a research roadmap for healthcare it security inspired by
play

A Research Roadmap for Healthcare IT Security inspired by the PCAST - PowerPoint PPT Presentation

Jun 26, 2023 •93 likes •338 views

A Research Roadmap for Healthcare IT Security inspired by the PCAST Health Information Technology Report Matthew Green and Avi Rubin Johns Hopkins University Wednesday, August 31, 11 Background Increasing deployment of Electronic Health

  1. A Research Roadmap for Healthcare IT Security inspired by the PCAST Health Information Technology Report Matthew Green and Avi Rubin Johns Hopkins University Wednesday, August 31, 11

  2. Background • Increasing deployment of Electronic Health Records (EHRs) • Largely driven by legislation • Highly vendor-specific • Data security is at a very early stage • Many open questions regarding data sharing Wednesday, August 31, 11

  3. Background: Legislation/Standards • HIPAA • Complex legislation • Primarily focused on procedures and policies • HITECH Act • Intended to promote the use of EHRs via mandates and incentives • “Meaningful use” • CCR/CCD • “Self-protecting” records (but how?) Wednesday, August 31, 11

  4. EHR Sharing: Existing Approach Wednesday, August 31, 11

  5. EHR Sharing: an HIE Example Locating and Retrieving Records in the CRISP Health Information Exchange Wednesday, August 31, 11

  6. EHR Sharing: an HIE Example Meta-data is centralized Records are not Locating and Retrieving Records in the CRISP Health Information Exchange Wednesday, August 31, 11

  7. EHR Sharing: an HIE Example • HIE security reasoning (CRISP/Axolotl) • Data records should never leave hospital-owned machines • But in practice, “hospital” includes edge devices at the HIE data center • Security and access control therefore depend on the integrity of each hospital’s (large, distributed) Trusted base Wednesday, August 31, 11

  8. The PCAST Report • President’s Council of Advisors on Science and Technology • “Realizing the Full Potential of Health IT” • Security & need for data sharing are key points: “American ambivalence about integrating health IT into the healthcare system is rooted in significant part to concerns about privacy and security.” -Chapter V Wednesday, August 31, 11

  9. The PCAST Report • President’s Council of Advisors on Science and Technology • Solution: proposal for nationwide HIE • Use “meta-tagging” for record discovery, security policy • Cryptographic access control • Good ideas, but only as good as their implementation • A great deal of work still needs to be done Wednesday, August 31, 11

  10. PCAST Security Proposal • Principles for a nationwide HIE • Data must be widely shared and discoverable • Data needs to self-protect via cryptography • Data sharing organizations will not all be trustworthy • Separation of the key & data planes • Policies and meta-data must be standardized • Patients need control over their security policies • It must all scale! Wednesday, August 31, 11

  11. Wednesday, August 31, 11

  12. This talk is full of questions • Where does this leave the research community: • What areas do we already understand? • What areas do we need to understand? • Will this system work? • How do we measure it? Wednesday, August 31, 11

  13. Open Research Areas • Meta-tagging • Robust User Identity • Audit and Logging • Patient Access • Cryptographic Key Management • Dispute Resolution • De-identification for research • Comparison to security of paper records Wednesday, August 31, 11

  14. Meta-tagging • PCAST Proposal: • Tag data with attributes & security policies (abstract) • Research problems: • Need for a standardized tagging scheme • Policy engines for programmatic data tagging • Evaluating the privacy implications of meta-tag data • Distributed search capabilities Wednesday, August 31, 11

  15. Managing User Identity • Always a fundamental security problem • 100s of thousands of clinicians (w/ roles), 100s of millions of patients! • Research problems: • Techniques for managing user identity from e.g., biometrics and other credentials • New authentication techniques that are not dependent on a single, trusted party (e.g., RSA, Verisign) Wednesday, August 31, 11

  16. Audit & Logging • PCAST proposes: • Record the principal & authorization method associated with every EHR modification • Patients have the right to view logs • Research problems: • New techniques for logging in a distributed environment • Log techniques that interact with a medical environment and can be examined by patients • Tamper-resistant logging Wednesday, August 31, 11

  17. Patient Interaction • PCAST proposes: • Users must interact with their own medical record, and specify policy • Research problems: • Develop user friendly mechanisms for dealing with the complexity of user-selected privacy preferences. • Research how much data to make available to patients and in what format, different access to different patients based on certain criteria. • How to enable patients to delegate their access rights Wednesday, August 31, 11

  18. Cryptographic Access Control • PCAST proposes: • Records should be protected cryptographically , separating key and data plane. • Decryption only occurs in clinician computers. • Research problems: • New techniques: e.g., policy-carrying cryptographic constructions (functional encryption, ABE) • Key management solutions, trusted hardware • Cryptographic mechanisms to anonymize records as required by secondary use considerations Wednesday, August 31, 11

  19. Dispute Resolution • PCAST proposes: • Users should monitor their own records and dispute invalid information • Research problems: • Interface for securely monitoring patient health records. • Mechanisms for patients to dispute details of the EMRs, while preserving the original record. • Develop automated conflict resolution techniques (when a patient’s claim about their EMRs differ from those of a health care provider such as a doctor or a laboratory.) Wednesday, August 31, 11

  20. De-identification for Research • PCAST suggests: • The availability of this (searchable) data will be a boon for medical researchers • Research problems: • Analysis of de-identification techniques (and re- identification) • Aggregation and on-the-fly determination of privacy leakage, e.g., Dwork’s Differential Privacy Wednesday, August 31, 11

  21. Security Metrics • PCAST Suggestion: • Develop metrics to evaluate EHR security • Use paper records as a baseline • How does this work in a data sharing environment? • Can we construct something more sophisticated that applies to existing HIE approaches as well ? Wednesday, August 31, 11

  22. Other Research Areas • Implantable devices • Home monitoring technologies • Formal methods research (e.g., meta-tags) • Legal issues • Social science studies (user interaction) Wednesday, August 31, 11

  23. Conclusions • PCAST (or something like it) will happen • It can happen with, or without researchers’ input • It serves as an excellent frame for any research efforts involving EHRs or sensitive medical information • There’s a great deal of work to be done Wednesday, August 31, 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Unit OS7: Security 7.2. Windows Security Components and Concepts Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.2. Windows Security Features Components of the Security

453 views • 14 slides
End-to-End Security for Personal Telehealth Asim, M., Koster, P ., Petkovic, M. Healthcare

End-to-End Security for Personal Telehealth Asim, M., Koster, P ., Petkovic, M. Healthcare

End-to-End Security for Personal Telehealth Asim, M., Koster, P ., Petkovic, M. Healthcare Information Management, Philips Research Europe Outline Introduction to Continua Continua E2E architecture Security in Continua 2010

694 views • 12 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Unit OS7: Security 7.1. The Security Problem Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats Security

518 views • 6 slides
Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients,

Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients,

Jana Analysis Healthcare Industry Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients, Oncologists & All supporting staff Jana Analysis Jana Analysis HEALTH ANALYTICS COMPANY Board Advisor Dr

516 views • 22 slides
Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and Regulatory Compliance WEIS 2012 Juhee Kwon and M. Eric Johnson Tuck School of Business Dartmouth College 1 Healthcare Security Landscape Healthcare

223 views • 18 slides
Protocol Security Engineering "

Protocol Security Engineering "

Can we avoid Protocol Security meltdown? Brian Monahan Trusted Systems Lab HP Labs, Bristol, UK Tel: +44 (0)117 312-8935 Email: brian_monahan@hp.com Presented at STORK : Towards a Roadmap for Future Research 26-27 November 2002 What is

203 views • 3 slides
Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap First, Symmetric Key Encryption Defining the problem Well do it elaborately, so that it will be easy to see different levels of security 2

1.67k views • 136 slides
ROADMAP: Best use of Real World Evidence to address specific healthcare challenges The state of

ROADMAP: Best use of Real World Evidence to address specific healthcare challenges The state of

ROADMAP: Best use of Real World Evidence to address specific healthcare challenges The state of Alzheimers disease in Europe innovation, value and challenges for HTA Alzheimer Europe Conference, 4 October, 2017 Catherine Reed , Lilly

185 views • 14 slides
Nanotechnology-inspired Grand Challenges in the United States Mike Roco NSF and NNI US-Korea

Nanotechnology-inspired Grand Challenges in the United States Mike Roco NSF and NNI US-Korea

Nanotechnology-inspired Grand Challenges in the United States Mike Roco NSF and NNI US-Korea Nano Forum, Seoul, September 26, 2016 Nanotechnology-inspired grand challenges S&T breakthroughs, the long-term vision-inspired research,

716 views • 44 slides
Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER LANGUAGE OR CULTURE ORGANISED SEQUENCE, NOT RANDOM ZASLONKA APERTURE diameterof200mmcircle dividedbythef/number DECIDED ON AN

440 views • 16 slides
Embedded Systems in Healthcare Pierre America Healthcare Systems Architecture Philips Research,

Embedded Systems in Healthcare Pierre America Healthcare Systems Architecture Philips Research,

Embedded Systems in Healthcare Pierre America Healthcare Systems Architecture Philips Research, Eindhoven, the Netherlands November 12, 2008 About the Speaker Working for Philips Research since 1982 Projects for Philips Healthcare

571 views • 19 slides
X. Talking the Roadmap JoAnne Lauer , Director of Research and Implementation, Riverside

X. Talking the Roadmap JoAnne Lauer , Director of Research and Implementation, Riverside

X. Talking the Roadmap JoAnne Lauer , Director of Research and Implementation, Riverside County Office of Education California English Learner Roadmap Launch Event A Call to Action: All of Us as Communicators and Carriers of the Vision!

404 views • 5 slides
Research Project Objectives: 1) Provide members of the healthcare research community with access

Research Project Objectives: 1) Provide members of the healthcare research community with access

CIELO: Enabling Open Science and Collaborative Innovation in Healthcare Research Project Objectives: 1) Provide members of the healthcare research community with access to an easy to use and highly flexible data commons platform 2) Reduce

522 views • 5 slides
the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY

the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY

Patient Safety Will Be Enhanced by Solving the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY OFFICER, SUTTER HEALTH What Happened? Healthcare is Sick Keeping Patients Safe Healthcares #1

1.21k views • 18 slides
IANA Stewardship Transition Number community component By: Mwendwa Kivuva

IANA Stewardship Transition Number community component By: Mwendwa Kivuva

IANA Stewardship Transition Number community component By: Mwendwa Kivuva Ernest Byaruhanga Janvier Ngnoulaye Date: 4 December 2015 The community process CRISP Team AFRINIC APNIC RIPE

428 views • 18 slides
M odels for Inexact Reasoning Fuzzy Logic Lesson 1 Crisp and Fuzzy Sets M aster in

M odels for Inexact Reasoning Fuzzy Logic Lesson 1 Crisp and Fuzzy Sets M aster in

M odels for Inexact Reasoning Fuzzy Logic Lesson 1 Crisp and Fuzzy Sets M aster in Computational Logic Department of Artificial Intelligence Origins and Evolution of Fuzzy Logic Origin: Fuzzy Sets Theory (Zadeh, 1965) Aim: Represent

602 views • 46 slides
ARTIFICIAL INTELLIGENCE Uncertainty: fuzzy systems Lecturer: Silja Renooij These slides are part

ARTIFICIAL INTELLIGENCE Uncertainty: fuzzy systems Lecturer: Silja Renooij These slides are part

Utrecht University INFOB2KI 2019-2020 The Netherlands ARTIFICIAL INTELLIGENCE Uncertainty: fuzzy systems Lecturer: Silja Renooij These slides are part of the INFOB2KI Course Notes available from www.cs.uu.nl/docs/vakken/b2ki/schema.html

1.05k views • 52 slides
Digital Publishing & The Future of Reading Monotype 2013 Vladimir Levantovsky Monotype 1

Digital Publishing & The Future of Reading Monotype 2013 Vladimir Levantovsky Monotype 1

Digital Publishing & The Future of Reading Monotype 2013 Vladimir Levantovsky Monotype 1 We publish therefore We communicate! Monotype 2013 2 We publish therefore We communicate! Monotype 2013 3 Its not just about what we

746 views • 26 slides
Behind the scenes of a FOSS-powered HPC cluster at UCLouvain Ansible or Salt? Ansible AND Salt!

Behind the scenes of a FOSS-powered HPC cluster at UCLouvain Ansible or Salt? Ansible AND Salt!

Behind the scenes of a FOSS-powered HPC cluster at UCLouvain Ansible or Salt? Ansible AND Salt! Behind the scenes of a FOSS-powered HPC cluster at UCLouvain Damien Franois | Universit catholique de Louvain - CISM FOSDEM '18 | HPC, Big Data

554 views • 27 slides
Applications on Mobile Devices Moo-Ryong Ra* , Anmol Sheth + , Lily Mummert x , Padmanabhan Pillai

Applications on Mobile Devices Moo-Ryong Ra* , Anmol Sheth + , Lily Mummert x , Padmanabhan Pillai

MobiSys11 Odessa: Enabling Interactive Perception Applications on Mobile Devices Moo-Ryong Ra* , Anmol Sheth + , Lily Mummert x , Padmanabhan Pillai , David Wetherall o , Ramesh Govindan* *USC ENL, + Technicolor, x Google , Intel, o

721 views • 22 slides
Automating DB Ops with Ansible, Chef, and Puppet Tyler Duzan, Product Manager Percona Who Am I?

Automating DB Ops with Ansible, Chef, and Puppet Tyler Duzan, Product Manager Percona Who Am I?

Automating DB Ops with Ansible, Chef, and Puppet Tyler Duzan, Product Manager Percona Who Am I? My name is Tyler Duzan Formerly an operations engineer for more than 12 years focused on security and automation Now a Product

575 views • 33 slides
Introduction Bowers and Wilkins (B&W), is a British company that produces audio equipment

Introduction Bowers and Wilkins (B&W), is a British company that produces audio equipment

Introduction Bowers and Wilkins (B&W), is a British company that produces audio equipment that was founded by John Bowers in 1966 in Worthing, South Sussex, England. Bower and Wilkins is currently part of the B&W Group Ltd.. The group

761 views • 24 slides

More recommend