Transcript Security and Privacy for NHIN and CONNECT

WEDNESDAY, 5:00 – 5:30PM
Security and Privacy for
the NHIN and CONNECT
Nick Vennaro, NHIN Team (Contractor),
Office of the National Coordinator for Health IT
Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Federal Health Architecture, Office of the National Coordinator for Health IT
1
Agenda
Welcome
• Nationwide Health Information Network (NHIN)
• NHIN Architectural Components
• NHIN Network Gateway Components
CONNECT Gateway Reference Implementation:
• FHA CONNECT Certification & Accreditation (C&A) and Security
Management Program Overview
• C&A Procedure/Status
• CONNECT Security Management Program
HIMSS 2010
2
Nationwide Health Information Network (NHIN)
NHIN
• NHIN is not a database
• Harmonized standards
to exchange health data
• Membership agreements
• SSL Certificates
• Services Registry
• Test Environment –
Interop and conformance
HIMSS 2010
3
NHIN Components
Patient-facing
Zone
Intra-HIO
Zone
Gateway
EHR
Gateway
Certificate
Authority
provides secure
SSL Certificates
for Gateways
Patient-facing
Zone
NHIN Network
•
Gateway – Systems that
implement NHIN
Specifications
•
Intra-HIO Zone – Systems
within the HIO
•
Patient Facing Zone –
Interface with patient.
Provider system or Personal
health record
Gateway
Patient
Gateway
PHR
HI Security
Gateway
NHIN Security
Trust Fabric
Agreements, Policy & Governance
HIMSS 2010
NHIN Network – Zone for
transporting health info
between gateways –
Certificates, Services
Registry, agreements, Test
Environment, Specifications
Provider
EHR
Provider Security
•
Lab
Gateway
Patient
Components
EHR
Lab
Provider
Intra-HIO
Zone
PHR
HI Security
Provider Security
4
NHIN Components – Architectural View
HIMSS 2010
5
NHIN Security Infrastructure – Managed PKI
• Entrust – Certificate Authority
1
• mPKI software/service to
manage SSL certificates
3
• SSL worldwide standard
• Certificates encryption
between gateways
• Certificates insure HIO has
been vetted by NHIN
HIMSS 2010
2
4
or
Server
6
NHIN Security
Data Use Reciprocal Support Agreement (DURSA)
• Part of the chain of trust
• Trust agreement signed by HIO
• Legal framework for NHIN
participation
• Confidentiality, performance,
data use, etc
HIMSS 2010
7
NHIN Security – HIO Security Guidelines
• Non-binding best practice
security guidelines for HIO
• Foundational security elements
to a secure system
– Network security
– Firewalls
– Message security
– Where to get more info
HIMSS 2010
8
NHIN Network Gateway Component
Services Registry - UDDI
• Universal Description Discovery and Integration
• Service listings and associated meta data
• Hosted Systinet Solution
• Maintained by NHIN
• Production and test platform
HIMSS 2010
9
NHIN Network Gateway Component
Test Environment
• Interoperability Testing – can the
HIO successfully participate in a
data exchange
• Conformance Testing – does the
HIO conform to the specifications
• Methods, process, procedures,
and environment to test gateway
software
HIMSS 2010
NIST
Conformance
Tools
NHIN
Interoperability
Testing Lab
(Internet employing
CA/UDDI)
1
2
Candidate
System
10
CONNECT Reference System (CRS)
Certification & Accreditation (C&A)
and Security Management Overview
11
CONNECT C&A - Procedure
•
A thorough understanding of the risk that the system presents to the
business\technical operations of federal partners and public & private
organizations
•
A full set of C&A documentation (system security plan, security artifacts,
reports, data, etc.)
•
A Security Test and Evaluation (ST&E) was conducted to verify that all controls
are implemented and performing as described
•
Identification, categorization and prioritization of action items (POAMs) to
address and monitor “weaknesses”
•
An Authorization to Operate (ATO) from the HHS Designated Approval
Authority (DAA)
•
Continuous Monitoring - combines input from C&A with planned lifecycle
development & systems operations processes to maintain security posture
HIMSS 2010
12
CONNECT C&A - Status
•
CRS ver. 2.1 C&A package completed, delivered and reviewed by the HHS
Certifying Authority, Dan Galik (HHS CISO) on 1/15/2010
•
Approved on 1/22/2010 by the HHS Designated Approval Authority (DAA),
Michael Carleton (HHS CIO) with an Authorization to Operate (ATO) granted
•
CRS ver. 2.2 has been through a “Change Risk Assessment” which was
reviewed and approved by the CRS Business Owner and Information
System Security Officer (ISSO)
•
CRS ver. 2.3 re-assessment is in process
•
Future releases of CRS will be re-assessed in accordance with the CRS
Continuous Monitoring Plan
HIMSS 2010
13
CONNECT Security Management Program
Continuous Risk Management
• Risk Assessment and Security Planning Policies & Procedures
• Risk Analysis as part of the development cycle
• Periodic Risk Assessments
Risk Mitigation
• Vulnerability scanning
• Patching
• Incident response coordination
• Feedback loop with installed base
Security Controls and Continuous Monitoring
• FISMA controls cover a wide breadth of technical,
management and operational safeguards
• ST&E, POAMs and Re-Assessments
C&A and the Non-Federal Community
HIMSS 2010
14
CONNECT C&A: Extended Impact
Operational Security Impact – Security Program
•
•
•
A one-time, narrowly enforced C&A effort misses overlap opportunities with security
program management and risk management requirements
Opening up C&A by including continuous monitoring blends the complementary security
goals of compliance and ongoing operational security
Doing so will also leverage the spending and resource time spent on compliance into
effective and efficient ongoing security practices
C&A Process – System Information Revealed
information types contained
relative importance of the system to the organization
security controls that protect the system
system risks
system boundaries
Operational Security Impact:
Configuration baselines
Implementation guidelines
“Defensive” mechanisms
(IDS, firewall rule sets, etc.)
Repeated
HIMSS 2010
15
CONNECT C&A – Extended Impact
Operational Security Impact – Monitoring
C&A – Continuous
Monitoring Strategy
Continuous Monitoring Methods
Automated processes
IT management systems
Select controls &
monitoring approach
C&A re-assessment
Periodic audits
System baseline categorization
Control effectiveness
Operational Security Impact:
Vulnerability discovery and mitigation
Impact of system or
environment change
HIMSS 2010
Continual update of SSP and ST&E documents
More efficient risk analysis and resource planning
16
Thank You
The participation of any company or organization in the NHIN and CONNECT area within the HIMSS Interoperability showcase
does not represent an endorsement by the Office of the National Coordinator for Health Information Technology, the Federal
Health Architecture or the Department of Health and Human Services.
17