IHE SecurityIHE SecurityXDS as a case studyXDS as a case study

John MoehrkeJohn Moehrke

GE HealthcareGE Healthcare

IHE ITI Technical Committee MemberIHE ITI Technical Committee Member

HITSP Co-Chair - Security Privacy and Infrastructure CommitteeHITSP Co-Chair - Security Privacy and Infrastructure Committee

July 15, 2008July 15, 2008

2

AgendaAgenda

Who is IHEWho is IHE

Overall Security ModelOverall Security Model

Deep diveDeep dive

GapsGaps

Conclusion Conclusion

3

What Is IHE?What Is IHE?

IHE is a IHE is a collaborative responsecollaborative response to healthcare IT to healthcare IT market requirements for system integration.market requirements for system integration.

Develop standards-based implementation specifications Develop standards-based implementation specifications called called profilesprofiles..

• Useful subsets of one or more standardsUseful subsets of one or more standards• Tested at Tested at ConnectathonsConnectathons• Demonstrated at Demonstrated at HIMSS, RSNAHIMSS, RSNA, and , and ACCACC shows shows

Correct known integration problems.Correct known integration problems.• Intra-enterprise and multi-enterprise scopeIntra-enterprise and multi-enterprise scope

Satisfy emerging market needs & prevent new problems.Satisfy emerging market needs & prevent new problems.• EHR & government drivenEHR & government driven• Regional and national scopeRegional and national scope

Build Build trust, collegiality, effectiveness trust, collegiality, effectiveness amongamong v vendors, endors, providers, and other stakeholders.providers, and other stakeholders.

4

What is a RHIO?What is a RHIO?HIMSS: RHIO – A Regional Health Information HIMSS: RHIO – A Regional Health Information Organization (RHIO) is a multi-stakeholder Organization (RHIO) is a multi-stakeholder organization that enables the exchange and use of organization that enables the exchange and use of health information, in a secure manner, for the health information, in a secure manner, for the purpose of promoting the improvement of health purpose of promoting the improvement of health quality, safety and efficiency. quality, safety and efficiency.

Competing enterprisesCompeting enterprises

Longitudinal view of the patient’s health historyLongitudinal view of the patient’s health history

Protect Privacy Protect Privacy

Providing better care to patientsProviding better care to patients

Promoting Safety and QualityPromoting Safety and Quality

Aka: SNO, HIN, HIE,

IHE: Affinity Domain

5

Affinity Domain -- PoliciesAffinity Domain -- Policies

International Policies

Country-Specific Policies

Horizontal Industry Policies

Enterprise Policies

IHE – leverages/profiles

OECD GuidelinesOn Transborder

Flows

US-HIPAAEU-EC95/46

JP-Act 57 - 2003

Medical ProfessionalSocieties

Backup &Recovery

Examples

6

RHIO: Document basedRHIO: Document based

Persistence, Persistence, Captures the conclusion / summary of an episodeCaptures the conclusion / summary of an episode

Stewardship, Stewardship, Long term maintenance (patients life 100+ years)Long term maintenance (patients life 100+ years)

Potential for Authentication, andPotential for Authentication, and Which Doctor’s conclusion or opinion Which Doctor’s conclusion or opinion What predicate data or knowledgeWhat predicate data or knowledge

Wholeness. Wholeness. Integrity, completeness, inclusive, Integrity, completeness, inclusive,

7

XDS Security Use CasesXDS Security Use CasesPrevent Indiscriminate attacks (worms, DOS)Prevent Indiscriminate attacks (worms, DOS)

Normal Patient that accepts XDS participationNormal Patient that accepts XDS participation

Patient asks for Accounting of DisclosuresPatient asks for Accounting of Disclosures

Protect against malicious neighbor doctorProtect against malicious neighbor doctor

Patient that retracts consent to publishPatient that retracts consent to publish

Provider PrivacyProvider Privacy

Malicious Data MiningMalicious Data Mining

Access to Emergency data setAccess to Emergency data set

VIP (movie star, sports figure)VIP (movie star, sports figure)

Domestic violence victimDomestic violence victim

Daughter with sensitive tests hidden from ParentDaughter with sensitive tests hidden from Parent

Sensitive topics: mental health, sexual healthSensitive topics: mental health, sexual health

Legal Guardian (cooperative)Legal Guardian (cooperative)

Care-Giver (assists w/ care)Care-Giver (assists w/ care)

8

Entries accessible toadministrative staff

Entries accessible toclinical in emergency

Entries accessible todirect care teams

Entries restricted toprison health service

Entries restricted tosexual health teamPrivate entries

shared with GP

Private entriesshared with severalnamed parties

Document AccessibilityDocument Accessibility

Source: Dipak Kalra & prEN 13606-4

9

RBAC tableRBAC table

SensitivityFunctional Role

Billin

g In

form

ation

Ad

min

istrativ

e In

form

ation

Die

tary Re

strictio

ns

Ge

ne

ral Clin

ica

l Info

rma

tion

Se

ns

itive C

linic

al In

form

atio

n

Re

sea

rch

Info

rmatio

n

Me

diate

d b

yD

irec

t Care

Pro

vide

r

Administrative Staff X X          

Dietary Staff   X X        

General Care Provider   X X X      

Direct Care Provider   X X X X   X

Emergency Care Provider   X X X X   X

Researcher           X  

Patient or Legal Representative X X X X X    

10

Document AccessibilityDocument AccessibilityInside Ent In HIE

Privacy ControlsPrivacy Controls

12

Basic Patient Privacy ConsentsBasic Patient Privacy ConsentsAbstractAbstract

The Basic Patient Privacy Consents The Basic Patient Privacy Consents (BPPC) profile provide mechanisms to:(BPPC) profile provide mechanisms to: Record the patient privacy consent(s), Record the patient privacy consent(s), Mark documents published to XDS with the choice Mark documents published to XDS with the choice

of patient privacy consent that was used to of patient privacy consent that was used to authorize the publication, authorize the publication,

Enforce the privacy consent appropriate to the Enforce the privacy consent appropriate to the use.use.

Builds upon the ATNA security infrastructureBuilds upon the ATNA security infrastructure

13

Basic Patient Privacy ConsentsBasic Patient Privacy ConsentsValue PropositionValue Proposition

an Affinity Domain can an Affinity Domain can develop privacy policies, develop privacy policies, and implement them with role-based or other and implement them with role-based or other

access control mechanisms supported by access control mechanisms supported by edge/EHR systems.edge/EHR systems.

A patient canA patient can Be made aware of an institution privacy policies. Be made aware of an institution privacy policies. Have an opportunity to selectively control access Have an opportunity to selectively control access

to their healthcare information.to their healthcare information.

14

Basic Patient Privacy ConsentsBasic Patient Privacy ConsentsStandards and Profiles UsedStandards and Profiles Used

Key PropertiesKey Properties Human Readable ConsentsHuman Readable Consents Machine ProcessableMachine Processable Support for standards-based Role-Based Access ControlSupport for standards-based Role-Based Access Control

StandardsStandards CDA Release 2.0CDA Release 2.0 XDS Scanned DocumentsXDS Scanned Documents Document Digital SignatureDocument Digital Signature Cross Enterprise Document Sharing (XDS.a, XDS.b, XDR, Cross Enterprise Document Sharing (XDS.a, XDS.b, XDR,

and XDM)and XDM)

15

RBAC with Basic ConsentRBAC with Basic Consent

16

Basic Consent on an episode basisBasic Consent on an episode basis

17

Basic Consent – Extended to HIEBasic Consent – Extended to HIE

18

Basic Consent – Publication controlsBasic Consent – Publication controls

19

Document Level controlsDocument Level controls‘confidentialityCode’‘confidentialityCode’

Must get explicit per-use consent

Security ControlsSecurity Controls

21

Community Clinic

Lab Info. System

PACS

Teaching Hospital

PACS

ED Application

EHR System

Physician Office

EHR System

XDS Scenario + use of ATNA & CTXDS Scenario + use of ATNA & CT

PMS

Retrieve DocumentRetrieve Document

Register DocumentRegister DocumentQuery DocumentQuery Document

XDS Document Registry

ATNA Audit record repository CT Time server

Record AuditRecord AuditEventEvent

MaintainMaintainTimeTime

MaintainMaintainTimeTimeRecord AuditRecord Audit

EventEvent

Maintain TimeMaintain TimeProvide & Register Docs

Record AuditRecord AuditEventEvent

XDS Document Repository

XDSDocumen

t Reposito

rySecured MessagingSecured Messaging

22

Community Clinic

Lab Info. System

PACS

Teaching Hospital

PACS

ED Application

EHR System

Physician Office

EHR System

ATNA Security Model(1)ATNA Security Model(1)

PMS

XDS Document Registry

Provide & Register Docs

XDS Document Repository

XDSDocumen

t Reposito

ry

Secured NodeSecured Node

Secured NodeSecured NodeSecured NodeSecured Node

Secured NodeSecured Node

XDS Document Repository

Dual Authenticated LinksDual Authenticated Links

23RHIO boundary

Community Clinic

Lab Info. System

PACS

Teaching Hospital

PACS

ED Application

EHR System

Physician Office

EHR System

IHE RHIO SolutionIHE RHIO Solution

PMS

Retrieve DocumentRetrieve Document

Register DocumentRegister DocumentQuery DocumentQuery Document

XDS Document Registry

ATNA Audit ATNA Audit record repositoryrecord repository CT Time serverCT Time server

Provide & Register Docs

XDS Document Repository

XDSDocumen

t Reposito

ry

ATNA Audit ATNA Audit record repositoryrecord repository

State run RHIO

ATNA Audit ATNA Audit record repositoryrecord repository

PatientIDX-ref

24

Security ModelsSecurity Models

Risk AssessmentRisk Assessment Asset is the information in Registry & all RepositoriesAsset is the information in Registry & all Repositories Confidentiality, Integrity, and AvailabilityConfidentiality, Integrity, and Availability Patient Safety overrides privacy (most of the time)Patient Safety overrides privacy (most of the time)

AccountabilityAccountability Access Control model -- PreventionAccess Control model -- Prevention Audit Control model -- ReactionAudit Control model -- Reaction

Policy EnforcementPolicy Enforcement Mutually agree to enforce Policies Mutually agree to enforce Policies Enforcement of policies centrallyEnforcement of policies centrally

25

RHIO Domain PolicyRHIO Domain PolicyXDS Affinity Domain Definition Checklist XDS Affinity Domain Definition Checklist See See Template for XDS Affinity Domain Deployment Planning Template for XDS Affinity Domain Deployment Planning

IHE gives no direction on the content of this Policy IHE gives no direction on the content of this Policy E.g. Patient allows general purpose healthcare information E.g. Patient allows general purpose healthcare information

to be submitted, sensitive data will not be published. Only to be submitted, sensitive data will not be published. Only Healthcare Providers that are a member of that patients Healthcare Providers that are a member of that patients direct care team will be given access. direct care team will be given access.

Policy must be enforceable by all the systems in Policy must be enforceable by all the systems in the RHIO Domainthe RHIO Domain EHR RBAC capabilities must be consideredEHR RBAC capabilities must be considered PHR portal must be able to enforce restrictionsPHR portal must be able to enforce restrictions Registry / Repositories must only talk to authorized systemsRegistry / Repositories must only talk to authorized systems

26

IHE-XDS Infrastructure ComponentsIHE-XDS Infrastructure ComponentsDocument Registry (XDS)Document Registry (XDS) – – Queryable index of metadata and references to all Queryable index of metadata and references to all documents shared within a connected community (XDS Affinity Domain)documents shared within a connected community (XDS Affinity Domain)

Document Repository (XDS)Document Repository (XDS) – – Supports storage and retrieval of clinical Supports storage and retrieval of clinical information (as documents). May be centralized or distributed.information (as documents). May be centralized or distributed.

Patient Identifier Cross Reference Manager (PIX)Patient Identifier Cross Reference Manager (PIX) – – Reconciles information on Reconciles information on patients from multiple domains to a single, cross referenced set of IDs for each given patients from multiple domains to a single, cross referenced set of IDs for each given patient.patient.

Patient Demographics Supplier (PDQ)Patient Demographics Supplier (PDQ) – – Returns demographic information and Returns demographic information and identifiers for patients based on specified demographic criteria. identifiers for patients based on specified demographic criteria.

Audit Record Repository (ATNA)Audit Record Repository (ATNA) – – Receive audit records from other actors and Receive audit records from other actors and securely store for audit purposes. ATNA also authenticates peer-nodes and encrypt securely store for audit purposes. ATNA also authenticates peer-nodes and encrypt communications.communications.

Cross Enterprise User Assertion (XUA)Cross Enterprise User Assertion (XUA) – Mechanism for User Identity federation – Mechanism for User Identity federation

Basic Patient Privacy Consents (BPPC)Basic Patient Privacy Consents (BPPC) – Providing for Patient Privacy – Providing for Patient Privacy dimension of Access control including Capturing Patient Consent including support dimension of Access control including Capturing Patient Consent including support for Opt-In and Opt-Outfor Opt-In and Opt-Out

Time Server (CT)Time Server (CT) – – Provides consistent definition of date/time enabling time Provides consistent definition of date/time enabling time synchronization across multiple systems. Enables events associated with patients to synchronization across multiple systems. Enables events associated with patients to be sorted reliably in chronological order.be sorted reliably in chronological order.

27

Security & Privacy ControlsIHE Profile

Ac

co

un

tab

ility

Ide

ntific

atio

n a

nd

A

uth

en

tica

tion

Da

ta A

cc

es

s

Co

nfid

en

tiality

Da

ta In

teg

rity

No

n-R

ep

ud

iatio

n

Pa

tien

t Priv

ac

y

Av

aila

bility

Audit Trails and Node Authentication D D D D D D D

Basic Patient Privacy Consents I D

Consistent Time D I D

Enterprise User Authentication I D I I I I

Cross-Enterprise User Assertion I D I I I I

Document Digital Signature D D D D

Cross-Enterprise Document Sharing D D I D

Cross-Enterprise Document Reliable Messaging D D I D

Cross-Enterprise Document exchange on Media I D D I D

Personnel White Pages I D D I

Identity and Access ControlIdentity and Access Control

29

Cross-Enterprise User AssertionCross-Enterprise User Assertion

Value PropositionValue Proposition

Extend User Identity to Affinity DomainExtend User Identity to Affinity Domain Users include Providers, Patients, Clerical, etc Users include Providers, Patients, Clerical, etc Must supports cross-enterprise transactions, can be used inside Must supports cross-enterprise transactions, can be used inside

enterpriseenterprise Distributed or Centralized Identity management (Directories)Distributed or Centralized Identity management (Directories)

Provide information necessary so that receiving actors Provide information necessary so that receiving actors can make Access Control decisionscan make Access Control decisions Authentication mechanism usedAuthentication mechanism used Attributes about the user (roles)Attributes about the user (roles) Does not include Access Control mechanismDoes not include Access Control mechanism

Provide information necessary so that receiving actors Provide information necessary so that receiving actors can produce detailed and accurate Security Audit Trailcan produce detailed and accurate Security Audit Trail

30

Cross-Enterprise User AssertionCross-Enterprise User Assertion

Technical SolutionTechnical Solution

Initial scope to XDS.b Stored Query and Retrieve Initial scope to XDS.b Stored Query and Retrieve Relies on Web-Services Relies on Web-Services Easily extended to any Web-Services transactionsEasily extended to any Web-Services transactions Leverage WS-I Basic Security Profile 1.1Leverage WS-I Basic Security Profile 1.1

Use SAML 2.0 Identity AssertionsUse SAML 2.0 Identity Assertions Does not constrain ‘how’ the Assertion was obtainedDoes not constrain ‘how’ the Assertion was obtained Supporting Liberty Alliance, WS-Trust, and SAMLSupporting Liberty Alliance, WS-Trust, and SAML

Define grouping behavior with EUA and ATNADefine grouping behavior with EUA and ATNA

31

Four Identity Assurance LevelsFour Identity Assurance Levels

NIST SP800-63 Electronic

Authentication technical guidance

matches technology to each assurance level

OMB E-Authentication Guidance establishes four assurance levels for

consistent application of E-Authenticationacross gov’t

Level 4Level 3Level 2Level 1

Little or no confidence in

asserted identity (e.g. self identified

user/password)

Some confidence in asserted

identity (e.g. PIN/Password)

High confidence in asserted

identity (e.g. digital cert)

Very high confidence in the asserted identity (e.g. Smart Card)

E-RA tool assists agencies in defining authentication

requirements & mapping them to the appropriate

assurance level

32

Factor Token

Very High

High

Medium

Low

RemoteClinical Entry

VerificationOf DataTranscription

Access toLocal EHR/EMR

Access toSummary ofClinical research

PIN/User ID-

Knowledge

Strong Password

-Based

PKI/ Digital Signature

Multi-

Incre

ase

d $

Cost

Increased Need for Identity Assurance

Security Considerations:Security Considerations:Four Identity Assurance LevelsFour Identity Assurance Levels

33

Key:

Original Transaction

TLS Protections

EHR

PatientData

XDS Consumer XDS Registry

user auth provider

Cross-Enterprise User AssertionCross-Enterprise User Assertion

Implementation ExampleImplementation Example

UserAuth

(ATNA Secure Node)

(ATNA Secure Node)

AuditLog

X-Service User

X-Identity Provider XUA =

Web-Services Security + SAML Assertions

XUA Assertion

AuditAudit

34

Distributed Access Control – Distributed Access Control – enabled by XUAenabled by XUA

XDS RegistryXDS Document ConsumerAccess

Control

XDS RegistryXDS Document ConsumerAccess

ControlAccessControl

XDS RegistryXDS Document ConsumerAccess

ControlAccessControl

AccessControl

AccountabilityAccountability

36

Today’s XDS AccountabilityToday’s XDS Accountability

Mitigation against unauthorized useMitigation against unauthorized use Investigate Audit log for patterns and behavior outside Investigate Audit log for patterns and behavior outside

policy. Enforce policypolicy. Enforce policy Secure Node requires appropriate Access Controls to Secure Node requires appropriate Access Controls to

enforce at the enterprise by XDS Source and Consumersenforce at the enterprise by XDS Source and Consumers

Investigation of patient complaintsInvestigation of patient complaints Investigate Audit log for specific evidenceInvestigate Audit log for specific evidence ATNA Audit Repositories can filter and auto-forwardATNA Audit Repositories can filter and auto-forward

Support an Accounting of DisclosuresSupport an Accounting of Disclosures ATNA Report: XDS-Export + XDS-Import ATNA Report: XDS-Export + XDS-Import

37RHIO boundary

Community Clinic

Lab Info. System

PACS

Teaching Hospital

PACS

ED Application

EHR System

Physician Office

EHR System

Centralized AccountabilityCentralized Accountability

PMS

Retrieve DocumentRetrieve Document

Register DocumentRegister DocumentQuery DocumentQuery Document

XDS Document Registry

ATNA Audit ATNA Audit record repositoryrecord repository CT Time serverCT Time server

MaintainMaintainTimeTime

MaintainMaintainTimeTime

Maintain TimeMaintain TimeProvide & Register Docs

XDS Document Repository

XDSDocumen

t Reposito

ry

38RHIO boundary

Community Clinic

Lab Info. System

PACS

Teaching Hospital

PACS

ED Application

EHR System

Physician Office

EHR System

Distributed AccountabilityDistributed Accountability

PMS

Retrieve DocumentRetrieve Document

Register DocumentRegister DocumentQuery DocumentQuery Document

XDS Document Registry

ATNA Audit ATNA Audit record repositoryrecord repository CT Time serverCT Time server

MaintainMaintainTimeTime

MaintainMaintainTimeTime

Maintain TimeMaintain TimeProvide & Register Docs

XDS Document Repository

XDSDocumen

t Reposito

ry

ATNA Audit ATNA Audit record repositoryrecord repository

State run RHIO

ATNA Audit ATNA Audit record repositoryrecord repository

39

Sjfldjlsdj aKdjldsjLsjldjljfjfjlslkjlnLslasdjj;ask;slsSflksdjfl;safSalasaskaFaslskf;sfSlsjlsdjlsdjfLsjflsdjldsjfsSlkfjsdlfjldsflsjfldsjfldsfj

Sjfldjlsdj aLslasdjj;ask;slsFaslskf;sflsjfldsjfldsfj

Clinic A

HIE InfrastructureAudit

Audit

EMR

Example: Audit Log CascadeExample: Audit Log Cascade

Inform Disclosure ReportsInform Disclosure Reports

Detect unusual behavior Detect unusual behavior Follow chain back Follow chain back

40

Flexible Infrastructure: Flexible Infrastructure: Sharing, Sending and InterchangingSharing, Sending and Interchanging

Health Information Exchange or RHIOHealth Information Exchange or RHIO

PublishPublish

PullPullStructuredStructuredobjectsobjects

PullPull

TransactionsTransactionsWorkflowWorkflow

MgrMgrWorkflowWorkflow

MgrMgr

Send toSend to SwitchSwitch Send toSend to

WriteWrite ReadReadInterchangeInterchange

MediaMedia

XDSXDS

XDRXDR

XDMXDM

ConclusionConclusion

44

Supported XDS Security Use-CasesSupported XDS Security Use-Cases

Prevent Indiscriminate attacksPrevent Indiscriminate attacks Mutual Auth TLS Mutual Auth TLS

Normal Patient that accepts XDS participationNormal Patient that accepts XDS participation

Patient asks for Accounting of Disclosures Patient asks for Accounting of Disclosures informed by ATNA log informed by ATNA log

Protect against malicious neighbor doctorProtect against malicious neighbor doctor informed by ATNA log informed by ATNA log

Patient that retracts consent to publish Patient that retracts consent to publish Repository is local, manual Repository is local, manual

Provider Privacy Provider Privacy User identity is not exposed User identity is not exposed

Malicious Data MiningMalicious Data Mining queries are all patient based queries are all patient based

Access to Emergency data set Access to Emergency data set BPPC policy BPPC policy

VIP VIP XDR/M, BPPC (Local XDR/M, BPPC (Local enforcement)enforcement)

Domestic violence victim Domestic violence victim BPPC policy (Local BPPC policy (Local enforcement)enforcement)

Daughter with sensitive tests Daughter with sensitive tests XDR/M BPPC policy XDR/M BPPC policy

Sensitive topicsSensitive topics Don’t publish, BPPC policy Don’t publish, BPPC policy

Legal Guardian (cooperative) Legal Guardian (cooperative) BPPC policy (Local enforcement) BPPC policy (Local enforcement)

Care Giver (assists w/ care) Care Giver (assists w/ care) BPPC policy (Local enforcement) BPPC policy (Local enforcement)

45

Private entriesshared with GP

Private entriesshared with severalnamed parties

Entries restricted tosexual health team

Entries restricted toprison health service

Entries accessible toadministrative staff

Entries accessible toclinical in emergency

Entries accessible todirect care teams

Document AccessibilityDocument Accessibility

Source: Dipak Kalra & prEN 13606-4

46

Gaps for potential future developmentGaps for potential future developmentBetter coded vocabulary for confidentiality codesBetter coded vocabulary for confidentiality codes Complex policies on a document by document basisComplex policies on a document by document basis Extension to objects other than XDS (e.g. DICOM)Extension to objects other than XDS (e.g. DICOM)

Patient Access toPatient Access to Sensitive health topics (you are going to die)Sensitive health topics (you are going to die) Low sensitivity (scheduling)Low sensitivity (scheduling) Self monitoring (blood sugar)Self monitoring (blood sugar) Authoritative updates / amendments / removalAuthoritative updates / amendments / removal

Complex Privacy ‘consent’ Policy capabilitiesComplex Privacy ‘consent’ Policy capabilities Supporting Inclusion ListsSupporting Inclusion Lists Supporting Exclusion ListsSupporting Exclusion Lists Exceptions, and ObligationsExceptions, and Obligations Supporting functional role languageSupporting functional role language

Access Control ServiceAccess Control Service Centralized PoliciesCentralized Policies Policy Decision Point / Policy Enforcement PointsPolicy Decision Point / Policy Enforcement Points

Accounting of Disclosures reports, alerts, messagingAccounting of Disclosures reports, alerts, messaging To support reporting to the ‘consumer’ when their data is accessedTo support reporting to the ‘consumer’ when their data is accessed

Un-Safe Client machine (home-computer)Un-Safe Client machine (home-computer)

47

ConclusionConclusion

IHE provides the necessary basic security for IHE provides the necessary basic security for XDS todayXDS today

There is room for improvementThere is room for improvement

Roadmap includes prioritized list of use-casesRoadmap includes prioritized list of use-cases

Continuous Risk Assessment is necessary at all Continuous Risk Assessment is necessary at all levelslevels Product DesignProduct Design Implementation Implementation OrganizationalOrganizational RHIO DomainRHIO Domain

48

IHE Web Site - http://www.ihe.netIHE Web Site - http://www.ihe.net Technical FrameworksTechnical Frameworks Technical Framework Supplements – Trial ImplementationTechnical Framework Supplements – Trial Implementation Calls for ParticipationCalls for Participation IHE Fact Sheet and FAQIHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for BuyersIHE Integration Profiles: Guidelines for Buyers IHE Connectathon ResultsIHE Connectathon Results Vendors’ Product Integration StatementsVendors’ Product Integration Statements

Sponsors’ IHE sitesSponsors’ IHE sites http://www.himss.org/IHE http://www.himss.org/IHE http://www.rsna.org/IHEhttp://www.rsna.org/IHE

John MoehrkeJohn Moehrke John.Moehrke@med.ge.comJohn.Moehrke@med.ge.com

More InformationMore Information