military health system (mhs)
DESCRIPTION
MILITARY HEALTH SYSTEM (MHS). INFORMATION ASSURANCE CONCEPT. Marco Johnson,. Chief, Data Architecture. Department of Defense Health Affairs,. TRICARE Management Activity, Information. Management, Technology, and Re-engineering. [email protected]. http://www.hirs.osd.mil/hdp. - PowerPoint PPT PresentationTRANSCRIPT
•INFORMATION SECURITY
•DATA QUALITY
To assure the Validity, Timeliness,,Completeness, and Reliability of Data
•EFFECTIVE DATA USAGE
To convert data into information and providedcorrect information to support businessoperations and decision making.
=
INFORMATION ASSURANCE
To protect information from unauthorizedaccess, manipulation, corruptiondestruction and denial of data invadingprivacy
MILITARY HEALTH SYSTEM (MHS)
Marco Johnson,
Chief, Data ArchitectureDepartment of Defense Health Affairs,TRICARE Management Activity, Information
Management, Technology, and Re-engineering
[email protected]://www.hirs.osd.mil/hdp
INFORMATION ASSURANCE CONCEPT
•Personnel Selec tion/ Certific ation
INF OR MAT IONASSU RANCE
•Security C learance
•Sys tem S ecurity•Access Controls
DA TA USAGE
INFORMATION ASSURANCE
HEALTH AFFAIRS
Military Health
Functional Area Models
Activity
Data
Object
Process
EXTERNAL INITIATIVES
INTERNAL INITIATIVES
PROCEDURESBEST
PRACTICES
ROLES ANDRESPONSIBILITIES
Partial list:
• Data Interchange Standards Association
• Health Information Portability and Accountability Act Data Committee
• American National Standards Institute, Healthcare Informatics Standards Board
• Accredited Standards Committee X12 & Health Level 7
• Organization for Economic Cooperation and Development
• Workgroup for Electronic Data Interchange
• Association for Electronic Health Care Transactions
• National Information Assurance Partnership
• National Research Council
• National Committee on Vital & Health Statistics
REQUIREMENTS
APPLICATIONDEVELOPMENT
IMPROVEDCARE OUTCOMESCUSTOMER SATISFACTIONRESOURCE USE EFFICIENCYCOST REDUCTIONCOMMUNICATIONOPERATIONAL EFFICIENCY
• Department of Defense cross- functional projects
• Government Computer-Based Patient Record
Military Health System
Model Progression
WHY RISKSThreats to National Security Information Warfare
Limits Medical Research
Compromised Care
Unauthorized access,manipulation/corruption,destruction/denial of data
Stolen secrets andcomputer crime
Interference with Supportof theWar Fighter
Jeopardized nationaland economic security
Damage to nationaland international communication systems
WHY
PATIENTS RIGHTS
Consent for the collection, use, and sharing of personal health information
Individuals have a right to know who is collecting the data, for what purpose,
where the data originated , and who will receive it
Access rights
Right to have incorrect information rectified.
Protection against accidental/unlawful destruction of data/unauthorized access
Protection against tampering
Principle of disclosure (user informed when personal information is collected on
the Internet)
Principles of Informed Consent
SECURITY AND PRIVACYBusiness Model
A0 - Health Data Security & Privacy
A1Management Controls
A2Technical Controls
A3Environmental Controls
A4Personnel Controls
SECURITY AND PRIVACYBusiness Model
Health Care Data Security & Privacy
ManagementControls
TechnicalControls
Personnel Controls
•Standards
•Policies Development/ Enforcement
•Procedures
•Awareness and Training
•Accreditation/Certification
•Testing
•Management Controls
•Monitoring/Incident Reporting
•Audits
•Access Policies
•Contingency Planning
• Continuity of Support
•Consent/Inspection/DisclosureRequirements
•Audits Trails
•User ID/ Passwords
•Firewalls
•Cryptography
•Access Controls
•Digital signature
•Public key infrastructure (PKI)
•Anti-Virus Protection
• Electronic Transactions/CodeSets
•System Security
•Application Security
• Locks
• Physical Barriers
• Alarms
• Surveillance
• Incident Reporting
• Physical AccessControls
• Guards/Badges
• SecurityChecks
• SecurityClearances
• PositionSensitivityDesignations
Environmenta l Controls
Department of Defense Military Health System
To provide the necessary policy, guidance, and tools to assist in the development, implementation, and enforcement of actions to assure information security and privacy, data quality, and appropriate data usage
INFORMATION ASSURANCE
GOAL