Embed Size (px)
Citation preview
Document Confidentiality
Milan Petkovic, Ray Krasinski
Structured Documents / Security WGsHL-7 Cambridge MeetingOctober, 2010
The Problem• Lack of persistent end-to-end encryption for CDA documents
– Distributed heterogeneous environments with multiple intermediaries– Encryption currently at transport level (e.g. TLS)– Certain transports lack standard solutions (e.g. USB drive)– Open document-level standard for encryption fosters interoperability– Similar document-level encryption already defined for imaging
• Need for enabling technology towards addressing meaningful use (HITECH), privacy legislation…
• Continua Health Alliance, national health networks, etc. foreseen as possible adopters
Use caseThird party opinion in tele-monitoring1. DMO transfers encrypted CDA document to hospital in different affinity domain2. Hospital GP accesses the document3. GP forwards encrypted CDA document to expert specialist4. Expert specialist accesses document for 2nd opinion
Exchanging health records using USB drives5. Doctor E-mails record summary to patient as encrypted CDA document6. Patient detaches document and saves it on his USB drive7. Patient shares encrypted CDA document with healthcare providers
Discussion• Document-level-encryption under discussion in IHE for 2010/2011
– Document encryption– Key management
• Potential involvement of HL-7 for CDA document encryption– Encryption at the CDA level (XML Encryption to encrypt body
and selected header fields)– Advantage: fine-grained protection (selectively protect
metadata and content, …) which allows for routing, searching, de-identification, etc.
