Remote Servicing under HIPAA with proposed Solution A - PowerPoint PPT Presentation

About This Presentation
Title:

Remote Servicing under HIPAA with proposed Solution A

Description:

Chairmen of Remote Servicing Focus Group. NEMA/COCIR/JIRA Security and ... Members: AGFA, GE, Kodak, Konica, Philips, Siemens, Toshiba. HIMSS January 28, 2002 ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 15
Provided by: johnf169
Category:

less

Transcript and Presenter's Notes

Title: Remote Servicing under HIPAA with proposed Solution A


1
Remote Servicing under HIPAAwith proposed
Solution A
  • John F. Moehrke
  • Chairmen of Remote Servicing Focus Group
  • NEMA/COCIR/JIRA Security and Privacy Committee
  • Systems Engineering Security and Privacy in
    Healthcare
  • GE Medical Systems

2
What you will learn today
  • Remote Servicing is critical
  • Remote Servicing presents new security risks
  • Vendors are working on a common solution that
    will
  • Reduce administration (Hospital and Vendor)
  • Improve Accountability
  • Provide a more secure environment
  • Privacy is the Goal, Security is the way.

3
Security and Privacy Committee (SPC)
  • Joint effort by NEMA-MII, COCIR-IT, and JIRA
  • Mission Ensure a level of data security and data
    privacy in the health care sector that
  • Meets legally mandated requirements
  • Can be implemented in ways that are reasonable
    and appropriate
  • Reduces Healthcare costs of compliance
  • Scope All systems, devices, components, and
    accessories used in medical imaging informatics
  • Scope is not exclusive of other products and is
    expected to be extendable to all Equipment that
    maintains Patient Data (PHI)
  • International data security and data privacy
    legislation, currently focusing on the European
    Community, Japan, and the United States of
    America

4
Efforts of the SPC
  • Educational Document
  • http//medical.nema.org/privacy/education.pdf
  • Remote Servicing Proposal (This talk)
  • http//medical.nema.org/privacy/remote.pdf
  • Audit Controls
  • http//medical.nema.org/privacy
  • Secure IHE Profiles
  • Work in progress
  • Members AGFA, GE, Kodak, Konica, Philips,
    Siemens, Toshiba

5
Why do Remote Servicing?
  • Benefit to Health Care Provider
  • Better Availability and Integrity of the systems
  • Quick response as no Travel involved
  • Higher quality of service
  • Knowledge base available at the Vendor
  • Expert can be applied to the problem/solution
  • Benefit to Vendor
  • Lower costs to service equipment
  • More service offerings (preemptive diagnosis)
  • Remote Service Centers (RSC) centralize knowledge
    and expertise

6
Remote Servicing today
Remote Service Center
Hospital Network
Vendor X
Vendor Y
Vendor Z
Modem Connections
Complex Wired Infrastructure
7
Remote Servicing Solution
Vendor X
Vendor Y
Uses Hospital Network
Access points
Access points
Access points
Access points
Vendor Z
Ex. Internet VPN
8
Access Control
Vendor X
1. Individual Service Personal
1. Individual Service Personal
1. Individual Service Personal
1. Individual Service Personal
1. Individual Service Personal
2. Device under service
2. Device under service
2. Device under service
2. Device under service
2. Device under service
2. Device under service
Vendor Y
Vendor Z
3. Access point Edges
3. Access point Edges
3. Access point Edges
9
Audit Trails
Vendor X
1. Individual Service Personal
1. Individual Service Personal
1. Individual Service Personal
1. Individual Service Personal
1. who, what, where, when why
2. Device under service
2. Device under service
2. Device under service
2. Device under service
2. Device under service
2. when, and what
Vendor Y
Vendor Z
3. Access point Edges
3. Access point Edges
3. Session specifics where and when
10
Health Care Provider gains Control and
Manageability
  • Control of each session and/or vendor
  • Rules that restrict where vendor X can go, what
    tools they can use, when they can connect, etc
  • Strong Access Point Authentication
  • Audit trails to prove accountability

11
Next Steps for SPC ? Focus Group Charter
  • Define a Reasonable and Practical solution that
    follows this architecture
  • Candidate A -- IPSec tunneling over the
    Internet
  • ESP/AH 3DES and SHA1
  • IKE Session Key negotiation
  • Certificates communicated out-of-band (mail,
    courier, etc)
  • Filtering and Routing rules maintained by the
    Healthcare facility
  • Audit trails maintained at RSC
  • Individual Authentication maintained at the RSC

12
Solution A IPSec on Internet
Vendor X
Vendor Y
Vendor Z
IPSec Tunnel, ESPAH 3DES, SHA1 IKE-RSA, PKI
out-of-band
13
Conclusion
  • The Focus Group is actively creating these
    Descriptions of Candidate Implementations
  • Vendors are providing experts from their Service
    organizations
  • AGFA, GE, Kodak, Philips, Siemens, Toshiba,
  • Targeting End of 2002 with demonstration at RSNA
  • Will seek approval by NEMA, COCIR, and JIRA early
    2002
  • Likely Vendor implementations mid 2002

14
John F. Moehrke
  • GE Medical Systems
  • 262-293-1667
  • John.Moehrke_at_med.ge.com
Write a Comment
User Comments (0)
About PowerShow.com