Protecting Privacy while Sharing Medical Data between Regional Healthcare Entities
|
|
- Randall May
- 5 years ago
- Views:
Transcription
1 IBM Almaden Research Center Protecting Privacy while Sharing Medical Data between Regional Healthcare Entities Tyrone Grandison, Srivatsava Ranjit Ganta, Uri Braun, James Kaufman Session S113: Sharing Data Brisbane Convention Center Australia. August 23rd, 2007
2 Agenda Motivation Problem Goal Related Work Overview Concerns System Description Overview Technology Details Performance Evaluation Conclusion 2
3 Motivation The move to electronic healthcare systems promises a lot of benefits: better delivery of care, reduction in medical errors, improved quality of life. Existing business alliances must preserves. Thus, the formation of Regional Health Information Organizations (RHIOs) along these lines. A natural extension to the idea of a RHIO is to connect the RHIOs together into a National Healthcare Network Privacy concerns involved in inter- and intra- RHIO collaboration becoming increasing important in the public eye. 3
4 Problem Each RHIO has independent policies regarding the privacy of health records stored within the RHIO. Ensuring the privacy of health information when used inside the RHIO can be addressed by contemporary data disclosure technology. When two RHIOs need to share (clinical) documents, enabling the protection of patient privacy is still an open issue, because: There can be no assumption of a central authority, Policy enforcement may involve multiple privacy policies based on source, destination and the documents involved in the transfer, Data can be forwarded to an entity with additional rights, such as remote update rights. 4
5 Goal Enable inter-rhio collaboration while adhering to data disclosure constraints, i.e. privacy and security concerns. The technology is called Sticky Policy Enforcement and provides a way to ensure that policy constraints are enforced wherever patient data travels. This is a first step towards the broader mission of enabling Privacy Compliance After Extraction. 5
6 Related Work The Sticky Policy Paradigm was mentioned in IBM s work on Enterprise Privacy Authorization Language (EPAL) Sticky Policies recognized as a concept that is important for privacy preservation in distributed computer systems. The underlying notion is that the policy applicable to a piece of data travels with it and is enforceable at each point it is used. Though identified as a critical problem, application-independent solutions that were technically feasible and scaleable were not realized. Rivest and Lampson s work on SDSI (Simple Distributed Security Infrastructure) Focused on the establishment of trust for a single disclosure object with a single policy. A data recipient is either granted access to the entire document, or must request authorization from the source. Trusted Computing Group (TCG) consortium s work on Trusted Computing Platform An approach to establishing the trust in single object, single policy environments. 6
7 Concerns with Related Work In healthcare environments, granting access to the entire document and/or requesting authorization from the source is not sufficient. Sticky policy functionality should handle data disclosure to a party with welldefined constraints that allow data release to less privileged parties without requiring the originator s involvement. This avoids the potential pitfall of having to contact a (potentially) large number of third parties before making a decision to disclose a specific piece of information. Requiring targeted application development that are not application and data agnostic is not suitable for healthcare. RHIOs tend to follow a model where there is a complex web of pre-existing infrastructure that are likely to be from differing vendors and running different, even proprietary, systems. An ideal approach to Sticky Policy Enforcement should account for the fact that data changes occur frequently. It is not clear how the related work would handle this without incurring a severe performance penalty. 7
8 System Description Our solution to this problem involves identifying the applicable privacy policy constraints for a document(s) to be shared and sticking them together, forming a single entity of transfer a sticky policy package. In taking the approach of packaging policy with data, we maintain centralized decision making in a distributed enforcement. As only policy constraints that apply to the disclosed data are transferred, the communication impact is relatively small and the system does not require prior agreement among all medical organizations, states and patients. We leverage Hippocratic Database Active Enforcement for local data disclosure policy enforcement. Provides cell-level, policy-based disclosure management functionality, such that databases only return data that is compliant with company policies, applicable legislation, and customer preferences. 8
9 Sticky Policy Package Requestor: The requesting entity Recipient: The final consumer of the data. Purpose: The purpose for which the document(s) is being requested. Retention: Time period until which access to the data is allowed. Copy-Forward: The condition specifying whether the recipient is entitled to forward the requested document(s) to a third party after copying. Append-Modify: The Boolean condition specifying whether the recipient can append/modify the document. Results Tuples Policy Purpose Role Recipient Retention Copy forward Append-Modify Audit From To Timestamp Verifiable signature <XML> <Results> <Row>Robert Mueller</Row> <Row>Michael Hayden</Row> </Results> <Policy> <Purpose= Therapy /> <Role= Consultant /> <Recipient= same /> <Retention= 6 months /> <Copy forward= Yes /> <Append-Modify= No /> </Policy> <Audit> <From= CaliRHIO /> <To= PyschArizRHIO /> <Timestamp= 8/8/06 3:30pm /> <Signature>X</Signature> </Audit> </XML> 9
10 Sticky Policy Creation Request Sticky Policy HDB Active Enforcement Module Policy-compliant query Sticky Policy package HDB Sticky Policy Module Database 10
11 Sticky Policy Consumption Policy ID Purpose Role Recipient Schema Table Col Cond Copy fwd Retention 1 Therapy Consultant PsychAriz PAR Patients * Y 6 months Employee XML Signed Result First name Robert Michael Last name Mueller Hayden Archive XML-SR 1 CLOB <Result../> Scope Table Patients Policy 1 Condition XML SR=1 11
12 Performance Evaluation Cost of Sticky Policy Generation Overhead of Sticky Policy Consumption Overhead Cost for StickyPolicy Generation Overhead Cost for StickyPolicy Consumption Time(milli secs) HDB query w ithout sticky policies HDB query w ith stickypolicy generation Time(milli secs) XML Processing, Create and Insert Updating Metadata tables Updating archive Number of Documents Number of Documents The overall cost introduced by sticky policy generation is acceptable considering that the generation is done using XML. The time elapsed in updating the metadata tables and the archive is less than 30% of the overall policy consumption cost. 12 Our experimental platform used a synthetically generated dataset based on the Clinical Document Architecture. All experiments were run using IBM DB2 UDB 8.2. The operating system was Microsoft Windows XP with Service Pack 2. The hardware consisted of a PC with Pentium-4 2.4GHz processor and a 60GB disk. The buffer pool was set to 1 MB.
13 Conclusion The construction of RHIOs and the sharing of information between them is an important prerequisite for the successful creation and deployment of a National Healthcare Information Network. Very little attention has been placed on technology to enable this RHIO to RHIO collaboration in a privacy preserving manner, till now. We present a first step towards this goal: Sticky Policy Enforcement technology 13
14 The End
Protecting Privacy while Sharing Medical Data Between Regional Healthcare Entities
Protecting Privacy while Sharing Medical Data Between Regional Healthcare Entities Tyrone Grandison a, Srivatsava Ranjit Ganta b, Uri Braun c, James Kaufman a a IBM Almaden Research, 650 Harry Road, San
More informationOracle Database Auditing
By Craig Moir craig@mydba.co.za http://www.mydba.co.za August 2012 Version 1 WHY AUDIT? Allows organizations to enforce the trust-but-verify security principle. Satisfying compliance regulations. Enables
More informationIBM SPSS Text Analytics for Surveys
Software Product Compatibility Reports Product IBM SPSS Text Analytics for Surveys 4.0.1.0 Contents Included in this report Operating systems Hypervisors (No hypervisors specified for this product) Prerequisites
More informationTheseos Data Traceability Query Engine. Intelligent Information Systems IBM Almaden Research Center
Data Traceability Query Engine Intelligent Information Systems IBM Almaden Research Center Technology Overview Description of Technology is a query engine that: Allows enterprises to create traceability
More informationOptim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales
Optim Solutions for Data Governance R. Kudžma Information management technical sales kudzma@lt.ibm.com IBM Software Group 10/23/2009 2008 IBM Corporation What is Data Governance Data Governance is the
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationOASIS Cross-Enterprise Security and Privacy Authorization (XSPA) WS- Trust Healthcare Profile. Working draft 20 August, 2008
OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) WS- Trust Healthcare Profile Working draft 20 August, 2008 Document identifier: xspa-ws-trust-profile-01 Location: Editor: Brett Burley,
More informationEnterprise Privacy and Federated Identity Management
Enterprise Privacy and Federated Identity Management Michael Waidner IBM Zurich Research Lab & IBM Privacy Research Institute April 2003 Outline 1. Motivation 2. Enterprise Privacy Management 3. Federated
More informationSingle Sign-On. Introduction
Introduction DeliverySlip seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single
More informationEnhancing Security With SQL Server How to balance the risks and rewards of using big data
Enhancing Security With SQL Server 2016 How to balance the risks and rewards of using big data Data s security demands and business opportunities With big data comes both great reward and risk. Every company
More informationService-oriented Assurance
Service-oriented Assurance Michael Waidner IBM Zurich Research, Security and Privacy Joint with Günter Karjoth, Matthias Schunter and Birgit Pfitzmann Riva San Vitale March 2006 Euro-Atlantic Symposium
More informationNetWrix Group Policy Change Reporter
NetWrix Group Policy Change Reporter Version 7 Enterprise Edition Quick Start Guide Contents NetWrix Group Policy Change Reporter Quick Start Guide 1. INTRODUCTION... 3 1.1 KEY FEATURES... 4 1.2 LICENSING...
More informationHealth Information Exchange Clinical Data Repository Utility Services Architecture Building Block HISO
Health Information Exchange Clinical Data Repository Utility Services Architecture Building Block HISO 10040.1 To be used in conjunction with HISO 10040.0 Health Information Exchange Overview and Glossary
More informationGovernance, Risk, and Compliance Controls Suite. Hardware and Sizing Recommendations. Software Version 7.2
Governance, Risk, and Compliance Controls Suite Hardware and Sizing Recommendations Software Version 7.2 GRC Controls Suite Hardware and Sizing Recommendations Part No. AG014-720B Copyright 2007, 2008,
More informationDocument No.: VCSATSP Restricted Data Protection Policy Revision: 4.0. VCSATS Policy Number: VCSATSP Restricted Data Protection Policy
DOCUMENT INFORMATION VCSATS Policy Number: VCSATSP 100-070 Title: Restricted Data Protection Policy Policy Owner: Infrastructure Manager Effective Date: 5/1/2013 Revision: 4.0 TABLE OF CONTENTS DOCUMENT
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationGlobal Reference Architecture: Overview of National Standards. Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants
Global Reference Architecture: Overview of National Standards Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants Goals for this Presentation Define the Global Reference Architecture
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationContents Overview of the Gateway Performance and Sizing Guide... 5 Primavera Gateway System Architecture... 7 Performance Considerations...
Gateway Performance and Sizing Guide for On-Premises Version 17 July 2017 Contents Overview of the Gateway Performance and Sizing Guide... 5 Prerequisites... 5 Oracle Database... 5 WebLogic... 6 Primavera
More informationMaryland Health Care Commission
Special Review Maryland Health Care Commission Security Monitoring of Patient Information Maintained by the State-Designated Health Information Exchange September 2017 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT
More informationPRIVACY MONITORING AND ENFORCEMENT IN A WEB SERVICE ARCHITECTURE (WSA)
PRIVACY MONITORING AND ENFORCEMENT IN A WEB SERVICE ARCHITECTURE (WSA) by Kai Tong Submitted in partial fulfilment of the requirements for the degree of Master of Electronic Commerce at Dalhousie University
More informationExecutive Summary SOLE SOURCE JUSTIFICATION. Microsoft Integration
Executive Summary Commvault Simpana software delivers the unparalleled advantages and benefits of a truly holistic approach to data management. It is one product that contains individually licensable modules
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationCommon approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.
Common approaches to email management Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C. Agenda 1 2 Introduction and Objectives Terms and Definitions 3 Typical
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationImplementing Your BYOD Mobility Strategy An IT Checklist and Guide
Implementing Your BYOD Mobility Strategy An IT Checklist and Guide 2012 Enterproid IBYOD: 120221 Content 1. Overview... 1 2. The BYOD Checklist... 1 2.1 Application Choice... 1 2.2 Installation and Configuration...
More informationHIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES. Audit Report October 29, 2010
HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES Audit Report 10-52 October 29, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret
More informationMinfy-Magnaquest Migration Use Case
Document Details Use Case Name Minfy Migration Use Case04 First Draft 15 th August 2018 Author Prabhakar D Reviewed By Pradeep Narayanaswamy Scope This document provides a detailed use case study on data
More informationVocera Secure Texting 2.1 FAQ
General Description Q. What is Vocera Secure Texting? A. Vocera Secure Texting (VST) combines convenience with privacy by providing a secure, easy to use, HIPAA-compliant alternative to SMS as well as
More informationCertified Enterprise Applications Integration Specialist (With Microsoft BizTalk Server) Sample Material
Certified Enterprise Applications Integration Specialist (With Microsoft BizTalk Server) Sample Material 1. INTRODUCTION & INSTALLATION 1.1 Introduction BizTalk is a business process management (BPM) server
More informationPRODUCT DESCRIPTIONS AND METRICS
PRODUCT DESCRIPTIONS AND METRICS Adobe PDM - Adobe LiveCycle Managed Services (2013v3) The Services described in this PDM are Managed Services and are governed by the terms of the General Terms, the Exhibit
More informationHIPAA AND SECURITY. For Healthcare Organizations
HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationThe Future of HITRUST
The Future of HITRUST Henry Vynalek, Director, HIE & IT Operations and Security Officer Mike Wells, Director of Security, Director of Engineering The Ohio Health Information Partnership (CliniSync) Henry
More informationDeltek Costpoint Enterprise Reporting 6.1. Installation Guide for New Users
Deltek Costpoint Enterprise Reporting 6.1 Installation Guide for New Users September 23, 2011 While Deltek has attempted to verify that the information in this document is accurate and complete, some typographical
More informationNorth Carolina Health Information Exchange Authority. User Access Policy for NC HealthConnex
North Carolina Health Information Exchange Authority User Access Policy for NC HealthConnex North Carolina Health Information Exchange Authority User Access Policy for NC HealthConnex Introduction The
More informationData Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP
Data Subject Access Request Procedure Page 1 Table of contents 1. Scope, Purpose and Users... 3 2. Reference Documents... 3 3. Data Subject Access Request ( DSAR )... 3 4. The Rights of a Data Subject...
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationOracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security
Oracle Audit Vault Trust-but-Verify for Enterprise Databases Tammy Bednar Sr. Principal Product Manager Oracle Database Security Agenda Business Drivers Audit Vault Overview Audit
More information(60 min) California State Updates
(60 min) California State Updates Presenters: 30 min Speranza Avram, CEO, CalHIPSO: EHR status & uptake in CA 20 min David A. Minch, President & COO, HealthShare Bay Area: HIE status 10 min Questions 1
More informationForcare B.V. Cross-Enterprise Document Sharing (XDS) Whitepaper
Cross-Enterprise Document Sharing (XDS) Copyright 2010 Forcare B.V. This publication may be distributed in its unmodified whole with references to the author and company name. Andries Hamster Forcare B.V.
More informationMonarch General Capabilities Overview EMPOWERING ENABLING CONNECTING
Monarch General Capabilities Overview EMPOWERING ENABLING CONNECTING Executive Summary Monarch is a data translation, interface engine and routing solution for enterprise and system owners. Whether your
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationRemote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act
Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Are your authentication, access, and audit paradigms up to date? Table of Contents Synopsis...1
More informationExisting Healthcare Standards
Existing Healthcare Standards Category Context (Information Model) Information Interchange Standard & Specific Elements ASN.1 Abstract Syntax Notation.1 ASTM E2369-05 Standard Specification for Continuity
More informationCirius Secure Messaging Single Sign-On
Cirius Secure Messaging seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single
More information2 The IBM Data Governance Unified Process
2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.
More informationSend and Receive Exchange Use Case Test Methods
Send and Receive Exchange Use Case Test Methods Release 1 Version 1.0 October 1, 2017 Send and Receive Exchange Test Methods Release 1 Version 1.0 Technology Sponsor [Name] [Email] [Telephone] Signature
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationORACLE 11g RDBMS Features: Oracle Total Recall Oracle FLEXCUBE Universal Banking Release [May] [2017]
ORACLE 11g RDBMS Features: Oracle Total Recall Oracle FLEXCUBE Universal Banking Release 12.4.0.0.0 [May] [2017] Table of Contents 1. INTRODUCTION... 2 2. REQUIREMENT /PROBLEM STATEMENT... 3 3. PREREQUISITES...
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More information(9A05803) WEB SERVICES (ELECTIVE - III)
1 UNIT III (9A05803) WEB SERVICES (ELECTIVE - III) Web services Architecture: web services architecture and its characteristics, core building blocks of web services, standards and technologies available
More informationPROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO
Section: Subject: Administration (AD) Data Governance AD.3.3.1 DATA GOVERNANCE PROCEDURE Legislation: Alberta Evidence Act (RSA 2000 ca-18); Copyright Act, R.S.C., 1985, c.c-42; Electronic Transactions
More informationPrescription Monitoring Program Information Exchange (PMIX) Architecture. Version 1.0. April 2012
Prescription Monitoring Program Information Exchange (PMIX) Architecture Version 1.0 April 2012 Developed in conjunction with: TABLE OF CONTENTS 1 Document Purpose... 5 2 Document Scope... 5 3 Background...
More informationReal World Examples for Part 11 Technical Controls
Wolfgang Winter Product Manager, Networked Data Systems 23. January 2003 Real World Examples for Part 11 Technical Controls Time: 3.00 p.m. Central European Time Telephone Number: +44 20 8240 8243 Chair
More informationBest Practices. Deploying Optim Performance Manager in large scale environments. IBM Optim Performance Manager Extended Edition V4.1.0.
IBM Optim Performance Manager Extended Edition V4.1.0.1 Best Practices Deploying Optim Performance Manager in large scale environments Ute Baumbach (bmb@de.ibm.com) Optim Performance Manager Development
More informationSecure Messaging Large File Sharing
Feature Sheet Secure Messaging Large File Sharing Use Secure Messaging to securely share, track, and control single or multiple file attachments of up to 5GB directly from your email Whether you re using
More informationPhire 12.2 Hardware and Software Requirements
Phire 12.2 Hardware and Software Requirements Copyright 2017, Phire. All rights reserved. The Programs (which include both the software and documentation) contain proprietary information; they are provided
More informationInternet, , Social Networking, Mobile Device, and Electronic Communication Policy
TABLE OF CONTENTS Internet, Email, Social Networking, Mobile Device, and... 2 Risks and Costs Associated with Email, Social Networking, Electronic Communication, and Mobile Devices... 2 Appropriate use
More informationSmart Software Licensing tools and Smart Account Management Privacy DataSheet
Smart Software Licensing tools and Smart Account Management Privacy DataSheet This Privacy DataSheet describes the processing of personal data (or personal identifiable information) by Smart Software Licensing
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Chmura Orthodontics ( Practice ) understands the important of keeping your personal information private. Personal information includes: your name, postal address, e-mail address,
More informationPPC s SMART Practice Aids Prepare for Installing database upgrade to SQL Express 2008 R2
PPC s SMART Practice Aids Prepare for Installing database upgrade to SQL Express 2008 R2 June 2013 Agenda Objectives SMART Practice Aids System Requirements SMART Installation Pre-Requisites Installation
More informationTape Sucks for Long-Term Retention Time to Move to the Cloud. How Cloud is Transforming Legacy Data Strategies
Tape Sucks for Long-Term Retention Time to Move to the Cloud How Cloud is Transforming Legacy Data Strategies INTRODUCTION Tapes suck for long term retention (LTR) Unknown content Locked in proprietary
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationSingle Sign-On. Introduction. Feature Sheet
Feature Sheet Single Sign-On Introduction CipherPost Pro seamlessly integrates into your enterprise single sign-on (SSO) to give your users total email security and an extra set of robust communications
More informationConCert FAQ s Last revised December 2017
ConCert FAQ s Last revised December 2017 What is ConCert by HIMSS? ConCert by HIMSS is a comprehensive interoperability testing and certification program governed by HIMSS and built on the work of the
More informationPaolo Bellavista Veronica Conti Carlo Giannelli Jukka Honkola
The Smart-M3 Semantic Information Broker (SIB) Plug-in Extension: Implementation and Evaluation Experiences Paolo Bellavista Veronica Conti Carlo Giannelli Jukka Honkola 20.11.2012 - SN4MS'12 DISI, Università
More informationDefendX Software Control-Audit for Hitachi Installation Guide
DefendX Software Control-Audit for Hitachi Installation Guide Version 4.1 This guide details the method for the installation and initial configuration of DefendX Software Control-Audit for NAS, Hitachi
More informationMassachusetts Health Data Consortium CAQH CORE - NEHEN - VeriSign/Symantec Pilot. September 2010
Massachusetts Health Data Consortium CAQH CORE - NEHEN - VeriSign/Symantec Pilot September 2010 Agenda CAQH status CORE UPD Pilot overview Q&A 2 HR 3590 Patient Protection and Affordable Care Act: Section
More informationTrusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum
Trusted Virtual Domains: Towards Trustworthy Distributed Services Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum The Main Motivation Trustworthy Distributed Computing Selected Applications..
More informationEnsuring Privacy and Security of Health Information Exchange in Pennsylvania
Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania
More informationSecure Enterprise Access to Support Collaboration on Clinical Research
Secure Enterprise Access to Support Collaboration on Clinical Research Oracle9iR2 Database Security Oracle World, Sept. 9, 2003 Nitin Sawhney, Ph.D. Cal Collins and Tom Hickerson Akaza Research, Cambridge,
More informationIBM Managed Security Services for X-Force Hosted Threat Analysis Service
IBM Managed Security Services for X-Force Hosted Threat Analysis Service Z125-8483-00 05-2010 Page 1 of 5 Table of Contents 1. Scope of Services... 3 1.1 Licensing... 3 1.1.1 Individual... 3 1.1.2 Distribution...
More informationSOA-20: The Role of Policy Enforcement in SOA Management
SOA-20: The Role of Policy Enforcement in SOA Management Phil Walston VP Product Management Layer 7 Technologies Overview Discuss policy in SOA, the role of Policy Enforcement Points and where this fits
More informationAdministration and Data Retention. Best Practices for Systems Management
Administration and Data Retention Best Practices for Systems Management Agenda Understanding the Context for IT Management Concepts for Managing Key IT Objectives Aptify and IT Management Best Practices
More informationIBM Endpoint Manager Version 9.0. Software Distribution User's Guide
IBM Endpoint Manager Version 9.0 Software Distribution User's Guide IBM Endpoint Manager Version 9.0 Software Distribution User's Guide Note Before using this information and the product it supports,
More informationGplus Adapter 6.1. Gplus Adapter for WFM. Hardware and Software Requirements
Gplus Adapter 6.1 Gplus Adapter for WFM Hardware and Software Requirements The information contained herein is proprietary and confidential and cannot be disclosed or duplicated without the prior written
More informationData Vault Brisbane User Group
Data Vault Brisbane User Group 26-02-2013 Agenda Introductions A brief introduction to Data Vault Creating a Data Vault based Data Warehouse Comparisons with 3NF/Kimball When is it good for you? Examples
More informationSession 4.07 Accountability for Use or Disclosure of a Patient s Electronic Record
Session 4.07 Accountability for Use or Disclosure of a Patient s Electronic Record Requirements for a Security and Privacy Audit System Presented By: John Travis, CPA, MSA, CHFP Director, Solution Management
More informationWHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty
WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches
More informationEMC Forum EMC ViPR and ECS: A Lap Around Software-Defined Services
EMC Forum 2014 Copyright 2014 EMC Corporation. All rights reserved. 1 EMC ViPR and ECS: A Lap Around Software-Defined Services 2 Session Agenda Market Dynamics EMC ViPR Overview What s New in ViPR Controller
More informationFrom IHE Audit Trails to XES Event Logs Facilitating Process Mining
40 Digital Healthcare Empowering Europeans R. Cornet et al. (Eds.) 2015 European Federation for Medical Informatics (EFMI). This article is published online with Open Access by IOS Press and distributed
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationScientific Research Data Management Policy
Scientific Research Data Management Policy DOCUMENT SUMMARY Document No. SRDMP-0001 Ref. Document Title Author(s) Policy Sponsor Scientific Research Data Management Policy Karen Ambrose Alison Davis DOCUMENT
More informationNETWRIX ACTIVE DIRECTORY CHANGE REPORTER
NETWRIX ACTIVE DIRECTORY CHANGE REPORTER ADMINISTRATOR S GUIDE Product Version: 7.2 January 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationHippocratic Databases and Fine Grained Access Control
Hippocratic Databases and Fine Grained Access Control Li Xiong CS573 Data Privacy and Security Review Anonymity - an individual (or an element) not identifiable within a well-defined set Confidentiality
More informationHIPAA / HITECH Overview of Capabilities and Protected Health Information
HIPAA / HITECH Overview of Capabilities and Protected Health Information August 2017 Rev 1.8.9 2017 DragonFly Athletics, LLC 2017, DragonFly Athletics, LLC. or its affiliates. All rights reserved. Notices
More informationVirtru Data Protection
Virtru Data Protection Surprisingly easy data protection and control. Today s data protection solutions fail because the tradeoff between security and ease of use is unacceptable. Regulated content, intellectual
More informationHospital System Lowers IT Costs After Epic Migration Flatirons Digital Innovations, Inc. All rights reserved.
Hospital System Lowers IT Costs After Epic Migration 2018 Flatirons Digital Innovations, Inc. All rights reserved. A large hospital system was migrating to the EPIC software product suite and as part of
More informationFundamentals of Information Systems, Seventh Edition
Chapter 3 Data Centers, and Business Intelligence 1 Why Learn About Database Systems, Data Centers, and Business Intelligence? Database: A database is an organized collection of data. Databases also help
More information3M Molecular Detection System Software Upgrade/Installation Instructions
User Manual Supplement Number: TB.342837.03 Effective Date: March 2018 Supersedes: TB.342837.02 Technology Platform: 3M Molecular Detection System Originating Location: St. Paul, MN 3M Molecular Detection
More informationCAET Privacy Policy August
CAET Privacy Policy August 2017-08-21 Privacy Policy - Protection of Personal Information Policy Statement The Canadian Association for Enterostomal Therapy (CAET) controls the collection, use and disclosure
More informationDesign Considerations for Using Flash Memory for Caching
Design Considerations for Using Flash Memory for Caching Edi Shmueli, IBM XIV Storage Systems edi@il.ibm.com Santa Clara, CA August 2010 1 Solid-State Storage In a few decades solid-state storage will
More informationA Cloud WHERE PHYSICAL ARE TOGETHER AT LAST
A Cloud WHERE PHYSICAL AND VIRTUAL STORAGE ARE TOGETHER AT LAST Not all Cloud solutions are the same so how do you know which one is right for your business now and in the future? NTT Communications ICT
More informationThe National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne
The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne Schwartz, Assoc. Dir., CDRH, FDA Denise Anderson, MBA, President,
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationGetting Started w/ Security for your Oracle SOA Suite Integrations
Thursday, May 17, 2018 4:00 5:00pm Getting Started w/ Security for your Oracle SOA Suite Integrations From Transport Protection to API Management MAY 16 & 17, 2018 CLEVELAND PUBLIC AUDITORIUM, CLEVELAND,
More information1 Privacy Statement INDEX
INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related
More information