\n
Intel healthcare: SOA Expressway for Health Care<\/p>\n
http:\/\/www.intel.com\/healthcare\/ps\/soa\/index.htm?iid=health+lhn_soa<\/p>\n
Intel has created a scalable, easy to deploy health care network with the hopes of enabling sharing and collaboration of health care information. <\/span>Intel Health Care network is build upon common components such as J2EE and the .Net framework, relying upon a High-performance XML Engine for data transmission. <\/span>It is a “codeless” system, which means the network can be deployed and managed without the need for software development assistance. <\/span>Once fully deployed this network promises great cost and efficiency gains, as healthcare and patient information can be shard much more easily. <\/span>However the creation of a new system which will handle large amounts of sensitive patient and drug information brings about many interesting security questions.<\/p>\n \n Assets:<\/p>\n \u00b7 <\/span><\/span><\/span> <\/span>Patient Information – it is of utmost importance to protect all sensitive patient information, including condition and treatment as well as address and billing information. <\/span><\/p>\n \u00b7 <\/span><\/span><\/span>Drug information \u2013 Many hospitals have strict regulatory policies on the management of drugs, outlining proper administration and inventory practices. <\/span>The integrity (and sometimes secrecy) of information regarding the status of the pharmaceuticals in the organization <\/span> <\/span>must be maintained.<\/p>\n Adversaries:<\/p>\n \u00b7 <\/span><\/span><\/span>Doctors and hospital workers \u2013 The primary users of the system will be the various hospital staff. <\/span>They will have the most interaction with the system as they will use it on a daily basis. <\/span>Hospital staff utilizing the network will require a certain amount of authority (within the system) in order to properly operate it. <\/span>This presents a potential threat, as they will have direct access to patient and drug information, as well as the authority to modify this information. <\/span><\/p>\n \u00b7 <\/span><\/span><\/span> <\/span>Network maintenance technicians \u2013 The system is designed to be stand-alone on a day-to-day basis. <\/span>There will be instances when the system will require a certain amount of routine technical maintenance. The people performing this maintenance will be very familiar with the internal workings of the system and will have full access to the system. <\/span>This poses a threat, as it could potentially compromise patient information. <\/span><\/p>\n \u00b7 <\/span><\/span><\/span>Patients \u2013 If patients are given a chance to interact with the system, it may be possible that they can in some way compromise the system to extract confidential information, or falsify information. <\/span><\/p>\n Potential Weaknesses:<\/p>\n \u00b7 <\/span><\/span><\/span>Information Storage \u2013 If sensitive information is stored on accessible and\/or unencrypted hard drives, it becomes increasingly easy to tamper with those components (the disks) in the interest of obtaining or modifying confidential information. <\/span><\/p>\n \u00b7 <\/span><\/span><\/span>Information Interception over Transmission \u2013 When sensitive information is shared between multiple nodes (a network), there must some kind of transmission mechanism. <\/span>Such a mechanism could be a weakness if it does not properly protect the integrity and confidentiality of the data being transmitted. <\/span>Also if the mechanism is not robust or reliable, this could result in the loss of important patient information, vital to patient care. <\/span><\/p>\n Defenses:<\/p>\n \u00b7 <\/span><\/span><\/span>Required authentication \u2013 all persons who will have any interaction with the system should have a strong means of identifying and authenticating themselves as valid users. <\/span>All users should be limited in their actions and given just enough authority to perform the needed task.<\/p>\n \u00b7 <\/span><\/span><\/span>All information (both patient and otherwise) should be stored on encrypted hard drives which are protected physically. <\/span><\/p>\n \u00b7 <\/span><\/span><\/span>Any transmission of information should be done through an encrypted channel.<\/p>\n Risks:<\/p>\n The risks associated with this system are of grave consequences, as they involve sensitive and personal information for many patients. <\/span>The risk of information leakage\/compromise is present not only when the system is accessed\/operated by hospital staff, but is also inherent in the fact that much sensitive information is stored and transmitted over potentially unsafe mediums. <\/span><\/p>\n Conclusion:<\/p>\n The Intel SOA Expressway for Health Care is a very promising technology which unites health care services and provides access to a great breadth of information. <\/span>It is important to handle this information with great care and a sense of responsibility, as the information is oftentimes sensitive private. <\/span>Intel is doing this by utilizing industry standard security practices, such as XML and web Security. <\/span><\/p>\n \n","protected":false},"excerpt":{"rendered":" Intel healthcare: SOA Expressway for Health Care http:\/\/www.intel.com\/healthcare\/ps\/soa\/index.htm?iid=health+lhn_soa Intel has created a scalable, easy to deploy health care network with the hopes of enabling sharing and collaboration of health care information. Intel Health Care network is build upon common components … Continue reading