Experiences Deploying a Secure, Multi-enterprise ... · Experiences Deploying a Secure,...
Transcript of Experiences Deploying a Secure, Multi-enterprise ... · Experiences Deploying a Secure,...
University of New Mexico
Experiences Deploying a Secure, Multi-enterprise Distributed Medical Records System for
Medical Surveillance
David W. ForslundJames E. GeorgeDouglas Wokoun
Los Alamos National LaboratoryDOCSEC
April 8, 2003
University of New Mexico
Outline
• Why are we doing this?• What is it?• How does it work?• What has worked well and what hasn’t?• Where are we going?
University of New Mexico
BDI: Integrated capability to detect, mitigate and respond to biological-related incidents
• Early detection and characterization of biological-related incidents– Application to urban areas, other high-value assets, and special
events– Reduce casualties– Minimize disruption to infrastructures– Support other consequence management efforts
• Assist the Metropolitan Medical Response System– To identify populations at risk– To support their treatment of the symptomatic population– To protect the environment
• Support the Departments of Justice and Health & Human Services as they work with state and local governments
University of New Mexico
Biological Defense requires a full spectrumof technologies
Buildings
Urban
Ports &Airports
Food Water Supply
Roads &
Transp
ort
Electric
PowerWarning
Interdiction
Detection
Treatment andConsequence Management
Attribution
PharmaceuticalsTelecom
Response
University of New Mexico
A layered defense is essential for effective protection against biological terrorism
University of New Mexico
Near-term capability is achievable byintegrating existing systems
Hazardous Material Identification
Symptomatic Reporting
Medical Diagnostics
Point Detection
Portal Shield Point Detector
University of New Mexico
B-SAFER System (Bio-Surveillance Analysis Feedback Evaluation and Response)
System RequirementsMonitor & Analyze Information from
7 of 8 Albuquerque Emergency DepartmentsClinical laboratories& Non-Traditional Sources, e.g. Drug Information Calls, Ambulance Services
Data is stored/analyzed as de-identified patient data at a central server
System is HIPAA (Personal Privacy) CompliantCDC-NEDSS Compliant
Recognizes anomalies, either naturally occurring or caused by human interventionIs now incorporating projection capability to project potential outcomes of an outbreak and the potential benefit of intervention techniques
University of New Mexico
B-SAFER Data Inputs Into The Medical Information Server
Lab RequestsLab Requests
Emergency DepartmentEmergency Department
Kaseman
St. Joseph-NE Heights
VAMC
UNMH
Presbyterian
St. Joseph
St. Joseph-West Mesa
MIS
B-SAFER B-SAFER
AlbuquerqueAmbulance
Service
AlbuquerqueAmbulance
Service
ED T-ChartsED T-Charts
ED LogsED Logs
OMIOMIDrug
InformationDrug
Information
EMSystemHospital diversion/bed utilization data
EMSystemHospital diversion/bed utilization data
University of New Mexico
Data FlowData FlowData entry or transfer w/in originating institution – 6-36 hrs
Data SourceData Source
ID EncryptionID Encryptionand Storageand Storage
Data exportCentral Medical Central Medical
Information ServerInformation Server
DisplaysDisplays
Dept of Health Dept of Health
Analysis
Evaluation
PHI PHI removalremoval
Test bed Test bed Operations CenterOperations Center
University of New Mexico
Kaseman
Sandia HC -NE Heights
VAMC
UNMH
Presbyterian
Sandia HC
Sandia HC-West Mesa Hospital Locations for
Albuquerque Testbed
University of New Mexico
B-SAFER System Diagram
B-SAFERServer
(JSP/Servlet)Web App
Firewall(Firewall?) B-SAFER
AuthenticatedSSL (CORBA)
EncryptedID
Https
LANL filtersFor specified events
DMZ
EncryptedID
WALDO
Hospital
BSAFER DataEntry through Browser
Web ServerAnalysis Results
LANL PersonIdentification
HL7 Datafile Green ovals are Java apps
University of New Mexico
How does it work?
• Security is the number one issue!• Central server for the City of ABQ behind firewall• CORBA clients at each data source site behind
each facility’s firewall• Use OMG standard components for a distributed
medical record– Data translation occurs at each facility to OMG’s
COAS specification– Person Identifiers stored at each site with encrypted
identifier sent to central server
University of New Mexico
How does it work?
• Can’t use usual VPN because each enterprise has something different and different firewall rules
• Use SSL encryption over the Internet with supplied certificates using negotiated outbound ports in each firewall.
• Use Xtradyne’s Domain Boundary Controller (DBC) to handle CORBA firewall penetration
University of New Mexico
The Good
• Heterogeneous data models are well-handled by COAS– Each hospital is a little different– We use translate from XML, SQL, CSV, HL7, …
• CORBA works well in this loosely-coupled environment– We didn’t use Web Services because
• Not supported at any facility• No functional standards as there is for CORBA• Security wasn’t as mature• Mature CORBA solution already exists.
• All code available as open source at http://OpenEMed.org
University of New Mexico
The Good
• Component model has advantages over simple ad-hoc socket communication used in other surveillance systems– Well-defined medical context for information
transmitted– Flexible deployment at each institution– Enables dynamic de-duplication of data to avoid false
counting– Easy to link to original medical record at each facility
for follow up– Easier to achieve HIPAA and IRB approval
• Heterogeneous platform deployment was easy
University of New Mexico
The Difficult
• Management difficult because of systems behind firewalls and heterogeneous VPN connectivity
• Wasn’t able to use CSIv2 through the firewalls due to limitations of commercial products so we couldn’t identify individual users sending data from their credentials
• Hope to have CSIv2 working shortly.
University of New Mexico
The Future
• Continue to collect data and analyze with the help of a NM state epidemiologist
• Transition to a testbed for a variety of surveillance systems
• Evaluate more completely the sensitivity, selectivity and accuracy of medical surveillance systems within a common framework.