The Health Informatics Society of Australia is hosting the HIC 2009 conference in Canberra next week (August 19-21). The conference's theme this year is "Frontiers of Health Informatics", quite appropriate given the interest in Smarter Health as part of a number of government initiatives across the globe.
I have been selected to present a posted session titled "Security as a Service – A Low Risk Approach to Integrating with NEHTA’s Security Specifications". The outline for this session is as follows:
Smarter Health through services such as electronic health records offers benefits to citizens and the public sector alike. In Australia, the National E-Health Transition Authority (NEHTA) is stewarding Australia’s e-health evolution by the development of interoperability specifications through liaison with industry.
Personal health information is considered by many to be the most sensitive of all personal information. As such, the success of any e-health initiative depends on issues of security and privacy being addressed, so that the confidentiality, integrity and availability of citizen’s personal health information can be guaranteed.
An important security foundation in NEHTA’s model is the Unique Health Identifier (UHI) specification. UHI provides the identifiers that allow linking and correlation of health data across organisations. UHI therefore provides important underpinning for authentication, authorisation and secure messaging.
Security services defined by NEHTA will be implemented and operated by the Australian Federal Government. Connecting to these services can be daunting for software vendors and healthcare organisations. Changes to medical software applications add risk if undertaken without appreciation for a secure software development lifecycle. Different architectural choices offer varying degrees of reuse of existing IT assets, thereby affecting the economics of implementing Smarter Health. The complexity of resulting systems when an organisation migrates to use UHI and other services will also vary.
Solution patterns that leverage existing, commercially available security solutions in a health care enterprise can minimise the risk, cost and time-to-value when integrating NEHTA specified services such as UHI. In a standards based way, XML firewalls and federated identity services bridge an organisation’s existing security mechanisms and the web services security profiles needed to interface with UHI, protecting an organisation’s existing investment in authentication and single sign-on technologies, for example. Additionally, sensitive key material such as the organisation’s private key can be stored more securely.
During this presentation, these solution integration patterns will be introduced. Software vendors and healthcare organisations alike will learn of integration architectures that minimise the impact on the existing IT environment through software-as-a-service principles, allowing reuse of best of breed security solutions available in the marketplace and that are already deployed in health care organisations.
Australia’s journey to Smarter Health is underway. Health care organisations that maximise reuse of standard security components will gain a competitive advantage in an increasingly competitive marketplace.
My colleague Chris Hockings will also be presenting a poster, titled "Imagine there's no passwords...". Chris' poster looks at the use of single sign-on technology to enable more efficient access to multiple systems from multiple workstations, allowing clinicians to spend more time on health outcomes for patients.
I'm looking forward to learning more about broader e-health and the role that security and privacy have to play to make e-health viable. I am hoping to better understand the challenges of the vendors in Australia's medical software industry. There's also a reception dinner at Old Parliament House, which will also be interesting.