Posts Tagged ‘Continua Health Alliance’

This week, we feature the final part of our conversation with Martin Rosner, director of standardization at Philips – North America. Rosner chairs Continua Health Alliance security and privacy discussions and contributes to relevant security initiatives within the healthcare industry. Continua Health Alliance is a non-profit, open industry organization of more than 230 healthcare and technology vendors focused on delivering interoperable health solutions.

VPN Haus: How can patients manage the sharing of their health data?
Martin Rosner: Sharing of health data can be realized only if there are means to prevent unauthorized access to the data and to protect it in accordance with security and privacy regulations. Furthermore, patient empowerment is an important aspect of preventative care—increasing the number of educated patients who have more control over their own healthcare increases the likelihood that conditions will be caught before they become more serious. Soon patients will have more fine-grained control over the dissemination of personally identifiable information as related to health status. Electronic consent that specifies and governs the use of patient health data will furthermore increase consistency, compliance and efficiency for both patients and healthcare providers in this process.

VPN Haus: What role does Continua play in this?
Rosner: Our architecture addresses several requirements enabling digital consent.  Patients should be able to define and manage their digital consent and privacy policies in a user-friendly manner, such as on an at-home device or online. Digital consent should propagate with patient data and systems of services and care providers should enforce this. Our 2011 guidelines will address the first two requirements, while work has begun to address the third requirement in the next release.

VPN Haus: Technically speaking, how does this consent management process work?
Rosner: Taking the enforcement piece aside, the 2011 specifications address consent management with the use of the HL7 CDA R2 Consent Directive standard. This recently approved draft standard for trial use defines a document format for digital consent and enables the expression of structured patient consent policies. An advantage is that it is based on CDA R2 therefore well-defined protocols exist for the exchange of these documents such as through the use of the IHE XD* family of profiles.

This week, we’re featuring  Martin Rosner, director of standardization at Philips – North America.  Rosner chairs Continua Health Alliance security and privacy discussions and contributes to relevant security initiatives within the healthcare industry. Continua Health Alliance is a non-profit, open industry organization of more than 230 healthcare and technology vendors focused on delivering interoperable health solutions.

VPN Haus: What is Continua’s role in the telehealth domain?

Martin Rosner: Continua’s focus is on standardizing interoperable personal connected health devices and services.  We have a unique architecture that enables electronic communication of personal health information between the consumer and the health management organization.

Click on image for larger view

VPN Haus: Are there security concerns with transferring this data?

Rosner: Often, this sensitive information includes vital signs of the remote patient so security and privacy concerns must be addressed. We’re working to address these concerns by enabling point-to-point and end-to-end mechanisms to ensure confidentiality, integrity, and availability of the communicated health information.

VPN Haus: What are you doing to secure data transfer?

Rosner: We dedicated a group of pros to tackle this issue, referred to as the End-to-End Security Task Force. This team focuses mainly on identifying appropriate standards to address transaction level security.  In 2009, we issued our Version 1 architectural specifications which addressed security and privacy issues focused on Personal Area Network (PAN) and Health Record Network (HRN) interfaces. We updated that with last year’s release of the Version 2010 guidelines, adding significant security features for the Wide Area Network (WAN) and Local Area Network (LAN) interfaces.  For the most part, this addressed point-to-point security issues thereby ensuring that the delivery of sensitive health information across our architecture preserves confidentiality, integrity and authenticity. Our current scope is to address several security issues from the device to the gateway to the electronic health record with our 2011 Design Guidelines scheduled for release later this year, namely providing security-related specifications focusing on identity management, integrity and data origin authentication, and consent management.

Stayed tuned for Part 2 of our conversation with Rosner.