The Crossroads Bank for Social Security, a model for the health care sector ? - PowerPoint PPT Presentation

Loading...

PPT – The Crossroads Bank for Social Security, a model for the health care sector ? PowerPoint presentation | free to download - id: 7aaefa-YzU4Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

The Crossroads Bank for Social Security, a model for the health care sector ?

Description:

The Crossroads Bank for Social Security, a model for the health care sector ? Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 24
Provided by: Frank604
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The Crossroads Bank for Social Security, a model for the health care sector ?


1
The Crossroads Bank for Social Security, a model
for the health care sector ?
Frank Robben General manager Crossroads Bank for
Social Security Sint-Pieterssteenweg 375 B-1040
Brussels E-mail Frank.Robben_at_ksz.fgov.be Website
CBSS www.ksz.fgov.be Personal website
http//www.law.kuleuven.ac.be/icri/frobben
Crossroads Bank for Social Security
2
Structure of the presentation
  • relevant similarities between the social security
    sector and the health care sector
  • the model of the Crossroads Bank
  • the overall concept
  • the basic building blocks
  • critical success factors for an implementation

3
Relevant similarities
  • many actors, each having their own competencies
    and interests
  • huge need for electronic exchange of sensitive
    personal data between those actors, with
    sufficient guarantees on
  • interoperability
  • efficiency
  • data quality
  • security (availability, integrity,
    confidentiality)
  • a central data storage is not possible or
    desirable for reasons of
  • privacy protection
  • unacceptability for the actors

4
The Crossroads Bank model
  • distributed data storage, conform to a functional
    task sharing between the actors
  • the use of common identification keys for every
    entity that has to be identified
  • a reference directory, serving as a base for the
    organization of information exchange
  • a common technical and functional
    interoperability framework
  • a common security framework
  • a legal framework
  • the creation of an institution that elaborates
    the vision, stimulates, co-ordinates and manages
    the necessary frameworks

5
Distributed data storage
  • functional task sharing concerning
  • validation of information
  • storage of information
  • information is dynamically assembled
  • in function of business needs
  • on the initiative of the actor who needs the
    information or of the concerned person
  • according to the authorizations
  • by the use of the common interoperability and
    security framework

6
Common identification keys
  • characteristics
  • unicity
  • one entity one identification key
  • same identification key is not assigned to
    several entities
  • exhaustivity
  • every entity to be identified has an
    identification key
  • stability through time
  • identification key doesnt contain variable
    characteristics of the identified entity
  • identification key doesnt contain references to
    the identification key or characteristics of
    other entities
  • identification key doesnt change when a capacity
    or a characteristic of the identified entity
    changes

7
Common identification keys
  • concrete implementation
  • citizens
  • social security number (national register number
    or CBSS-number)
  • (electronically) readable from the SIS-card or
    the electronic identity card
  • controlled access to basic identification data in
    National Register and CBSS
  • Belgian Privacy Commission in health care sector
    preferable use of common identification key
    derived from social security number, rather than
    social security number itself
  • enterprises, including organizations and
    professionals
  • enterprise number (based on VAT-number)
  • number for every plant of an enterprise
  • generalized access to basic identification data
    in the Enterprise Register
  • regulation on data interconnection

8
Reference directory
  • serves as a base for the organization of
    information exchange
  • structure
  • directory of persons which actors have data on
    which persons in which capacities for which
    periods
  • data availability table which actor disposes of
    which type of data for which capacity
  • access authorization table which data may be
    transmitted to which actors for which capacities
  • functions
  • routing of information
  • preventive access control
  • automatic communication of changes to information

9
Interoperability framework
  • goal to guarantee the ability of all actors to
    share information and to integrate information
    and business processes by the use of
  • interconnected physical networks
  • (open) technical standards
  • functional agreements
  • harmonized concepts and data modelling

10
Technical standards
Information Exchange
Services Repository
Interconnection
Services Register ( UDDI) Agreements
( ebXML) Policies Vocabularia (content
metadata)
TCP/IP SMTP LDAP FTP S/MIME
XML XSL SOAP WSDL metadata (RDF, XTM, XMI, )
Security
11
Functional agreements
  • standardized codification
  • standardized use of objects and attributes
  • standardized layout of header of messages,
    independent from information exchange format and
    type of information exchange
  • version management
  • backwards compatibility
  • SLAs on disponibility and performance of
    services
  • access autorisation management
  • anonimization rules
  • acceptation and production environments
  • priority management

12
Security framework institutional measures
  • no central data storage
  • independent Control Committee, assigned by
    Parliament
  • supervision of information security
  • authorizing the information exchange
  • complaint handling
  • information security recommendations
  • extensive investigating powers
  • annual activity report
  • publication of the authorizations of information
    exchange
  • preventive control on legitimacy of data exchange
    by Crossroads Bank according to authorizations of
    the independent Control Committee
  • information security department in each
    institution
  • certified specialized information security
    service providers
  • working party on information security

13
Security framework extended ISO 17799
  • security policy
  • security organization
  • asset classification and control
  • personnel security
  • physical and environmental security
  • computer and operations management
  • access control
  • system development and maintenance
  • specific measures with regard to the processing
    of personal data
  • business continuity planning
  • compliance
  • communication towards the public opinion
    concerning the security policy and the measures
    with regard to security and privacy protection

14
Security framework legal measures
  • obligations of the controller
  • principles relating to data quality
  • criteria for making data processing legitimate
  • specific rules for processing of sensitive data
  • information to be given to the data subject
  • confidentiality and security of processing
  • notification of the processing of personal data
  • rights of the data subject
  • right of information
  • right of access
  • right of rectification, erasure or blocking
  • right of a judicial remedy
  • penalties

15
Security framework authentication
  • some basic concepts
  • identification answer to the question who are
    you ?
  • authentication answer to the question can you
    proof who or what you pretend to be ?
  • who authentication of the identity
  • what authentication of an attribute (e.g. role,
    characteristic, mandate, ...)
  • autorisation answer to the question what are
    you allowed to do ?
  • authentication
  • of the identity
  • electronic identity card
  • meanwhile, for some applications user-id
    password token
  • of an attribute
  • stored in a database or
  • stored in attribute certificate

16
SIS card identification proof of insurance
status
  • name
  • Christian names
  • date of birth
  • sex
  • social security number
  • period of validity of the card
  • card number
  • sickness fund
  • sickness fund registration number
  • insurance period
  • insurance status
  • social exemption status

key 1
  • other data to be added in the future,
  • if useful

17
Electronic identity card identification
authentication
  • name
  • Christian names
  • nationality
  • birth place and date
  • sex
  • national register number
  • main residence
  • place of delivery of the card
  • period of validity of the card
  • card number
  • the photo of the holder
  • identity and signature keys
  • identity and signature certificates
  • accredited certification service furnisher
  • information necesary for authentication of the
    card and securization of the electronic data

18
Harmonized concepts and data modelling
  • standard elements
  • with well defined characteristics
  • used within all services
  • OO-oriented
  • version management in an ever changing
    environment
  • define once, use many (different presentations)
  • workflow for validation of standard elements and
    characteristics
  • multi criteria search
  • by element
  • by scheme
  • by version

19
Changes of the legal environment
  • organization of integrated information management
    and electronic service delivery
  • organizational principles of the co-operation
  • permission or obligation to use common
    identification keys
  • rights and obligations of the different actors
  • role of the Crossroads Bank
  • liability
  • ICT-law only basic principles,
    technology-neutral, but not technology unaware
  • data protection
  • electronic signature
  • probative value

20
Creation of an institution (Crossroads Bank)
  • managed by representatives of the concerned
    actors
  • tasks
  • elaboration of the common vision in co-operation
    with the concerned actors
  • stimulation
  • co-ordination and program and project management
  • management of
  • the reference directory
  • the common interoperability framework
  • the common security framework
  • the legal framework
  • harmonization of the concepts and data modelling

21
A proven model
  • this model has been implemented
  • with end-to-end integration of electronic
    processes between
  • 2.000 public and private social security
    institutions
  • those institutions and all enterprises
  • with integrated electronic service delivery via a
    web portal to all citizens and enterprises
  • 170 types of structured data exchanges have
    already been implemented
  • 242 million messages were exchanged in 2002
  • the model is mentioned as best practice in
    E-government in the last 2 surveys of the
    European Commission

22
Critical success factors
  • a long term vision deliberated with the concerned
    actors
  • respect of the repartition of tasks and
    competences between the actors co-operation
    between all actors rather than centralization of
    tasks
  • trust of all actors in the co-operation model and
    the security of the system
  • search for win-win situations
  • sufficient financial means, skills and knowledge
  • support of and access to policymakers at the
    highest level
  • legal framework
  • creation of an institution that elaborates the
    common vision, stimulates, co-ordinates and
    manages the necessary frameworks

23
Th_at_nk you !
Crossroads Bank for Social Security
About PowerShow.com