basic security cor loef philips medical systems co-chair ihe radiology technical committee

22
Basic Security Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee

Upload: dale-park

Post on 20-Jan-2018

213 views

Category:

Documents


0 download

DESCRIPTION

HIMSS/RSNAApril 2003 Workshop Overview Security Requirements Actors and Transactions

TRANSCRIPT

Basic SecurityBasic Security

Cor LoefPhilips Medical Systems

Co-Chair IHE Radiology Technical Committee

HIMSS/RSNA April 2003 Workshop

IHE Integration profilesIHE Integration profilesPatient

Informa-tion

Reconci-liation

Access to Radiology Information

Consistent Presentation

of Images

Scheduled Workflow

Basic Security

-

Evidence Documents

Key Image Notes

Simple Image and Numeric Reports

Presentation of Grouped Procedures

Post-Processing Workflow

Reporting Workflow

Charge Posting

HIMSS/RSNA April 2003 Workshop

Overview

Security Requirements

Actors and Transactions

HIMSS/RSNA April 2003 Workshop

Security requirementsReasons: Clinical Use and Privacy

– authorized persons must have access to medical data of patients, and the information must not be disclosed otherwise.

By means of procedures and security mechanisms, guarantee:– Confidentiality– Integrity– Availability– Authenticity

HIMSS/RSNA April 2003 Workshop

Security measures Authentication:

Establish the user and/or system identity, answers question: “Who are you?”

Authorization and Access controlEstablish user’s ability to perform an action, e.g. access to data, answers question: “Now that I know who you are, what can you do?”

HIMSS/RSNA April 2003 Workshop

Security measures

Accountability and Audit trailEstablish historical record of user’s or system actions over period of time, answers question: “What have you done?”

HIMSS/RSNA April 2003 Workshop

IHE is establishing the first level of enterprise-wide security infrastructure for meeting privacy requirements (HIPAA, and like regulations world-wide).

IHE Goal

HIMSS/RSNA April 2003 Workshop

IHE makes cross-node security management easy:

– Only a simple manual certificate installation is needed.

– Healthcare professionals are not hindered by ”complex” role based access control. However, policies may restrict them to ‘need to know information’.

– Enforcement driven by ‘a posteriori audits’ and real-time visibility.

IHE Goal

HIMSS/RSNA April 2003 Workshop

Integrating trusted nodes

System A System B

Secured SystemSecure network

• Strong authentication of remote node (digital certificates)• network traffic encryption is not required

Secured System

• Local access control (authentication of user)

• Audit trail with:• Real-time access • Time synchronization

Central Audit TrailRepository

HIMSS/RSNA April 2003 Workshop

Secured Domain: integrating trusted nodes

Secured NodeActor

Other ActorsOther Actors

Secured NodeActor

Other ActorsOther Actors

Secured NodeActor

Other ActorsOther Actors

Secured NodeActor

Other ActorsOther Actors

TimeServer

CentralAudit TrailRepository

HIMSS/RSNA April 2003 Workshop

Secured Domain: Limited AdministrationAudit Trail/Time Server + CA for certificates to each node

Secured NodeActor

Other ActorsOther Actors

Secured NodeActor

Other ActorsOther Actors

Secured NodeActor

Other ActorsOther Actors

Secured NodeActor

Other ActorsOther Actors

TimeServer

CentralAudit TrailRepository

HIMSS/RSNA April 2003 Workshop

IHE Audit Trail Events20 Non-Transaction Related

Trigger Event Description

Actor-Start-Stop Startup and shutdown of anyactor.

Actor- config Generated for any configurationchange related to the actor.

PHI-export Any export of PHI on media, eitherremovable or files.

PHI-Print Any printing activity that print PHI.

PHI-import Any import of PHI on media, eitherremovable or files.

HIMSS/RSNA April 2003 Workshop

IHE Audit Trail Events, 18 Transaction Related

Trigger Event Description

Modality-worklist-provided

Modality worklist query received.

Image-availability-query

Image availability query received.

Query-images Image query received.

Retrieve-images Images are transferred from onenode to the other. Report by sourcenode

Retrieve-images Images are transferred from onenode to the other. Report byreceiving node

HIMSS/RSNA April 2003 Workshop

Example Audit Record for Patient-record-event

HIMSS/RSNA April 2003 Workshop

Example Audit Record for Patient-record-event

HIMSS/RSNA April 2003 Workshop

Example Audit Record for Instances-used

HIMSS/RSNA April 2003 Workshop

Basic Security Integration ProfileBasic Security Integration ProfileActor and Transaction diagramActor and Transaction diagram

All existing IHE actors need to be grouped with a Secure Node actor.

Secure Node

Audit RecordRepository

“Any” IHE actor

Record Audit Event

Time Server

Secure Node Authenticate

Node

Maintain Time

HIMSS/RSNA April 2003 Workshop

Basic Security Integration ProfileActor grouping rules

If an actor wants to support the Basic Security Profile, this actor shall be grouped with a secure Node actor.

All actors grouped with a Secure Node actor in an implementation must support the Basic Security Profile.

At least one other IHE profile shall be supported by the actor

HIMSS/RSNA April 2003 Workshop

Authenticate Node transactionX.509 certificates for node identity and keysTCP/IP Transport Layer Security Protocol (TLS) for node

authentication, and optional encryptionSecure handshake protocol of both parties during Association

establishment:– Identify encryption protocol– Exchange session keys

Actor must be able to configure certificate list of authorized nodes.

HIMSS/RSNA April 2003 Workshop

Record Audit Event transaction

The BSD Syslog protocol (RFC 3164) for Audit Records

Audit trail events and content, no standard available at the time of writing.

IHE in Technical Framework : Use IHE defined XML Schema for defined content in payload of Syslog message

HIMSS/RSNA April 2003 Workshop

The Basic Security Integration Profile specifies the use of Syslog as the mechanism for logging audit record messages to the central audit record repository.

Two improvements may be expected in the near future:

1. Syslog will be replaced by Reliable Syslog2. The XML Schema will become an RFC standard

as a result of an HL7/DICOM/IETF collaboration

For both improvements a smooth evolution can be expected.

HIMSS/RSNA April 2003 Workshop

Questions?Questions?

Documents Available On the Web at:

www.rsna.org/IHEwww.rsna.org/IHE