Embed Size (px)
DESCRIPTION
Identity and Access Management for HIPAA: Technology Model. William A. Weems Assistant Vice President Academic Technology The University of Texas Health Science Center at Houston. Middleware Makes the Global Sharing of Resources Invisible to Users. - PowerPoint PPT Presentation
Citation preview
CAMP Med
Identity and Access Management for HIPAA: Technology Model
William A. WeemsAssistant Vice PresidentAcademic Technology
The University of Texas Health Science Center at Houston
CAMP Med
Middleware Makes the Global Sharing of Resources
Invisible to Users.
3
CAMP Med
Increasingly, people must easily and securely exchange
information in cyberspace among "known" individuals and to securely access restricted
resources they “know” can be trusted without having to struggle
with numerous and onerous security processes.
4
CAMP Med
• How do you prove you are who you say you are?
• How do you know that someone is legitimate in his or her dealings with you, and how do you get redress if things go wrong?
• If your identity is stolen and used fraudulently, or personal records are altered without your knowledge or permission, how do you prove that it was not you?
• It is difficult enough to verify someone's identity in the tangible world where forgery, impersonation and credit card fraud are everyday problems related to authentication.
• Such problems take on a new dimension with the movement from face-to-face interaction, to the faceless interaction of cyberspace.
Identity and Authentication by Simon Rogerson
5
CAMP Med
Ideally, individuals would each like a single digital credential that
can be securely used to authenticate his or her identity
anytime authentication of identity is required to secure any
transaction.
6
CAMP Med
Ideally, a digital credential must
• positively identify a person,
• positively identify the certifying authority - i.e. the identity provider (IdP),
• be presentable only by the person it authenticates,
• be tamper proof, and
• be accepted by all systems.
7
CAMP Med
Texas Medical Centerwww.tmc.edu
• Forty One Institutions on 740 Acres • Approximately 65,000 Employees• Seven Large Hospitals • 6,176 Licensed Beds & 334 Bassinets• Baylor College of Medicine• Rice University• Texas A&M Institution of Biotechnology• University of Texas Health Science Center at Houston• University of Texas M.D. Anderson Cancer Center
8
CAMP Med
Scenario I
• UT-Houston Residency Programs have some attending physicians that are non-university personnel – e.g. M.D. Anderson & Baylor
• Dr. James at M.D. Anderson is to be an attending physician in the UT-Houston Internal Medicine Residency Program.
• On-line Graduate Medical Education Information System (GMEIS) contains confidential and sensitive information - including HIPAA data.
• Dr. James needs access to GMEIS.
• How is Dr. James’ identity verified, authenticated and authorized to have access as an attending physician?
• If Dr. James suddenly leaves M.D. Anderson, is his access to UT-Houston Residency Program immediately abolished?
9
CAMP Med
Scenario I - Problems
• Dr. James has no digital credentials.
• U.T. Houston policy requires that a responsible party at U. T. Houston assume responsibility for Dr. James and sponsor him as a “guest”.
• Dr. James must appear before a Local Registration Administration Agent (LRAA) to have his identity verified and be credentialed.
– Does not verify his status with M.D. Anderson.
• If Dr. James leaves M.D. Anderson, there is no automatic process in place to revoke his access rights.
10
CAMP Med
UTHSC-H: An Identity Provider (IdP)
It is critical to recognize that the university functions as an identity provider (IdP) in that UTHSC-H provides individuals with
digital credentials that consist of an identifier and an authenticator. As an IdP, the university assumes specific
responsibilities and liabilities.
11
CAMP Med
Issuing a Digital Credential
• Individual appears before an Identity Provider (IdP) which accepts the responsibility to – positively determine and catalog a person's uniquely
identifying physical characteristics (e.g. picture, two fingerprints, DNA sample),
– assign a unique, everlasting digital identifier to each person identified,
– issue each identified person a digital credential that can only be used by that person to authenticate his or her identity,
– maintain a defined affiliation with each individual whereby the validity of the digital credential is renewed at specified intervals.
12
CAMP Med
Identity Provider(IdP)
uth.tmc.edu
Person
IdP ObtainsPhysical
Characteristics
Identity Vetting & Credentialing
IdentifierPermanently
Bound
AssignsEverlasting
Identifier
Digital Credential
IssuesDigital
Credential
Person Only Activation
PermanentIdentity
Database
13
CAMP Med
Identity Provider(IdP)
uth.tmc.edu
PersonIdentifier Digital CredentialPermanently
Bound
AssignsEverlasting
Identifier
IssuesDigital
CredentialIdP Obtains
PhysicalCharacteristics
Person Only Activation
Identity Vetting & CredentialingUTHSC-H Two Factor Authentication
PermanentIdentity
Database
?
?
14
CAMP Med
Identity Provider(IdP)
uth.tmc.edu
PersonIdentifier Digital CredentialPermanently
Bound
AssignsEverlasting
Identifier
IssuesDigital
CredentialIdP Obtains
PhysicalCharacteristics
Person Only Activation
Using NetworkUsernamePassword
Identity Vetting & CredentialingUTHSC-H Username/Password Authentication
PermanentIdentity
Database
???????
?
15
CAMP Med
Identity & Authentication Attributes
• Identity Vetting– Basic Trust Level– Medium Trust Level– High Trust Level
• Credential Strength– Two-factor PKI Biometric Token– Two-factor PKI Password Token– One-factor Network Username/Password
16
CAMP Med
UTHSC-H Strategic Authentication Goals
• Two authentication mechanisms.– Single university ID (UID) and password
– Public Key Digital ID on Token (two-factor authentication)
• Digital Signatures• Highly Secure Access Control• Potential for inherent global trust
CAMP Med
Public Key Infrastructure:The Broad Enabler of Collaborative
Trust
18
CAMP Med
Agencies are using the Internet for an increasing spectrum of applications. Doing so requires that
agencies confront the issues of user authentication, confidentiality and integrity of
data transferred, and the ability to hold transaction parties accountable when
necessary.
While there are many technologies which meet some of the requirements, only one provides the
tools for meeting all of them: public key technology, implemented in the form of Public
Key Infrastructure (PKI).Richard A Guida, June 2000
19
CAMP Med
Using Digital IDs (DIDs)
• Digital Signatures – authenticates senders– guarantees that messages are unaltered (message
integrity)– provides for non-repudiation– legal signature with the United States
• Encryption of e-mail– Provides confidentiality of e-mail when required
• Digitally Signing On-line Forms• Strong Authentication for Access Control
20
CAMP Med
Mass Mailing of Signed & Encrypted E-mail
Automated Mailer
Mailing List
[email protected]@[email protected] [email protected]
&Encrypted
LDAP Directory Service
Request Recipient's
Digital Cert.
Message [email protected]
21
CAMP Med
Two Categories of Identity• Physical Identity – Body Identity - Authentication
– Facial picture,– Fingerprints– DNA sample
• Identity Attributes – Authorization Attributes– Common name,– Address,– Institutional affiliations - e.g. faculty, student, staff, contractor.– Specific group memberships– Birth date– City of Birth– Clinical Credentials– Etc.
22
CAMP Med
Identity Provider(IdP)
uth.tmc.edu
Federated Services Identity (IdP) & Resource Providers (RP)
Identity Provider(IdP)
utsystem.edu
Identity Provider(IdP)
bcm.edu
Resource Provider(RP)
library.tmc.edu
Blackboard(RP)
uth.tmc.edu
GMEIS(RP)
uth.tmc.edu
Identity Provider(IdP)
mdanderson.org
Identity Provider(IdP)
utmb.edu
FederationWAYF Service
InCommon
23
CAMP Med
Identity Provider(IdP)
uth.tmc.edu
Federated Services Identity (IdP) & Resource Providers (RP)
Identity Provider(IdP)
utsystem.edu
Identity Provider(IdP)
bcm.edu
Resource Provider(RP)
library.tmc.edu
Blackboard(RP)
uth.tmc.edu
GMEIS(RP)
uth.tmc.edu
Identity Provider(IdP)
mdanderson.org
Identity Provider(IdP)
utmb.edu
FederationWAYF Service
InCommon
Public Key
Infrastructure
24
CAMP Med
Home Organization
Attribute Authority
Authentication System (ISO/SSO/Cert)
Handle Service
ORIGIN
RBAC Authorization
System - LDAP (eduperson)
Browser
FederationWAYF SERVICE
(IN COMMON)
Attributes determined by ARP
Resource Provider
SHIRE
SHAR
Resource Manager
TARGET
Web Site
Shib Software =
CAMP Med
What Does an Institution Do When There is NO Identity Provider?
26
CAMP Med
Policy and procedures associated with identifying, credentialing and
authenticating employees, students and residents are reasonably appropriate at the
university. However, another group of individuals such as contractors, research
collaborators and others having legitimate, professional affiliations with the university do not have digital credentials issued by identity providers having relying partying
agreements with UTHSC-H.
27
CAMP Med
Currently, the university accepts the legal responsibility of identifying these
individuals, designated as guests, and issuing them digital credentials which they
can use to authenticate their university certified identity to others. Individuals in this group are designated as “guests”.
28
CAMP Med
Because of the extremely varied circumstances associated with how “guest” affiliations arise and terminate, it is difficult to determine the current status of “guest”
affiliations and associated levels of “trust”. To ensure that appropriate assurance levels can be asserted by UTHSC-H as an identity provider, special policies exist for identity
proofing and credentialing of persons sponsored by individual university
personnel.
