.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer Extended RBAC-design and implementation.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Janos Sztipanovits Dr. Janos Sztipanovits E. Bronson Ingram Distinguished Professor of EECS Director of ISIS Vanderbilt University Nashville, TN Overview.

© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.

G:\99Q3\9220\PD\AJD2.PPT 1 Harriet P. Pearson Chief Privacy Officer IBM February 7, 2003 IBM.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.

TRUST : Team for Research in Ubiquitous Secure Technology National Science Foundation Site Visit February 24-26, 2009 │Berkeley, California Health Infrastructures.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.

CSCE 548 Secure Software Development Security Operations.

Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.

Patrick Sulzberger, CPA, CHC Compliance & The Board A Guide to Excellence.

Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.

TRUST 2 nd Year Site Visit, March 19 th, 2007 TRUST Knowledge Transfer EMR Project Vanderbilt (Sztipanovits, Karsai, Ledeczi, Xue) Stanford (Mitchell,

1 Strategic Plan Review. 2 Process Planning and Evaluation Committee will be discussing 2 directions per meeting. October meeting- Finance and Governance.

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

Jacques Bus Head of Unit, DG INFSO-F5 “Security” European Commission FP7 launch in the New Member States Regional on-line conference 22 January 2007 Objective.

1 Chapter 12 Configuration management This chapter is extracted from Sommerville’s slides. Text book chapter 29 1.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,

1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

Large-Scale Record Linkage Support for Cloud Computing Platforms Yuan Xue, Bradley Malin, Elizabeth Durham EECS Department, Biomedical Informatics Department,

Consumer Health Informatics

ASSET - Automotive Software cyber SEcuriTy

Public Health Laboratory Data (PH-Lab) Exchange Project: Overview

Integrating Security Modeling in Embedded System Design

TRUST:Team for Research in Ubiquitous Secure Technologies

Nursing informatics Lecture (11).

Presentation transcript:

TRUST, Washington, D.C. Meeting January 9–10, 2006 Integrative Projects Status Report Janos Sztipanovits

TRUST, Washington, D.C. Meeting January 9–10, Content Role of Integrative Projects in TRUST Status Report on Project Formation: – Patient Portals – Systems/Security Co-design in Embedded Systems Next Steps

TRUST, Washington, D.C. Meeting January 9–10, Role of Integrative Projects Link research efforts to real-life challenges Help validating research results Facilitate technology transitioning toward National stakeholders Provide focus for integrating research efforts

TRUST, Washington, D.C. Meeting January 9–10, Patient Portals: Societal Context Health Insurance Portability and Accountability Act of 1996 (HIPAA) The HIPAA Privacy Rule, which became effective in April of 2003, gives US citizens for the first time a uniform right to access to information contained in their medical records, to request amendments or corrections to those records, to request an accounting of disclosures of their personal health information made by their healthcare providers. The HIPAA Security Rule, which became effective in April, 2005, requires healthcare organizations to adopt administrative, physical and technical protections for person-identifiable health data that is maintained or transmitted in electronic format. Currently, the civil and criminal liabilities associated with the Security Rule create additional concerns and reticence of health care organizations to bring new classes of users into the previously private, internal domain of electronic clinical information systems.

TRUST, Washington, D.C. Meeting January 9–10, Experimental Patient Portal at VUMC – Patient access to lab results – Patient-entered notes e.g., dietary supplements – Automated drug-drug interaction checking for items that patients add to their medications Opportunity – Use MyHealth as an evaluation platform for TRUST technologies

TRUST, Washington, D.C. Meeting January 9–10, Criteria for Being a TRUST Integrative Project  Interest from the Medical Community  Multisciplinary: Social, Systems, Security  Scale: Societal with huge potential implications  Real: MyHealth is a live experimental system  Technical richness and fundamental challenges

TRUST, Washington, D.C. Meeting January 9–10, Integrative Project Development on Patient Portals Discussions and preparations started with Prof. Bill Stead, Director, Informatics Center and the Prof. Dan Masys, Chair, Department of Biomedical Informatics of Vanderbilt University Medical Center in September, We jointly organized a Design Workshop for an Integrative Project related to Patient Portals on December 16, 2005 at Vanderbilt Center for Better Health. ( Center for Better Health Detailed project planning between TRUST and the MyHealth program continue.

TRUST, Washington, D.C. Meeting January 9–10, Meeting at Vanderbilt

TRUST, Washington, D.C. Meeting January 9–10, Presentations

TRUST, Washington, D.C. Meeting January 9–10, The Nature of Biomedical Data Complexity of privacy – Variable levels of sensitivity; “sensitive” is in the eye of multiple beholders, and highly context-dependent – No bright line between person-identifiable and “anonymous” data – So inherently rich in attributes that re-identification potential never reaches zero – Genome as Future Diary: An individual’s medical data may have implications for other family members who have much different values and preferences, and for future generations Complexity of access rights and policies – Simple role-based access control is insufficient – Governing principles: “need-to-know” and “minimum disclosure” Source: Dan Masys’s presentation

TRUST, Washington, D.C. Meeting January 9–10, Design Rounds

TRUST, Washington, D.C. Meeting January 9–10, Workshop Results Real-time Patient Data Monitoring Project (see poster) Role-based Access Modeling for Patient Portals (see poster) Unintended Consequences (joint study group between the MyHealth program and TRUST)

TRUST, Washington, D.C. Meeting January 9–10, Patient Portals: Technical Challenges 1/2 Access Control Unique problems: - Policy languages - Policy validation - Distributed policy enforcement Data Privacy Unique problems: - Learning from data while keeping individual data private - Publishing data without possibility to link back to individuals - Information flow through data access: “leaking secret data” - Incorporating background knowledge - Interaction between privacy and policy languages

TRUST, Washington, D.C. Meeting January 9–10, Distributed trust management Unique problems: - Maintaining trust across multiple players with conflicting interests and policies Information architecture modeling and analysis Unique problems: - Technical and organizational heterogeneity - Major role of legacy systems - Scale and complexity Benchmarking – Creation of synthetic patient data – Real-life patient data Societal Impact of Patient Portals - What privacy policy would make patients comfortable with contributing data to research study? Patient Portals: Technical Challenges 2/2

TRUST, Washington, D.C. Meeting January 9–10, Approaches What solutions are possible? – Policy languages (Stanford) – Data privacy (Cornell) – Information architecture modeling and analysis (VU, Berkeley) – Distributed trust management (Cornell) – Societal impact (Berkeley) Use MyHealth as demo system – Put TRUST research thrusts in MyHealth contexts

TRUST, Washington, D.C. Meeting January 9–10, Embedded System/Security Co-design: Societal Context Embedded and Networked Embedded Systems have huge penetration in all market sectors: automotive, aerospace, defense, medical, transportation, energy, chemicals, communications and others. Security of embedded systems is becoming a major societal concern Resource limitations, timing, and complexity make the development of secure embedded and networked embedded systems a significant scientific and technical challenge

TRUST, Washington, D.C. Meeting January 9–10, Integrative Project Development on System/Security Co-design Discussions and preparations started with the ESCHER companies (GM, Boeing, Raytheon) in September, We solicited input for challenge problem specification and testbed ideas. At the December 2005 ESCHER Advisory Group meeting we discussed specific ideas and plans A low-cost testbed implementation is ongoing.

TRUST, Washington, D.C. Meeting January 9–10, Controller Wireless Link Plant Simulator DAQ Testbed Configuration Single board computer SBC4495 from Micro/Sys Minilab 1008 Different SW platforms: Linux GRSecurity Others (LynxOS, VxWorks,..)

TRUST, Washington, D.C. Meeting January 9–10, Functional Models Component Models Componentized Model Access Control Secure Component Structure Model Partitioning Model Platform Model Deployment Model Generators Composition Platform OS Security Services HW/SW Arch Integrated Co-design Environment Domain-specific Modeling Languages (AADL, Simulink/StateFlow, …) Security modeling for different platforms Model Analysis tools Code Generators

TRUST, Washington, D.C. Meeting January 9–10, Exploratory Integrative Project Ideas Sensor Networks in Cooperation with Oak Ridge National Labs – Dirty Bomb Detection – Trusted Transportation Corridor (VU)

TRUST, Washington, D.C. Meeting January 9–10, Sensor Networks: Dirty Bomb Detection Demonstration in VU Stadium Goal: Detection of Rad. Source position by tracking location of moving sensor with less than 1m error. Demonstration in Vanderbilt Stadium, April, 2006 (IPSN’06) ORNL: Rad. Sensor VU-ISIS: Sensor localization and system integration Berkeley: Platform Cornell: Networking Oak Ridge National Labs TRUST team: Vanderbilt-Berkeley-Cornell

TRUST, Washington, D.C. Meeting January 9–10, Additional integrative projects concepts are being developed (e.g. sensor networks) Project teams are formed between TRUST groups and “stakeholders” Detailed project plans are discussed Integrative project teams are formed First results will be reported at the April 2006 TRUST Review Meeting Next Steps