To all,
We knew about Conclave from sometime last Sept.
interdyn.com
Some new info about the project. Jan 99 article.
From winntmag.com
Windows NT Magazine picks Conclave as one of "Top NT Innovators for 1999
NT INNOVATORS 1999 Solving real world problems in the enterprise
AUSTRALIAN CAPITAL TERRITORY GOVERNMENT ACCESSING ANDSHARING HOSPITAL PATIENT INFORMATION WITH BIOMETRIC DEVICES AND X.509 CERTIFICATES
Setting up a secure, centralized database for people who aren't necessarily technically oriented can be challenging for any organization, but one Windows NT Innovator this year showed that it's not impossible. With the help of Internet Dynamics and Terry Aulich, chairman of Aulich & Company, the Australian Capital Territory (ACT) government implemented a solution to let medical professionals securely access patient records without using passwords and without compromising patient privacy. Although this secure network is presently confined to ACT, its designers expect the network will spread throughout the other Australian states as a means of providing nontechnical users easy, but secure, access to sensitive data.
The ACT government's innovation grew out of a need to share available medical resources between public and private hospitals as well as other health providers in the community. In turn, sharing these resources generated a need to provide a more easy-to-use, secure system for remote access to sensitive patient records.
Seven public and private hospitals in and around the capital of Canberra service 350,000 ACT residents. When a person goes to a hospital other than the one where his or her medical records are on file, the doctor in charge must request the appropriate medical records from the patient's primary hospital. In the past, the doctor had to call the patient's hospital to have someone fax over the patient's records. As you can imagine, this system was cumbersome and insecure. The ACT government needed a new system to prevent unauthorized individuals from calling hospitals and ordering faxed information and to help hospitals administer appropriate treatment to patients who couldn't recall or couldn't say which hospital was storing their records.
The obvious solution to this problem was to create a virtual warehouse of all user data that let hospitals search records by patient name. The ACT government used two hospitals in a pilot project, and each hospital placed its patient records on a central server to share with the other hospital. Both hospitals virtually combined the patient records on the server so that end users didn't have to know where to look for a particular record; users simply entered a request for that record.
Creating a virtual warehouse of user data had its problems, however. The ACT government needed a way to secure the centralized data, but security often consists of a series of passwords. Not everybody can remember passwords, especially when someone needs immediate access to medical records. To provide easy access to patient records without compromising patient privacy, the ACT government used a two-tiered system of biometrics and packet filtering. This security system restricts both logon access and access to patient information without requiring users to remember passwords, usernames, or the like.
How does the system work? Logon terminals throughout each hospital use NT-based Conclave software and a Web-based interface to provide access to the centralized patient information database. Each logon terminal scans the user's fingerprint using a Fingerscan Identity Verification Terminal biometric device and registers and locally stores the fingerprint as a digital certificate (X.509). The scanner reads the digitized fingerprint and interprets it as a password. After the logon terminal authenticates the doctor or administrator by fingerprint, the system activates the appropriate certificate.
After the doctor or administrator has successfully logged on, the system prompts the user for a patient name. The system verifies the user's access permission not with a password but with source identification in the certificate that the Conclave client passes to the Conclave server. Thus, only authorized personnel can use the system to request patient information, and only from an authorized location.
The biggest problem the ACT government encountered while developing this secure, yet simple, network design was determining how to integrate the Conclave client to work with the Fingerscan biometric device. At first, the Conclave client didn't have a predefined API to address the Fingerscan fingerprint authenticator. Now the Con-clave client has an API to solve this problem.
The innovation doesn't stop with the two pilot hospitals. After the ACT government finishes the pilot program, it plans to extend the secure patient information system to the remaining hospitals in the state and more than 30 government agencies to create a sizable Virtual Private Network (VPN). Each hospital will connect to the Internet to create the VPN that securely connects the servers without requiring a direct connection between all of the hospitals. This simple approach makes the network infinitely expandable. Each hospital in the VPN will maintain database servers (using various database server types) of patient records at its location--no physical central location will exist for patient data.
steve |
