1 / 23

The Crossroads Bank for Social Security, a model for the health care sector ?

Explore the similarities between the social security and health care sectors, and learn about the Crossroads Bank model which includes distributed data storage, common identification keys, a reference directory, interoperability framework, and security measures.

dorab
Télécharger la présentation

The Crossroads Bank for Social Security, a model for the health care sector ?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Crossroads Bank for Social Security,a model for the health care sector ? Frank Robben General managerCrossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be Website CBSS: www.ksz.fgov.be Personal website: http://www.law.kuleuven.ac.be/icri/frobben Crossroads Bank for Social Security

  2. Structure of the presentation • relevant similarities between the social security sector and the health care sector • the model of the Crossroads Bank • the overall concept • the basic building blocks • critical success factors for an implementation

  3. Relevant similarities • many actors, each having their own competencies and interests • huge need for electronic exchange of sensitive personal data between those actors, with sufficient guarantees on • interoperability • efficiency • data quality • security (availability, integrity, confidentiality) • a central data storage is not possible or desirable for reasons of • privacy protection • unacceptability for the actors

  4. The Crossroads Bank model • distributed data storage, conform to a functional task sharing between the actors • the use of common identification keys for every entity that has to be identified • a reference directory, serving as a base for the organization of information exchange • a common technical and functional interoperability framework • a common security framework • a legal framework • the creation of an institution that elaborates the vision, stimulates, co-ordinates and manages the necessary frameworks

  5. Distributed data storage • functional task sharing concerning • validation of information • storage of information • information is dynamically assembled • in function of business needs • on the initiative of the actor who needs the information or of the concerned person • according to the authorizations • by the use of the common interoperability and security framework

  6. Common identification keys • characteristics • unicity • one entity – one identification key • same identification key is not assigned to several entities • exhaustivity • every entity to be identified has an identification key • stability through time • identification key doesn’t contain variable characteristics of the identified entity • identification key doesn’t contain references to the identification key or characteristics of other entities • identification key doesn’t change when a capacity or a characteristic of the identified entity changes

  7. Common identification keys • concrete implementation • citizens • social security number (national register number or CBSS-number) • (electronically) readable from the SIS-card or the electronic identity card • controlled access to basic identification data in National Register and CBSS • Belgian Privacy Commission: in health care sector preferable use of common identification key derived from social security number, rather than social security number itself • enterprises, including organizations and professionals • enterprise number (based on VAT-number) • number for every plant of an enterprise • generalized access to basic identification data in the Enterprise Register • regulation on data interconnection

  8. Reference directory • serves as a base for the organization of information exchange • structure • directory of persons: which actors have data on which persons in which capacities for which periods • data availability table: which actor disposes of which type of data for which capacity • access authorization table: which data may be transmitted to which actors for which capacities • functions • routing of information • preventive access control • automatic communication of changes to information

  9. Interoperability framework • goal: to guarantee the ability of all actors to share information and to integrate information and business processes by the use of • interconnected physical networks • (open) technical standards • functional agreements • harmonized concepts and data modelling

  10. Technical standards Information Exchange ServicesRepository Interconnection Services Register (~ UDDI)Agreements (~ ebXML)PoliciesVocabularia (content + metadata) TCP/IPSMTPLDAPFTPS/MIME XMLXSLSOAPWSDLmetadata (RDF, XTM, XMI, …) Security

  11. Functional agreements • standardized codification • standardized use of objects and attributes • standardized layout of header of messages, independent from information exchange format and type of information exchange • version management • backwards compatibility • SLA’s on disponibility and performance of services • access autorisation management • anonimization rules • acceptation and production environments • priority management • …

  12. Security framework: institutional measures • no central data storage • independent Control Committee, assigned by Parliament • supervision of information security • authorizing the information exchange • complaint handling • information security recommendations • extensive investigating powers • annual activity report • publication of the authorizations of information exchange • preventive control on legitimacy of data exchange by Crossroads Bank according to authorizations of the independent Control Committee • information security department in each institution • certified specialized information security service providers • working party on information security

  13. Security framework: extended ISO 17799 • security policy • security organization • asset classification and control • personnel security • physical and environmental security • computer and operations management • access control • system development and maintenance • specific measures with regard to the processing of personal data • business continuity planning • compliance • communication towards the public opinion concerning the security policy and the measures with regard to security and privacy protection

  14. Security framework: legal measures • obligations of the controller • principles relating to data quality • criteria for making data processing legitimate • specific rules for processing of sensitive data • information to be given to the data subject • confidentiality and security of processing • notification of the processing of personal data • rights of the data subject • right of information • right of access • right of rectification, erasure or blocking • right of a judicial remedy • penalties

  15. Security framework: authentication • some basic concepts • identification: answer to the question “who are you ?” • authentication: answer to the question “can you proof who or what you pretend to be ?” • who: authentication of the identity • what: authentication of an attribute (e.g. role, characteristic, mandate, ...) • autorisation: answer to the question “what are you allowed to do ?” • authentication • of the identity • electronic identity card • meanwhile, for some applications user-id – password – token • of an attribute • stored in a database or • stored in attribute certificate

  16. 1234567890 key 2 SIS card: identification & proof of insurance status • name • Christian names • date of birth • sex • social security number • period of validity of the card • card number • sickness fund • sickness fund registration number • insurance period • insurance status • social exemption status key 1 • other data to be added in the future, • if useful

  17. Electronic identity card: identification & authentication • name • Christian names • nationality • birth place and date • sex • national register number • main residence • place of deliveryof the card • period ofvalidityof the card • card number • the photo of the holder • identity and signature keys • identity and signature certificates • accredited certification service furnisher • information necesary for authentication of the card and securizationof the electronic data

  18. Harmonized concepts and data modelling • standard elements • with well defined characteristics • used within all services • OO-oriented • version management in an ever changing environment • define once, use many (different presentations) • workflow for validation of standard elements and characteristics • multi criteria search • by element • by scheme • by version • …

  19. Changes of the legal environment • organization of integrated information management and electronic service delivery • organizational principles of the co-operation • permission or obligation to use common identification keys • rights and obligations of the different actors • role of the Crossroads Bank • liability • ICT-law: only basic principles, technology-neutral, but not technology unaware • data protection • electronic signature • probative value

  20. Creation of an institution (Crossroads Bank) • managed by representatives of the concerned actors • tasks • elaboration of the common vision in co-operation with the concerned actors • stimulation • co-ordination and program and project management • management of • the reference directory • the common interoperability framework • the common security framework • the legal framework • harmonization of the concepts and data modelling

  21. A proven model • this model has been implemented • with end-to-end integration of electronic processes between • 2.000 public and private social security institutions • those institutions and all enterprises • with integrated electronic service delivery via a web portal to all citizens and enterprises • 170 types of structured data exchanges have already been implemented • 242 million messages were exchanged in 2002 • the model is mentioned as best practice in E-government in the last 2 surveys of the European Commission

  22. Critical success factors • a long term vision deliberated with the concerned actors • respect of the repartition of tasks and competences between the actors: co-operation between all actors rather than centralization of tasks • trust of all actors in the co-operation model and the security of the system • search for win-win situations • sufficient financial means, skills and knowledge • support of and access to policymakers at the highest level • legal framework • creation of an institution that elaborates the common vision, stimulates, co-ordinates and manages the necessary frameworks

  23. Th@nk you ! Crossroads Bank for Social Security

More Related