Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet2 Health Sciences Security SIG – Possible Collaborations Jere Retzer, Internet2 Health Sciences Security SIG Chair, August 3,

Similar presentations


Presentation on theme: "Internet2 Health Sciences Security SIG – Possible Collaborations Jere Retzer, Internet2 Health Sciences Security SIG Chair, August 3,"— Presentation transcript:

1 Internet2 Health Sciences Security SIG – Possible Collaborations Jere Retzer, Internet2 Health Sciences Security SIG Chair, retzerj@ohsu.edu August 3, 2003

2 Overview Why an Internet2 Health Sciences Initiative Why a Health Sciences Security SIG How health sciences security is different (and the same) as university security Who are the players? What are the opportunities?

3 Why Internet2 Health Sciences Internet2 Mission: Develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow’s Internet. Health sciences selected as a key applications focus due to the leading edge demands posed by the health sciences – security, high end imaging, very large and complex data sets

4 The Health Sciences Challenge Networking Health: Prescriptions for the Internet by the National Research Council – NAP.edu, 2000 Health care called the “trillion dollar cottage industry” -- perhaps most knowledge-intensive industry about where banking was in the 1960s Across the board, in health care, health education, public health, research, security cited as an important barrier

5 Health Sciences Challenge – 2 1999 Institute of Medicine “To Err is Human” estimates 44,000 – 98,000 accidental US deaths annually due to medical errors Hospitals more dangerous than highways Many preventable with computer systems such as electronic patient records, and computerized physician order entry Culture evolved around paper records before privacy and security became concerns

6 Health Sciences Challenge – 3 Explosive growth of high end imaging and genetic data – petabytes of valuable and often sensitive data

7 Why a Health Sciences Security SIG Promote policies, practices, and projects that overcome security and privacy-related barriers to the adoption of emerging Internet technologies in the health sciences. While the health sciences are especially fertile for advanced applications like interactive digital video, large-scale data mining, simulation, imaging and remote instrumentation that can benefit from Internet2, the need to ensure the security and privacy of patient data has slowed the adoption of these high value applications http://health.internet2.edu/WorkingGroups/Security.html

8 HIPAA: http://www.hhs.gov/ocr/hipaa/ Health Insurance Portability and Accountability Act of 1996 requires privacy and security in three parts: transaction code sets, privacy and security Privacy rule compliance date April 14, 2003 Final security rule published Feb 20, 2003, compliance required April 21, 2005 (small plans have extra year) Most of us who have been involved with security for a while would call these mainly good common sense Requires risk analysis, physical security, backup and disaster recovery in addition to system security

9 Health Sciences and University Security – the Same, but Different Both want to use leading edge applications Both need to protect privacy – students, patients Both want inter- institutional access, remote and mobile access But HS often needs to add security to advanced apps Protected Health Information (PHI) is mission critical for HS HS relationships involve PHI, need RBAC and auditability

10 HS Need High Performance Apps Real-time, interactive video emerging as a mission critical application But PHI must be encrypted Need policies, procedures, forms Needs to be simple, reliable Needs to work through firewalls Emerging need: real-time monitoring, supervision and control of high end imaging, monitoring and diagnostic devices

11 Complex Systems & Relationships Admitting Patient Records (Paper) Insurance HL7 Radiology EMR PACS Pathology LAB Physicians Research Labs Transcription Government Law Enforcement Residents Patients Marketing Accounting Pharmacy Academic Medical Center Billing

12 Access to Protected Health Information (PHI) The main order of business for health care An extremely valuable asset Must be encrypted across the Internet Complicated by HIPAA Most would like Role-Based Access and Control (RBAC) Must provide ability to audit access and tell patient who saw their record Special rules for emergencies, law enforcement, AIDS, or “on patient request” Researchers have special rules to “de-identify” data

13 Mobile/Wireless Devices Use is taking off in health care Present all the usual security headaches How do you control access to PHI once it gets into a PDA? How do you audit access? How do you ensure it is accurate or current?

14 Electronic Mail Over two thirds of surveyed patients would like to use e- mail to communicate with their physician, and physicians like it too, however E-mail is not secure, timely, or assured Generally stored and transmitted in the clear – employer and family access issues How do you know the doc even read it, or when? How do you even know it got there and some error didn’t get inserted in the text? (“Do [not] take with aspirin”) How do you get it into the patient’s record?

15 So, is HS Security Different? The fundamental issues are really the same The need for security is more critical in some cases, particularly for PHI Access issues are significantly more complex But we’ve already begun to demonstrate standards-based middleware can work In some cases, I think HS is simply the first to confront issues that education in general will need to confront in the future

16 Who are the Players? Educause/Internet2 Security Task Force Internet2 Medical Middleware - Shibboleth AAMC – American Association of Medical Colleges Group on Information Resources NIH – NLM – National Library of Medicine NCRR – National Center for Research Resources NIBIB – National Institute for Biomedical Imaging and Bioengineering NCI – National Cancer Institute HHS AHRQ – Agency for Healthcare Research & Quality

17 The Players - 2 NIST – National Institute for Standards & Technology AMIA – American Medical Informatics Association eHealthinitiative, NHII HL7 – Health Level 7 working group WEDI – Workgroup on Electronic Data Interchange HIMSS - Healthcare Information and Management Systems Society RSNA – Radiological Society of North America Corporate: GE, Phillips, Siemens, Johnson & Johnson, EI Lilly, Pfizer …

18 What are the Opportunities? Security at line speed Standards-based access between entities Role-based Auditable Verified integrity Security everywhere

19 An Invitation Join the healthsec@internet2.edu e-mail listhealthsec@internet2.edu Please dive in – the need is great and money is possible for worthy projects Please join us at the Internet2 Fall Member Meeting in Indianapolis in October for an organizational discussion of the Internet2 Health Sciences SIG (to be scheduled)


Download ppt "Internet2 Health Sciences Security SIG – Possible Collaborations Jere Retzer, Internet2 Health Sciences Security SIG Chair, August 3,"

Similar presentations


Ads by Google