1 / 25

Purpose of HIPAA Administrative Simplification

Purpose of HIPAA Administrative Simplification.

simone-rodriguez
Télécharger la présentation

Purpose of HIPAA Administrative Simplification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Purpose of HIPAA Administrative Simplification • “to improve ... the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.”–from the statute

  2. Security/Privacy Services • A group of related services that, together, facilitate the integrity, confidentiality, interoperability and automation of healthcare information exchange in a SOA-based healthcare IT environment. • They address issues of entity authentication, authorization, access control and accountability. • Owned by Security TC, but… • Cross discipline, cross domain approach.

  3. Scope and Purpose • Security-as-a-Service within an SOA-oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services.

  4. Scope and Purpose • Security-as-a-Service within an SOA-oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services.

  5. Why do we care? • Encourages the deployment of interoperable services and applications • Reduces the cost of application development • Facilitates the automation of certain healthcare business processes

  6. Scenario: Clinician Needs Patient Data • From viewpoint of Requestor/Recipient- Requesting • Where is the patient data? Who’s the custodian? • In what format can the data be sent? • What courier services are available? • How do I submit a request? • From viewpoint of Healthcare Information Custodian • Who is requesting the data? • Why should I let them see it? • Do the Requestor’s privileges match my Policy? • Courier Service • Deliver to intended recipient • Don’t allow tampering • Maintain confidentiality • From viewpoint of Requestor/Recipient- Receiving • Who sent it? Do I trust them? • Has it been tampered with? • Can I understand what the Author intended to say?

  7. Functional Capabilities • To include security/privacy functionality essential to enable or facilitate interoperability and automation including identity management, trust management, privilege and access management, auditing, etc. These would be as constrained as possible while still providing a complementary set of security services. • Identity and credentials of a resource requestor that can be authenticated must be transported to an resource access decision point where appropriate authorization policy is applied, an access control decision is enforced and all required audit events are recorded. Confidentiality of PHI is maintained at all times.

  8. Example – Open Source EHR-S Function HL7 EHR-S Function I.1.6Basic NHIN Access HealthcareApplications/Components Trust Registry HealthcareFramework Directory Access Trust Network Authentication Privacy Communications CrossIndustryFramework Identity Management Security/ Encryption Audit Services Eclipse Base Framework Execution Environment Operating System Computer Hardware

  9. HL7 EHR-S Function DC.1.3.1 ePrescribe Payer Services Practice Management Components HealthcareApplications/Components ePrescription EHR SystemComponents UI - RCP HL7 Messaging Trust Registry HealthcareFramework Directory Access HL7 Vocabulary Trust Network Authentication Privacy Communications CrossIndustryFramework Identity Management Security/ Encryption Audit Services Advanced XML Processing Eclipse Base Framework Execution Environment Operating System Computer Hardware Example – Vendor ePrescription Sub-Profile Vendors use the Healthcare Framework to build specialized profiles and applications like ePrescribing. Installable Eclipse “plug-ins” encapsulate the functions required to support profiles and applications.

  10. Healthcare Service Bus (HSB) Community Management Privacy Management Provider Registry Security Management Document Processing Terminology Service Registry Patient Resolution De-Identified Patient Data Warehouse Outbreak Management ElectronicHealth Record(EHR) Healthcare Information Exchange Public Health Reporting PersonalHealth Record(PHR) Open HealthIT Reference Implementation Open HealthIT Core Initiative R R R R R R R R R R            Representative Commercial Services Representative HIN Services HSB Access Node HSB Support Services Overview—Conceptual Healthcare Service Architecture Health Information Network Health Information NetworkInfrastructure Services Interoperability Services Patient Information Services Public Health Information Services  HL7 V3   Public HealthServices PharmacySystem RadiologyCenterPACS/RIS Lab System(LIS) Hospital, LTC,CCC, EPR PhysicianOffice EMR EHR Viewer Public Health Provider Pharmacist Radiologist Lab Clinician Physician/Provider Physician/Provider Physician/Provider POINT OF SERVICE

  11. Healthcare Information Exchange Open HealthIT Reference Implementation Open HealthIT Core Initiative R   Representative Commercial Services Representative HIN Services HSB Access Node HSB Support Services Overview--Healthcare Service Architecture Health Information Network PhysicianOffice EMR Physician/Provider POINT OF SERVICE

  12. Intranet Healthcare Services Intranet Healthcare Services E-mail Browser Open Health IT - HSB Messaging Stack Healthcare Applications HSB Support Services Healthcare ProcessModel & Execution Engine LocalHealthcare Services xHIN Protocols xHIN Protocols xHIN Protocols xHIN Protocols SOAP SOAP SOAP SOAP HTTP HTTP HTTP HTTP HTTP-S/MIME Healthcare Service Bus TCP/IP Network Hardware

  13. xHIN Identity Transport Transport Envelope (http, smtp, file, …) SOAP Envelope SOAP Header wss:Security Sender ID +Structural Role Policy-based (Tier 0) Web Service Access Decision Digital Signature (transport) SAML Assertion: Role SenderFunctional Role Encrypted(transport) SAML Assertion: Other SenderOther Other Other Policy-based (Tier 1) Target Object Access Decision SOAP Body Query Encrypted(transport,optional) Document Other

  14. xHIN oneness ACHI EVE xHIN – extensible Health Information Network TM • The xHIN technology represents both an architecture and a set of functional specifications that exhibits two essential attributes: • the ability to facilitate automation of clinical and business processes, and • high extensibility—the ease with which xHIN-based health information networks can be deployed, expanded and enhanced.

  15. Security/Privacy Services • May include: • Integrity • Confidentiality • Identity Management • Access Control/Privilege Management • Access Decision Service • Access Policy Provisioning Service • Audit • Privacy • Security • Entity Registry Service • Facilitates the location of an entity’s PKI information and other information required to accomplish the exchange of healthcare information. • Credential Authentication Service • Credential Binding Service • Credentials may be bound to an Identity • Trust Correlation Service • De-identification, Re-identification, Pseudnonymization

  16. Entity Registry Service • PKI identity services for entities are likely to be provided by many different parties- private, commercial and government. The Entity Registry Service facilitates the location of an entity’s PKI information and other information required to accomplish the exchange of healthcare information. The entity data may be maintained by an Identity Provider. This service may leverage the EIS.

  17. Access Control/Privilege Management • Access Decision Service • Taking into account asserted identity/credentials, target resource and other factors, returns a decision allowing or denying access to the target resource. • May leverage Identity Authentication and Credential Authentication Services • Access Policy Provisioning

  18. Next Steps • Reference/Resource Compilation • Mailing List • Telecon Schedule • Sub-service Prioritization • Initial Drafts

  19. Other Plug-ins as needed Other Plug-ins as needed Class of Plug-ins Communication Channel Plug-in Eclipse OHF Architecture Overview Internet Display Devices Eclipse Healthcare Automotive Telecom Runtime UI Workbench Services Non-core Servicesand Plug-ins Business Intelligence and Modeling Resources JFace Data Tools Basic XML Services SWT Development Tools Help Update Text Dynamic Code/Schema Management Rules Processing Smart Token Support Security (OSGi) Wireless Support Metering Eclipse Core Windows or Linux OS Computer Hardware

  20. Eclipse OHF Architecture Overview Other Plug-ins as needed Other Plug-ins as needed Other Plug-ins as needed Class of Plug-ins Communication Channel Plug-in Internet Display Devices Eclipse Healthcare Applications Runtime UI Workbench Services Non-core Servicesand Plug-ins Open Healthcare Framework Business Intelligence and Modeling Resources JFace Data Tools Basic XML Services SWT Development Tools Voice Services Support XML Processing EHR Support HIPAA Support Trust-based Network Support Help Update Text Administrative Tools Web Service Support Dynamic Code/Schema Management Rules Processing Smart Token Support Security (OSGi) Wireless Support Metering Eclipse Core Windows or Linux OS Computer Hardware

  21. Eclipse OHF Architecture Overview Other Plug-ins as needed Other Plug-ins as needed Class of Plug-ins Communication Channel Plug-in Internet Display Devices Knowledge Services Training Clinical Testing ePrescription Practice Management CCR Client Clinical Data Capture Support Telecom Services Payer Services Administrative Support Dictation/Transcription Patient Services Registry Services Trust Services Support Applications Voice Services Support XML Processing EHR Support HIPAA Support Trust-based Network Support Administrative Tools Web Service Support Open Healthcare Framework Dynamic Code/Schema Management Rules Processing Wireless Support Smart Token Support Security (OSGi) Metering Eclipse Core Windows or Linux OS Computer Hardware

More Related