Using Public Key Infrastructure to Secure Online Medical Records

1
Using Public Key Infrastructure to Secure Online
Medical Records

• Presented by PRAVIN SHETTY

2
INTRODUCTION

• Why did I choose this topic?
• I am interested in Public Key Cryptography.
• I have a background in Health.
• I believe online medical records will deliver
  major improvements to the healthcare industry.

3
OVERVIEW OF PRESENTATION

• 1. Introduction to the problem
• 2. Nature of Medical Records
• 3. What are the advantages and disadvantages of
  online medical records?
• 4. Features of Public Key Infrastructure that
  make it applicable to use for online medical
  records.

4

• Applications of Public Key Infrastructure for
  Online Medical Records.
• 6. Public Key Infrastructure and Security Policy.
• Conclusion.
• 8. References

5
1. THE PROBLEM

• Through online medical records the aim is to
  achieve a system where healthcare providers have
• accurate and up-to-data clinical information
• irrespective of the point of care for patients.
• Why?

6
2. WHAT IS A MEDICAL RECORD?

• A medical record is a collection of
  information about an individual that is used for
  their treatment by a health care provider.
• The record contains both sensitive medical
  information about the patient along with
  demographic data and personal information.

7

• Health care worker notes (e.g. notes about a
  common viral illness or a report about major
  psychiatric illness).
• Pathology test results (e.g. HIV or hepatitis
  serology).
• Radiological results (e.g. x rays and scans).

8

• Specialized tests such as angiograms (e.g.
  coronary angiogram).
• Operation reports (e.g. report of surgery
  performed).
• Drug allergies and sensitivities.
• Details of next of kin or guardian.

9

• Who uses a medical record?
• Tertiary and Quaternary referral centres - large
  specialized referral hospitals (e.g. Royal
  Melbourne Hospital).
• Small to medium community hospitals (e.g.
  Williamstown Hospital).
• General Practices - low acuity or ongoing
  community care of patients (e.g. a suburban
  general practice).

10

• USER PURPOSE
• General Practitioner Medical notes
• Specialist
  Medical notes
• Nurse Nursing notes
• Allied Health (e.g. physiotherapist) Allied
  health notes
• Medical Administrators Planning, Auditing
• Medical Typists Clerical
• Reception Staff Clerical
• Pharmacist Prescriptions
• Radiographer Performing radiological tests
• Hospital Chaplain At request of relatives or
  patient
• Medical Insurers Service payment
• Government Agencies (e.g. Medicare) Service
  payment
• Law Agencies Law enforcement
• I.T. Staff (e.g. Database Administrator) I.T.
  technology and support
• Researchers Medical research

11
3. Advantages/Disadvantages of online medical
records?

• Advantages
• Improving the treatment of patients.
• Use of patient information for research purposes
  and public health monitoring.
• Improved efficiency of the health system.

12

• Disadvantages
• Loss of confidentiality
• Loss of data integrity
• Loss of control over personal information

13
4. Public Key Infrastructure and Online Medical
Records

• Features of Public Key Infrastructure
• Maintaining Confidentiality of Medical Records
• Ensuring Authentication of User
• Maintaining the Integrity of Medical Records
• Non-repudiation of Information Exchange
• Weaknesses of Public Key Infrastructure

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
5. Applications of Public Key Infrastructure
18
Applications using Public-Key Certificates and
Attribute Certificates

• 6 looked at distributed healthcare databases
  in Germany and other European Countries.
• Aimed to create a system where healthcare
  workers who where appropriately registered could
  access health care records.
• Attribute Certificates were user for
  authorization and authentication of users.

19

• Attribute certificate for qualifications
  profession (e.g. doctor, dentist, midwife etc.),
  specialty type and dedicated specialty.
• Attribute certificate for authorizations general
  authorization, authorization type, and dedicated
  authorization.
• The attribute certificate cannot exist on its own
  but is rather bound to the public key
  certificate.

20

• The link occurs by using the serial number of the
  public key certificate or by other means.
• Together they constitute an entity which is then
  able to interact with a health care information
  system.
• This permits a doctor to view patient files,
  prescribe medication and perform other necessary
  duties as specified by the certificates.

21
(No Transcript)
22
Access Confidential Patient Data Over the Internet

• 7 conducted a study at the Salford hospital,
  in the Greater Manchester District.
• Examined secure online patient records.
• Aimed to improve the flow of information between
  secondary care hospitals providing specialist
  treatment and the primary care physicians in the
  community.

23
(No Transcript)
24

• Researchers use the triple DES algorithm.
• Public key cryptography is used in this case to
  distribute the session key.
• Entrust formatted X.509 certificates and their
  proprietary protocols were used.
• The Entrust Direct client works as a proxy on
  both the web clients (general practitioner) and
  server (hospital).

25

• The following procedure occurs with each request
  for information
• 1. Requests by client browser for information are
  intercepted by the Entrust Direct proxy on
  the client computer.
• 2. The request is encrypted and digitally signed
  before being sent to the web server of the
  hospital.
• 3. The Entrust Direct proxy on the web server
  intercepts and decrypts the message, verifies
  the signature and decides whether it is from a
  trusted source.
• 4. The Entrust Direct proxy/web server retrieves
  a certificate revocation list (CRL) and checks
  the message against this.

26

• 5. The web server then queries the diabetic
  register database and retrieves the relevant
  information.
• 6. The outgoing message is intercepted by the
  Entrust Direct proxy.
• 7. The message is encrypted and digitally signed
  using the private key of the Diabetic
  Information System.
• 8. The client browser Entrust Direct proxy
  intercepts and decrypts the message, verifies
  the signature and decides whether it is from a
  trusted source.
• 9. The Entrust Direct proxy/client server
  retrieves a CRL and check the message against
  this.
• 10. The requested information appears on the
  client browser.

27
6. Public Key Infrastructure and Security Policy

• No security system should be reliant on a single
  technology.
• Security of online medical records requires an
  organization-wide approach
• Development of a security policy
• Having clear security goals and objectives

28

• Creating a culture of security awareness
• Making employees explicitly aware of the security
  policy
• Public key infrastructure can provide enormous
  security benefits when correctly and
  appropriately integrated into the security system
  of a health care organization.
• Its implementation must be considered in terms of
  the objectives and goals of the security policy.

29
7. Conclusion

• Increasing momentum towards online medical
  records.
• Security of such a system is a major obstacle.
• Community fears regarding confidentiality.
• Public Key Infrastructure can provide a key
  component of a security system that provides
  enough security to make online medical records
  viable.

30

• It offers a system whereby medical records can
  not only be powerfully encrypted, but the
  transmission between health care providers can be
  controlled with a level of certainty that
  virtually eliminates the possibility of the
  records being intercepted or ending up in the
  wrong hands.
• This technology goes further by assuring the
  integrity of a message through the use of digital
  signatures and message digests and creating a
  communication which is non reputable.

31

• Studies into the use of online medical records
  have shown promising results.

32
8.0 References

• 1 Rindfleisch, T., (1997) Privacy, information
  technology, and health. Communications of the ACM
  August 1997, Volume 40, Issue 8.
• 2 Anderson, R., (2001) Security Engineering A
  Guide to Building Dependable Distributed System,
  John Wiley.
• 3 Marshall, W., Haley, R., (2000) Use of Secure
  Internet Web Site for Collaborative Medical
  Research. Journal of the American Medical
  Association. Volume 284(14), pp 1843 1849.
• 4 Burnett, S. Paine, S., (2000) RSA
  Security's Official Guide to Cryptography.
• RSA Press.
• 5 Clarke, R., (2001) Can Digital Signatures and
  Public Key Infrastructure Be of Any Use in the
  Care Sector??? online Available from
  http//anu.edu.au/people/Roger.Clarke/EC/PKIH1th01
  .html Accessed 3/05/03.
• 6 Wohlmacher, P. Pharow, P (2000)
  Applications in health care using public-key
  certificates and attribute certificates Computer
  Security Applications, ACSAC '00. 16th Annual
  Conference, Dec 2000 Page(s) 128 137.

33

• 7 Chadwick, D. et al (2002) Experiences of
  Using Public Key Infrastructure to Access Patient
  Confidential Data Over the Internet. Proceeding
  of the 35th International Conference on Systems
  Sciences. 2002 IEEE.
• 8 Verisign Course in PKI by
  Verisign Australia.
• 9 Moreno, A Isern D. (2002) Session 6A
  applications A first step towards providing
  health-care agent-based services to mobile users
  Proceedings of the first international joint
  conference on Autonomous agents and multiagent
  systems part 2 July 2002.
• 10 Ateniese, G. de Medeiros B. (2002)
  Anonymous E-prescriptions
• Proceeding of the ACM workshop on Privacy in the
  Electronic Society November 2002.
• 11 Jurecic, M. Bunz, H. (1994) Exchange of
  patient records-prototype implementation of a
  security attributes service in X.500 Proceedings
  of the 2nd ACM Conference on Computer and
  communications security November 1994.
• 12 Zhang, L. Ahn, G. Chu B. (2002)
  Applications A role-based delegation framework
  for healthcare information systems Seventh ACM
  Symposium on Access Control Models and
  Technologies June 2002.