Presentation is loading. Please wait.

Presentation is loading. Please wait.

Consultation of the National Registry and the KSZ/BCSS registries General overview 1.

Published byDennis Webb Modified over 6 years ago

Similar presentations

Presentation on theme: "Consultation of the National Registry and the KSZ/BCSS registries General overview 1."— Presentation transcript:

1 Consultation of the National Registry and the KSZ/BCSS registries General overview
1

2 National Registry: what?
Database with identification-data About individuals registered in citizen-registry or a foreigners-registry of the municipalities Registries of doplomatic missions and consulatesers van de diplomatieke zendingen en de consulaire posten Waiting registry of candidate political refugees Managed by public service of internal affairs Contains (amongst others) National Registry number name First names gender Birthplace Birthdate Date of decease Main address

3 Crossroadbank registries: what?
Database with identification-data About individuals that are not registered in national registry Or data is not updated in the national registry But identification data is needed for Social security Other legal obligations… Managed by crossroads bank of social security Contains (amongst others) National Registry number name First names gender Birthplace Birthdate Date of decease Main address

4 Relationship between both
The crossroads bank registries are a supplement to the national registry and is only used if the national registry is unable to provide the needed information The databases are synchronized on a regular basis Transparant to the user / integrator of the service

5 Id-number of social security (NISS/INSZ)
= number of the national registry if existing = number of crossroadsbank of social security if there is no national registry number

6 Access (1/2) Limited to certain categories of people/institutions
e.g. public and private insitutions for the information they need for performing their tasks of common interest (→ hospitals) Requires authorization of a sectoral comity of the Privacy Commission Access to the national registry Sectoral comity of the national registry For hospitals: deliberation nr. 21/2009 of March 25, 2009 (see Access to the crossroads bank registries sectoral comity of social security and health For hospitals: deliberation nr. 09/39 of July 7th 2009 (see

7 Access (2/2) General authorization for hospitals
Access to limited identification data (id-number, name, first names, gender, birth place, birth date, decease date and main address) Use of the id-number Conditions (see next slides) Only for well-defined purposes Limited storage of personal data Limited access to the personal data via a secured platform Obligations (see next slides) Communiocation of documents to the sectoral comity and the eHealth-platform Appointing an information security consultant Elaboration of an information safety policy more information: see portal-site of the eHealth-platform

8 Conditions (1/2) Only for specific purposes Storage
verify/update identification-data of patients Unique identification of patients in the medical record Billing Storage For the managment of the medical record Up to 30 years after the last contact with the patient Hospital services reponsible for billing/invoicing Not longer than the invoicing procedure And not longer thean the legal limitation period (= 2 years starting at the end of the month during which the medical acts were delivered)

9 Conditions (2/2) Limitation of access to specific individuals
Minimum number of employees Signing declaration of confidentiality Creation and maintenace of a list of employees that do have access for functional reasons via a secured platform the eHealth-platform Or any other platform that can provide similar guaranties regarding information safety and submitted to the control of the sectoral comity of social security and health.

10 Obligations Documents to the sectoral comity of social security and health See: Request to the eHealth-platform Request for use of webservices (see next slides) Obtaining a eHealth-certificate (identification/authentication) tests

11 Information about information safety consultant
identity and contact information Training and qualifications Job description place in the organisation Available time for the job If applicable, other (compatible) jobs

12 Information Safety Policy (1/2)
Using the services of an information safety consultant evaluate risks and security needs for working with personal data Maintain written version of the information safety policy Identify the different media and carriers on which personal data is stored, communicated and processed. information to employees about their confidentiality- and security duties Precautions against unauthorized and useless access to personal data Precautions against damage that might put the personal data in danger.

13 Information Safety Policy (2/2)
Precautions for protection of the different networks Up-to-date list of individuals having access to personal data and their access level Implementation of access authorization system Logging of people having access to the personal data Follow-up of the organisational and technical measures Availability of emergency-procedures in case of safety-incidents Availability of up-to-date documentation regarding the security-precautions

14 Webservices IdentifyPerson PhoneticSearch ManageInscription
MutationSender PersonHistory

15 Other needs? National registry and crossroads bank registries contain also additional data: nationality Place of decease profession Marital status / legally living togethe Family composition administrative situation of candidate - political refugee Etc… Not accessible today Justifiable needs can be investigated

16 Information safety precautions
eHealth-platform will organize discussion with hospitals « consultation-structure » will assist hospitals when creating and implementing information security policies

17 Consultation of national register and BIS register Technical part and procedures
17

18 Web services IdentifyPerson phoneticSearch manageInscription
mutationSender personHistory

19 Architecture

20 Autorisation

21 WebService IdentifyPerson (request)

22 WebService IdentifyPerson (request)
For example: <?xml version="1.0" encoding="UTF-8"?> <ns1:SearchBySSINRequest xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol IdentifyPerson-1-0.xsd" xmlns:xsi=" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <Organisation> <Id> </Id> <Type>NIHII</Type> <SubType>HOSPITAL</SubType> </Organisation> <ApplicationID>xxxxxxxxxxx</ApplicationID> <Inscription> <SSIN>xxxxxxxxxxx</SSIN> <QualityCode>1</QualityCode> <Period> <BeginDate> </BeginDate> <EndDate> </EndDate> </Period> </Inscription> </ns1:SearchBySSINRequest>

23 WebService IdentifyPerson (reply)

24 WebService IdentifyPerson (reply)

25 WebService IdentifyPerson (reply)
<?xml version="1.0" encoding="UTF-8"?> <ns1:SearchBySSINReply Id=" " xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol IdentifyPerson-1-0.xsd" xmlns:xsi=" xmlns:eH="urn:be:fgov:ehealth:commons:1_0:core" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <eH:Status> <Code>100</Code> <Message>Success</Message> </eH:Status> <Person> <SSIN> </SSIN> <PersonData> <Birth> <Date> </Date> <Localisation> <Description Lang="FR">JEMEPPE-SUR-SAMBRE</Description> <Municipality> <InsCode>92140</InsCode> </Municipality> <Country> <InsCode>150</InsCode> </Country> </Localisation> </Birth>

26 WebService IdentifyPerson (reply)
<Name> <First>PERSONNE</First> <Last>TEST</Last> </Name> <Gender>UNKNOWN</Gender> <Address> <StandardAddress> <Street> <Description Lang="NL">TESTSTRAAT </description> </Street> <Housenumber>25</Housenumber> <Municipality> <InsCode>11002</InsCode> <PostalCode>2000</PostalCode> <Description>ANTWERPEN</Description> </Municipality> <Country> <InsCode>150</InsCode> <Description Lang="NL">BELGIË</Description> </Country> </StandardAddress> </Address> </PersonData> </Person> </ns1:SearchBySSINReply>

27 WebService PhoneticSearch (request)

28 WebService PhoneticSearch (request)
<?xml version="1.0" encoding="UTF-8"?> <ns1:SearchPhoneticRequest xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol PhoneticSearch-1-0.xsd" xmlns:xsi=" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <Organisation> <Id> </Id> <Type>NIHII</Type> <SubType>HOSPITAL</SubType> </Organisation> <ApplicationID>xxxxxxxxxxx</ApplicationID> <PhoneticCriteria> <LastName>TEST</LastName> <MiddleName>ALBERT</MiddleName> <BirthDate> </BirthDate> <Gender>MALE</Gender> <Tolerance>2</Tolerance> </PhoneticCriteria> </ns1:SearchPhoneticRequest>

29 WebService PhoneticSearch (reply)

30 WebService PhoneticSearch (reply)
<?xml version="1.0" encoding="UTF-8"?> <ns1:SearchPhoneticReply Id=" " xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol PhoneticSearch-1-0.xsd" xmlns:xsi=" xmlns:eH="urn:be:fgov:ehealth:commons:1_0:core" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <eH:Status> <Code>100</Code> <Message>Success</Message> </eH:Status> <Person> <SSIN>xxxxxxxxxxx</SSIN> <PersonData> <Birth> <Date> </Date> <Localisation> <Description Lang="FR">JEMEPPE SUR SAMBRE</Description> <Municipality> <InsCode>92140</InsCode> </Municipality> <Country> <InsCode>150</InsCode> </Country> </Localisation> </Birth> <Name> <First>Personne</First> <Last>Test</Last> </Name> <Gender>UNKNOWN</Gender>

31 WebService PhoneticSearch (reply)
<Address> <StandardAddress> <Street> <Description Lang="NL">TESTSTRAAT</Description> </Street> <Housenumber>25</Housenumber> <Municipality> <InsCode>11002</InsCode> <PostalCode>2000</PostalCode> <Description>ANTWERPEN</Description> </Municipality> <Country> <InsCode>150</InsCode> <Description Lang="NL">BELGIË</Description> </Country> </StandardAddress> </Address> </PersonData> </Person> <Person> <SSIN>yyyyyyyyyyy</SSIN> <PersonData> <Birth> <Date> </Date> <Localisation> <Description>AMSTERDAM</Description> <InsCode>129</InsCode> </Localisation> </Birth>

32 WebService PhoneticSearch (reply)
<Name> <First>Prsonne</First> <Last>Test</Last> </Name> <Gender>UNKNOWN</Gender> <Address> <StandardAddress> <Street> <Description Lang="NL">TESTSTRAAT</Description> </Street> <Housenumber>25</Housenumber> <Municipality> <InsCode>11002</InsCode> <PostalCode>2000</PostalCode> <Description>ANTWERPEN</Description> </Municipality> <Country> <InsCode>150</InsCode> <Description Lang="NL">BELGIË</Description> </Country> </StandardAddress> </Address> </PersonData> </Person> </ns1:SearchPhoneticReply>

33 WebService ManageInscription
the webservice 'ManageInscription' allows a hospital to subscribe or unsubscribe for a patient to the Mutation of the national register’s subscription If there is a mutation for this person, it will be send where the hospital wants to prolong this period, he adds the new period desired if it wants to reduce this period, the hospital removes the excess period

34 WebService ManageInscription (request)

35 WebService ManageInscription (request)
<?xml version="1.0" encoding="UTF-8"?> <ns1:InsertInscriptionRequest xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol manageInscription-1-0.xsd" xmlns:xsi=" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <Organisation> <Id> </Id> <Type>NIHII</Type> <SubType>HOSPITAL</SubType> </Organisation> <ApplicationID>xxxxxxxxxxx</ApplicationID> <Inscription> <SSIN> xxxxxxxxxxx </SSIN> <QualityCode>1</QualityCode> <Period> <BeginDate> </BeginDate> <EndDate> </EndDate> </Period> </Inscription> </ns1:InsertInscriptionRequest>

36 WebService ManageInscription (reply)

37 WebService ManageInscription (reply)
<?xml version="1.0" encoding="UTF-8"?> <ns1:InsertInscriptionReply Id=" " xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol manageInscription-1-0.xsd" xmlns:xsi=" xmlns:ns3="urn:be:fgov:ehealth:commons:1_0:core" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <ns3:Status> <Code>80</Code> <Message>business error : unknown quality</Message> </ns3:Status> </ns1:InsertInscriptionReply>

38 WebService MutationSender
Every day The file is available during 45 days. eHealth always search the last file.

39 WebService MutationSender (reply)

40 WebService MutationSender (reply)
<?xml version="1.0" encoding="UTF-8"?> <ns0:MutationReply xmlns:ns0="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <Header> <ApplicationID>xxxxxxxxxxx</ApplicationID> <Date> </Date> <SequenceNumber>1</SequenceNumber> <Environement>A</Environement> </Header> <ns0:MutationList> <ns0:Mutation> <MutationInformation> <Author>RR_RN</Author> <Type> </Type> <Description Lang="EN">Ssin is modified</Description> </MutationInformation> <Person> <SSIN> </SSIN> <PersonData> <Birth> <Date> </Date> <Localisation> <Description Lang="FR">JEMEPPE-SUR-SAMBRE</Description> <Municipality> <InsCode>92140</InsCode> </Municipality> <Country> <InsCode>150</InsCode> </Country> </Localisation> </Birth>

41 WebService MutationSender (reply)
<Name> <First>PERSONNE</First> <Last>TEST</Last> </Name> <Gender>UNKNOWN</Gender> <Address> <StandardAddress> <Street> <Description Lang="NL">TESTSTRAAT</description> </Street> <Housenumber>25</Housenumber> <Municipality> <InsCode>11002</InsCode> <PostalCode>2000</PostalCode> <Description>ANTWERPEN</Description> </Municipality> <Country> <InsCode>150</InsCode> <Description Lang="NL">BELGIË</Description> </Country> </StandardAddress> </Address> </PersonData> </Person> </ ns0:Mutation> </ns0:MutationList> </ns0:MutationReply>

42 WebService PersonHistory
8 methods : getAddresssHistory,… You can just see the data : Up to 30 years (in case of management of the medical record) Up to 2 years (in case of bill management)

43 getAddressHistory (request)

44 getAddressHistory (request)
<?xml version="1.0" encoding="UTF-8"?> <ns1:PersonHistoryRequest xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol PersonHistory-1-0.xsd" xmlns:xsi=" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <Organisation> <Id> </Id> <Type>NIHII</Type> <SubType>HOSPITAL</SubType> </Organisation> <ApplicationID>xxxxxxxxxxx</ApplicationID> <SSIN>xxxxxxxxxxx</SSIN> </ns1: PersonHistoryRequest>

45 getAddressHistory (reply)

46 getAddressHistory (reply)
<?xml version="1.0" encoding="UTF-8"?> <ns1:PersonHistoryAddressReply Id=" " xsi:schemaLocation="urn:be:fgov:ehealth:consultRN:1_0:protocol PersonHistory-1-0.xsd" xmlns:xsi=" xmlns:eH="urn:be:fgov:ehealth:commons:1_0:core" xmlns:ns1="urn:be:fgov:ehealth:consultRN:1_0:protocol"> <eH:Status> <Code>100</Code> <Message>Success</Message> </eH:Status> <SSIN>xxxxxxxxxxx</SSIN> <AddressHistory> <Source>RR-RN</Source> <ModificationDate> </ModificationDate> <EffectuationDate> </EffectuationDate> <Address>

47 getAddressHistory (reply)
<StandardAddress> <Street> <Description Lang="NL">TESTSTRAAT</Description> </Street> <Housenumber>25</Housenumber> <Municipality> <InsCode>11002</InsCode> <PostalCode>2000</PostalCode> <Description>ANTWERPEN</Description> </Municipality> <Country> <InsCode>150</InsCode> <Description Lang="NL">BELGIË</Description> </Country> </StandardAddress> </Address> </AddressHistory> </ns1:PersonHistoryAddressReply>

48 Security SSL one way eHealth-certificate TTL : 1 minute
Body + token + timestamp are signed No encryption of the message

49 In pratice You should do the following steps : eHealth provides
a commitment signed at Sectoral Committee on Social Security and Health ask permission to use webservices eHealth More info eHealth web site eHealth provides Test environment (dummy data – no autorisation is needed) Acceptation environment Production environment Test (in test and acceptation) duration minimum 1 month A test rapport

50 Contact contact Service PPKB  Request@ehealth.fgov.be
contact Technique RN Consult

51 eHealth-Certificates: specifications
x509v3 certificate Issued by GovernmentCA (fedict) Current Subject specifications CN = Logical name of the certificate O = Official name of the organization OU = Type of identification no. e.g. CBE / NIHII / … SerialNumber = Identification no. of the organization

52 eHealth-Certificates: procedure ( 1 / 2 )
The Certificate responsible of the organization creates a Certificate Signing Request (CSR) The legal representative of the organization fills in the proxy form The representative sends the proxy form to Smals Regular mail Smals - Rue du Prince Royal Bruxelles subject: eHealth – identification certificate proxy Fax: 02/ (Barbara Meyers / Sara Vander Meeren)

53 eHealth-Certificates: procedure ( 2 / 2 )
The Certificate responsible sends an with the generated CSR as attachment subject: eHealth – identification certificate CSR As reply on his , he obtains the public key of the certificate.

54 Merci de votre @ttention! Questions?

Download ppt "Consultation of the National Registry and the KSZ/BCSS registries General overview 1."

Similar presentations

WS eHealth MediPrima Service presentation. 2 21/08/2012 Access to the WS  Access to the webservice “eCarmed” Certificate required Cfr : Schema eCarmed_WSDL_v1_0_4.zip.

WS eHealth MediPrima Service presentation. 2 21/08/2012 Access to the WS  Access to the webservice “eCarmed” Certificate required Cfr : Schema eCarmed_WSDL_v1_0_4.zip.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.

DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA (health insurance portability and accountability act)

HIPAA (health insurance portability and accountability act)
University Health Care Computer Systems Fellows, Residents, & Interns.

University Health Care Computer Systems Fellows, Residents, & Interns.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458 All rights reserved.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.

When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.

Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy and Security

HIPAA Privacy and Security

Similar presentations

Ads by Google