Health Care Information Systems Research in CERCS

Doug Blough

MedVault: Security and Privacy for Electronic Medical Records

Credential, role, context, data request

Authentication

SecureCredential

Health Care Organization’s IT Perimeter

Distributed Data Store

(EMR Storage)

RoleActiv

a-tion

Auth-oriza-tion

Role-basedData Filtering

forPrivacy Control

Meta-policyDatabase

Dynamic RoleManager

Role-dependent data view

Request/ResponseLogging

Endpoint Device(User)

1

2

3

4

56

Secure storage techniques for shared data

Endpoint device security

Dynamic role-based privacy control

Health systems needs and usability issues

Research Thrusts

Participants: CERCS, GTISC, HSI, Children’s Healthcare

Computing to the Edge and Back: Seamlessly Integrating End Devices into Privacy-Aware Data-Centric Systems

NSF Computing Research Infrastructure proposal targeting health care information systems and other applications with similar requirements

Participants: most CERCS faculty, some computational sciences and engineering faculty

Acquire powerful end devices, compute servers, and storage components to model a typical large health care organization

Emulate some components such as patient database, medical instruments producing continuous real-time data flows

Research thrusts:– Powerful end systems: personalized services, access/manipulation of rich data

sets, new functionalities– Security and privacy: extending privacy to the edges, usable privacy, data cleansing– Dynamic information integration: combining data movement and data manipulation,

managed services, real-time data mining

Identity Management

Partnership with a number of other universities and research organizations

Supported by the Institute for Information Infrastructure Protection (I3P), a DHS-funded institute

Focused on secure management of personal information via credentials, specifically targeted at the financial and health care sectors

Health care context: moving from closed systems optimized for certain users and with limited patient control, to systems where patients have more access and control but health care quality is not negatively impacted

Productionand

PersonalizationService

Productionand

PersonalizationService

Activationand

IssuanceService

Activationand

IssuanceService

Suspension,Revocation, orDestruction

Service

Suspension,Revocation, orDestruction

Service

Registration and

Enrollment Service

Identity Proofing Service

Redress Service

Overall Research Thrust: Credential Lifecycle Management

One of our contributions - distributed credential services with:– user control over what personal information to disclose on a given transaction– distribution of personal information across multiple semi-trusted claims verifiers – one-time passwords for multi-factor authentication without special hardware