Tugboat Captains - PowerPoint PPT Presentation

Loading...

PPT – Tugboat Captains PowerPoint presentation | free to download - id: 88b0d-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Tugboat Captains

Description:

Possible pharmacy application. 27. MHDI PKI Projects. Access to Immunization data ... levels of assurance (emulate Canada) Prototype early 2000, production mid ... – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 49
Provided by: holt157
Learn more at: http://www.internet2.edu
Category:
Tags: captains | tugboat

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Tugboat Captains


1
Tugboat Captains CliniciansBoth are in Harms
Way
  • Presented to
  • Internet2 Conference
  • Atlanta, GA - October 31, 2000
  • W. Holt Anderson, Executive Director
  • NC Healthcare Information Communications
    Alliance, Inc. (NCHICA)

2
Structure of Presentation
  • Implementing a Vision
  • HIPAA
  • HealthKey
  • NC Projects
  • Federal PKI Bridge
  • The Tugboat Captain

3
Implementing a Vision
  • Paperless, person-centered health records by
    2010.
  • Adopted by the following organizations in NC
  • Medical Society
  • Nurses Association
  • Hospital Assn.
  • Health Information Management Assn.
  • Assn.of Local Health Directors
  • Assn. of Pharmacists
  • Health Care Facilities Assn.
  • Assn. For Health Care Quality
  • Assn. For Hospice End of Life Care

4
(No Transcript)
5
Definition - Health Record
  • A virtual digital record of an individuals
    health information and all episodes of care
  • This record is maintained by multiple providers
    and shared when necessary for care of that
    individual
  • (as allowed by patient consent and/or law)
  • NOT a central master fileof information

6
Enhancing the Quality of Care
  • Preventing medical mishaps related to drug
    interactions, handwriting, allergies,
    transmissible diseases, etc.
  • (Automated delivery of information)
  • Enhancing quality control through access to
    information

7
Death by Handwriting
  • Texas cardiologist
  • Prescribed 20mg Isordil 4X / day
  • Pharmacist
  • Filled 20mg Plendil 4X / hday 80mg / day
  • Normally Plendil taken max 10mg / day
  • 42-year old patient died of heart attack
  • Jury found MD and Pharmacist responsible and
    awarded 450K to widow and three small children
  • USA Today 10-21-99

8
Controlling and Reducing Costs
  • Cost of paper records is said to be at least 25
    of total health care costs.
  • Minimize space requirements
  • Reduce resources for filing, storage and
    retrieval of information
  • Improve access time
  • Less duplication

9
HIPAA
  • Health Insurance Portability Accountability Act
    of 1996 PL 104-191
  • Administrative Simplification
  • Electronic Transactions Codes
  • National Identifiers
  • Security Electronic Signatures
  • Privacy
  • Generally expected to be implemented by end of
    2002
  • Civil Monetary Criminal Penalties

10
Federal Mandate under HIPAA(in effect since
8/21/96)
  • Section 1173(d)(2) of the Act stipulates that
    healthcare organizations (that maintain or
    transmit electronic patient information) shall
    maintain reasonable and appropriate
    administrative, technical, and physical
    safeguards to
  • Ensure the integrity and confidentiality of
    patient information
  • Protect against any reasonably anticipated
    threats or hazards to the security or integrity
    of the information
  • Protect against unauthorized uses or disclosures
    of the information
  • And, ensure the compliance of the officers and
    employees of the organization with this provision.

11
Proposed Privacy Regulation
  • Covers electronic information (and products of
    and contributors to electronic information)
  • Providers, Health Plans Clearinghouses
  • Requires contracts with trading partners to
    assure continuity of privacy (also in Security
    regs)
  • Permits sharing for care, claims, certain
    operations (QA, utilization review,
    credentialing) without patient consent
  • Limited sharing for national priority
    activities
  • Requires written fair information practices

12
Penalties for Non-Compliance
  • Violation of transaction or security standards
  • Not more than 100 per violation, maximum of
    25,000/year
  • No aggregate maximum
  • Wrongful disclosures (privacy)
  • Not more than 50,000 per violation
  • Imprisonment for not more than one year

13
Penalties for Non-Compliance (cont)
  • False Pretenses (privacy)
  • Not more than 100,000 per violation
  • Imprisonment not more than five years
  • Intent to sell, transfer, or use (privacy)
  • Not more than 250,000 per violation
  • Imprisonment for not more than ten years

14
Scope of Compliance
  • More than just technology
  • Policies
  • Operational Procedures
  • Physical Security
  • Business Partner Agreements
  • Personnel
  • Management Supervision
  • Training

15
Security Standard
  • Defined
  • Set of requirements with implementation features
    that providers, health plans, and clearinghouses
    must include in their operations to assure that
    individual health information remains secure.
  • Scalable applies to all size organizations
    larger organizations may be held to a higher
    standard.

16
Security Requirements by Category
Physical Safeguards
Administrative
Technical Security Mechanisms
Certification Chain of Trust Agreements Contingenc
y Plan Formal Mechanisms Records Info Access
Control Internal Audit Personnel
Security Security Configuration Security Incident
Procedures Security Mgmt. Process Termination
Procedures Training
Assigned Security Responsibility Media
Controls Physical Access Controls Policy -
Workstation Use Secure Workstation
Location Security Awareness Training
Communications/Network Controls Integrity
Controls Message Authentication
Implementation Features Under Each Requirement
17
Technical Security Mechanisms
Objective Ensure processes are in place to guard
against unauthorized access to data that is
transmitted over a communications network
(intercept and interpret), and to protect systems
from external access.
18
Communications--Open Network
  • Where the network is open (e.g., shared data
    line, Internet, switched WAN), then the following
    must be in place
  • Alarm (sense abnormal conditions)
  • Audit Trail
  • Entity Authentication
  • Event Reporting
  • Encryption is stated as should be employed

19
If You Use Electronic Signatures
  • Must have
  • message integrity
  • non-repudiation
  • user authentication
  • May have
  • ability to add attributes
  • continuity of signature capability
  • countersignature capability
  • independent verifiability
  • interoperability
  • multiple signatures
  • transportability

20
HealthKey Secure E-Health Solutions
A Program funded by The Robert Wood Johnson
Foundation
21
HealthKey Origins
  • Funded by 2.5 million Robert Wood Johnson
    Foundation grant - Fall 1999
  • Collaboration to advance the development of
    health information infrastructure
  • Market-driven, community-based approach
  • Coordinated pilot efforts in 5 states

22
HealthKey Participants
  • Massachusetts Health Data Consortium (MHDC)
  • Minnesota Health Data Institute (MHDI)
  • North Carolina Healthcare Information and
    Communications Alliance (NCHICA)
  • Utah Health Information Network (UHIN)
  • Community Health Information Technology Alliance
    (CHITA) -- WA

23
HealthKey Strategy
  • Identify interoperable, standards-based solutions
    to real business problems
  • Showcase pilot participants as leaders in
    testing evolving health information
    infrastructure
  • Identify approaches to achieve HIPAA compliance

24
64,000 Question
  • Is PKI a valid infrastructure for the
  • health industry?
  • If so, what is the likely architectural model?

25
MN NC to pilot Bridge CA
  • Developed by Mitretek for the Federal Dept of
    Treasury/GSA
  • Allows validation of digital certificates from
    multiple CAs
  • Aggressive timeframe - demo by Spring 2000
  • Additional states/projects can tie in after pilot
    phase

26
  • NCHICA PKI Projects
  • Rekmote access to immunization registry
  • Shared access to clinical info for Medicaid
    high-maintenance patients
  • Remote primary care provider access to
    neonatal/perinatal patient info
  • Remote primary care provider access to patient
    info for children with special needs
  • Access to emergency dept. database
  • Possible pharmacy application

27
  • MHDI PKI Projects
  • Access to Immunization data
  • Transmit newborn screening results from MN Dept
    of Health
  • Provide secure access to Central Query Service
    for eligibility inquiries
  • Other States
  • Additional projects underway

28
Provider Access to Immunization Registry Securely
PAiRS
29
What is PAiRS?
  • Combines immunization records from both public
    and private sources in a common database
  • Widely accessible, inexpensive and secure inquiry
    only access to immunization records via the
    Internet
  • Reliably identifies relevant records for an
    individual in the absence of a unique identifier

30
Current Project Status
  • Approximately 1.5 million children (0-18) and an
    associated 12 million vaccine doses
  • 28 pilot sites, 172 users
  • Over 1 million in in-kind contributions

31
(No Transcript)
32
Challenges to Successful Implementation of PAiRS
  • Initiation of use
  • Recognition of PAiRS value
  • Accessibility of computers
  • Computer skills of nurses and physicians
  • Busy practices with established service delivery
    methods
  • Security Interoperability

33
Where do we go from here?
  • PAiRS participation expansion
  • PKI for user authentication and security
  • Regional PAiRS project - demonstration project to
    facilitate inter-state exchange of immunization
    information

34
(No Transcript)
35
NCEDD Project Description
  • 3 goals (putting down a railroad track)
  • select a standard data format (DEEDS)
  • demonstrate secure data exchange
  • statewide ED database for injury surveillance,
    EMS outcomes, best practice (NCEDD)

36
Use of NCEDD Data
  • Public Health Surveillance
  • Disasters, bioterrorism, reportable conditions
  • Research using hospital discharge dataset
  • Injury surveillance, Trends/impact of new
    facilities, HMO penetration, substance abuse
    indicators
  • Linkages- outcomes, episode of care
  • EMS
  • Trauma Registry
  • Hospital Database
  • Aggregate format
  • Oversight Committee of participating hospitals

37
NCEDD Security
38
Security/Access Concerns
  • Confidential data over Internet
  • Patient
  • Facility
  • Provider
  • Authentication of users - multiple organizations
  • Public health staff - SCHS, Epidemiology
  • STEER staff - Chapel Hill, Wilmington
  • Participant hospitals ?

39
Federal PKI Approach(with thanks to Richard A.
Guida, Chair, Federal PKI Steering Committee)
  • Establish Federal PKI Policy Authority
  • Develop/deploy Bridge CA using COTS
  • Four levels of assurance (emulate Canada)
  • Prototype early 2000, production mid 2000
  • Deal with directory issues in parallel
  • Border directory concept White Pages
  • Use ACES (Access Certs for Electronic Services)
    for public transactions

40
FBCA Overview
  • Non-hierarchical hub for interagency
    interoperability
  • Ability to map levels of assurance in disparate
    certificate policies
  • Ultimate bridge to CAs external to Federal
    government
  • Directory contains only FBCA-issued certificates

41
FBCA PKI Architecture
US Federal
42
Potential Architectures
  • Multiple CAs within membrane, with single signing
    key
  • Single CA
  • Multiple CAs within membrane, cross-certified
    among themselves

43
Multiple CAs, Cross-certified
  • In essence, the quark model
  • Certificate path length may be 1
  • Adding CAs within membrane should be
    straightforward albeit not necessarily easy
  • Requires solving inter-product interoperability
    issues within membrane rather than outside -
    which is good

44
Current Status
  • Decision cross-certified CAs within membrane
  • Multiple vendor products Initially Entrust and
    GTE for prototype FBCA
  • Migration from prototype to production FBCA will
    entail adding other CAs inside the membrane
  • GSA/FTS has responsibility to execute

45
PKI Use and Implementation Issues
  • Misunderstanding what it can and cant do
  • Requiring legacy fixes to implement
  • Waiting for standards to stabilize
  • High cost - a yellow herring
  • Interoperability woes - a red herring
  • Legal trepidation - the brightest red herring

46
The Tugboat Captain
  • TJ Hooper v. Northern Barge Company 60 F.2d 737
    (2d Cir. 1932)
  • Long Island Sound - storm comes up and tug loses
    barge
  • Plaintiff was barge owner
  • Plaintiff found negligent because Captain had no
    weather radio
  • Rationale to avoid negligence, keep up with
    technological innovations - they set the standard
    of care in the industry

47
The price of good navigation is eternal vigilance
  • W. Holt Anderson, Executive Director
  • NC Healthcare Information Communications
    Alliance, Inc. www.nchica.org

48
Thank you !
  • www.nchica.org
About PowerShow.com