Transcript Slide
Mobile Electronic Medical Records James T. Monastra Virginia Wesleyan College August 6, 2007 The Remote Medicine Maze Entering the Maze The Concept • • • • Patient’s medical records are maintained on a secure portable device. Information is immediately available to Emergency Technicians. Information is available to doctors and hospital staff. Serves as the entry point to remote medical systems. State-of-the-Art Authentication • • • Password / Username Smart Cards Particular Biometrics Storage • Paper Filing System Password / Username • • • • • • Authenticates user by “something you know” Most common authentication method Joint responsibility Memorization Confidentiality Security Smart Cards • • • • • Authenticates user by “something you have” Capable of two-factor authentication “Pocket-sized cards with embedded integrated circuits” User-friendly Password concerns Biometric • Authentication by “who you are” • “identification based on physiological or behavioral characteristics” • Cannot forget, lose, or give away a part of you (except for injury) Commonly used Biometrics • • • • Hand Geometry Retina Scanner Speaker Recognition Fingerprint Scanner Storage (Paper-filing System) Widely accepted Significant disadvantages • • i. ii. iii. Unavailability Illegibility Inability to be accessed remotely Solution • Biometric authentication • Mobile Electronic Device • Stealth MXP Stealth MXP • • • • Memory Experts International Portable secure storage Biometric & Password Authentication Encryption Requirements • • • • • • Privacy (HIPAA) Security (HIPAA) Portability Availability Reliability User Acceptance Privacy and Security Advanced Encryption Standard (AES) HMAC-based One Time Password (HOTP) Rivest, Shamir, Adleman (RSA) Biometric and Password capabilities Federal Information Processing Standard Portability and Availability USB Flash Drive 24/7 Patient Access ACCESS Console and Client software Multi-patient (Family) Reliability and User Acceptance Strong Security Easily Mobile Cost concerns Incentives Information Partitioning EMERGENCY DATA PERSONAL RECORDS HOSPITAL RECORDS •Personal Contact Information •Medical Conditions (Illness, Allergies) •Medications •Physician’s Contact Information •Personal Contact Information •Family Contact Information •Medical Conditions (Illness, Allergies) •Medications •Complete Medical History •Physician’s Contact Information •Insurance Contact Information •Personal Contact Information •Family Contact Information •Medical Conditions (Illness, Allergies) •Medications •Complete Medical History •Physician’s Contact Information •Insurance Contact Information •Records and Specialty Contact Information Information Availability EMERGENCY DATA Available to All No ID NO Password Available to Selected Personnel Requires ID Requires Password PERSONAL RECORDS HOSPITAL RECORDS Available to Selected Personnel Available to Medical and Hospital Personnel Requires ID Requires Password An Example Any Questions??