700 likes | 710 Vues
Discover the strategic importance of Identity and Access Management in the Belgian social and health sector, including stakeholder expectations, benefits, implementation, and privacy issues.
E N D
Strategic importance ofidentity and access management (IAM)The case of the Belgiansocial and health sector Frank Robben General manager Crossroads Bank for Social Security eHealth Platform Sint-Pieterssteenweg 375 B-1040 Brussels - Belgium E-mail: Frank.Robben@ksz.fgov.be Website CBSS: www.ksz.fgov.be Personal website: www.law.kuleuven.be/icri/frobben
Structure of the presentation • expectations of the stakeholders of the Belgian social and health sector • the Crossroads Bank for Social Security and the eHealth platform • advantages for citizens, companies and public administrations • strategic importance of identity and access management • concrete implementation of identity and access management • issues with regard to privacy protection and information security
Stakeholders of the Belgian social sector • > 10,000,000 citizens • > 220,000 employers • about 3,000 public and private institutions (actors) at several levels (federal, regional, local) dealing with • collection of social security contributions • delivery of social security benefits: child benefits, unemployment benefits, benefits in case of incapacity for work, benefits for the disabled, re-imbursement of health care costs, holiday pay, old age pensions, guaranteed minimum income, … • delivery of supplementary social benefits • delivery of supplementary benefits based on the social security status of a person
Stakeholders of the Belgian health sector • > 10,000,000 citizens • > 100.000 health care providers (physicians, dentists, clinical labs, pharmacists, physiotherapists, home nurses, …) • > 300 health care institutions (hospitals, rest homes, nursing homes, …) • sickness funds • public institutions • federal level (Federal Public Service for Public Health, National Institute for Health Insurance, Belgian Health Care Knowledge Centre, …) • regional level
Expectations in the social sector • effective social protection • effective support of social policy • effective fraud prevention and detection • integrated services • attuned to the concrete situation of the citizens and companies, and personalized when possible • delivered at the occasion of events that occur during their life cycle (birth, going to school, starting to work, move, illness, retirement, starting up a company, …) • across government levels, public services and private bodies • attuned to their own processes • if possible, granted automatically
Expectations in the health sector • optimal quality of health care • optimal patient safety • adequate support of health policy • patient centric care and empowerment of the patient • integrated services • multidisciplinary • holistic • continuous • across health care institutions and health care providers • remote care (monitoring, assistance, consultation, diagnosis, operation, …), a.o. home care • quickly evolving knowledge => need for reliable, coordinated knowledge management and accessibility
Common expectations in both sectors electronic services • with minimal costs and minimal administrative burden • with active participation of the user (self service) • well performing and user-friendly • reliable, secure and permanently available • accessible via a channel chosen by the user (direct contact, phone, PC, …) • with adequate information security and privacy protection
The solution in the social sector • creation in 1990 of the Crossroads Bank for Social Security as a coordinator and service integrator, with co-operative governance • no central data storage • a network between all 3,000 social sector actors with a secure connection to the internet, the federal MAN, regional extranets, extranets between local authorities and the Belgian interbanking network • a unique identification key • for every citizen, electronically readable from an electronic social security card and an electronic identity card • for every company • for every establishment of a company
The solution in the social sector • an agreed division of tasks between the actors within and outside the social sector with regard to collection, validation and management of information and with regard to electronic storage of information in authentic sources • 210 electronic services for mutual information exchange amongst actors in the social sector, defined after process optimization • nearly all direct or indirect (via citizens or companies) paper-based information exchange between actors in the social sector has been abolished • in 2008, 686 million electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges
The solution in the social sector • 42 electronic services for employers, either based on the electronic exchange of structured messages or via an integrated portal site • 50 social security declaration forms for employers have been abolished • in the remaining 30 (electronic) declaration forms the number of headings has on average been reduced to a third of the previous number • declarations are limited to 4 events • immediate declaration of recruitment (only electronically) • immediate declaration of discharge (only electronically) • quarterly declaration of salary and working time (only electronically) • occurrence of a social risk (electronically or on paper) • in 2008, 23 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application
The solution in the social sector • electronic services for citizens • maximal automatic granting of benefits based on electronic information exchange between actors in the social sector • 8 electronic services via an integrated portal • 3 services to apply for social benefits • 6 services for consultation of social benefits • about 30 new electronic services are foreseen • an integrated portal site containing • electronic transactions for citizens, employers and professionals • simulation environments • information about the entire social security system • harmonized instructions and information model relating to all electronic transactions • a personal page for each citizen, each company and each professional
The solution in the social sector • an integrated multimodal contact centre supported by a customer relationship management tool • a data warehouse containing statistical information with regard to the labor market and all branches of social security
The solution in the social sector • reference directory • directory of available services/information • which information/services are available at any actor depending on the capacity in which a person/company is registered at each actor • directory of authorized users and applications • list of users and applications • definition of authentication means and rules • definition of authorization profiles: which kind of information/service can be accessed, in what situation and for what period of time depending on in which capacity the person/company is registered with the actor that accesses the information/service • directory of data subjects • which persons/companies have personal files at which actors for which periods of time, and in which capacity they are registered • subscription table • which users/applications want to automatically receive what information/services in which situations for which persons/companies in which capacity
The solution in the health sector creation in 2008 of the eHealth platform as a coordinator and service integrator, with co-operative governance and with the following legal assignments to develop a vision and a strategy for effective, efficient and secure electronic services and information exchange in health care, with respect for privacy protection and in close cooperation with the various public and private actors in the health care sector to establish useful ICT-related functional and technical norms, standards, specifications and basic architecture for using ICT in order to support this vision and strategy to check whether software packages for managing electronic health records comply with the established ICT-related functional and technical norms, standards and specifications, as well as to register those software packages
The solution in the health sector creation in 2008 of the eHealth platform as a coordinator and service integrator, with co-operative governance and with the following legal assignments to create, to manage and to develop a cooperation platform for secure electronic data exchange with useful basic services (see hereafter) to agree on adistribution of tasks with regard to the collection, the validation, the storage and the availability of data exchanged over the cooperation platform and on thequality norms which those data have to meet, and to verify whether the quality norms are met to promote and to coordinate the realization ofprograms and projects which reflect the vision and strategy and use the cooperation platform and/or its basic services
The solution in the health sector creation in 2008 of the eHealth platform as a coordinator and service integrator, with co-operative governance and with the following legal assignments to manage and to coordinate ICT-related aspects of data exchange with regard to electronic health records and electronic care prescriptions to act as an independent trusted third party (TTP) for coding and anonymizing personal health care data for certain organizations, listed in the law in order to support scientific research and policy making to conduct the necessary changes in order to execute the vision and strategy to organize the cooperation with other public services in charge of the coordination of electronic service delivery
The solution in the health sector • no central data storage • a well secured virtual private network based on the internet with end-to-end encryption of personal data between all 100,000 health care actors • a unique identification key • for every citizen, electronically readable from an electronic social security card and an electronic identity card • for every health care provider • for every health care institution • multidisciplinary, high quality electronic patient records • care pathways
The solution in the health sector • basic services offered by the eHealth platform on its own ICT infrastructure • orchestration of electronic subprocesses • portal environment including a content management system and a search engine • integrated user and access management • logging • system for end-to-end encryption • personal electronic mailbox for each health care provider • time stamping • coding and anonymizing for certain organizations, listed by the law • reference directory (what, about whom, where – no content!)
The solution in the health sector PortaHealth AVS AVS AVS AVS Patients, health care providers and institutions Software health care provider Software health care institution AVS AVS AVS AVS Site INAMI PortaleHealth MyCareNet AVS AVS AVS AVS AVS AVS AVS AVS AVS AVS AVS AVS Users Basic services eHealth platform Network VAS VAS VAS VAS VAS VAS Suppliers
The solution in the health sector • basic service • a service developed and made available by the eHealth platform, which can be used by an added value service provider for developing and offering an added value service • added value service (AVS) • a service put at the disposal of the patients and/or the health care providers • the entity that develops and offers an added value service can use the basic services offered by the eHealth platform for this purpose • validated authentic source (VAS) • a database with information used by the eHealth platform • the administrator of the database is responsible for the availability and (the organization of) the quality of the information made available
Towards a network of service integrators Service integrator (Corve, Easi- Wal, CIRB, …) RPS RPS Services repository Extranet region or commmunity Service integrator (CBSS) Services repository ASS Extranet social sector ASS Internet Municipality FPS ASS VPN, Publi-link, VERA, … FPS FEDMAN Services repository Service integrator (FEDICT) City Province FPS Services repository
Advantages • gains in efficiency • in terms of cost: services are delivered at a lower total cost • due to • a unique information collection using a common information model and administrative instructions • a lesser need to re-encoding of information by stimulating electronic information exchange • a drastic reduction of the number of contacts between actors in the social and health sector on the one hand and companies or citizens on the other • a functional task sharing concerning information management, information validation and application development • a minimal administrative burden • a connection to one electronic platform is sufficient for using several applications • according to a study of the Belgian Planning Bureau, rationalization of the information exchange processes between the employers and the social sector implies an annual saving of administrative costs of about 1.7 billion € a year for the companies
Advantages • gains in efficiency • in terms of quantity: more services are delivered • services are available at any time, from anywhere and from several devices • services are delivered in an integrated way according to the logic of the customer • in terms of speed: the services are delivered in less time • benefits can be allocated quicker because information is available faster • waiting and travel time is reduced • companies and citizens can directly interact with the competent actors in the social or health sector with real time feedback
Advantages • gains in effectiveness: better social protection, higher quality of health care and higher patient safety • in terms of quality: same services at same total cost in same time, but to a higher quality standard • in terms of type of services: new types of services, e.g. • automated granting of benefits • active search of non-take-up using data warehousing techniques • controlled management of own personal information • personalized simulation environments • easier referring between health care providers/institutions • in terms of support of professionals in executing their profession • better support of social and health policy • more efficient combating of fraud
Strategic importance of IAM • reliable exchange of personal data requires sufficient certainty about the identity of the data subjects • adequate access control requires sufficient certainty about • the identity of the users • the authentication of the identity of the users • the verification of certain characteristics of the users • the verification of certain relationships between the users and the data subjects • the verification of certain mandates of the users
IAM: objectives to be reached • be able to (electronically) • identify all relevant entities (physical persons, companies, applications, machines, …) • know the relevant characteristics of the entities • know the relevant relationships between entities • know that an entity has been mandated by another entity to perform a legal action • know the authorizations of the entities • in a sufficiently certain and secure way • in as much relations as possible (C2C, C2B, C2G, B2B, B2G, …) • using open interoperability standards
Conceptual framework • entity • someone or something that has to be identified • e.g. a physical person, a company, a computer application, … • attribute • a piece of information about an entity • identity • a number or a set of attributes of an entity that allows to know precisely who or what the entity is • an entity has only one identity, but this identity can be determined by several numbers or sets of attributes
Conceptual framework • characteristic • an attribute of an entity, other than an attribute determining its identity • an entity can have several characteristics • e.g. a capacity, a function, a professional qualification, ... • relationship • a link between two or more entities • an entity can have several relationships • e.g. a therapeutical relationship between a health care provider and a patient
Conceptual framework • mandate • a right granted by an identified entity to another identified entity to perform well-defined legal actions in her name and for her account • an entity can have several mandates • registration • the process of determining the identity, a characteristic, a relationship or a mandate of an entity with sufficient certainty • before putting at the disposal means by which the identity can be authenticated, or the characteristic, the relationship or the mandate can be verified
Conceptual framework • authentication of the identity • the process of checking whether the identity that an entity pretends to have, corresponds to the real identity • authentication of the identity can be done based on the verification of • knowledge (e.g. a password) • possession (e.g. an electronic card) • biometrical characteristics • a combination of those
Conceptual framework • verification of a characteristic, a relationship or a mandate • the process of checking whether a characteristic, a relationship or a mandate that an entity pretends to have, corresponds to a real characteristic, relationship or mandate of that entity • the verification of a characteristic, a relationship or a mandate can be done by • the same kind of means as those used for the authentication of the identity • or, after the authentication of the identity, by consulting a database that contains information about characteristics, relationships or mandates related to identified entities
Conceptual framework • authorization • a permission to an entity to perform a defined action or to use a defined service • authorization group • a group of authorizations • role • a group of authorizations or authorization groups related to a specific service • role based access • a method of assigning authorizations to entities by means of authorization groups and roles, in order to simplify the management of authorizations and their assignment to entities
Choices made in Belgium • identification number for every citizen and every company • characterictics • unicity • one entity – one identification number • same identification number is not assigned to several entities • exhaustivity • every entity to be identified has an identification number • stability through time • identification number should not contain variable characterics of the identified entity • identification number should not contain references to the identification number or characteristics of other entities • identification number should not change when a quality or characteristic of the identified entity changes
Choices made in Belgium • art. 8, 7 Directive 95/46/EC: "Member States shall determine the conditions under which a national identification number or any other identifier of general application may be processed" • evolution towards meaningless identification numbers • unique identification numbers of citizens can only be used by instances authorized by a Sectoral Committee of the National Privacy Commission • regulation on interconnection of personal data • registration of the identity of citizens by the municipalities • registration of the identity of companies by company counters
Choices made in Belgium • registration of characteristics, relationships and mandates relevant for eGovernment by private or public bodies designated by government • authentication of the identity of physical persons by the electronic identity card • verification of characteristics, relationships and mandates relevant for eGovernment preferably by consulting authentic databases • multifunctional use of authentication and verification means • authorization is the responsibility of each service provider • implementation based on a policy enforcement model
Policy Enforcement Model Action on Action application on Policy DENIED application User Application Application PERMITTED ( PEP ) Action on application Decision Decision request reply Information Request / Policy Retrieval Reply Policies Decision ( PDP ) Information Request / Reply Policy Policy Administration Policy Information Policy Information management ( PAP ) ( PIP ) ( PIP ) Manager Authentic source Authentic source Policy repository
Policy Enforcement Point (PEP) • intercepts the request for authorization with all available information about the user, the requested action, the resources and the environment • passes on the request for authorization to the Policy Decision Point (PDP) and extracts a decision regarding authorization • grants access to the application and provides relevant credentials Action on Action application on Policy DENIED application User Application Application PERMITTED ( PEP ) Action on application Decision Decision request reply Policy Decision ( PDP )
Policy Decision Point (PDP) • based on the request for authorization received, retrieves the appropriate authorization policy from the Policy Administration Point(s) (PAP) • evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP) • takes the authorization decision (permit/deny/not applicable) and sends it to the PEP Policy Application ( PEP ) Decision Decision request reply Information Request / Policy Retrieval Reply Policies Decision ( PDP ) Information Request / Reply Policy Administration Policy Information Policy Information ( PAP ) ( PIP ) ( PIP )
Policy Administration Point (PAP) • environment to store and manage authorization policies by authorized person(s) appointed by the application managers • puts authorization policies at the disposal of the PDP Policy Retrieval management Policies PDP PAP Manager Policy repository
Policy Information Point (PIP) • puts information at the disposal of the PDP in order to evaluate authorization policies (authentic sources with characteristics, relationships, mandates, etc.) Information Request / Reply PDP Information Request / Reply PIP 1 PIP 2 Authentic source Authentic source
WebApp XYZ Role Mapper DB PDP Role Provider Role DB Provider PIP PIP PIP Attribute Attribute Attribute Provider Provider Management DB RIZIV XYZ VAS Global architecture Non social FPS (Fedict) Social sector (CBSS) eHealth platform USER USER USER APPLICATIONS APPLICATIONS APPLICATIONS Authen - Authorisation Authen - Authorisation Authen - Authorisation tication tication tication PEP PEP PEP WebApp WebApp Role Role Role XYZ XYZ Mapper Mapper Mapper Role Role Mapper Mapper DB DB PDP Role PAP PDP Role PAP PAP Provider Role Provider ‘’Kephas’’ Role ‘’Kephas’’ ‘’Kephas’’ DB Provider DB Provider PIP PIP PIP PIP PIP PIP Attribute Attribute Attribute Attribute Attribute Attribute Provider Provider Provider Provider Provider Provider Provider Management DB DB Management Judicial exut- ers DB DB DB DB UMAF XYZ XYZ Mandates Mandates XYZ VAS VAS
Electronic identity card (eID) • aims to enable Belgian citizens • to identify themselves (electronically) • to electronically authenticate their identity towards diverse applications • and to put digital signatures • validity period of 5 years, extended to 10 years for elderly people
Electronic identity card (eID) • from a visual point of view the electronic identity card contains • the name • the first two Christian names • the first letter of the third Christian name • the nationality • the place and date of birth • the sex • the place of delivery of the card • the begin and end data of the validity of the card • the denomination and number of the card • the photo of the holder • the signature of the holder • the identification number of the National Register
Electronic identity card (eID) • from an electronic point of view the chip of the electronic identity card contains the same information as printed on the card, filled up with • the identity and signature keys • the identity and signature certificates • the accredited certification service furnisher • information necessary for authentication of the card and securization of the electronic data • the main residence of the holder • no other data than identification data • no encryption certificates • no electronic purse • no biometric data (yet)
No other data than identification data • why not ? • preventing perception of the card as a big brother • preventing loss of data, when the card is lost • preventing frequent updates of the card • stimulation of the controlled access to data over networks, using the card as an access tool, rather than storage of data on the card
eID organization model • government has chosen a card producer and certification authority issuing the identity certificates as a result of a public call for tenders • the municipality calls the holder for the issuing of the electronic identity card • the municipality acts as registration authority for 2 certificates: authentication of the identity and electronic signature • 2 key pairs are generated within the card at production time and the private keys are stored within the processor chip of the card • the 2 certificates are created by the certification authority, but published only when the holder agrees
eID organization model • the use of the private keys within the chip needs an activation of the card by a municipal official using his PUK2 and the PUK1 sent to the holder • first authentication within one session (first private key) and every generation of an electronic signature (second private key) requires the PIN code of the holder • the second private key and identity certificate on the electronic identity card can be used to generate a legally valid electronic signature
National Register and CBSS Register • National Register • database managed by the Ministry of the Interior • containing identification data with regard to all people living in Belgium and registered within the municipal population registers • data are managed by the municipalities • CBSS register • database managed by the Crossroads Bank for Social Security • containing identification data with regard to all people that are not registered (anymore) within the National Register, but that are in relation with the Belgian public or social sector • subsidiary and complementary to the National Register • data are managed by the sickness funds
National Register and CBSS Register • content • unique identification key • name and Christian names • place and date of birth • place and date of death • sex • nationality • civil status • main residence • family composition (not in CBSS register) • profession (not in CBSS register)