Transcript Presentazione di PowerPoint - Georgia Institute of Technology

Health Care Information Systems Research
in CERCS
Doug Blough
MedVault: Security and Privacy for
Electronic Medical Records
Health Care Organization’s IT Perimeter
Request/
Response
Logging
Authentication
Dynamic Role
Manager
Meta-policy
Database
Research Thrusts

Secure storage
techniques for shared
data

Endpoint device
security

Dynamic role-based
privacy control

Health systems needs
and usability issues
3
Secure
Credential
1
Credential, role,
context, data
request
2
Endpoint
Device
(User)
6
Roledependent
data view
Role
Activ
ation
Authorization
Role-based
Data Filtering
for
Privacy Control
4
5
Distributed
Data Store
(EMR Storage)
Participants: CERCS, GTISC, HSI,
Children’s Healthcare
Computing to the Edge and Back: Seamlessly Integrating
End Devices into Privacy-Aware Data-Centric Systems





NSF Computing Research Infrastructure proposal targeting health care
information systems and other applications with similar requirements
Participants: most CERCS faculty, some computational sciences and
engineering faculty
Acquire powerful end devices, compute servers, and storage components to
model a typical large health care organization
Emulate some components such as patient database, medical instruments
producing continuous real-time data flows
Research thrusts:
– Powerful end systems: personalized services, access/manipulation of rich data
sets, new functionalities
– Security and privacy: extending privacy to the edges, usable privacy, data
cleansing
– Dynamic information integration: combining data movement and data
manipulation, managed services, real-time data mining
Identity Management




Partnership with a number of other
universities and research organizations
Supported by the Institute for Information
Infrastructure Protection (I3P), a DHSfunded institute
Focused on secure management of personal
information via credentials, specifically
targeted at the financial and health care
sectors
Health care context: moving from closed
systems optimized for certain users and with
limited patient control, to systems where
patients have more access and control but
health care quality is not negatively impacted
Overall Research Thrust:
Credential Lifecycle Management
Registration
and
Enrollment
Service
Identity
Proofing
Service
Production
and
Personalization
Service
Activation
and
Issuance
Service
Suspension,
Revocation, or
Destruction
Service
Redress
Service
One of our contributions - distributed credential services with:
– user control over what personal information to disclose on a given transaction
– distribution of personal information across multiple semi-trusted claims verifiers
– one-time passwords for multi-factor authentication without special hardware