1、10/29/2000,Internet2 Health Sciences,Security Working Group Planning Jere Retzer, retzerjohsu.edu,10/29/2000,Topics to be discussed,Background health science security imperatives AAMC HIPAA Workshops I2 Security Roadmap Where do we go from here?,10/29/2000,Health Sciences Security Imperatives,Health
2、 care sometimes called the “trillion dollar cottage industry” could benefit tremendously from greater use of Internet technology NRC Report: Networking Health Prescriptions for the Internet (www.nap.edu ISBN 0-309-06843-6) evaluated six high payoff uses of Internet technology related to health care
3、found: “security is a primary concern in virtually all health applications of the Internet because the extreme sensitivity of personal health information demands high levels of confidentiality” health care in many ways a worst case industry because of complexity Proposed federal regulations to imple
4、ment HIPAA privacy and security regulations create a two year deadline,10/29/2000,HIPAA Collaboration Underway,Internet2 is partnering with the Association of American Medical Colleges (www.aamc.org) and the Workgroup for Electronic Data Interchange (www.wedi.org) on a series of workshops to make re
5、commendations, and develop a resource of best practices for healthcare security and privacy policy that will address the impact of HIPAA in Academic Medical Centers,10/29/2000,Internet2 Health Sciences Security Roadmap: Background,Available http:/www.internet2.edu/health/Security/security.html Devel
6、oped as a way to visualize how advanced Internet technology, particularly work underway with Internet2 could be applied to help revolutionize health care Despite the fact that health care is probably the worlds most knowledge-intensive industry it is one of the least automated: Most patient records
7、are paper not electronic Your record is probably scattered among multiple physicians, hospitals, insurers, laboratories Privacy is tenuous at best Lack of integration degrades care and increases costs: When was the last time you met with your physician on a complex problem and they actually had all
8、the relevant history and lab tests?,10/29/2000,Internet2 Health Sciences Security Roadmap: Internet2 Can Help,Identification, Authentication, Authorization, Directories, IPSEC and PKI offer potential solutions to transmission and role-based access to patient-identifiable data Complex health care rel
9、ationships promise to test the limits of PKI scalability. Consider a medical college with: Visiting physicians Students Referring physicians Contract laboratories and transcription services Part time providers Multiple insurers and state/federal agency involvement Various certifying authorities Rese
10、archers,10/29/2000,Internet2 Health Sciences Security Roadmap: HIPAA Policy, Internet2 Middleware and test networks provide building blocks to secure traditional health applications,HIPAA,Policy,Middleware:,Identification,Authentication,Authorization,Directories,IPSEC,PKI,Real World Test Networks,Se
11、cure Traditional Applications,10/29/2000,Internet2 Health Sciences Security Roadmap: Internet Health Companies Respond to a Need,E-health companies, which have enjoyed tremendous growth over the past three years respond to a need. Intel: “Health care today is in the midst of a revolution. Consumers,
12、 increasingly dissatisfied with the current system, are moving health care issues to center stage. The new health consumer is demanding more options and taking more control in determining the course of their health care. Additionally, technology is bringing changes to the health care industry. The a
13、dvent of the Internet and the declining cost of personal computers are creating increased accessibility to a wider population of Americans. The health care industry is ripe for change and consumers are demanding it.” Lack of a standard, interoperable health record however prevents integration.,10/29
14、/2000,Internet2 Health Sciences Security Roadmap: Internet consumer and business services supply critical building block but lack of standards-based health record creates a gap,HIPAA Policy,Real World Test Networks,Internet2 Middleware,Internet Consumer & Business Services,Standards Gap,Secure Tradi
15、tional Applications,New Internet Services,10/29/2000,Internet2 Health Sciences Security Roadmap: Over the longer term the Internet could revolutionize health care,Visualize a future where a patient (or their parent/custodian) presents a card or perhaps simply appears before an Internet-connected PC
16、and they are instantly securely identified and on command provided access to all the pieces of their medical record regardless of location, where: you go to your doctor for treatment of some complex illness and the doctor actually has access to all the lab results and x-rays! you do not have to answ
17、er the same questions over and over; cancer researchers can access on demand the pathology results, mammograms and other lab data for a million former breast cancer patients (identities protected) who grant access to their data; biometric data is used to identify an unconscious accident victim and a
18、llow emergency room personnel to unlock the patients emergency data to learn about hidden medical conditions.,10/29/2000,Internet2 Health Sciences Security Roadmap: the long term future,10/29/2000,Discussion,What collaborations do we want to pursue to begin to realize this roadmap? PKI test networks? Directories? What are the deliverables?,