Clinical Information Security. The norm EN ISO 13606

Similar documents
Health Informatics Standardisation - educational, informative and normative

ISO EN TECHNICAL REVISION

EHR Standards Landscape

Techniques for ensuring interoperability in an Electronic health Record

Electronic Health Record (EHR) Standards Survey

HL7 EHR System Functional Model and Standard (ISO/HL ), Release 2

Institute of Health Carlos III Research Public Organization Ministry of Science and Innovation. Research Unit on Telemedicine and e-health

How To Write An Electronic Health Record

Electronic Health Records: An introduction to openehr and archetypes

Standardised and Flexible Health Data Management with an Archetype Driven EHR System (EHRflex)

Integration Information Model

EHR Standards and Semantic Interoperability

EESTI STANDARD EVS-EN :2007. Health informatics - Electronic health record communication - Part 4: Security

Health Informatics Standardization: Relevance and Indian Initiatives

Il lavoro di armonizzazione. e HL7

A MODEL OF OPENEHR-BASED ELECTRONIC MEDICAL RECORD IN INDONESIA

EHR Interoperability Framework Overview

European Quality Labelling, Certification, Electronic Health Record systems (EHRs) gf v1

The use of ehealth standards in Norway

A MODEL OF OPENEHR BASED ELECTRONIC MEDICAL RECORD IN INDONESIA

Advanced Aspects of Hospital Information Systems

Information Security Basic Concepts

The next generation EHR

Certification Guidance for EHR Technology Developers Serving Health Care Providers Ineligible for Medicare and Medicaid EHR Incentive Payments

IMPROPER USE OF MEDICAL INFORMATION

Integration of Distributed Healthcare Records: Publishing Legacy Data as XML Documents Compliant with CEN/TC251 ENV13606

Patient Portal: Policies and Procedures & User Reference Guide

Using Archetypes with HL7 Messages and Clinical Documents. Heath Frankel HL7 Working Group Meeting 14 January 2011

HL7 CDA, Clinical Modelling and openehr

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

Infinite Campus: Using the Teacher Messenger Functions. Step 1: Log in to Infinite Campus and select the Messenger folder from the menu on the left.

e-consent design and implementation issues for health information managers

The EHR and Clinical Archetypes: time for clinical engagement!

Evaluating Options for the Integration of Electronic Medical Records With the Vermont Prescription Monitoring System

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

Relationship of HL7 EHR System Draft Standard to X12N

Data Provenance. Functional Requirements Document: Developed in Response to the Data Provenance Task Force Recommendations. Version 1.

Standards and their role in Healthcare ICT Strategy. 10th Annual Public Sector IT Conference

EHR Systems: an Introduction

Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses

Version: January 2008 ASTM E-31: EHR and Informatics Standards Education For Health Professional Disciplines. Background

MFI 4 Extended Registry SC32/WG2

June 20, Copyright 2012 by World Class CAD, LLC. All Rights Reserved.

International Organization for Standardization TC 215 Health Informatics. Audrey Dickerson, RN MS ISO/TC 215 Secretary

Trends in Healthcare Information Standardization

Standardization of the Australian Medical Data Exchange Model. Michael Legg PhD

Heuristic Walkthrough Usability Evaluation of Electronic Health Record with a Proposed Security Architecture

ANALYTICS PREDICTIVE. Tool of Providence or the End of Coincidence? He who does not expect the unexpected will not find it out.

A Metabolic Syndrome Health Check EHR based on openehr

ISO/HL EHR System Functional Model Standard

Open Source Modular Units for Electronic Patient Records. Hari Kusnanto Faculty of Medicine, Gadjah Mada University

How To Understand The Difference Between Terminology And Ontology

MedMail User Manual. Contents. 1.0 Introduction. 2.0 Installing the system. 3.0 Program operation

DEMYSTIFYING ELECTRONIC HEALTH Presented to Central East LHIN Board of Directors. January 22, 2014

NY Medicaid EHR Incentive Program. Eligible Professionals Meaningful Use Stage 2 (MU2) Webinar

EDI Agreement EDI AGREEMENT. Article 1: Object and scope. Article 2: Definitions

Medical Information Systems

EHR Business Process Models for Care Coordination and MU

How To Configure CU*BASE Encryption

Electronic Public Health Case Reporting: Current & Future Possibilities. Joint Public Health Forum & CDC Nationwide Call October 16, 2014

SOA in the pan-canadian EHR

Desktop Web Access Single Sign-On Configuration Guide

Electronic Health Record Sharing System

National Integrated Services Framework The Foundation for Future e-health Connectivity. Peter Connolly HSE May 2013

meridianemr PATIENT PORTAL Release Notes

Clinical Document Exchange Integration Guide - Outbound

Public Health Reporting Initiative Functional Requirements Description

Meaningful Use Stage 2 Implementation Guide

ACO Shared Savings Program: Adolescent Health Measures

SOA in the pan-canadian EHR

EHR Definition, Scope & Context. Sam Heard for Peter Schloeffel ISO/TC 215 WG1 Aarhus, Denmark 3 Oct 2003

Transcription:

Clinical Information Security - The norm EN ISO 13606 Unidad de Investigación en Telemedicina y esalud Instituto de la Salud Carlos III Madrid - Spain

Clinical information and security Non-repudiation Integrity Anonymity Auditory Access control

Norm EN ISO 13606 Objective: to provide semantic interoperability for the transmission of Electronic Health Records. Developed by the EHRCom Task Force inside the TC 251 (WG1) of CEN. Very sound background (ISO 18308 Dual Model Approach ENV 13606 Research projects - )

Norm EN ISO 13606 EN13606 has 5 parts: 1. Reference model 2. Archetype interchange specification 3. Reference Archetypes and term lists 4. Security 5. Interface specification

Policies There are several sources: National policies. Legislation Professional policies. Scientific Associations Organization policies. Health care areas, hospitals Software policies. Applications From an international point of view (normalization) it is very difficult to establish common policies so an international norm can t prescribe the policies. It should provide a consistent framework to develop them.

13606: Reference Model

Archetypes The reference model doesn t guarantee semantic interoperability Archetypes model the domain concepts by constraining the reference model determining the reference model classes to be used fixing names and meanings restricting the value range fixing default values. Archetypes are a formal mechanism to interchange knowledge

Double model approach Information Knowledge Reference model Archetypes model Based on... Instances Instances Data Restrict in run time Archetypes

Security in EN13606 The norm doesn t impose policies The norm provide tools The norm supposes that the environment is, in some way, compatible with ISO 22600 (PMAC Privilege Management and Access Control functional roles), that communications are encrypted, that the physical access to the systems is controlled,

Clinical information and security Non-repudiation Integrity Anonymity Auditory Access control

Non-repudiation, Integrity All clinical classes derive from RECORD_COMPONENT any data can be signed and autenticated

Clinical information and security Non-repudiation Integrity Anonymity Auditory Access control

Anonymity Demographic information is in a separated model ID s (that could be privated) are used in all references to entities

EN13606: Demographic model -id used in the extract -set of id s Identifies: -persons - organizations - devices and SW - professionals -patients

Clinical information and security Non-repudiation Integrity Anonymity Auditory Access control

EN13606: Auditory model Identification of the log entry Identification of parties involved Audit log information. Filter used (sensitivity, archetypes, etc.) to obtain the log entry

Clinical information and security Non-repudiation Integrity Anonymity Auditory Access control

13606: Access control Ideally: each single piece of data should have a dynamic access control list managed by the patient but it is not possible nor practical EN13606 defines two levels of access control: concordance of functional role(of user requesting access) and information sensitivity access policies

EN13606: Access control Communications model Requester can be different from recipient Data sent must be filtered Warning: denies could disclose information

EN 13606: Access control - Roles The models from ISO TS 22600 (PMAC) are used Two kind of roles: structural and functional

EN13606: Access control Level 1 an atribute present in all data 5 degrees: 1. Care management 2. Clinical management 3. Clinical care 4. Privileged care 5. Personal care Functional roles: 1. Administrator 2. Health-related professional 3. Healthcare professional 4. Privileged Healthcare professional 5. Personal Healthcare professional 6. Subject of care agent 7. Subject of care

EN13606: Access control Level 1 Sensitivity Care management Clinical management Clinical care Privileged care Personal care Functional role Subject of care X X X X X Subject of care agent X X X X X Personal healthcare professional Privileged healthcare professional Healthcare professional Health-related professional Administrator X X X X X X X X X* X X X X X X * access will be granted if the EHR Recipient is a member of the same speciality or clinical service as that in which the RECORD_COMPONENT was created

EN13606: Access control Level 2 Access policies Are modeled by an archetype: they can be sent and shared Travel integrated in the extract as compositions (one per policy) in a dedicated folder Section: registry components to which the policy applies Composition: access policy Access policy archetype Section: policy auditory Section: access rules Section: request information

EN13606: Access control Example From EN13606-4 EHR id = Joanna Jones Asthma contact Archetype = GP contact Normal clinical [3] ID = 1230 Depression Archetype = Outpatient contact ID = 1231 Chlamydia infection Archetype = Lab test ID = 1232 HIV Test Archetype = Lab test ID = 1233 (Gr: mental health) (Gr: sexual health) (Gr: sexual health) Exclude: - Brian9876 Role: Guardian (parent) Exclude: - Archetype = Lab test

EN13606: Access control Example 1 From EN13606-4 EHR id = Joanna Jones Asthma contact Archetype = GP contact Normal clinical [3] ID = 1230 Fred (Fred2714): GP Personal clinician Depression Archetype = Outpatient contact ID = 1231 Chlamydia infection Archetype = Lab test ID = 1232 HIV Test Archetype = Lab test ID = 1233 (Gr: mental health) (Gr: sexual health) (Gr: sexual health) Exclude: - Brian9876 Role: Guardian (parent) Exclude: - Archetype = Lab test

EN13606: Access control Example 2 From EN13606-4 EHR id = Joanna Jones Asthma contact Archetype = GP contact Normal clinical [3] ID = 1230 John (John2349): Practice nurse Clinical care Depression Archetype = Outpatient contact ID = 1231 Chlamydia infection Archetype = Lab test ID = 1232 HIV Test Archetype = Lab test ID = 1233 (Gr: mental health) (Gr: sexual health) (Gr: sexual health) Exclude: - Brian9876 Role: Guardian (parent) Exclude: - Archetype = Lab test

EN13606: Access control Example 3 From EN13606-4 EHR id = Joanna Jones Asthma contact Archetype = GP contact Normal clinical [3] ID = 1230 Helen (Hele8956): Sexual health nurse Priviliged clinician Depression Archetype = Outpatient contact ID = 1231 Chlamydia infection Archetype = Lab test ID = 1232 HIV Test Archetype = Lab test ID = 1233 (Gr: mental health) (Gr: sexual health) (Gr: sexual health) Exclude: - Brian9876 Role: Guardian (parent) Exclude: - Archetype = Lab test

EN13606: Access control Example 4 From EN13606-4 EHR id = Joanna Jones Asthma contact Archetype = GP contact Normal clinical [3] ID = 1230 Brian (Brian9876): Sexual health nurse Priviliged clinician Depression Archetype = Outpatient contact ID = 1231 Chlamydia infection Archetype = Lab test ID = 1232 HIV Test Archetype = Lab test ID = 1233 (Gr: mental health) (Gr: sexual health) (Gr: sexual health) Exclude: - Brian9876 Role: Guardian (parent) Exclude: - Archetype = Lab test

EN13606: Access control Example 5 From EN13606-4 EHR id = Joanna Jones Asthma contact Archetype = GP contact Normal clinical [3] ID = 1230 Mary (Mary6723): Joanna s mother Guardian Depression Archetype = Outpatient contact ID = 1231 Chlamydia infection Archetype = Lab test ID = 1232 HIV Test Archetype = Lab test ID = 1233 (Gr: mental health) (Gr: sexual health) (Gr: sexual health) Exclude: - Brian9876 Role: Guardian (parent) Exclude: - Archetype = Lab test

THANK YOU VERY MUCH FOR YOUR ATTENTION

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information