TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford...
-
date post
19-Dec-2015 -
Category
Documents
-
view
220 -
download
0
Transcript of TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford...
![Page 1: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/1.jpg)
TRUST Retreat, October 8-9, 2006
EMR Project
Vanderbilt (Sztipanovits, Karsai, Xue)
Stanford (Mitchell, Datta, Barth, Sundaram)
Berkeley (Bajcsy, Sastry)
Cornell (Wicker, Gerkhe, Machanavajjhala)
![Page 2: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/2.jpg)
2
Preamble
EMR is an integrative project for motivating, testing, evaluating core TRUST research areas in:
– Model-based design for security– Formal modeling, verifying and enforcing policies– Sensor networks – Investigate “best practices” for interfacing public policy to
technology We are fully aware of the fact that EMR is a huge area
of research and EMR-TRUST is just one relatively small subproject in TRUST. We leverage our partnership with the Vanderbilt Medical Center to have a broader impact.
One related effort in the US is Microsoft’s Software Factory for HL7 compliant EMR transfer among providers.
![Page 3: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/3.jpg)
3
The Problem
Rise in mature population– Population of age 65 and older with – Medicare was 35 million for 2003 and – 35.4 million for 2004
New types of technology– Electronic Patient Records– Telemedicine– Remote Patient Monitoring
Empower patients: – Access to own medical records– Control the information – Monitor access to medical data
Regulatory compliance
Table compiled by the U.S. Administration on
Aging based on data from the U.S. Census Bureau.
United Nations ▪ “Population Aging ▪ 2002”
2050
Percentage of Population over 60 years oldGlobal Average = 21%
![Page 4: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/4.jpg)
4
Challenges
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
– HIPAA Privacy Rule (2003): gives US citizens Right to access their medical records Right to request amendments, accounting of disclosures, etc.
– HIPAA Security Rule (2005): requires healthcare organizations to
Protect for person-identifiable health data that is in electronic format
Complexity of privacy– Variable levels of sensitivity; “sensitive” in the eye of multiple
beholders– No bright line between person-identifiable and “anonymous”
data Complexity of access rights and policies
– Simple role-based access control is insufficient– Governing principles: “need-to-know” and “minimum
disclosure”
![Page 5: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/5.jpg)
5
Research Platform: Patient Portal
MyHealthAtVanderbilt is a web portal for an increasing number of services for patients.
Current capabilities include – appointment management, – secure messaging, – access to EMR and– billing
Future services will/may include medication management,patient data uploads, real-time datalinks and others..
![Page 6: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/6.jpg)
6
Overall Research Objective
Satisfying high-level requirements stated for– privacy, confidentiality,– integrity,– non-repudiation and– access control
properties of information flows in the PP system.
Focus on system architecture and policy issues - leveraging existing security technology components.
![Page 7: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/7.jpg)
7
TRUST Research Effort in EMR
Architecture modeling and analysis Policy modeling and analysis Interfacing real-time patient data
![Page 8: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/8.jpg)
8
Architecture Modeling and Analysis Sub-Project
Architecture analysis is conducted based on the SOA architecture framework – natural fit to the problem and to the existing implementation of MyHealthAtVanderbilt
In SOA– Workflow modeling– Policy modeling– Data modeling– Service modeling
is used to restrict and automate information flow in complex, dynamic environment.
![Page 9: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/9.jpg)
9
Research Approach
• System Analysis• Risks and Threats Analysis • Policy Analysis
Domain analysis• VU Medical School• TRUST research groups (Vanderbilt, Stanford)
• Domain Specific Modeling Languages• Domain Specific Policy Languages• Privacy preservation
Modeling• VU Medical School• TRUST research groups (Vanderbilt, Stanford, Cornell)
• Mapping to target architecture -> recommendations
Fast prototyping• BPEL4WS tools• TRUST research groups (Vanderbilt, Stanford, Berkeley)
![Page 10: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/10.jpg)
10
Domain Analysis
Regular meetings with Medical School– Physicians– Medical Informatics Researchers– Software engineering staff– Privacy Officer– Information Security Officer
Architecture and policy discussions Case studies Brain storming sessions
![Page 11: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/11.jpg)
11
“Target” Architecture for Experimentation
Internal Policy Enforcement Point
S1 S2 Sn
BPEL Process Manager
External Policy Enforcement Point
PolicyRepos.
PolicyDecision Pt.
PolicyDecision Pt.
ConfigurationEngine
Partners Standards:
• BPEL• XACML• SAML• WS-Sec• …
Target ArchitectureLimitations:
• Modeling lngs?• Policy lngs?• Openness of architecture?• Tractability of analysis?
![Page 12: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/12.jpg)
12
Modeling For Patient Portal
Workflow Models• Activities• Coordination
Service Models• Component Interface • Data Models
Policy Models• Access models• Privacy models
ModelTransformation
ModelTransformation
ModelTransformation
BPEL Process Manager PolicyRepos.
BPEL Infrastructure
PP Domain
Research Tasks: • Specification of modeling/policy languages
• Model analysis/verification methods
• Model translator specification
• Case studies
Modeling Tools
Analysis Tools
Model Translators
Technology infrastructure:
WSDLBPEL4WS XACML
![Page 13: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/13.jpg)
13
Modeling Challenges
Development of ”correct” abstractions– How to establish clear relationship among
workflow, data and policy related abstractions?
Examples:“ A patient is allowed to make appointment only for regular hours.”
“ Physicians can access and modify medical records for those patients where they are the designated primary care physician.”
“ A nurse can read medical records only in her specialization except when the illness is marked confidential.”
Research approach:
Formal specification, experimental evaluation and evolution of modeling languages.
![Page 14: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/14.jpg)
14
Modeling Tool
![Page 15: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/15.jpg)
15
Architecture Challenges
Privacy/security in open, dynamic architectures– Workflows are added and modified in the system. – Structure of information flows are dynamic, data
dependent and complex. How can we guarantee and maintain privacy/security
properties? Example:A new service added to the PP to provide relevant information
for patients. Are there privacy leaks?
Research approach:Data mining of audit files and discovering leaks, not-
modeled information flows.
![Page 16: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/16.jpg)
16
Deliverables
Suite of modeling languages and tools In-depth modeling of part of the PP and
detailed analysis of security and privacy properties
Integration with Policy Languages component Exploring privacy issues related to the
research project (e.g. privacy leaks through access to audit logs.)
![Page 17: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/17.jpg)
17
Policy Modeling Subproject
Privacy and Utility in Patient Portals
Adam Barth*John C. Mitchell*
Anupam Datta*Sharada Sundaram*+
*+
Stanford UniversityTCS
![Page 18: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/18.jpg)
18
Interfacing Real-time Patient Data
(See Professor Bajcsy’s Talk)
![Page 19: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/19.jpg)
19
Impact and technology transfer
Direct connection to a major Patient Portalresearch and deployment project
Results can be generalized to a wide range of SOA applications
MyHealthAtVanderbilt; ….
![Page 20: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/20.jpg)
20
How is TRUST making a difference here?
Vanderbilt, Stanford, Berkeley, Cornell This project would be impossible without
TRUST in every sense
![Page 21: TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)](https://reader035.fdocuments.us/reader035/viewer/2022062313/56649d2b5503460f949ffdcd/html5/thumbnails/21.jpg)
21
Education and Outreach
Immediate result of the unprecedented collaboration with the Medical School are:- consideration of a CS pre-med - joint projects- co-advising students- “TRUST Fellowship” for medical informatics Ph.D.
candidates