Cerner Presentation to S&I esMD Workgroup – Industry Scan

Senior Director and Solution Strategist – Compliance

John Travis

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 2

Outline

User Identification and AuthenticationRecording User Identity for Electronic Health Record EntryProxyUse of Advanced AuthenticationUse of Cryptographic Means of Author/Record LinkingSupport for PKI and Digital CertificatesVerification of External Author of Record (AoR) CredentialsSupport for Various Levels of AoR Determination

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 3

User Definition Within The System

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 4

Password Definition

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 5

Password Policies Supported

Minimum LengthMixed Character SetsMinimum Numbers of Alpha, Numeric and Special CharactersExpiration PoliciesPassword History

Configured to retain “n” prior versions

Encrypted StoreNever Passed as Plain Text

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 6

Recording User Identity for Electronic Record Entry

General abilitiesSystem generally relies on authenticated user identity for session

System supports time out policies for suspension and termination configurable to the application server (Citrix) or end user device depending on the context

System supports password based signer authentication for order and document signature

System supports advanced authentication methods for medication management events

• Order verification and co-signature• Medication Administration• Medication Dispensing

We are in process of enabling requirements of DEA IFR for Electronic Prescribing of Controlled Substances (EPCS)

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 7

Refresher – DEA IRF Authentication Credential

Authentication must be two factor with two of the three factors being from among

A biometricA knowledge factor such as a passwordA hard token

For hard tokensMust be FIPS 140-2 Security Level 1 compliantMust be stored on a device separate from the computer used to access the applicationCould leverage an existing hard token, but would need to still be issued credentials specific to eRX of controlled substancesMay use hardware devices such as a PDA, a cell phone, a smart card, a USB fob or other devices

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 8

Refresher – DEA IFR Authentication Credential

For biometricsMay be stored on a computer, hard token or biometric reader

• If on a computer or PDA, device must be in a known controlled location or must be build directly into the computer or PDA

Storage of biometric data must be adequately protected or maintained• Subsystem must store device ID data at enrollment with biometric

data• Device ID must be verified at time of user authentication• Raw data and templates must be protected if authentication is not

local• For an open network, data must be

Cryptographically source authenticated Combined with a random challenge, nonce or timestamp Cryptographically protected Sent only to authorized systems

TLS may be used

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 9

Refresher – DEA IFR Authentication Credential

For biometricsBiometric subsystem must

• Operate at a false match rate of 0.0001 or lower• Use matching software with demonstrated performance

corresponding to the required false match rate • Conform to Personal Identity Verification (PIV) specifications

as per NIST SP 800-76-1• Be independently tested by NIST or a DEA approved testing

laboratory

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 10

Controlled Substance Prescribing Example

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 11

Proxies – General Principles

Assuming appropriate security authorizations are in place, one user may grant proxy to another for purpose of notifications of signing events

Proxies are granted to categories of events – not individual eventsProxies typically are set for a time period to designated individualsProxies can be revoked or granted at a user’s election on a specific basis while activeGranted proxies can be limited in access to those which have been assigned to a user to takeProxy can be granted in an emergency case even if not generally enabled

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 12

Granting Proxies for Signature – Set Up

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 13

Setting Up Proxy Rights – Grant or Revoke

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 14

Setting Up Proxy Rights – Individual User

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 15

Notification of Proxies to a Recipient User

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 16

Use of Advanced Authentication

For user authentication for a session and for medication management workflow, Cerner Millennium supports integration with Imprivata for strong authenticationImprivata currently has support for

Fingerprint biometric authentication. Support for biometric technology found in Lenovo, Dell and other laptop PCs, Motion tablets, etc., using UPEK TouchStrip or Authentec technologyUSB tokensOne-Time-Password (OTP) tokensWindows smart cards and national ID smart cardsActive and passive proximity cards

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 17

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example

deployment Deployment

MillenniumCerner Hub

SureScripts

Imprivata

Basic Flow

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 18

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example

deployment Millennium View

PowerOrders

Imprivata

Certificate Management Serv ice

FSI Outbound

System will interface with Imprivata for strong authentication and the Certificate Management service for digitally signing controlled substance eRX

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 19

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example

Basic workflow for EPCS

sd Workflow

PowerOrders Imprivata CertificateManagement

FSI Outbound Cerner Hub

Prescription Ready()

Strong Authentication Challenge()

Sign Prescription()

Transmit Prescription()

Validate Signature()

Transmit Prescription()

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 20

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example

Certificate Management ServiceCryptographic module used to digitally sign the EPCS is at least FIPS 140-2 Level 1 validated and can be higher for deploymentDigital signature service and hash function complies with FIPS 186-3 and FIPS 180-3Private key will be stored encrypted on a FIPS 140-2 Level 1 or higher cryptographic module using a FIPS approved encryption algorithm

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 21

Support for Validation of External AoR Credentials

This is not an ability we currently enable

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 22

Supporting Various Levels of AofR

General System BehaviorsUpon signature, authorship is included within the documentSigning actions are viewable in a action list viewSpecific contributions are tracked and able to be viewed in the document view with a tracked changes featureSigner authentication currently uses password based method if enabled

• From a use standpoint, most clients rely on authenticated session identity

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 23

Support for Varying Levels of AofR – Single Author

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 24

Support for Varying Levels of AofR – Multiple Author

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 25

Support for Varying Levels of AofR – Tracking of Multiple Authors

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 26

Example of a Signed Document as Output and Online for a Clinic Note

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 27

Example of Signed H&P – Shows Co-Sign and Authenticator Role

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 28

Example of Section of Signed Radiology Report

© 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 29

Example of Signed Section of ED Report – Multiple Contributors for given sections

QUESTIONS?QUESTIONS?

jtravis@cerner.comjtravis@cerner.com