the world internet security company id management in e-health february 2007

The World Internet Security Company

ID Management in e-HealthID Management in e-Health

February 2007


About WISeKey

• Company founded in 1999• Privately held• Headquarters in Geneva, Switzerland• Trust services hosted in our highly secure

datacenters• Affiliates around the world, including Bulgaria for

Eastern Europe• Solutions deployed in over 20 countries• Strong technological alliances in the e-Health sector


Recent Misuses of Patient Health Information

• Banker collects On Cancer Patients’ Mortgages

• Hospital Employee Sells Country Singer’s Medical Records for $2610

• Psychological records of 62 children accidentally posted on website

• Physician’s Laptop with patient medical histories stolen

• health.org exposes customer names, addresses, phone numbers & email addresses on web

• Washington DC Hospital Fined $25,000

• Sick employee fired by self-insured employer


Risks in the e-Health World

• Wrongful access to patient or medical information

• Theft of physicians laptops and data• Posting of confidential data on rogue

websites• Breach of “doctor-patient” secrecy through

the interception of electronic communications• Failure to comply with regulations due to

weak security

MBESSON

It is not really the acces to the portal that is risky but the access to the information it might contain

MBESSON

I think that this parts need to be improved based on internet research


What is Identity for eHealth?

• People– Employees– Patients– Partners– Suppliers

• Material– Computers– Medical Supplies– Drugs– Surgical Equipment


Need for e-Identity


Patient Centric Model


Digital Identity


Identity and healthcare

• Regulations mandate “protection” of patient health information

• Protection defined (technical security services) Access control – what you can access Audit control – what you have accessed Authorization control – what you can do once you access Data integrity – ensuring data is intact Entity authentication - proving your identity

• Once again, it all comes back to Identity


Core PKI Services essential

assurance to an entity that data has not been altered between “there” and “here” or between “then” and “now”

assurance to an entity that data has not been altered between “there” and “here” or between “then” and “now”

assurance to an entity that no one can read a particular piece of data except the

intended receiver

assurance to an entity that no one can read a particular piece of data except the

intended receiver

assurance to one entity that another entity is who he, she, or it claims to beassurance to one entity that another

entity is who he, she, or it claims to be

a public key infrastructure (PKI) is an arrangement that provides for trusted third partys vouching for user identities

IntegrityIntegrity

ConfidentialityConfidentiality

AuthenticationAuthentication


Use of Trusted Certificates

Data Encryption

Intranet/ExtranetAccess Management

Mobile Data Encryption

Digital Identity

Digital Signature

Email encryptionAnd signatureAccess Control

User management


Strong Application Authentication

Web Based PortalWeb Based PortalPatientPatient

Encrypted

HTTPS Tunnel

Encrypted

HTTPS Tunnel

Through the use of a WISeKey Trusted

Certificate incorporated on a

smart-card/token, the patient is able to

authenticate himself in safer and

“stronger” ways in order to access web-

based portals

Through the use of a WISeKey Trusted

Certificate incorporated on a

smart-card/token, the patient is able to

authenticate himself in safer and

“stronger” ways in order to access web-

based portals

“Secure Zone”“Secure Zone”www.ehealth.bgwww.ehealth.bg Electronic Patient RecordsElectronic Patient Records

E-Prescriptions

Data Repository

E-Prescriptions

Data Repository

Health Insurance Service Health Insurance Service

Custom Hospital ApplicationCustom Hospital Application


Secure Communications

• Data Encryption and digital signature of e-mails with WISeKey Certificates

• Assurance of the Authenticity of the Sender and the integrity of the message

• “The right people see the right information”

DoctorsDoctorsHealth InsurancesHealth Insurances

GovernmentGovernment HospitalsHospitals


Guaranteed Data Integrity

Patient sends Data XYZPatient sends Data XYZ Doctor receives Data XYZDoctor receives Data XYZ

Internet/ExtranetInternet/Extranet

• By using WISeKey solutions, we are able to guarantee the integrity of data

sent between two parties. This is crucial when exchanging data in such

instances as e-Prescriptions.

• Prevents “man in the middle” attacks

• By using WISeKey solutions, we are able to guarantee the integrity of data

sent between two parties. This is crucial when exchanging data in such

instances as e-Prescriptions.

• Prevents “man in the middle” attacks

“Safe Zone”“Safe Zone”


Digital Form Signing

Non-compliant Digital FormsNon-compliant Digital Forms Digital Signature using a

WISeKey Certificate

Digital Signature using a

WISeKey Certificate

Compliant FormCompliant Form

• Digital Signatures permit the legal endorsement of such documents as

electronic patient records, lab orders, prescriptions and requisitions thus

helping compliance with different EU and country based directives.

• Digital Signatures permit the legal endorsement of such documents as

electronic patient records, lab orders, prescriptions and requisitions thus

helping compliance with different EU and country based directives.


Regulatory compliance

• By combining WISeKey’s technologies with secure infrastructures and

policies, you are able to better reach compliance with such directives as:

– HIPPA

– SAFE

– EU Directive 2004/9/CE

– Swiss Data Protection Law

• And others

• By combining WISeKey’s technologies with secure infrastructures and

policies, you are able to better reach compliance with such directives as:

– HIPPA

– SAFE

– EU Directive 2004/9/CE

– Swiss Data Protection Law

• And others


Foreseen Swiss Model

Identification Standard Standard CertificateCertificate

IdentificationAuthenticationNon-Repudiation

Advanced Advanced CertificateCertificate


Contact us

8, Tzar Ivan Shishman st.

1000 Sofia, Bulgaria

Tel. +359 2 9888 103

Fax: +359 2 9816 999

www.wisekey.com

email: [email protected]

the world internet security company id management in e-health february 2007

Documents

weak security slide

eidentity slide

wisekey company

ehealth world wrongful

ehealth sector slide

data integrity

selfinsured employer

patient secrecy