Security and Deployment Challenges of
Hospital Access to Registries Through the Internet
All Kids Count Annual Meeting
San Diego, California
April 3, 1997
Noam H. Arzt, Ph.D.
Background
- New Jersey Comprehensive Immunization Program
- April 1994: Decision to build immunization tracking system. Needed a network architecture.
- No "useable" state-wide network.
- No desire to build (or re-build) private infrastructure state-wide.
- NJ largely urban and suburban. Good Internet penetration even back then.
- Belief that the Internet would be the place to be at deployment time more than a year later. This was a hard (but compelling) sell...
- Needed incentives for private providers to participate (80% of immunizations given by them).
- Wanted to offer Internet "goodies" in addition to the application.
- June 1995: Insufficient security software available at the start, so Intranet used instead to get pilot growing.
- December 1995: NJ awarded INPHO status
- January 1997: First hospital site switches from Intranet to Internet connection
- February 1997: Second hospital site successfully tests access to Registry through its Internet firewall
- April 1997: Third hospital scheduled to convert from dial-up to Internet connection to Registry
Advantages
- Cost
- No private network to lay
- Commercial companies bear the capital cost
- Tangible cost savings to using the Internet to connect remote sites to corporate network (Giga Information Group)
- Reduced training and support costs
- Potential for universal access by hospitals, health officers, consumers, providers, insurance companies (CHIN)
81% of respondents in the 1996 HIMSS/HP Leadership Survey reported use of the Internet in some capacity at their site
- Emerging, universal, platform-independent client very compelling (Web browser)
- Security
- Need to do formal assessment
- Need to protect information assets from destruction or alteration
- But, encryption technologies and secure Web products are now maturing and becoming more plentiful
- Not all data requires the highest level of protection
Hospital Deployment: Issues and Concerns
- NJ pilot involves three hospitals: 2 with family clinics, one with a large pediatric practice.
- Hospitals vary in the degree of integration of their parts.
- Hospital IT organizations schedule Registry requirements along with all other tasks, often at lower priority since the Registry is an "external" project.
- Hospitals may have insufficient Internet bandwidth.
- Hospital firewalls likely need additional configuration to accommodate Oracle transactions.
- CIP product supports end-to-end encryption of data stream using off-the-shelf Oracle products.
Architecture
SIIS System Architecture
| |
Network Architecture
| |
Please address comments or questions to Dr. Noam Arzt, arzt@isc.upenn.edu [4/3/97]
URL: http://nextb.dccs.upenn.edu/noam/akc97/whole.html
URL for Presentation: