a research roadmap for healthcare it security inspired by
play

A Research Roadmap for Healthcare IT Security inspired by the PCAST - PowerPoint PPT Presentation

Jun 26, 2023 •93 likes •338 views

A Research Roadmap for Healthcare IT Security inspired by the PCAST Health Information Technology Report Matthew Green and Avi Rubin Johns Hopkins University Wednesday, August 31, 11 Background Increasing deployment of Electronic Health

  1. A Research Roadmap for Healthcare IT Security inspired by the PCAST Health Information Technology Report Matthew Green and Avi Rubin Johns Hopkins University Wednesday, August 31, 11

  2. Background • Increasing deployment of Electronic Health Records (EHRs) • Largely driven by legislation • Highly vendor-specific • Data security is at a very early stage • Many open questions regarding data sharing Wednesday, August 31, 11

  3. Background: Legislation/Standards • HIPAA • Complex legislation • Primarily focused on procedures and policies • HITECH Act • Intended to promote the use of EHRs via mandates and incentives • “Meaningful use” • CCR/CCD • “Self-protecting” records (but how?) Wednesday, August 31, 11

  4. EHR Sharing: Existing Approach Wednesday, August 31, 11

  5. EHR Sharing: an HIE Example Locating and Retrieving Records in the CRISP Health Information Exchange Wednesday, August 31, 11

  6. EHR Sharing: an HIE Example Meta-data is centralized Records are not Locating and Retrieving Records in the CRISP Health Information Exchange Wednesday, August 31, 11

  7. EHR Sharing: an HIE Example • HIE security reasoning (CRISP/Axolotl) • Data records should never leave hospital-owned machines • But in practice, “hospital” includes edge devices at the HIE data center • Security and access control therefore depend on the integrity of each hospital’s (large, distributed) Trusted base Wednesday, August 31, 11

  8. The PCAST Report • President’s Council of Advisors on Science and Technology • “Realizing the Full Potential of Health IT” • Security & need for data sharing are key points: “American ambivalence about integrating health IT into the healthcare system is rooted in significant part to concerns about privacy and security.” -Chapter V Wednesday, August 31, 11

  9. The PCAST Report • President’s Council of Advisors on Science and Technology • Solution: proposal for nationwide HIE • Use “meta-tagging” for record discovery, security policy • Cryptographic access control • Good ideas, but only as good as their implementation • A great deal of work still needs to be done Wednesday, August 31, 11

  10. PCAST Security Proposal • Principles for a nationwide HIE • Data must be widely shared and discoverable • Data needs to self-protect via cryptography • Data sharing organizations will not all be trustworthy • Separation of the key & data planes • Policies and meta-data must be standardized • Patients need control over their security policies • It must all scale! Wednesday, August 31, 11

  11. Wednesday, August 31, 11

  12. This talk is full of questions • Where does this leave the research community: • What areas do we already understand? • What areas do we need to understand? • Will this system work? • How do we measure it? Wednesday, August 31, 11

  13. Open Research Areas • Meta-tagging • Robust User Identity • Audit and Logging • Patient Access • Cryptographic Key Management • Dispute Resolution • De-identification for research • Comparison to security of paper records Wednesday, August 31, 11

  14. Meta-tagging • PCAST Proposal: • Tag data with attributes & security policies (abstract) • Research problems: • Need for a standardized tagging scheme • Policy engines for programmatic data tagging • Evaluating the privacy implications of meta-tag data • Distributed search capabilities Wednesday, August 31, 11

  15. Managing User Identity • Always a fundamental security problem • 100s of thousands of clinicians (w/ roles), 100s of millions of patients! • Research problems: • Techniques for managing user identity from e.g., biometrics and other credentials • New authentication techniques that are not dependent on a single, trusted party (e.g., RSA, Verisign) Wednesday, August 31, 11

  16. Audit & Logging • PCAST proposes: • Record the principal & authorization method associated with every EHR modification • Patients have the right to view logs • Research problems: • New techniques for logging in a distributed environment • Log techniques that interact with a medical environment and can be examined by patients • Tamper-resistant logging Wednesday, August 31, 11

  17. Patient Interaction • PCAST proposes: • Users must interact with their own medical record, and specify policy • Research problems: • Develop user friendly mechanisms for dealing with the complexity of user-selected privacy preferences. • Research how much data to make available to patients and in what format, different access to different patients based on certain criteria. • How to enable patients to delegate their access rights Wednesday, August 31, 11

  18. Cryptographic Access Control • PCAST proposes: • Records should be protected cryptographically , separating key and data plane. • Decryption only occurs in clinician computers. • Research problems: • New techniques: e.g., policy-carrying cryptographic constructions (functional encryption, ABE) • Key management solutions, trusted hardware • Cryptographic mechanisms to anonymize records as required by secondary use considerations Wednesday, August 31, 11

  19. Dispute Resolution • PCAST proposes: • Users should monitor their own records and dispute invalid information • Research problems: • Interface for securely monitoring patient health records. • Mechanisms for patients to dispute details of the EMRs, while preserving the original record. • Develop automated conflict resolution techniques (when a patient’s claim about their EMRs differ from those of a health care provider such as a doctor or a laboratory.) Wednesday, August 31, 11

  20. De-identification for Research • PCAST suggests: • The availability of this (searchable) data will be a boon for medical researchers • Research problems: • Analysis of de-identification techniques (and re- identification) • Aggregation and on-the-fly determination of privacy leakage, e.g., Dwork’s Differential Privacy Wednesday, August 31, 11

  21. Security Metrics • PCAST Suggestion: • Develop metrics to evaluate EHR security • Use paper records as a baseline • How does this work in a data sharing environment? • Can we construct something more sophisticated that applies to existing HIE approaches as well ? Wednesday, August 31, 11

  22. Other Research Areas • Implantable devices • Home monitoring technologies • Formal methods research (e.g., meta-tags) • Legal issues • Social science studies (user interaction) Wednesday, August 31, 11

  23. Conclusions • PCAST (or something like it) will happen • It can happen with, or without researchers’ input • It serves as an excellent frame for any research efforts involving EHRs or sensitive medical information • There’s a great deal of work to be done Wednesday, August 31, 11

Recommend

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Unit OS7: Security 7.2. Windows Security Components and Concepts Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.2. Windows Security Features Components of the Security

453 views • 14 slides
End-to-End Security for Personal Telehealth Asim, M., Koster, P ., Petkovic, M. Healthcare

End-to-End Security for Personal Telehealth Asim, M., Koster, P ., Petkovic, M. Healthcare

End-to-End Security for Personal Telehealth Asim, M., Koster, P ., Petkovic, M. Healthcare Information Management, Philips Research Europe Outline Introduction to Continua Continua E2E architecture Security in Continua 2010

694 views • 12 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Unit OS7: Security 7.1. The Security Problem Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats Security

518 views • 6 slides
Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients,

Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients,

Jana Analysis Healthcare Industry Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients, Oncologists & All supporting staff Jana Analysis Jana Analysis HEALTH ANALYTICS COMPANY Board Advisor Dr

516 views • 22 slides
Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and Regulatory Compliance WEIS 2012 Juhee Kwon and M. Eric Johnson Tuck School of Business Dartmouth College 1 Healthcare Security Landscape Healthcare

223 views • 18 slides
Protocol Security Engineering "

Protocol Security Engineering "

Can we avoid Protocol Security meltdown? Brian Monahan Trusted Systems Lab HP Labs, Bristol, UK Tel: +44 (0)117 312-8935 Email: brian_monahan@hp.com Presented at STORK : Towards a Roadmap for Future Research 26-27 November 2002 What is

203 views • 3 slides
Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap First, Symmetric Key Encryption Defining the problem Well do it elaborately, so that it will be easy to see different levels of security 2

1.67k views • 136 slides
ROADMAP: Best use of Real World Evidence to address specific healthcare challenges The state of

ROADMAP: Best use of Real World Evidence to address specific healthcare challenges The state of

ROADMAP: Best use of Real World Evidence to address specific healthcare challenges The state of Alzheimers disease in Europe innovation, value and challenges for HTA Alzheimer Europe Conference, 4 October, 2017 Catherine Reed , Lilly

185 views • 14 slides
Nanotechnology-inspired Grand Challenges in the United States Mike Roco NSF and NNI US-Korea

Nanotechnology-inspired Grand Challenges in the United States Mike Roco NSF and NNI US-Korea

Nanotechnology-inspired Grand Challenges in the United States Mike Roco NSF and NNI US-Korea Nano Forum, Seoul, September 26, 2016 Nanotechnology-inspired grand challenges S&T breakthroughs, the long-term vision-inspired research,

716 views • 44 slides
Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER LANGUAGE OR CULTURE ORGANISED SEQUENCE, NOT RANDOM ZASLONKA APERTURE diameterof200mmcircle dividedbythef/number DECIDED ON AN

440 views • 16 slides
Embedded Systems in Healthcare Pierre America Healthcare Systems Architecture Philips Research,

Embedded Systems in Healthcare Pierre America Healthcare Systems Architecture Philips Research,

Embedded Systems in Healthcare Pierre America Healthcare Systems Architecture Philips Research, Eindhoven, the Netherlands November 12, 2008 About the Speaker Working for Philips Research since 1982 Projects for Philips Healthcare

571 views • 19 slides
X. Talking the Roadmap JoAnne Lauer , Director of Research and Implementation, Riverside

X. Talking the Roadmap JoAnne Lauer , Director of Research and Implementation, Riverside

X. Talking the Roadmap JoAnne Lauer , Director of Research and Implementation, Riverside County Office of Education California English Learner Roadmap Launch Event A Call to Action: All of Us as Communicators and Carriers of the Vision!

404 views • 5 slides
Research Project Objectives: 1) Provide members of the healthcare research community with access

Research Project Objectives: 1) Provide members of the healthcare research community with access

CIELO: Enabling Open Science and Collaborative Innovation in Healthcare Research Project Objectives: 1) Provide members of the healthcare research community with access to an easy to use and highly flexible data commons platform 2) Reduce

522 views • 5 slides
the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY

the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY

Patient Safety Will Be Enhanced by Solving the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY OFFICER, SUTTER HEALTH What Happened? Healthcare is Sick Keeping Patients Safe Healthcares #1

1.21k views • 18 slides
Designing Fast Virtual Desktops for Healthcare What is VDI* and why is it important to healthcare?

Designing Fast Virtual Desktops for Healthcare What is VDI* and why is it important to healthcare?

Designing Fast Virtual Desktops for Healthcare What is VDI* and why is it important to healthcare? Cost = Savings .. Ease of use * VDI - Virtual Desktop Infrastructure .. Quick app updates .. Security Shared computing resources

406 views • 36 slides
Be Inspired. Get Connected. Walk MS. Be Inspired. Get Connected. Walk MS. OBJECTIVES

Be Inspired. Get Connected. Walk MS. Be Inspired. Get Connected. Walk MS. OBJECTIVES

Be Inspired. Get Connected. Walk MS. Be Inspired. Get Connected. Walk MS. OBJECTIVES Identify ways to make an impact through Walk MS. Be equipped to demonstrate boldness and enthusiasm when asking friends and family to join you in

407 views • 29 slides
Toward Fairness in AI for People with Disabilities: A Research Roadmap Anhong Guo 1,2 , Ece Kamar

Toward Fairness in AI for People with Disabilities: A Research Roadmap Anhong Guo 1,2 , Ece Kamar

Toward Fairness in AI for People with Disabilities: A Research Roadmap Anhong Guo 1,2 , Ece Kamar 1 , Jennifer Wortman Vaughan 1 , Hannah Wallach 1 , Meredith Ringel Morris 1 1 Microsoft Research, Redmond, WA & New York, NY, USA 2

143 views • 12 slides
Outline Presentation of ENST Digital security in 2005: crisis, stakes and roadmap

Outline Presentation of ENST Digital security in 2005: crisis, stakes and roadmap

A Survey of Network Security Research at ENST Gwendal Le Grand gwendal.legrand@enst.fr Ecole Nationale Suprieure des Tlcommunications (ENST), Paris France CNRS (LTCI UMR 541) Sance du 6 fvrier 2003 Outline Presentation of

362 views • 14 slides
Welcome! Getting to Defensible: Your Roadmap to Maturing Defensible Security in your Organization

Welcome! Getting to Defensible: Your Roadmap to Maturing Defensible Security in your Organization

Conference 2018 Conference 2018 Welcome! Getting to Defensible: Your Roadmap to Maturing Defensible Security in your Organization Global Context global annual cybercrime will cost the world in excess of $6 trillion annually by 2021 - this

366 views • 34 slides
ICE Roadmap Japanese STAR Conference Richard Johns Introduction Top-Level Roadmap

ICE Roadmap Japanese STAR Conference Richard Johns Introduction Top-Level Roadmap

ICE Roadmap Japanese STAR Conference Richard Johns Introduction Top-Level Roadmap STAR-CCM+ and Internal Combustion Engines Modeling Improvements and Research Support Sprays LES Chemistry Meshing Summary Top-Level

808 views • 44 slides
Research is happening here Research is important because it helps to improve your healthcare by

Research is happening here Research is important because it helps to improve your healthcare by

Research is happening here Research is important because it helps to improve your healthcare by finding out which treatments work best, and by discovering new ways of treating illness. Heart attack deaths halve in a decade The lives of

447 views • 8 slides
Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned Did you know... 77 percent of all Americans feel their personal health information privacy is very important, and 84 percent said they

769 views • 50 slides

More recommend