health care information systems research in cercs doug blough
TRANSCRIPT
Health Care Information Systems Research in CERCS
Doug Blough
MedVault: Security and Privacy for Electronic Medical Records
Credential, role, context, data request
Authentication
SecureCredential
Health Care Organization’s IT Perimeter
Distributed Data Store
(EMR Storage)
RoleActiv
a-tion
Auth-oriza-tion
Role-basedData Filtering
forPrivacy Control
Meta-policyDatabase
Dynamic RoleManager
Role-dependent data view
Request/ResponseLogging
Endpoint Device(User)
1
2
3
4
56
Secure storage techniques for shared data
Endpoint device security
Dynamic role-based privacy control
Health systems needs and usability issues
Research Thrusts
Participants: CERCS, GTISC, HSI, Children’s Healthcare
Computing to the Edge and Back: Seamlessly Integrating End Devices into Privacy-Aware Data-Centric Systems
NSF Computing Research Infrastructure proposal targeting health care information systems and other applications with similar requirements
Participants: most CERCS faculty, some computational sciences and engineering faculty
Acquire powerful end devices, compute servers, and storage components to model a typical large health care organization
Emulate some components such as patient database, medical instruments producing continuous real-time data flows
Research thrusts:– Powerful end systems: personalized services, access/manipulation of rich data
sets, new functionalities– Security and privacy: extending privacy to the edges, usable privacy, data cleansing– Dynamic information integration: combining data movement and data manipulation,
managed services, real-time data mining
Identity Management
Partnership with a number of other universities and research organizations
Supported by the Institute for Information Infrastructure Protection (I3P), a DHS-funded institute
Focused on secure management of personal information via credentials, specifically targeted at the financial and health care sectors
Health care context: moving from closed systems optimized for certain users and with limited patient control, to systems where patients have more access and control but health care quality is not negatively impacted
Productionand
PersonalizationService
Productionand
PersonalizationService
Activationand
IssuanceService
Activationand
IssuanceService
Suspension,Revocation, orDestruction
Service
Suspension,Revocation, orDestruction
Service
Registration and
Enrollment Service
Identity Proofing Service
Redress Service
Overall Research Thrust: Credential Lifecycle Management
One of our contributions - distributed credential services with:– user control over what personal information to disclose on a given transaction– distribution of personal information across multiple semi-trusted claims verifiers – one-time passwords for multi-factor authentication without special hardware