Building a Trusted Agent for Sharing of Medical Data by ska19622


									Building a Trusted Agent for
Sharing of Medical Data

 Madhav Iyer
 Senior Software Engineer
 National Board of Medical Examiners (NBME)
 April 27, 2006

   What is a Trusted Agent?
   System Architecture
   Key Features
   Design Details
   Technology
   Pilot Application Overview
   Enhancements

                         Trusted Agent   2
What is a Trusted Agent?

   A Trusted Agent is any electronic system which
    proactively establishes a brand, based on customer
    trust in data privacy and security
   The Trusted Agent we are building is an
    infrastructure for safe, real-time sharing of data
    across organizations in the “house of medicine”
   Delivers the right data to the right people at the right
    time for the right purpose, with the permission of the

                          Trusted Agent                    3
System Architecture

 Application - #1                                 Data Provider - #1

                          Trusted Agent

 Application - #2                                 Data Provider - #2

                    Trusted Agent Registration


                                  Trusted Agent                        4
Key Features

   Connects to certified data providers
   Accepts requests from registered applications
   Connects registered applications with certified
    providers over a secure physical connection
   Requested and delivered data is encrypted
   Application users register online in Trusted Agent
   Audit transactions – user profile changes
   Transaction Logs – data requests, provider responses

                         Trusted Agent                 5
    Design Details

    Document/Literal Web Services
    All applications & Services registered in Trusted Agent – No UDDI
    Generic XML schemas for Applications & Providers interface
    Custom XML schema for data returned from provider
    Unique security KEY for each member of Trusted Agent
    Data encrypted (using KEY) for service specific request/response
    Successful user login to return a time-expired certificate
    Service request (except login) requires a valid certificate
    Secure VPN communication with Applications & Providers
    SSL based Trusted Agent Registration application on internet

                                Trusted Agent                        6

   Oracle Application Server on Linux
   J2EE 1.3
   Oracle Database with VPD
   Java
   JDeveloper
   XML
   SOAP 1.1
   WSDL 2.0

                               Trusted Agent        7
Pilot Application Overview

   Common Licensure Application System is the first “proof of
    concept” application that uses Trusted Agent
   CLAS is a collaborative effort between NBME and the Federation
    of State Medical Boards (FSMB) and the Federation’s Credential
    Verification Service (FCVS)
   CLAS to use Trusted Agent infrastructure to reduce processing
    time for state medical licensure applications
   Data providers - NBME & FSMB
   Participating State Medical Boards (SMB) – OH, NH, KY

                             Trusted Agent                       8
CLAS Application - Architecture


                   Trusted Agent
  CLAS                Platform

                                            USMLE Scores

             Trusted Agent Registration


                            Trusted Agent                  9
Using CLAS – Typical Scenario

   Medical Professional (MP) accesses CLAS application
   MP has an FCVS application started – one time
   MP registers in Trusted Agent – one time
      Provides one ID – viz., USMLE ID, FCVS Packet ID, SS#, or
       recognized National ID
      Provides biographic information (Name, Birth Date, Med
       School, Grad Year)
      Enters desired username, password, email, 4 secret
   MP logs into CLAS using registered username/password

                             Trusted Agent                         10
Using CLAS – Typical Scenario (Cont)

   MP completes Common Licensure Application Form (CLAF)
      CLAF has 10 sections, 1 affidavit and 5 forms

      Includes state specific addendum at SMB

   CLAS waits for FCVS to complete source verification
   CLAS compiles the results
   MP verifies the information is satisfactory
   CLAS sends completed application to SMB
   Participating SMB: OH, KY, NH

                           Trusted Agent                    11
CLAS Interacting with Trusted Agent


                                              USMLE Scores WS


                      FCVS Web

         VS r
      FC y fo

                                           Trusted Agent

                                                     Generic WS

                                                              Login WS
                      CLAS Web
        Apply for                               DB
   Medical             Get Data
                                                     Registration Web

                     Register in
                    Trusted Agent
                                           Complete Licensure

                                    State Medical Board

                                              Trusted Agent              12
Enhancements being considered

   Message queuing of requests & responses
   Compliance with open standards
   Enhance transaction logging to facilitate billing
   Document compilation and forwarding
   Integrate additional applications & data providers
   Continue to explore and improve Web Services security
   Assess applicability of biometrics in Trusted Agent

                               Trusted Agent                13

To top