Security models for medical and genetic information - PowerPoint PPT Presentation

About This Presentation
Title:

Security models for medical and genetic information

Description:

Security models for medical and genetic information Eduardo B. Fernandez, Mar a M. Larrondo Petrie, Tami Sorgente, Alvaro Escobar, and Andrei Bretan – PowerPoint PPT presentation

Number of Views:131
Avg rating:3.0/5.0
Slides: 37
Provided by: cseFauEd
Learn more at: https://www.cse.fau.edu
Category:

less

Transcript and Presenter's Notes

Title: Security models for medical and genetic information


1
Security models for medical and genetic
information
  • Eduardo B. Fernandez,
  • María M. Larrondo Petrie,
  • Tami Sorgente,
  • Alvaro Escobar, and
  • Andrei Bretan

2
Medical information
  • Patient information is very sensitive its misuse
    could seriously affect the life of the patient
  • In the past this information was kept in paper in
    doctors offices and hospitals
  • Most medical information now is being put online
    and accessible from the Internet
  • There is more information available, e.g.,
    genetic information

3
Security problems
  • There are many benefits by having information
    online but also new threats
  • Access to patients records is now possible from
    remote locations, illegal access also!
  • Access to many patients records makes blackmail,
    spam, and theft identity more lucrative
  • We need new access control models

4
General policies for the model
  • Need-to-know, provide only information needed to
    perform their job
  • Users are defined by their roles but individual
    access is also needed
  • Emphasis on privacy
  • Closed system

5
Specific policies
  • Specific access constraints for each role
  • Patients consent to use of their records and and
    are notified of their use
  • A record custodian is responsible for use of
    record
  • Records must be accessible for specific time
    periods
  • Need to override rights in exceptional situations

6
Specific Policies II
  • Records of patients with genetic or infectious
    diseases need to be linked to other medical
    records e.g. relatives
  • Each patient has one or more medical records seen
    as one Logical Record
  • Need for aggregate types of access which do not
    reveal the individuals medical data

7
Requirements for model
  • Administration of securityCustodians and
    traditional administrators
  • Attribute and credential-based authorizationUsers
    unknown in advance
  • Exceptional access modesneed to override
    predefined authorization
  • Delegation of rightsProvisions for delegation

8
More requirements
  • Temporal restrictionsTime-dependent access
  • Use of XMLNeed to control access to XML
    documents
  • Multimedia objectsUnits of access can be text,
    images, audio
  • InferenceControl of basic inferencial
    associations

9
Even more requirements
  • Expression encryption needsWhen Transferring
    documents
  • Coordinated authentication and authorization
  • Coordination of architectural levels
  • Consideration of web standards
  • Compliance with health records laws

10
Medical information
  • Medical information is collected from the moment
    a person is born until her death
  • Presently there is not one medical record for
    each individual kept in a central registry
  • Each clinician or consortium keeps their own
    records
  • Information is passed through referrals and
    discharge letters

11
Privacy of Patients
  • Since 400 B.C., and the Hippocratic oath, patient
    privacy has been an important part of physicians
    code of conduct
  • Now, many insurers, attorneys and government
    agencies employ individuals not subject to
    medical ethics codes

12
Medical information Protection
  • The use of medical information of each individual
    is complex and fragmented
  • Several countries have provided guidelines for
    medical information protection

13
Patient data protection laws
  • The UK had a law in 1996
  • Germany, France, Iceland, and others already have
    laws
  • In the US we have now HIPAA, not as effective as
    the British laws

14
HIPAA in the United States
  • Healthcare providers must ensure the integrity,
    confidentiality, and availability of electronic
    protected health information (PHI) is protected
  • PHI is broad and includes any identifiable health
    or mental information related to an individual

15
Bioinformatics
  • Application of computer technology to the
    management of biological information.
  • Science of developing computer databases and
    algorithms to facilitate and expedite biological
    research.
  • Genomics is a perfect example.
  • Biological information must be protected from
    misuse.

16
Bioinformatics Security Approaches
  • Use alias to replace the individuals true
    identity.
  • Use passwords and encryption for access to or
    transfer of files, using a secure shell protocol.
  • Chemical encoding into the genetic material.
  • Digital Certificate and Public Key Infrastructure
    for individual users identification.

17
Access control models
  • There are several models for access control to
    information
  • The most common are multilevel, Access matrix,
    and Role-Based Access Control
  • These are general models, independent of the
    application
  • However, the model must fit the application or it
    will not be used

18
Some XML Security Standards
  • Signed Document Markup Language (SDML)
  • Key Management Specification (XKMS)
  • Security Assertion Markup Language (SAML)
  • Extensible Access Control Markup Language (XACML)

19
(No Transcript)
20
Some policies for medical information
  • Patients can see their records, consent to their
    use, must be informed of their use
  • A doctor or other medical employee is responsible
    for use of record (custodian)
  • Records of patients with genetic or infectious
    diseases must be related
  • One or more medical records per patient

21
(No Transcript)
22
An Analysis Pattern for Patient Treatment
  • Requirements
  • A Patient Treatment Pattern describes the
    treatment or stay history of a patient in a
    hospital.
  • The hospital may be a member of a medical
    consortium.
  • Each patient has a medical history which
    contains insurance information and a record of
    all treatments within the medical consortium.
  • Each patient has a primary physician, an
    employee of the hospital.
  • Upon admission the patient is created as new
    or information is updated from previous visit(s).
  • A treatment history is created for each
    patient admitted and updated throughout the
    patients stay.
  • Inpatients are assigned a room, nurse team and
    consulting doctors.

23
Patient Record
Figure 1 Class Diagram for Patient Record
24
Patient Treatment with HIPAA Security standards
  • General requirements of Health Insurance
    Portability and Accountability Act (HIPAA)
    security standards
  • Ensure the confidentiality, integrity and
    availability of all electronic protected health
    information the hospital creates, receives,
    maintains or transmits.
  • Protect against any reasonably anticipated
    threats or hazards to the security or integrity
    of such information.
  • Protect against any reasonably anticipated uses
    or disclosures of such information that are not
    permitted or required under the privacy
    regulations.
  • Ensure compliance of this subpart by the hospital
    workforce.

25
Patient Treatment with Authorization
The Role Based Access Control model will be
used to assign rights to the users according to
their roles in patient treatment.
admit a new patient
ltltextendgtgt
admit a patient
admissions clerk
admit an inpatient
admit an outpatient
patient
nurse
treat a patient
doctor
discharge a patient
ltltincludegtgt
administrative clerk
close a patient
26
Patient Treatment with Authorization
MedicalHistory insurance treatmentHistory
1
Consortium
name main location
name patient number
Patient

Hospital
create update
name address

name ss number address
Employee
27
Outline of Proposed Research
  • The main objective of this project is to develop
    security models for specialized applications
    requiring a high level of security with an
    emphasis on privacy
  • Specifically, we propose to develop an
    authorization model for medical and genetic
    information

28
Research Approach
  • Analyze interactions of systems and users with a
    patient record system
  • Interview healthcare professionals
  • Define threats and incorporate countermeasures
  • Develop patterns to define the complete model and
    subsets of the model

29
Research Approach (cont.)
  • Develop a protection profile that could help to
    develop secure access systems
  • Validate the model by testing in real health
    environment
  • Develop a secure methodology to build and
    configure system used for this type of application

30
Extensions of the Model
  • Financial systems require investor consent before
    disclosing his investments
  • Eduacation, law enforcement, and banking have
    several similar requirements
  • Pharmaceutical companies in search of
    experimental drug testing subjects inviting a
    patient to participate without accessing their
    identity until the patient accepts

31
Evaluation Plan
  • 8 measures of success for evaluation of the model
  • Common Criteria Protection Profile for systems
    that access, store, or interact with medical data
  • Sources for Common Criteria
  • NIST, 2003 Common Criteria for IT Security
    Evaluation Common Language to Express Common
    Needs, Computer Security Resource Center (CSRC),
    National Institute of Standards and Technology,
    created 12 November 2002, last updated 19 May
    2003, http//csrc.nist.gov/cc/
  • Common Criteria for Information Technology
    Security Evaluation, User Guide, CESG, UK and
    NIST, USA, Syntegra, October 2999.
  • Towns and Britton, 1999 Towns, M. and K.
    BrittonProterction Profile Development Workshop
    Student Handbook, Ver. 2.0, NIAP/NIST, 2000.
  • Grainger 2000 Granger, G. Common Criteria
    Tools, Mitretek Systems, May 25, 2000.

32
Common Criteria What is it?
  • Common Criteria (CC) catalog of criteria and a
    framework for organizing a subset of the criteria
    into security specification
  • Who uses it

33
Common Criteria
  • International Standard

34
Common Criteria Protection Profile
  • Common Criteria Protection Profile (CC PP) an
    implementation independent statement of security
    requirements that is shown to address threats
    that exist in a specified environment
  • A PP is appropiate when
  • Consumer group wishes to specify security
    requirements for an application type (e.g.,
    electronic funds transfer)
  • Government wishes to specify security
    requirements for a class of security products
    (e.g., firewalls)
  • An organization wishes to purchase an IT system
    to address its security requirements (e.g.,
    patient records for a hospital)

35
Contents of a Protection Profile
  • PP Introduction
  • PP Identification
  • PP Overview
  • Target of Evalustion (TOE)
  • TOE Security Environment
  • Assumptions
  • Threats
  • Organizational security policies
  • Security Objectives
  • Security objectives for the TOE
  • Security objectives for the environment
  • IT Security Requirements
  • TOE Security Requirements
  • Security functional req.
  • Security assurance req.
  • Sec. reqs. for IT environment
  • PP Application Notes
  • Rationales
  • Security objectives rationale
  • Security requirements rational

36
Registered Protection Profiles
  • Sets of registered Protection Profiles exist at
    the following locations
  • http//www.radium.ncsc.mil/tpep/protection_profile
    s/index.html
  • http//www.cesg.gov.uk/cchtml/ippr/list_by_type.ht
    ml
  • http//csrc.nist.gov/cc/pp/pplist.htm
    (currently being updated so I could not look up
    the list to see if it including what we are
    trying to propose)
  • http//www.scssi.gouv.fr/present/si/ccsti/pp.html
Write a Comment
User Comments (0)
About PowerShow.com