The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Trusted Medical Information System and Health Informatics

Principal Investigator: Xukai Zou

In December of 2004 a US Marine is severely wounded during combat operations in Iraq.  After receiving world class treatment at Bethesda Naval Hospital and the Indianapolis VA medical center, the patient is able to carry on a normal civilian life in Indianapolis.  Several months later the veteran gets in an accident and is transported via medi-vac to a non-VA facility trauma center in Indianapolis for care.  The provider looks up the patients data using the Indiana Health Information Exchange and the patient has a highly positive outcome. This outcome is only because critically important medical data was made available to the provider at the right time via a collaborative database between local hospitals. This scenario is only possible if VA hospitals can securely manage sharing of data between non VA health care facilities and themselves.    The security schema the VA needs to meet this is a highly secure, manageable, portable, scalable, granular to the record & field level and most importantly cost effective security architecture. 

It is with great enthusiasm we present the VISTALOCK security schema to the Department of Veterans Affairs.  The scientists who have invented this technology are offering the Department of Veterans Affairs the opportunity to collaborate with them by implementing the already developed and proven technology across the VA Health Care domain.  The VISTALOCK security architecture, using TEGO technology, is designed to be flexible and adaptable to support the security needs of VA and ALL of its national, regional and local affiliates. 

VISTALOCK addresses four major security functions needed in collaborative data exchange and sharing, that is, Hierarchical Access Control (HAC), Secure Group Communication (SGC); Differential Access Control (DAC); Secure Dynamic Conferencing (SDC), enforces confidentiality, integrity, authentication,  and fine tuned authorized access of patient records with granularity to the field and record level based on Cryptography and Key Management, and  provides the capabilities of scalability, efficiency, dynamics,  flexibility, and transparence.

The VISTALOCK security system is a bolt on security architecture that works in addition to the existing system(s) for which it protects, it will require no changes to the VISTA database repository and will act as a security gateway for all VISTA data traffic between the client and host.  The VA will be able to apply best of breed technology to its security architecture, by providing modular and portable security services to the Vista/HealtheVET system.  This enables the VA to continue full speed ahead with HealtheVET development as planned while still enabling secured collaborative data sharing capabilities to its architecture with external local health care facilities and practices. 

Personnel

Other PIs: Y. Dai (UTK)

Students: Yan Sui Kai Wang

Representative Publications

Keywords: access control, collaborative data exchange, key management, medical records, Privacy, security architecture, VISTALOCK security schema