Tuesday, November 13, 2012

Towards a viable and secure health information system - Part 3

This is the third of the series of blog posts that I have been writting, inspired by the paper[1].

Let me include the following diagram which illustrates the overall picture on the security requirements of a health information system.


In my previous two posts in this series, I have discussed about Identity Management/Authentication and Authorization. In this post, I am going to write about another important aspect of health care IS which is auditing.

3. Auditing
Auditing helps mainly in investigations about frauds or security breaches. In order to recreate an incident, meaningful and useful audit logs should be readily available. Protecting audit log archives is another challenge to be addressed.

Let me discuss this further adhering to my usual format: i.e discussing views from the paper[1] and me.
  • The report mentions that the actions like the ones below in a health IT system should be monitored and audited by a security infrastructure which is independently managed.- Actions taken by different principals interacting with the system such as accessing, modifying and deleting EMRs
    - The policies/information used to authorize those actions.
    - Changes to authorization policies.
  • It highlights the need of protecting audit logs with cryptographic mechanisms such that they can not be deleted, changed or tampered even by the administrators.
  • It also raises the need of facilitating the patients to review audit records pertaining to their EMRs.
  • The paper[1] draws attention towards an important concern related to auditing. That is: although it is easy to log every action, it generates lot of volume which causes problems in storage and retrieving info & recreatingan event when an incident occurs.
  • Research problems identified by the paper in this space:- Exploring techniques to create audit logs in such a way that we can recreate events as well as limit the amount to store.
    - Finding new approaches for storage and retreival and also user-friendly access to logs.
Let me note down some of my ideas with this regard:
  • Distributed logging standards such as XDAS[2] can be used in for auditing at a certain layer in the distributed health IT echosystem.
  • Efficient digital signature mechanism needs to be in place for integrity protection of the log.
  • Cassandra storage can be used to overcome the issue of large volumes of audit logs and a parallel processing techniques such as MapReduce can be used to efficient processing of audit logs at the retrieval stage. (Cassandra has been used in WSO2 Stratos which is the open source cloud middleware platform offered by WSO2. There, each tenant is able to view logs specific to that particular tenant. Similar techniques can be used to make audit records related to EMRs of a particular patient available to that patient which is a requirement raised in PCAST report as well.)

References:
[1] A Research Roadmap for Healthcare IT Security inspired by the PCAST Health Information Technology Report
[2] Introduction to XDAS

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.