The Nationwide Health Information Network (NHIN) requires the secure connection of health organizations within and across state borders. The goal of Phase 4 of the e-Authentication Pilot Study is to investigate a specific solution to this issue. In 2006 HIMSS sponsored Phase 1 of the e-Authentication Pilot Study which modeled the use of the General Services Administration (GSA) electronic authentication certificates using PKI and SAML in a healthcare information exchange (HIE) environment by 6 Regional Health Information Organizations (RHIOs) located in 5 different states. Phase 2 extended the work of Phase 1 to model federated single sign-on into a distributed multi-state HIE using PKI certificates for secure identity management, open source Internet2 middleware (Shibboleth and Shibboleth tools) for the authorization architecture and OASIS Security Assertion Markup Language (SAML) for single sign-on and access control. Phase 2 concluded in the development of a healthcare specific configuration of the Shibboleth network architecture and the development of healthcare related directory objects for role-based authorization. The Phase 2 technology was successfully demonstrated in the 2008 IHE Showcase. Phase 3 of the e-Authentication Pilot Study extended the network to include NHIN connectivity as a participant in the NHIN2 project. Advancements included; Record Location Services (RLS), proprietary Electronic Health Records (EHR), Personal Health Record Service (PHR), Public Health Immunization Record Service, VMWare virtual server technology. Phase 4 extends the use of NHIN Connector for Clinical and Administrative transactions, connection to OpenVISTA, work with the Voluntary Universal Healthcare Identifier (VUHID) and the growth of the network to 18 hospitals. Liberty Alliance/Kantara Workgroup for Health Identity and Assurance continues to participate to define Health Identity Management best practices and Role-based Authentication. Presented at HIMSS2010 by Richard Moore and John Fraser
Lucknow Call girls - 8800925952 - 24x7 service with hotel room
Healthcare Identity Management and Role-Based Access in a Federated NHIN - The e-Authentication Project Phase 4
1. Healthcare Identity Management and Role-Based Access in a Federated NHIN The e-Authentication Project Phase 4 Co-presenters: Richard Moore, President eHealth Ohio and John Fraser, CEO MEDNETWorld.com Session 246 HIMSS 2010 Atlanta, GA Thursday, March 4, 11:15 AM - 12:15 PM
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17. RLS Service Service Provider MEDNET Gateway MEDNET NHIN Gateway MEDNET Gateway MEDNET Gateway MEDNET NHIN Gateway MEDNET HIE Identity Provider Identity Provider TechColumbus Platform Lab Physician Portal eHealth Rubicon Service Service Provider EHR/EMR SOAP/HTTPS Firewall Firewall eHealth Ohio Developments 2009
18.
19.
20.
21. CHIC & eHealth Ohio – Record Locator Service & NHIN CHIC SISU / St.Luke’s VRMC Users NHIN Backbone connecting HIEs Community Security/ Privacy Officers Log Reviews Personal Health Record (PHR) Role Based Access Control Service Community Patient Privacy Manager Audit Database XDS Registry and Repository Patient Clinical Info Retrieval Lookup MEDNET GRID SERVER Immunization Connection eHealth Ohio, Rubicon TechColumbus Test server LOGIN MEDNET NHIN Gateway Record Locator Service Federated Identity Management Service
22.
23.
24. NHIN Connectivity Overview Your existing sites Your organizations network Feds: SSA, DoD, VA, CDC, etc Nationwide Health Information Network - NHIN INTERNET Payers Providers State & Local Health Information Exchanges (HIE)
25.
26.
27. NHIN Message Security* Required in all NHIN SOAP messages (*) standard SAML-secured SOAP message – not NHIN specific Example payload: HL7v3 CCD Message in XML format
28.
29. CHIC & eHealth Ohio – Record Locator Service & NHIN CHIC SISU / St.Luke’s VRMC Users NHIN Backbone connecting HIEs Community Security/ Privacy Officers Log Reviews Personal Health Record (PHR) Role Based Access Control Service Community Patient Privacy Manager Audit Database XDS Registry and Repository Patient Clinical Info Retrieval Lookup MEDNET GRID SERVER Immunization Connection eHealth Ohio, Rubicon TechColumbus Test server LOGIN MEDNET NHIN Gateway Record Locator Service Federated Identity Management Service
30.
31.
32. Resources To learn more about NHIN: Visit: http://blog.mednetworld.com/survey to complete a two question survey on our talk, and download a free copy of an e-Book that we've developed on the topic.
33.
Notes de l'éditeur
Richard Moore is the owner and president of DME Consulting Services. He has over 30 years experience with Health Information Systems working with many public and private organizations. His broad-based knowledge of health information systems and operations comes from experience working directly with providers, payers, software manufacturers, electronic data interchange organizations, billing services, clearinghouses and government agencies. He is the current president of eHealth Ohio, Inc., a non-profit regional affiliate of the national standards development organization Workgroup for Electronic Data Interchange (WEDI). His primary WEDI focus is HIPAA X12 EDI transactions and he has participated as an author on WEDI testing whitepapers. He is an active participant in the Healthcare Information and Management Systems Society (HIMSS) and is the current Chair of the HIMSS RHIO Liaison Roundtable. He is also a member of the Board of the Central and Southern Ohio HIMSS (CSOHIMSS) Chapter and is the Chapter Advocacy Chairman and the RHIO Liaison for the State of Ohio. He is involved in the Healthcare Information Technology Standards Panel (HITSP) on the Security, Privacy and Infrastructure technical committee (SPI-TC). Also he is a founding member of the Liberty Alliance Health Identity Management Special Interest Group (HIM-SIG). The last three years he has been a project lead for the study on the use of the GSA e-Authentication model for the Nationwide Health Information Network (NHIN) focusing on electronic identity management, secure electronic health information exchange and federated single sign-on. John Fraser founded and is CEO of MEDNETWorld.com based in Minneapolis, Minnesota. MEDNETWorld.com is wiring up health care by providing Record Locator Services, security and privacy technologies and national connectivity to current and emerging health information exchanges. Prior to founding MEDNET in 2006, John Fraser was the co-founder and former CEO of VisionShare Inc, a company building a secure, national infrastructure for claims connectivity and Medicare billing services with over 50% of all U.S. hospitals using their software. Prior to VisionShare, John built MEDNET, a state-wide medical network in Minnesota at the Minnesota Health Data Institute. Prior to the Institute, John built a state-wide Cancer Surveillance system at the Minnesota Department of Health. John has also done stints at Honeywell and Control Data Corporations. John is the co-chair of the Health Identity Management Special Interest Group of the Liberty Alliance (HIM-SIG). John is an avid bicyclist, diver and swimmer, with an undergraduate degree from the University of Minnesota. John holds a private pilot’s license and a 1st degree black belt in Tae Kwon Doe Karate.
First, we need to show that we do not have any conflict of interest related to our presentation. I would also point out that almost all of the work for this project has been either donated or given in-kind. We have attempted to use Open Source solutions when available.
Nationwide Health Information Network (NHIN) requires the secure connection of health organizations within and across state borders. The goal of Phase 4 of the e-Authentication Pilot Study is to investigate a specific solution to this issue. In 2006 HIMSS sponsored Phase 1 of the e-Authentication Pilot Study which modeled the use of the General Services Administration (GSA) electronic authentication certificates using PKI and SAML in a healthcare information exchange (HIE) environment by 6 Regional Health Information Organizations (RHIOs) located in 5 different states. Phase 2 extended the work of Phase 1 to model federated single sign-on into a distributed multi-state HIE using PKI certificates for secure identity management, open source Internet2 middleware (Shibboleth and Shibboleth tools) for the authorization architecture and single sign-on capability and OASIS defined Security Assertion Markup Language (SAML) for access control. Phase 2 concluded in the development of a healthcare specific configuration of a Shibboleth network architecture and the development of healthcare related directory objects for role-based authorization. The technology was successfully demonstrated at the HIMSS 2008 IHE Showcase and is a part of the NHIN2. Phase 3 software improvements include Shibboleth 2.x and SAML 2.x for protocol, assertions and bindings. Phase 3 extended the network to include NHIN connectivity as a participant in the NHIN2 project. Advancements included: Record Location Services (RLS); proprietary Electronic Health Records (EHR); Personal Health Record Service (PHR); Public Health Immunization Record Service and VMWare virtual server technology. The technology was demonstrated at the HIMSS 2009 IHE showcase. Phase 4 extends the use of NHIN Connector for Clinical and Administrative transactions, connection to OpenVISTA, work with the Voluntary Universal Healthcare Identifier (VUHID) and the growth of the network to 18 hospitals. Liberty Alliance/Kantara Workgroup for Health Identity and Assurance continues to participate to define Health Identity Management best practices and Role-based Authentication. The technology was demonstrated at the HIMSS 2010 in the Federal Healthcare Architecture FHA showcase working with Medicaid and Medicaid Information Technology Architecture (MITA).
Talk Outline Problems & Opportunity Key Benefits of the study Project Review and History Case Studies: Building a Federated NHIN eHealth Ohio HIE-Bridge HIE in Minnesota NHIN Federated HIE Model Recommendations
Key Problems When doctors connect nationally or outside their HIE, how do they know who is on other end of a request for medical information? At a local network level users are known to the system for access, but in a situation where a request is coming from outside the network the requestor is not typically known. A Trust framework needs to be established. Usernames and passwords problems Too many – I have a spreadsheet with over 200 username passwords. Lose track Very frustrating to remember them all Very unsecure - Need to share username/passwords between apps – You might require access to multiple applications to get the complete medical history.
Key Benefits Providers and Staff: Simplify the process Modernize user authentication Help link systems together Managers and Technologists Manage to national standards Use open standards – vendor neutral Benefits to Patients More secure systems Protection of patient privacy Easier interaction with systems
Looking forward we anticipate future connection and collaboration between MN and OH into Phase 4.
The GSA was given the assignment under the Bush administration to develop a secure infrastructure for electronic government (eGov) for all federal agencies. Their solution incorporated national and international standards and was developed jointly with the National Institute of Standards and Technology (NIST). The security solution for the Federal Trust Model for Federated Identity included Public Key Infrastructure (PKI) and Third Party Certification services. To permit scalability and useablity across all the agencies, businesses and individuals involved in eGov, the Federal Bridge Certificate Authority was created. Following 9/11 and the creation of the Homeland Security Department, these standards were put into use following the Homeland Security Presidential Directive, HSPD-12 in August 2004. In 2005 HIMSS and the GSA, began development of a pilot project to demonstrate the adoption of the GSA’s secure and interoperable technical architecture for sharing information across multiple healthcare providers. The pilot utilized the GSA‘s e-Authentication Service Component program to provide digital certificates, technical architecture development support, and certificate validation services. The Pilot Project began in 2006 with Seven Regional Health Information Organizations (RHIOs)/health information exchanges (IHEs) and ORC, Inc. Federal Certificate Authority. The HIMSS e-Authentication Whitepaper was produced. http://www.himss.org/content/files/GSAwhitepaper.pdf
Phase 1 Participants GSA: ORC, Inc. ACES Certificate Authority CT: e-Health Connecticut MI: Michigan Data Sharing & Transaction Infrastructure Project TX: CHRISTUS Health, Health eCities of Texas Project MN: Community Health Information Collaborative OH: eHealth Ohio/OSC Bioinformatics OH: Virtual Medical Network NV: Single Portal Medical Record Project Results of Phase 1 Multiple RHIOs can agree and implement a common framework for the policies, procedures, and standards for federated identity authentication across multiple use cases. The Federal e-Authentication infrastructure is relevant and applicable to use cases for RHIOs in diverse operational environments. PKI, as a standard for strong authentication, can be deployed uniformly across multiple RHIOs. The Federal PKI and its trusted Federal Credential Service Providers can be leveraged for use in multiple use cases across multiple RHIOs. For RHIOs, local registration authorities and local enrollment are viable for larger scale deployments to provide for strong authentication using Federal e-Authentication components. Hardware tokens (i.e., smart cards, flash drives) are viable for RHIO deployment of level 4 authentication assurance. The results were published in the HIMSS Whitepaper: HIMSS/GSA National e-Authentication Project Whitepaper, 6/2007
Phase 2 Participants CT: e-Health Connecticut MN: MEDNET, USA MN: Community Health Information Collaborative (CHIC) OH: eHealth Ohio OH: Virtual Medical Network Phase 2 Participants CT: e-Health Connecticut MN: MEDNET, USA MN: Community Health Information Collaborative (CHIC) OH: eHealth Ohio OH: Virtual Medical Network Following the success of the e-Authentication phase 1, the participants met following HIMSS 2007 annual meeting and a group was formed to focus on extending the project to investigate authorization and access control. The participants agreed to run Shibboleth open source software and test federated connectivity between themselves. The Shibboleth middleware would accommodate the PKI authentication services studied in phase 1 and add the capability to authorize access for authenticated users. The guiding principles of phase 2 were to provide Federated Single Sign-on, adhere to existing and developing standards, utilize open source software solutions wherever possible, provide connectivity to all – even proprietary solutions and publish/present discovered solutions to inform stakeholders. Phase 2 Results Shibboleth network servers for Identity and Service Provders were established. Simplified Role-Based Access for Referrals and Emergency scenarios were tested successfully. The Shibboleth solution was incorporated into the IHE Interoperability Showcase for The HIMSS Annual Meeting in 2/2008.
Phase 3 – Activities and results The Original Focus of Phase Three was to extend the Role-Based Access Model and scalability. But in May 2008 CHIC was selection for the NHIN2 development and NHIN work took precedence for 2008. All efforts were directed to assure interoperability with the 18 NHIN participants. Based on the participation in the NHIN, the e-Authentication project is now a portal to the NHIN. Because of NHIN connectivity and PKI authentication capability, the CDC is participating in an ongoing project with CHIC in Minnesota. Scalability gains were achieved by using virtualization of servers to reduce maintenance and application deployment. A search for ways to streamline PKI certificate provisioning led to a relationship with Safe BioPharma.
Phase 4 – 2009 Case Studies - Implement lessons learned in HIE Work with other Open Source solutions Implement a federated identity management system that can be shared between HIEs and states Connect to NHIN to exchange clinical and Administrative transactions With Kantara develop a reference implementation for federated identity
Ohio developments: eHealth Ohio is working jointly with a Provider General Purchase Organization, The Rubicon Group (TRG). Our HIE platform is located at TechColumbus a state run tech-business incubator. We established the HIE in the PlatForm Laboratory VMWare Cloud. TRG works with 50 practices and 200 physicians. The practices have varying capability from fully functioning EMR to no EMR. We are establishing a record locator service that will enable the practices to find patient records, even those in paper. The physician can query the system and it will respond with a listing of possible locations for the patient records, give the records department information and phone numbers. The beta test case has multiple pediatric physicians, a pediatric urgent care and the local Children’s hospital. We are also working at developing a connection for a Hospitalist to help with her rounding, patient management and charge capture.
Current eHealth Ohio platform.
This shows how MEDNETWorld.com (MEDNET) added the NHIN backbone connectivity to an existing HIE, CHIC and eHealth Ohio. CHIC is the Community Health Information Collaborative, a nonprofit corporation formed in 1997 with 420 member hospitals, clinics, public health and tribal health departments, long-term care facilities and higher education institutions in northeastern Minnesota. CHIC is the lead organization for our regional HIE designed to provide secure access to electronic health records through applications developed with MEDNETWorld. eHealth Ohio and VMN participate as a part of the e-Authentication Project testbed. In 2008 CHIC and MEDNET were awarded one of 6 pilot projects to connect CHIC to the NHIN backbone for trial usage. In this project we demonstrated connectivity to other federal agencies (CDC, VA, DoD, SSA) and the other 18 participants all over the US. MEDNET developed and implemented it’s own NHIN gateway for the NHIN project.
NHIN Developed by Department of Health and Human Services 18 initial participants Internet-based, uses existing Internet standards Web Services based with SAML security No centralized servers / control Moving into production in 2009
This diagram shows how NHIN runs over the Internet. Take note that only one connection is required to link your organization to other NHIN participating organizations. Also note that at this point all connections are point-to-point, there is no centralized server to connect thru. The slide also shows some of the federal participants and types of participants involved in the 2008 Trial Implementations. Participants in NHIN CHIC (Community Health Information Collaborative) with MEDNETWorld.com as technology provider Department of Veterans Affairs Department of Defense Social Security Administration Kaiser Permanente Cleveland Clinic MedVA Indiana University HealthLINC/Bloomington Hospital HealthBridge Wright State University NYeC (New York eHealth Collaborative) DHIN (Delaware Health Information Network) CareSpark WVHIN (West Virginia Health Information Network) NCHICA (North Carolina Healthcare Information and Communications Alliance, Inc.) Lovelace Clinic Foundation LBNH (Long Beach Network for Health)
Here we articulate our vision for a fully interconnect and trusted health care security system. A combination of federation between participants, using some agreed-to frameworks and certificate authorities, should allow access to standardized services, such as NHIN and other, non-standardized web services.
This slide describes the standard NHIN Message Security standards. Note that it requires a PKI environment to sign and encrypt messages and connections. Username/password security is not welcome here!
This diagram shows a standard SOAP message, with a SAML Assertion in it’s header. This is a standard way to carry a SAML 2.0 assertion, which tells the receiving system who sent the message. Since the SAML message must be signed by a trusted CA, the receiver can trust the SAML assertion. The receiver can then read the SAML assertion and make it’s own decisions as to whether it wants to allow this person into their systems for this transaction. If receiver is free to reject any messages if: 1. There is no SAML Assertion, 2. The SAML Assertion is not signed, or signed by a CA that the recipient does not recognize, 3. The Assertion describes a user or system that the recipient doesn’t trust or know. Note that the recipient is always in control of accepting a message, there is no “automatic” trust in the system.
These are our thoughts about how NHIN can adopt federation technology to support NHIN and other services using the single sign-on supported by federations. Federations are different groups of organizations, managing and supporting their own directories of users, that agree to exchange user information and authentication information between organizations. No centralized registry is then needed, however, Role-based authorization is then usually needed to support allowing people to access different services by only knowing their roles. This is important to be able to scale federations to multiple organizations, since different organizations can never really know all the different users that might come thru the federation system.
This shows how MEDNETWorld.com (MEDNET) added the NHIN backbone connectivity to an existing HIE, CHIC and eHealth Ohio. CHIC is the Community Health Information Collaborative, a nonprofit corporation formed in 1997 with 420 member hospitals, clinics, public health and tribal health departments, long-term care facilities and higher education institutions in northeastern Minnesota. CHIC is the lead organization for our regional HIE designed to provide secure access to electronic health records through applications developed with MEDNETWorld. eHealth Ohio and VMN participate as a part of the e-Authentication Project testbed. In 2008 CHIC and MEDNET were awarded one of 6 pilot projects to connect CHIC to the NHIN backbone for trial usage. In this project we demonstrated connectivity to other federal agencies (CDC, VA, DoD, SSA) and the other 18 participants all over the US. MEDNET developed and implemented it’s own NHIN gateway for the NHIN project.