Auditing for Accountability in Healthcare - PowerPoint PPT Presentation

About This Presentation
Title:

Auditing for Accountability in Healthcare

Description:

Allow action without interference, trusting the judgement of the staff. ... Local security policies determine what is handled by access control, and what is ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 15
Provided by: AgfaCorp2
Learn more at: https://dicom.nema.org
Category:

less

Transcript and Presenter's Notes

Title: Auditing for Accountability in Healthcare


1
Auditing for Accountability in Healthcare
  • Robert Horn, Agfa, Glen Marshall, Siemens

2
Security Methods
  • Access Control
  • Get permission before allowing action
  • Suitable for situations, e.g. restricting access
    to authorized medical staff
  • Audit Control
  • Allow action without interference, trusting the
    judgement of the staff.
  • Monitor behavior to detect and correct errors.
  • Both have a place in security systems
  • Local security policies determine what is handled
    by access control, and what is handled by audit
    controls.

3
Audit System
Audit Control Local Policy determines
what events to report, and when. Security Audit
Message Standard Defines how to describe
events Repository Local Policy determines
what reports to keep, analyze, etc.
Access Control
Activity
Event
Encode a Description
Report?
Send to Repository
4
Standards Efforts
  • IETF - Security Audit Message structure
    (similar to HL7 version 3 XML structures)
  • HL7 Define descriptions of potentially
    auditable events in the HL7 domain, utilizing the
    IETF structure
  • DICOM Define descriptions of potentially
    auditable events in the DICOM domain, utilizing
    the IETF structure

5
Existing Audit Message
  • Interim effort by IHE
  • Radiology-centric view of events
  • Demonstrated functional capabilities
  • Part of the IHE Technical Framework
  • Provides a basis for evaluating the more general
    solution being developed by IETF, HL7, DICOM, and
    ASTM
  • Will coexist with the more general solution, and
    gradually be replaced by the more general
    solution.

6
Emerging Audit Message
  • New Effort for IHE IT Infrastructure 2004
  • Informed by DICOM, HL7, ASTM, and IHE
  • Posted as IETF Internet Draft, leading to RFC
  • Anticipates an enterprise audit repository
  • Supports uniform policy administration
  • Enables integration of security surveillance
  • Provides extensibility to accommodates various
    government regulations plus enterprise and local
    policies

7
Emerging Audit Message Schema(1)
8
Emerging Audit Message Schema(2)
9
Emerging Audit Message Schema(3)

10
Emerging Audit Message Schema(4)

11
Emerging Audit Message Schema(5)

12
Emerging Audit Message
  • Extensibility
  • Is a fully conformant XML Schema
  • Direct extension add elements
  • Restriction constrain values
  • Vocabulary reference to externally defined
    nomenclature from any source

13
Questions?
14
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Auditing for Accountability in Healthcare" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!