104/20/23 02:51

JGW

Jim Williams

Presented to CORBAmed

at the June 1998 meeting of the OMG in Orlando

What does Security have to do with

Errors in Healthcare?

204/20/23 02:51

JGW

Public Awareness, Conferences, and Policy

100 million Americans touched by medical error

Enhancing patient safety and reducing errors in healthcare

The Annenberg Center

Joint Commission on Accreditation of Healthcare Organizations

American Association for the Advancement of Science

Department of Veterans Affairs

The National Patient Safety Foundation

President’s Commission on Healthcare Quality

- ... an unacceptable level of errors

304/20/23 02:51

JGW

Scope and Organization

(Background)

Sound information handling applied to healthcare

- The error-handling objective

- Error-handling roles

- Technical requirements

Sound information handling applied to HIPAA

Conclusions and Implications for CORBA security

Key references

404/20/23 02:51

JGW

The Error Handling Objective

chronological history of certified inputs and warranted outputs

falselycertified

input

falsely warrantedoutputs

(discovery)

revocations

restoration

initialinputerror

504/20/23 02:51

JGW

Structure of Sound Information Handling

invalidating inputs

?

?

revocations

warranted outputs

error reports

InputCertification

basis descriptions

ApplicationProcessing

Basis Tracking and Error Handling

604/20/23 02:51

JGW

User Roles and Responsibilities

Soundness Role Information-HandlingResponsibilities

Typical Stakeholders

Qualified User Provides correct inputswithin area of expertise

Patient, doctor, nurse,researcher, pharmacist

Error Reporter Detects incorrect outputs Patient, pharmacist, nurse,doctor, news reporter

Error Investigator Determines causes of errorsand initiates corrective action

Researcher, quality reviewboard, medical examiner

Error-TrackingAdministrator

Manages informatic roles,find errors in informaticsystems

Hospital administrator,malpractice insurer

?

704/20/23 02:51

JGW

Technical Requirements (1 of 3)

Assertions and instructions are cast in stable form

- Their meaning doesn't depend on context

Integrity-validation checks are performed on inputs

- Checking for adverse drug interactions

- (Size of problem: 120,000 deaths/year)

- Approaching universal availability

Integrity validators must themselves be validated

?

804/20/23 02:51

JGW

Technical Requirements (2 of 3)

Pre-existing basis for resolving error reports

- Auditing of physician and patient activities

- Automated clinical pathways

Antecedent causes of confirmed errors are investigated

- Investigative path can be arbitrarily long

- If all patient errors are modeled, the root cause of errors in healthcare is illness

?

904/20/23 02:51

JGW

Technical Requirements (3 of 3)

Error retractions minimize damage, halt error propagation

- It’s the right thing to do

- It reduces malpractice risk

Error retractions propagate with higher priority than errors?

1004/20/23 02:51

JGW

Building on HIPAA:Administrative Procedures

RequirementRelevance toSound Information Handling

Certification Certification of critical systems andinputs; warranting of critical outputs

Chain of Trust Partner Agreement Used by integrity validation mechanism

Contingency plan Error mitigation strategies

Formal mechanism for processingrecords

(Integrity model applied to recordsprocessing)

Security incident procedures Error reporting and investigation

Security management process Error investigation and administration

Termination procedures Error retraction and suppression appliedto role assignments

Training (Not modeled, supports integrityvalidation)

1104/20/23 02:51

JGW

Building on HIPAA: Physical Safeguards

RequirementRelevance toSound Information Handling

Media controls: Access control,Accountability, Data backupand restoration, Data storage,Disposal

Integrity validation, Basis creation,Error correction, (Availabilityrequirement), (Confidentialityrequirement)

Physical access controls Error correction/suppression, Integrityvalidation, (some elements notmodeled), Basis creation,(confidentiality), Integrity validation

Policy/guideline on workstationuse

(Not modeled)

Secure workstation location Integrity validationSecurity awareness training (Not modeled)

1204/20/23 02:51

JGW

Building on HIPAA: Technical Security Services

RequirementRelevance toSound Information Handling

Access control Integrity validationAudit controls (Pragmatics, not modeled)Authentication Integrity validationAuthorization control Integrity validationCryptography (Confidentiality and data

integrity), Integrity validation,(Pragmatics)

Communications/network controls

Integrity validation, Errorreporting and Basis creation,(Confidentiality)

1304/20/23 02:51

JGW

Building on HIPAA: Electronic Signature

RequirementRelevance toSound Information Handling

Digital signature Integrity validation

1404/20/23 02:51

JGW

Conclusions

Rapid progress in dealing with healthcare errors

Theory of sound information handling empirically validated

HIPAA requirements support sound information handling and the control of errors in healthcare

1504/20/23 02:51

JGW

What CORBA Security Needs toSupport Error Handling

Flexible role-based access control for integrity validation

Generalized access mediation

Can’t reject an entire patient record because one blood test was taken on April 31

Auditing for basis information

Application-based data generation

Query the sources of a result for cause of error

Query known uses of a resource for error retraction

Warranting of outputs

Security attributes for data quality

1604/20/23 02:51

JGW

Additional Reading

NPSF bibliography

Williams, Sound Information Handling: Application to Errors in

Medicine

Williams and LaPadula, Modeling External Consistency of

Automated Systems

Lucian L. Leape, Error in Medicine