Building a Trusted Agent for Sharing of Medical Data by ska19622

VIEWS: 7 PAGES: 13

									Building a Trusted Agent for
Sharing of Medical Data

 Madhav Iyer
 Senior Software Engineer
 National Board of Medical Examiners (NBME)
 miyer@nbme.org
 April 27, 2006
Agenda


   What is a Trusted Agent?
   System Architecture
   Key Features
   Design Details
   Technology
   Pilot Application Overview
   Enhancements




                         Trusted Agent   2
What is a Trusted Agent?


   A Trusted Agent is any electronic system which
    proactively establishes a brand, based on customer
    trust in data privacy and security
   The Trusted Agent we are building is an
    infrastructure for safe, real-time sharing of data
    across organizations in the “house of medicine”
   Delivers the right data to the right people at the right
    time for the right purpose, with the permission of the
    owner


                          Trusted Agent                    3
System Architecture


 Application - #1                                 Data Provider - #1



                          Trusted Agent
                             Platform




 Application - #2                                 Data Provider - #2




            `
                    Trusted Agent Registration




    User




                                  Trusted Agent                        4
Key Features


   Connects to certified data providers
   Accepts requests from registered applications
   Connects registered applications with certified
    providers over a secure physical connection
   Requested and delivered data is encrypted
   Application users register online in Trusted Agent
   Audit transactions – user profile changes
   Transaction Logs – data requests, provider responses




                         Trusted Agent                 5
    Design Details


    Document/Literal Web Services
    All applications & Services registered in Trusted Agent – No UDDI
    Generic XML schemas for Applications & Providers interface
    Custom XML schema for data returned from provider
    Unique security KEY for each member of Trusted Agent
    Data encrypted (using KEY) for service specific request/response
    Successful user login to return a time-expired certificate
    Service request (except login) requires a valid certificate
    Secure VPN communication with Applications & Providers
    SSL based Trusted Agent Registration application on internet


                                Trusted Agent                        6
    Technology


   Oracle Application Server 10.1.2.0.2 on Linux
   J2EE 1.3
   Oracle Database 10.2.0.1.0 with VPD
   Java
   JDeveloper 9.0.5.2
   XML
   SOAP 1.1
   WSDL 2.0




                               Trusted Agent        7
Pilot Application Overview


   Common Licensure Application System is the first “proof of
    concept” application that uses Trusted Agent
   CLAS is a collaborative effort between NBME and the Federation
    of State Medical Boards (FSMB) and the Federation’s Credential
    Verification Service (FCVS)
   CLAS to use Trusted Agent infrastructure to reduce processing
    time for state medical licensure applications
   Data providers - NBME & FSMB
   Participating State Medical Boards (SMB) – OH, NH, KY




                             Trusted Agent                       8
CLAS Application - Architecture


                                               FCVS



                   Trusted Agent
  CLAS                Platform




                                            USMLE Scores




         `
             Trusted Agent Registration




 User



                            Trusted Agent                  9
Using CLAS – Typical Scenario


   Medical Professional (MP) accesses CLAS application
   MP has an FCVS application started – one time
   MP registers in Trusted Agent – one time
      Provides one ID – viz., USMLE ID, FCVS Packet ID, SS#, or
       recognized National ID
      Provides biographic information (Name, Birth Date, Med
       School, Grad Year)
      Enters desired username, password, email, 4 secret
       questions/answers
   MP logs into CLAS using registered username/password




                             Trusted Agent                         10
Using CLAS – Typical Scenario (Cont)


   MP completes Common Licensure Application Form (CLAF)
      CLAF has 10 sections, 1 affidavit and 5 forms

      Includes state specific addendum at SMB

   CLAS waits for FCVS to complete source verification
   CLAS compiles the results
   MP verifies the information is satisfactory
   CLAS sends completed application to SMB
   Participating SMB: OH, KY, NH




                           Trusted Agent                    11
CLAS Interacting with Trusted Agent


                                              NBME

                                              USMLE Scores WS


                    FCVS

                      FCVS Web


                       FCVSWS
         VS r
      FC y fo
        pl




                                           Trusted Agent
      Ap




                                                     Generic WS


                    CLAS
                                                              Login WS
                      CLAS Web
        Apply for                               DB
        Licensure
   Medical             Get Data
 Professional
                                                     Registration Web


                     Register in
                    Trusted Agent
                                           Complete Licensure
                                                Packet



                                    State Medical Board




                                              Trusted Agent              12
Enhancements being considered


   Message queuing of requests & responses
   Compliance with open standards
   Enhance transaction logging to facilitate billing
   Document compilation and forwarding
   Integrate additional applications & data providers
   Continue to explore and improve Web Services security
   Assess applicability of biometrics in Trusted Agent
    authentication




                               Trusted Agent                13

								
To top