Embed Size (px)
Citation preview
Using Public Key Infrastructure to Using Public Key Infrastructure to Secure Online Medical RecordsSecure Online Medical Records
Presented by PRAVIN SHETTYPresented by PRAVIN SHETTY
INTRODUCTIONINTRODUCTION
Why did I choose this topic?Why did I choose this topic?
I am interested in Public Key Cryptography.I am interested in Public Key Cryptography.
I have a background in Health.I have a background in Health.
I believe online medical records will deliver I believe online medical records will deliver major improvements to the healthcare industry.major improvements to the healthcare industry.
OVERVIEW OF PRESENTATIONOVERVIEW OF PRESENTATION
1.1. Introduction to the problemIntroduction to the problem
2.2. Nature of Medical RecordsNature of Medical Records
3.3. What are the advantages and disadvantages What are the advantages and disadvantages of online medical records?of online medical records?
4.4. Features of Public Key Infrastructure that Features of Public Key Infrastructure that make it applicable to use for online medical make it applicable to use for online medical records.records.
5.5. Applications of Public Key Infrastructure for Applications of Public Key Infrastructure for Online Medical Records.Online Medical Records.
6.6. Public Key Infrastructure and Security Policy.Public Key Infrastructure and Security Policy.
7.7. Conclusion.Conclusion.
8.8. ReferencesReferences
1. THE PROBLEM1. THE PROBLEM
Through online medical records the aim is to Through online medical records the aim is to achieve a system where healthcare providers achieve a system where healthcare providers have:have:
accurate and up-to-data clinical informationaccurate and up-to-data clinical information
irrespective of the point of careirrespective of the point of care for patients. for patients.
Why?Why?
2. WHAT IS A MEDICAL 2. WHAT IS A MEDICAL RECORD?RECORD?
A medical record is a collection of A medical record is a collection of information about an individual that is used information about an individual that is used for their treatment by a health care for their treatment by a health care provider. provider.
The record contains both sensitive medical The record contains both sensitive medical information about the patient along with information about the patient along with demographic data and personal demographic data and personal information.information.
Health care worker notes (e.g. notes about a Health care worker notes (e.g. notes about a common viral illness or a report about major common viral illness or a report about major psychiatric illness).psychiatric illness).
Pathology test results (e.g. HIV or hepatitis Pathology test results (e.g. HIV or hepatitis serology).serology).
Radiological results (e.g. x rays and scans).Radiological results (e.g. x rays and scans).
Specialized tests such as angiograms Specialized tests such as angiograms (e.g. coronary angiogram).(e.g. coronary angiogram).
Operation reports (e.g. report of surgery Operation reports (e.g. report of surgery performed).performed).
Drug allergies and sensitivities.Drug allergies and sensitivities.
Details of next of kin or guardian.Details of next of kin or guardian.
Who uses a medical record?Who uses a medical record?Tertiary and Quaternary referral centres - large Tertiary and Quaternary referral centres - large specialized referral hospitals (e.g. Royal specialized referral hospitals (e.g. Royal Melbourne Hospital).Melbourne Hospital).
Small to medium community hospitals (e.g. Small to medium community hospitals (e.g. Williamstown Hospital).Williamstown Hospital).
General Practices - low acuity or ongoing General Practices - low acuity or ongoing community care of patients (e.g. a suburban community care of patients (e.g. a suburban general practice).general practice).
USERUSER PURPOSEPURPOSEGeneral PractitionerGeneral Practitioner Medical notes Medical notes Specialist Specialist Medical notesMedical notesNurseNurse Nursing notesNursing notesAllied Health (e.g. physiotherapist)Allied Health (e.g. physiotherapist) Allied health notesAllied health notesMedical AdministratorsMedical Administrators Planning, AuditingPlanning, AuditingMedical TypistsMedical Typists ClericalClericalReception StaffReception Staff ClericalClericalPharmacistPharmacist PrescriptionsPrescriptionsRadiographerRadiographer Performing radiological testsPerforming radiological testsHospital ChaplainHospital Chaplain At request of relatives or patientAt request of relatives or patientMedical InsurersMedical Insurers Service paymentService paymentGovernment Agencies (e.g. Medicare)Government Agencies (e.g. Medicare) Service paymentService paymentLaw Agencies Law Agencies Law enforcementLaw enforcementI.T. Staff (e.g. Database Administrator)I.T. Staff (e.g. Database Administrator) I.T. technology and supportI.T. technology and supportResearchersResearchers Medical researchMedical research
3. Advantages/Disadvantages of online 3. Advantages/Disadvantages of online medical records?medical records?
Advantages:Advantages:
Improving the treatment of patients.Improving the treatment of patients.
Use of patient information for research Use of patient information for research purposes and public health monitoring. purposes and public health monitoring.
Improved efficiency of the health system.Improved efficiency of the health system.
Disadvantages:Disadvantages:
Loss of confidentialityLoss of confidentiality
Loss of data integrityLoss of data integrity
Loss of control over personal informationLoss of control over personal information
4. Public Key Infrastructure and Online 4. Public Key Infrastructure and Online
Medical RecordsMedical Records
Features of Public Key InfrastructureFeatures of Public Key Infrastructure
Maintaining Confidentiality of Medical RecordsMaintaining Confidentiality of Medical Records
Ensuring Authentication of UserEnsuring Authentication of User
Maintaining the Integrity of Medical RecordsMaintaining the Integrity of Medical Records
Non-repudiation of Information ExchangeNon-repudiation of Information Exchange
Weaknesses of Public Key InfrastructureWeaknesses of Public Key Infrastructure
plaintext ciphertext
Attention: Confidential Patient Information
&773dfs##* U88(+!dd*edfs$%%_+=[K:LJK
encypyion algorithm
PRIVATE KEY of Newport Medical Centre
PUBLIC KEY of Newport Medical Centre
Figure 1
plaintext ciphertext
encypyion algorithm&773dfs##* U88(+!dd*ed
$%^DdfE$HO[][pdeAttention: Williamstown
Hospital sent this message
PUBLIC KEY of Williamstown Hospital
PRIVATE KEY of Williamstown Hospital
Figure 2
Williamstown HospitalMessage
Hashing Algorithm
Message Digest
Encrypted Message Digest
Encryption
Encrypted Message Digest
Message Digest
Decryption
Williamstown HospitalMessage
Message Digest
Hashing Algorithm
Figure 3
Part 1- At Willimastown Hospital
Part 2 - At Newport Medical Centre
PRIVATE KEY of Williamstown Hospital
PUBLIC KEY of Williamstown Hospitalcomparison of the two
message digests
5. Applications of Public Key 5. Applications of Public Key InfrastructureInfrastructure
Applications using Public-Key Applications using Public-Key Certificates and Attribute CertificatesCertificates and Attribute Certificates
[6] looked at distributed healthcare databases in [6] looked at distributed healthcare databases in Germany and other European Countries.Germany and other European Countries.
Aimed to create a system where healthcare Aimed to create a system where healthcare workers who where appropriately registered workers who where appropriately registered could access health care records.could access health care records.
Attribute Certificates were user for authorization Attribute Certificates were user for authorization and authentication of users. and authentication of users.
Attribute certificate for qualifications: profession Attribute certificate for qualifications: profession (e.g. doctor, dentist, midwife etc.), specialty type (e.g. doctor, dentist, midwife etc.), specialty type and dedicated specialty. and dedicated specialty.
Attribute certificate for authorizations: general Attribute certificate for authorizations: general authorization, authorization type, and dedicated authorization, authorization type, and dedicated authorization. authorization.
The attribute certificate cannot exist on its own The attribute certificate cannot exist on its own but is rather bound to the public key certificate. but is rather bound to the public key certificate.
The link occurs by using the serial number of the The link occurs by using the serial number of the public key certificate or by other means. public key certificate or by other means.
Together they constitute an entity which is then Together they constitute an entity which is then able to interact with a health care information able to interact with a health care information system. system.
This permits a doctor to view patient files, This permits a doctor to view patient files, prescribe medication and perform other prescribe medication and perform other necessary duties as specified by the certificates. necessary duties as specified by the certificates.
Health care provider Server
(Public Key and Attribute Certificates)
Medical Database
querydatabase
Remote Client(Public Key and Attribute Certificates)
request for medical data
Figure 4
Access Confidential Patient Data Over Access Confidential Patient Data Over the Internetthe Internet
[7] conducted a study at the Salford hospital, in [7] conducted a study at the Salford hospital, in the Greater Manchester District.the Greater Manchester District.
Examined secure online patient records.Examined secure online patient records.
Aimed to improve the flow of information Aimed to improve the flow of information between secondary care hospitals providing between secondary care hospitals providing specialist treatment and the primary care specialist treatment and the primary care physicians in the community.physicians in the community.
WAN Secured with PKI Firewall
Database Queries & Retrievals
DiabetesRegister
Web Browser/Entrust Direct proxy(Community GP)
Web ServerEntrust Direct proxy
Figure 5
Researchers use the triple DES algorithm.Researchers use the triple DES algorithm.
Public key cryptography is used in this case to Public key cryptography is used in this case to distribute the session key. distribute the session key.
Entrust formatted X.509 certificates and their Entrust formatted X.509 certificates and their proprietary protocols were used. proprietary protocols were used.
The Entrust Direct client works as a proxy on The Entrust Direct client works as a proxy on both the web clients (general practitioner) and both the web clients (general practitioner) and server (hospital).server (hospital).
The following procedure occurs with each request for information:The following procedure occurs with each request for information:
1. Requests by client browser for information are intercepted by the 1. Requests by client browser for information are intercepted by the Entrust Direct proxy on the client computer.Entrust Direct proxy on the client computer.
2. The request is encrypted and digitally signed before being sent to 2. The request is encrypted and digitally signed before being sent to the web server of the hospital.the web server of the hospital.
3. The Entrust Direct proxy on the web server intercepts and 3. The Entrust Direct proxy on the web server intercepts and decrypts the message, verifies the signature and decides decrypts the message, verifies the signature and decides whether it is from a trusted source. whether it is from a trusted source.
4. The Entrust Direct proxy/web server retrieves a certificate 4. The Entrust Direct proxy/web server retrieves a certificate revocation list (CRL) and checks the message against this. revocation list (CRL) and checks the message against this.
5. The web server then queries the diabetic register database and 5. The web server then queries the diabetic register database and retrieves retrieves the relevant information. the relevant information.
6. The outgoing message is intercepted by the Entrust Direct proxy.6. The outgoing message is intercepted by the Entrust Direct proxy.
7. The message is encrypted and digitally signed using the private 7. The message is encrypted and digitally signed using the private key of key of the Diabetic Information System. the Diabetic Information System.
8. The client browser Entrust Direct proxy intercepts and decrypts 8. The client browser Entrust Direct proxy intercepts and decrypts the the message, verifies the signature and decides whether it is message, verifies the signature and decides whether it is from a from a trusted source. trusted source.
9. The Entrust Direct proxy/client server retrieves a CRL and check 9. The Entrust Direct proxy/client server retrieves a CRL and check the the message against this. message against this.
10. The requested information appears on the client browser.10. The requested information appears on the client browser.
6. Public Key Infrastructure and Security 6. Public Key Infrastructure and Security PolicyPolicy
No security system should be reliant on a single No security system should be reliant on a single technology. technology.
Security of online medical records requires an Security of online medical records requires an organization-wide approach:organization-wide approach:
Development of a security policyDevelopment of a security policy
Having clear security goals and objectivesHaving clear security goals and objectives
Creating a culture of security awarenessCreating a culture of security awareness
Making employees explicitly aware of the security Making employees explicitly aware of the security policypolicy
Public key infrastructure can provide enormous Public key infrastructure can provide enormous security benefits when correctly and appropriately security benefits when correctly and appropriately integrated into the security system of a health care integrated into the security system of a health care organization.organization.
Its implementation must be considered in terms of the Its implementation must be considered in terms of the objectives and goals of the security policy. objectives and goals of the security policy.
7. Conclusion7. Conclusion
Increasing momentum towards online medical Increasing momentum towards online medical records.records.
Security of such a system is a major obstacle.Security of such a system is a major obstacle.
Community fears regarding confidentiality.Community fears regarding confidentiality.
Public Key Infrastructure can provide a key Public Key Infrastructure can provide a key component of a security system that provides component of a security system that provides enough security to make online medical records enough security to make online medical records viable. viable.
It offers a system whereby medical records can It offers a system whereby medical records can not only be powerfully encrypted, but the not only be powerfully encrypted, but the transmission between health care providers can transmission between health care providers can be controlled with a level of certainty that be controlled with a level of certainty that virtually eliminates the possibility of the records virtually eliminates the possibility of the records being intercepted or ending up in the wrong being intercepted or ending up in the wrong hands. hands.
This technology goes further by assuring the This technology goes further by assuring the integrity of a message through the use of digital integrity of a message through the use of digital signatures and message digests and creating a signatures and message digests and creating a communication which is non reputable. communication which is non reputable.
Studies into the use of online medical records Studies into the use of online medical records have shown promising results.have shown promising results.
8.08.0 ReferencesReferences
[1][1] Rindfleisch, T., (1997) Privacy, information technology, and health. Rindfleisch, T., (1997) Privacy, information technology, and health. Communications of the ACM August 1997, Volume 40, Issue 8.Communications of the ACM August 1997, Volume 40, Issue 8.
[2] [2] Anderson, R., (2001) Security Engineering: A Guide to Building Dependable Anderson, R., (2001) Security Engineering: A Guide to Building Dependable Distributed System, John Wiley.Distributed System, John Wiley.
[3][3] Marshall, W., Haley, R., (2000) Use of Secure Internet Web Site for Marshall, W., Haley, R., (2000) Use of Secure Internet Web Site for Collaborative Medical Research. Journal of the American Medical Collaborative Medical Research. Journal of the American Medical Association. Volume 284(14), pp 1843 – 1849.Association. Volume 284(14), pp 1843 – 1849.
[4][4] Burnett, S. & Paine, S., (2000) RSA Security's Official Guide to Burnett, S. & Paine, S., (2000) RSA Security's Official Guide to Cryptography.Cryptography.RSA Press. RSA Press.
[5][5] Clarke, R., (2001) Can Digital Signatures and Public Key Infrastructure Be Clarke, R., (2001) Can Digital Signatures and Public Key Infrastructure Be of Any Use in the Care Sector??? [online] Available from: of Any Use in the Care Sector??? [online] Available from: http://anu.edu.au/people/Roger.Clarke/EC/PKIH1th01.html [Accessed http://anu.edu.au/people/Roger.Clarke/EC/PKIH1th01.html [Accessed 3/05/03].3/05/03].
[6][6] Wohlmacher, P. & Pharow, P (2000) Applications in health care using Wohlmacher, P. & Pharow, P (2000) Applications in health care using public-key certificates and attribute certificates Computer Security public-key certificates and attribute certificates Computer Security Applications, ACSAC '00. 16th Annual Conference, Dec 2000 Page(s): 128 Applications, ACSAC '00. 16th Annual Conference, Dec 2000 Page(s): 128 –137.–137.
[7][7] Chadwick, D. et al (2002) Experiences of Using Public Key Infrastructure to Chadwick, D. et al (2002) Experiences of Using Public Key Infrastructure to Access Patient Confidential Data Over the Internet. Proceeding of the 35th Access Patient Confidential Data Over the Internet. Proceeding of the 35th International Conference on Systems Sciences. 2002 IEEE.International Conference on Systems Sciences. 2002 IEEE.
[8] Verisign Course in PKI by Verisign Australia.[8] Verisign Course in PKI by Verisign Australia.[9][9] Moreno, A & Isern D. (2002) Session 6A: applications: A first step towards Moreno, A & Isern D. (2002) Session 6A: applications: A first step towards
providing health-care agent-based services to mobile users Proceedings of providing health-care agent-based services to mobile users Proceedings of the first international joint conference on Autonomous agents and multiagent the first international joint conference on Autonomous agents and multiagent systems: part 2 July 2002. systems: part 2 July 2002.
[10][10] Ateniese, G. & de Medeiros B. (2002) Anonymous E-prescriptionsAteniese, G. & de Medeiros B. (2002) Anonymous E-prescriptionsProceeding of the ACM workshop on Privacy in the Electronic Society Proceeding of the ACM workshop on Privacy in the Electronic Society November 2002.November 2002.
[11][11] Jurecic, M. & Bunz, H. (1994) Exchange of patient records-Jurecic, M. & Bunz, H. (1994) Exchange of patient records-prototype implementation of a security attributes service in X.500 prototype implementation of a security attributes service in X.500 Proceedings of the 2nd ACM Conference on Computer and communications Proceedings of the 2nd ACM Conference on Computer and communications security November 1994. security November 1994.
[12][12] Zhang, L. Ahn, G. & Chu B. (2002) Applications: A role-based Zhang, L. Ahn, G. & Chu B. (2002) Applications: A role-based delegation framework for healthcare information systems Seventh ACM delegation framework for healthcare information systems Seventh ACM Symposium on Access Control Models and Technologies June 2002.Symposium on Access Control Models and Technologies June 2002.
