the world internet security company id management in e-health february 2007
TRANSCRIPT
The World Internet Security Company
ID Management in e-HealthID Management in e-Health
February 2007
The World Internet Security Company
About WISeKey
• Company founded in 1999• Privately held• Headquarters in Geneva, Switzerland• Trust services hosted in our highly secure
datacenters• Affiliates around the world, including Bulgaria for
Eastern Europe• Solutions deployed in over 20 countries• Strong technological alliances in the e-Health sector
The World Internet Security Company
Recent Misuses of Patient Health Information
• Banker collects On Cancer Patients’ Mortgages
• Hospital Employee Sells Country Singer’s Medical Records for $2610
• Psychological records of 62 children accidentally posted on website
• Physician’s Laptop with patient medical histories stolen
• health.org exposes customer names, addresses, phone numbers & email addresses on web
• Washington DC Hospital Fined $25,000
• Sick employee fired by self-insured employer
The World Internet Security Company
Risks in the e-Health World
• Wrongful access to patient or medical information
• Theft of physicians laptops and data• Posting of confidential data on rogue
websites• Breach of “doctor-patient” secrecy through
the interception of electronic communications• Failure to comply with regulations due to
weak security
The World Internet Security Company
What is Identity for eHealth?
• People– Employees– Patients– Partners– Suppliers
• Material– Computers– Medical Supplies– Drugs– Surgical Equipment
The World Internet Security Company
Identity and healthcare
• Regulations mandate “protection” of patient health information
• Protection defined (technical security services) Access control – what you can access Audit control – what you have accessed Authorization control – what you can do once you access Data integrity – ensuring data is intact Entity authentication - proving your identity
• Once again, it all comes back to Identity
The World Internet Security Company
Core PKI Services essential
assurance to an entity that data has not been altered between “there” and “here” or between “then” and “now”
assurance to an entity that data has not been altered between “there” and “here” or between “then” and “now”
assurance to an entity that no one can read a particular piece of data except the
intended receiver
assurance to an entity that no one can read a particular piece of data except the
intended receiver
assurance to one entity that another entity is who he, she, or it claims to beassurance to one entity that another
entity is who he, she, or it claims to be
a public key infrastructure (PKI) is an arrangement that provides for trusted third partys vouching for user identities
IntegrityIntegrity
ConfidentialityConfidentiality
AuthenticationAuthentication
The World Internet Security Company
Use of Trusted Certificates
Data Encryption
Intranet/ExtranetAccess Management
Mobile Data Encryption
Digital Identity
Digital Signature
Email encryptionAnd signatureAccess Control
User management
The World Internet Security Company
Strong Application Authentication
Web Based PortalWeb Based PortalPatientPatient
Encrypted
HTTPS Tunnel
Encrypted
HTTPS Tunnel
Through the use of a WISeKey Trusted
Certificate incorporated on a
smart-card/token, the patient is able to
authenticate himself in safer and
“stronger” ways in order to access web-
based portals
Through the use of a WISeKey Trusted
Certificate incorporated on a
smart-card/token, the patient is able to
authenticate himself in safer and
“stronger” ways in order to access web-
based portals
“Secure Zone”“Secure Zone”www.ehealth.bgwww.ehealth.bg Electronic Patient RecordsElectronic Patient Records
E-Prescriptions
Data Repository
E-Prescriptions
Data Repository
Health Insurance Service Health Insurance Service
Custom Hospital ApplicationCustom Hospital Application
The World Internet Security Company
Secure Communications
• Data Encryption and digital signature of e-mails with WISeKey Certificates
• Assurance of the Authenticity of the Sender and the integrity of the message
• “The right people see the right information”
DoctorsDoctorsHealth InsurancesHealth Insurances
GovernmentGovernment HospitalsHospitals
The World Internet Security Company
Guaranteed Data Integrity
Patient sends Data XYZPatient sends Data XYZ Doctor receives Data XYZDoctor receives Data XYZ
Internet/ExtranetInternet/Extranet
• By using WISeKey solutions, we are able to guarantee the integrity of data
sent between two parties. This is crucial when exchanging data in such
instances as e-Prescriptions.
• Prevents “man in the middle” attacks
• By using WISeKey solutions, we are able to guarantee the integrity of data
sent between two parties. This is crucial when exchanging data in such
instances as e-Prescriptions.
• Prevents “man in the middle” attacks
“Safe Zone”“Safe Zone”
The World Internet Security Company
Digital Form Signing
Non-compliant Digital FormsNon-compliant Digital Forms Digital Signature using a
WISeKey Certificate
Digital Signature using a
WISeKey Certificate
Compliant FormCompliant Form
• Digital Signatures permit the legal endorsement of such documents as
electronic patient records, lab orders, prescriptions and requisitions thus
helping compliance with different EU and country based directives.
• Digital Signatures permit the legal endorsement of such documents as
electronic patient records, lab orders, prescriptions and requisitions thus
helping compliance with different EU and country based directives.
The World Internet Security Company
Regulatory compliance
• By combining WISeKey’s technologies with secure infrastructures and
policies, you are able to better reach compliance with such directives as:
– HIPPA
– SAFE
– EU Directive 2004/9/CE
– Swiss Data Protection Law
• And others
• By combining WISeKey’s technologies with secure infrastructures and
policies, you are able to better reach compliance with such directives as:
– HIPPA
– SAFE
– EU Directive 2004/9/CE
– Swiss Data Protection Law
• And others
The World Internet Security Company
Foreseen Swiss Model
Identification Standard Standard CertificateCertificate
IdentificationAuthenticationNon-Repudiation
Advanced Advanced CertificateCertificate
The World Internet Security Company
Contact us
8, Tzar Ivan Shishman st.
1000 Sofia, Bulgaria
Tel. +359 2 9888 103
Fax: +359 2 9816 999
www.wisekey.com
email: [email protected]