Milan Petkovic Ray Krasinski Structured Documents Security WGs HL7 Cambridge Meeting October 2010 The Problem Lack of persistent endtoend encryption for CDA documents Distributed heterogeneous environments with multiple intermediaries ID: 538437
Download Presentation The PPT/PDF document "Document Confidentiality" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Document Confidentiality
Milan Petkovic, Ray Krasinski
Structured Documents
/ Security WGs
HL-7 Cambridge Meeting
October, 2010Slide2
The Problem
Lack of persistent end-to-end encryption for CDA documents
Distributed heterogeneous environments with multiple intermediaries
Encryption currently at transport level (e.g. TLS)
Certain transports lack standard solutions (e.g. USB drive)
Open document-level standard for encryption fosters interoperability
Similar document-level encryption already defined for imaging
Need for enabling technology towards addressing
meaningful use (HITECH), privacy legislation…
Continua Health Alliance, national health networks, etc. foreseen as possible adoptersSlide3
Use case
Third party opinion in
tele
-monitoring
DMO transfers encrypted CDA document to hospital in different affinity domain
Hospital GP accesses the documentGP forwards encrypted CDA document to expert specialistExpert specialist accesses document for 2nd opinionExchanging health records using USB drivesDoctor E-mails record summary to patient as encrypted CDA documentPatient detaches document and saves it on his USB drivePatient shares encrypted CDA document with healthcare providersSlide4
Discussion
Document-level-encryption under discussion in IHE for 2010/2011
Document
encryption
Key
managementPotential involvement of HL-7 for CDA document encryptionEncryption at the CDA level (XML Encryption to encrypt body and selected header fields)Advantage: fine-grained protection (selectively protect metadata and content, …) which allows for routing, searching, de-identification, etc.