Record Level Data Security; storage plus fixed and mobile transmission

Technical (archive)
1

Security begins at the data storage level. Unless it can be protected at
this level more sophisticated techniques applied to transmission and content
will not be as effective as desired.

Three common approaches are:
1)Data security
2)Data management and
3)Access to storage media-resident data, e.g., somebody's disk drive

These can occur long before access security is needed in a Healthcare
environment, but are also appropriate for data storage and access within a
Healthcare environment.

DATA SECURITY
Good example is the CDSA project gratis from Intel:

http://www.intel.com/labs/archive/cdsa.htm
http://www.opengroup.org/security/l2-cdsa.htm

which relieves upon:
1)digital certificates and
2)portable digital tokens

Neat stuff since already the Healthcare Computer System Administrator has
capable security tools. The Secure Data Store Admin should have these
available as well. Target systems include Windows and Linux and security
adaptability is supported.

Fixed data transmission environment have multiple techniques for securing
data during transmission, e.g., SSL, HTTPS and these work well between fixed
Healthcare environments, e.g., Hospital-Clinic.

Mobile applications are crucial. Mobile Healthcare applications are not
exempt from data security requirements. Data transmission security
mechanisms for fixed environments do not work well in mobile environments
and hence new techniques have been developed.

The following link covers Java in a mobile environment:

http://www.javaworld.com/javaworld/jw-12-2002/jw-1220-wireless.html

Presuming that the data is now available at a Healthcare environment the
following may apply:
1)data storage, management, handling and transmission can be similar to that
described previously
2)Healthcare-specific systems (e.g., GNUmed:
http://www.gnumed.org/development/home.html and OpenEHR) can be interfaced
to the data obtained from external sources
3)Bi-directional record translations are possible (may be required)
4)Data security and privacy issues remain

COMMENTS
1)A single Healthcare facility complete with a familiar set of EHR/EPR
software, process, procedures, techniques and trained personnel may
represent a single intelligent node existing in a 'fabric' containing
Patients, related services, non-conforming practitioners and other similarly
intelligent node.
2)The intelligent nodes are not likely to be exact copies.
3)The processes, procedures, technologies, etc that have been used to
interface perhaps dissimilar intelligent nodes in other environments apply
4)Content is important to a Practitioner where it is "relevant"/"germane"
5)The goal is to provide the Practitioner with "relevant"/"germane"
information and nothing else

SUGGESTIONS
1)Develop a secure data storage, management, handling, transmission system
that delivers secured data to a systems available to a Practitioner
2)Develop applications that perform similar activities within a Healthcare
environment
3)Develop security applications that will access. manage, handle and filter
the data for the practitioner. exercising control over disposition, e.g.,
spawning copies/partial copies/forwarding/audits/time-limit functions,
communicating with external users, etc.
4)Add new facility-unique security that will precisely identify content,
e.g., digital watermarks.
5)Handle redundant data and secure data destruction.
6)Security plug-ins for practitioner- and facility-specific data security

Lots of stuff available!

-Thomas Clark

2

You leave out completely the legal, social control and organisational
aspects.
Technology isn't a silver bullet.

Gerard

-- <private> --
Gerard Freriks, arts
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

+31 252 544896
+31 654 792800

3

Hi Gerard,

Record Level Data Security has little to do with legal, social control and
organizational aspects.

I agree that these are important, and in many cases more important, than
record level data security. They are more complex issues that are dependent
upon factors varying from culture to informal/private business arrangements.
To be complete others would have to be added.

The approach taken was to start at a level where secure global electronic
data interchange of healthcare records is possible, a possible model being
the "Association For Payment Clearing Services".

http://www.apacs.org.uk/downloads/List%20of%20Standards5.pdf

The perceived need is secure, standard record formats so that information
can be accessed even though it was created under a system using a different
record format. The goal is access to all "relevant"/"germane" information.
Hence, interchangeability is crucial.

I admit that 'legal, social control and organizational' issues are much
harder to solve which is why, in the short term, I am staying away from
them.

-Thomas Clark

4

Dear Thomas,

At OpenEHR there is an emphasis on the exchange of documents but also on
storage of objects in systems.

What you are referring to is the first topic (messages).

Gerard

Hi Gerard,

Record Level Data Security has little to do with legal, social control and
organizational aspects.

I agree that these are important, and in many cases more important, than
record level data security. They are more complex issues that are dependent
upon factors varying from culture to informal/private business arrangements.
To be complete others would have to be added.

The approach taken was to start at a level where secure global electronic
data interchange of healthcare records is possible, a possible model being
the "Association For Payment Clearing Services".

http://www.apacs.org.uk/downloads/List%20of%20Standards5.pdf

The perceived need is secure, standard record formats so that information
can be accessed even though it was created under a system using a different
record format.

-Thomas Clark

From: "Gerard Freriks" <gfrer@luna.nl>
To: <lakewood@copper.net>; <openehr-technical@openehr.org>
Sent: Saturday, May 03, 2003 2:40 AM
Subject: Re: Record Level Data Security; storage plus fixed and
mobiletransmission

Security begins at the data storage level. Unless it can be protected at
this level more sophisticated techniques applied to transmission and

content

will not be as effective as desired.

Three common approaches are:
1)Data security
2)Data management and
3)Access to storage media-resident data, e.g., somebody's disk drive

You leave out completely the legal, social control and organisational
aspects.
Technology isn't a silver bullet.

Gerard

-- <private> --
Gerard Freriks, arts
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

+31 252 544896
+31 654 792800

-- <private> --
Gerard Freriks, arts
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

+31 252 544896
+31 654 792800

5

Hi Gerard,

There has to be medical/Patient/healthcare records and related documents but
they must be linked.
Storage must be provided for the above, permanent, temporary and
intermediary (e.g., dialog
between practitioners). Event-based entries into medical/Patient/healthcare
records would be
structured and most likely result in modifications of permanent records.

'related documents' may become part of a permanent record, e.g., commentary
on the
Patient (object). They may, however, contain information transitory
information useless in a
permanent healthcare record, e.g., scheduling, but significant during a
course of treatment.

There is another type of information related to administrative activities
that would be attached to
the permanent record. Billing, insurance, etc has to be accommodated. This
would be little interest
to practitioners and can reside in a separate database (e.g., relational).
Must be linked.

Both the medical/Patient/healthcare records and documents are subject to the
same security
requirements and both can be transmitted using the same network services.
For example,
both can be served from a secure, XML-based application server.

The secure transmission of a 'record' can be discussed separately from the
content of other
records that are encapsulated within it. The naming might be confusing here.
The 'record'
is likely to be a sequence of 'blocks' of information of whatever structure
and format,
e.g., FibreChannel protocol (frame-based transmission of blocks of
information).

Looking at the content of the information received that structure could
include healthcare
records of any defined type. An advantage of this approach is the simplicity
of appending
additional record-based information to the end of the received file.

Two disadvantages:
1)it has to be stored someplace
2)multiple users would require additional structure and processing to keep
things in order

Neither of these are major.

To this point it is mechanistic and transparent to a Practitioner. One
should be able to
access the received data and all additions. Whether the Practitioner can
edit the appended
data is a separate issue.

This 'interface' can be common; beyond this things get more involved since
other factors
are operative.

> Record Level Data Security has little to do with legal, social control

and

> organizational aspects

These aspects change things. Everything from a facility security policy to
what the
staff does regarding record operations can change between facilities.
Importantly
different facilities can interact uniquely with the information available
for inclusion
and modification. Related problems have to be resolved between
Practitioners,
legal jurisdictions and human organizations.

Apart and separate from the records-based issues, there can be a significant
need for systems that support communications between practitioners, e.g.,
secure Chat and document transmission. Something of value arising from this
type communication could be included in the permanent record by a
practitioner.

Solving the 'social control and organizational' problems will take
considerably
more time and is likely to require continual attention thereafter.

-Thomas Clark