THE FRENCH «DOSSIER MÉDICAL PERSONNEL» (DMP) MAIN INFRASTRUCTURAL FEATURE: SECURITY AND INTEROPERABILITY

Similar documents
Identity and capability management and federation

Implementation of cross-border eprescription services. Päivi Hämäläinen, THL, Finland 14 May ehealth Forum, Athens

Existing Healthcare Standards

Interoperability, critical element for an ehealth Strategy

Cookbook Generic Insurability Version 1.1

Health Information Exchange Clinical Data Repository Utility Services Architecture Building Block HISO

OHF ATNA Audit Client. Architecture & API Documentation. Version seknoop[at]us[dot]ibm[dot]com Sarah Knoop

Presentation to HL7 S&I Framework Data Segmentation for Privacy Initiative 9/25/2013

Workshop 2. > Interoperability <

The Estonian ehealth experience strategy and results. Piret Simmo Estonian ehealth Foundation Standardization manager

Estonian ehealth Experience Artur Novek Implementation manager and Architect Estonian ehealth Foundation

MOBILE HEALTH & FHIR JÜRGEN BRANDSTÄTTER

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

FORM 0928A Section O Hospitals

Direct, DirectTrust, and FHIR: A Value Proposition

M HEALTH SHARING INDUSTRIAL VISION AND EXPERIENCE. Dr Beatrice Falise Mirat COCIR Business and Innovation Committee ehealth Member Orange Healthcare

The HUMANE roadmaps towards future human-machine networks Oxford, UK 21 March 2017

Symmetric Key Services Markup Language Use Cases

The ehealth platform

Integrating the Healthcare Enterprise Patient Care Devices

Forcare B.V. Cross-Enterprise Document Sharing (XDS) Whitepaper

Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record

HWISC (TEHIK) and X-road

IHE Integration Statement for

4.3 Case Study #09: National ehealth network in Denmark

April 25, Dear Secretary Sebelius,

Sharing Value Sets (SVS Profile) Ana Estelrich

Enterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape

Lesson 13 Securing Web Services (WS-Security, SAML)

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

e-health in Austria Experiences from Implementation of EHR and Supplemental Applications

Standards Compliant PACS XDS-I Source & XDS/XDS-I Consumer. Ronan Kirby 25 th March 2011

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

Good Practices in Social Security. Automatic generation of secure Web services for data exchange A case of the National Social Security Fund

Interoperability Specifications and Conformance Testing Services Made Available on the Tukan Platform

Network Security Essentials

Patient User Guide. Create a MyChart Account Create and Use Lucy and MyChartCentral

Enterprise Architecture & Design Authority

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

(60 min) California State Updates

SMart esolutions Information Security

A Signing Proxy for Web Services Security

Legal Regulations and Vulnerability Analysis

INTEROPERABILITY & STANDARDS IN EHEALTH KATRIEN VAN GUCHT PUBLIC

ehealth Days ehealth in Austria Goals and Reality

Interoperability Infrastructure Services

Send and Receive Exchange Use Case Test Methods

The PwC ehealth Service Platform Study Lessons learned from other countries January 2012

The MovingLife Project

Pragmatic approach to PHR in Japan

ENISA Cooperation in the EU / NIS Directive

Technologies for Securing the Networked Supply Chain. Alex Deacon Advanced Products and Research Group VeriSign, Inc.

Interoperability and Medical Communication Using "Patient Envelope"-Based Secure Messaging

Securing your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)

DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS

WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices

The ehealth Strategy of the Vysočina Region

Testing for Reliable and Dependable Health Information Exchange

This document is a preview generated by EVS

Healthcare Security Success Story

Information Technology (CCHIT): Report on Activities and Progress

NRG Oncology and VisionTree Optimal Care (VTOC) Frequently Asked Questions

Safdar Ali (PhD Candidate)

Cookbook ehealth platform Id Support web service Version 1.2

ConCert FAQ s Last revised December 2017

HIPAA AND SECURITY. For Healthcare Organizations

California State Updates. Presenter: David A. Minch, President & COO, HealthShare Bay Area

HIPAA Compliance & Privacy What You Need to Know Now

Integration Guide. SafeNet Authentication Service. Protecting SugarCRM with SAS

Singapore s National Digital Identity (NDI):

PRODUCT UNDER TEST TEST EVENT RESULT. Quality Manual ISO Test Lab Test Report

Frequently Asked Questions

GUIDE ON HOW TO SET UP AND USE YOUR PATIENT PORTAL

Lifeway Adult Information Form

IHE: Integrating the Healthcare Enterprise

The Business of Identity: Business Drivers and Use Cases of Identity Web Services

Short Introduction. v

Managing Trust in e-health with Federated Identity Management

Jan 30,2018. PULSE: HIE Connectivity for Disaster Response Patient Unified Lookup System for Emergencies

Pennsylvania s HIE Journey

TIBCO ActiveMatrix Policy Director Administration

and Privacy HIPAA-Compliance Checklist

The simplified guide to. HIPAA compliance

National Identity Exchange Federation. Web Services System- to- System Profile. Version 1.1

How to Overcome Web Services Security Obstacles

HIC Standards Session Who is who in the zoo?

QUALITY ASSURANCE amron

Augusta University Health: Physician Portal User Guide. Improved Access to Patient Information from Augusta University Medical Center

EHR Connectivity Integration Specification

Department of Veterans Affairs Direct and My HealtheVet Blue Button. Glen Crandall VA Direct Program Manager

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania

The Business Case for Electronic or Digital Signatures

IHE IT Infrastructure Technical Framework Supplement Cross-Enterprise User Authentication (XUA) Integration Profile

MAIN MENU. Access to the main sections of the app 3 different parts : Views and sharing Health record sections Menu bar

ONE ID Identification Information and User Name Standard

Chapter 17 Web Services Additional Topics

SAP Security in a Hybrid World. Kiran Kola

SELF SERVICE INTERFACE CODE OF CONNECTION

OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) WS- Trust Healthcare Profile. Working draft 20 August, 2008

DRAFT For Discussion Purposes Only

Transcription:

Ehealth Conference 2007 Berlin April 17th-19th 2007 THE FRENCH «DOSSIER MÉDICAL PERSONNEL» (DMP) MAIN INFRASTRUCTURAL FEATURE: SECURITY AND INTEROPERABILITY Manuel METZ GIP DMP - France

DMP: a French national ehealth record DMP (Dossier Médical Personnel) will be: a private medical file digitalised aimed at favouring coordination, quality and continuity of care; a file shared by Healthcare professionals (HCP) but under the holder's control (i.e. The patient manages its access, the holder can hide documents...) not a substitute for professional files of HCP in ambulatory care or in Hospital accessed through : Web Portal for holder's Only through professional application for Healthcare professionals to maximize ergonomy and avoid time-consuming change of application consisting of data (structured or not) signed by the author (at first only by the HCP) ehealth Conference Berlin April 2007 2

DMP: A health record needing adequate protection As a health record, the DMP needs to be: Available Opens 7/24 Availability 99,9% (total amount of interruption of 8 hours a year) Protective of data integrity and confidentiality Protected communications (SSL) Restrictive access to a DMP (esafe, HCP rights defined by law) Separation of trusted services (authentication) and data housing Good level authentication * Caisse des Dépôts et Consignations is a state-owned financial institution that performs public-interest missions on behalf of France s central, regional and local governments. ehealth Conference Berlin April 2007 3

Overview of user authentication for DMP V1 HCP's authentication Holder's authentication (a) Authentication through HCP smart card (either server or personal certificate cf. Slide 7) (1) Password previously chosen by the holder (2) One time password sent through SMS to the holder (3) Completion of authentication through the one time password provided (b) Connexion through a SAML assertion given by the portal (4) Connexion through a SAML assertion given by the portal ehealth Conference Berlin April 2007 4

Overview of user authentication for DMP V2 HCP's authentication (a) Authentication through own HCP smart card (personal certificate) Holder's authentication (1) Authentication through patient smart card (personal certificate) (b) Connexion through a SAML assertion given by the portal (2) Connexion through a SAML assertion given by the portal ehealth Conference Berlin April 2007 5

DMP: A personal record controlled by its holder All data in the record must be available to the holder The holder is entitled to write personal data in the record (but not to modify data produced by a healthcare professional) The holder can complement the default rights of access by denying access to specific healthcare professional The patient can hide any document and nothing indicates to target healthcare professional that some documents have been hidden ehealth Conference Berlin April 2007 6

Holder's control on his/her DMP (1) The holder allows named HCP to access his/her DMP (2) The holder can hide named documents from various types of HCP except their author Emergency services and main doctor may override those restrictions ehealth Conference Berlin April 2007 7

Effect of holder's control on his/her DMP 1/3 (1) HCP α is authenticated and authorized to access the DMP of holder Z (2) HCP α can see all the documents of the DMP of holder Z ehealth Conference Berlin April 2007 8

Effect of holder's control on his/her DMP 2/3 (1) HCP β is authenticated but not authorized to access the DMP of holder Z ehealth Conference Berlin April 2007 9

Effect of holder's control on his/her DMP 3/3 (1) HCP γ is authenticated and authorized to access the DMP of holder Z (2) Document C is hidden to HCP γ ehealth Conference Berlin April 2007 10

DMP: A record used by numerous actors ehealth Conference Berlin April 2007 11

Levels of interoperability Interoperability is required on several levels and addressed through specified implementation of norms and standards: Medical application level: HL7, DICOM, CDA, HPRIM... Authentication level: use of HCP smart card and eventually patient s smart card Exchange level: IHE XDS Transport level: HTTP and SOAP over SSL and eventually WS A framework specifying each level will be published to insure interoperability of each component. ehealth Conference Berlin April 2007 12

Conclusion DMP: a large scale project which success depends on trust and interoperability. The DMP will only be used if it is trusted by the users: Trusted by the holder: confidentiality and control Trusted by the HCP: integrity and traceability (=> digital signature) The DMP will only be successful if it achieves critical mass of ehealth records housed: Broadly used standards (HTTP, IHE...) favouring an easy access ehealth Conference Berlin April 2007 13

THANK YOU VERY MUCH www.d-m-p.org manuel.metz@sante.gouv.fr ehealth Conference Berlin April 2007 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback