 |
Return to detail page at www.hitsp.org | HITSP/T17 |
| Prev TOC Next |
| HOME | ABOUT | MEMBERSHIP | NEWS & ANNOUNCEMENTS | MEETINGS | FAQ | CONTACT US | | Powered by American National Standards Institute |
|
Return to detail page at www.hitsp.org | HITSP/T17 |
| Prev TOC Next |
The scope of the Secured Communication Channel Transaction is limited to a session oriented, synchronous, and point-to-point communication channel. The focus is on the establishment of a secure path through which data can be transmitted, and not on the content of the data being transmitted. In addition, this Transaction does not include local user authentication in its scope.
The following are the requirements derived from the initial Use Cases for this Transaction:
1. Session used to transmit data has mutual authentication of the nodes involved
2. Data are transmitted with confidentiality and transmission integrity
This construct utilizes the Authenticate Node Transaction from the Integrating the Healthcare Enterprise (IHE) IT Infrastructure Technical Framework (ITI-TF) Audit Trail and Node Authentication (ATNA) Integration Profile (IHE-ITI-TF ATNA), Section 9.1.
Table 2 - 1 Transaction Constraints
|
Constraint |
|
Only communications requiring the attributes of transmission authenticity, transmission confidentiality, and transmission integrity need to utilize this construct for session oriented, synchronous, and point-to-point communication channels |
Consistent with this constraint, those communications that require the attributes of transmission authenticity, confidentiality, and integrity shall either be prohibited, or designed and verified to prevent access to Protected Health Information (PHI) if they are not communicated through connections that provide session oriented, synchronous, and point-to-point communication channels [1] .
All Interfaces for this Transaction are described further in the Integrating the Healthcare Enterprise (IHE) IT Infrastructure Technical Framework, Volume 2, Section 3.19 (IHE ITI-TF-2).
Table 2 - 2 Interfaces
|
Interface |
Description |
Used in Component/ |
Required = R |
|
Node |
The originating or terminating point of information or signal flow in a telecommunications network. This interface is equivalent to the Secure Node in the IHE-ITI-TF ATNA Transaction |
IHE-ITI-TF ATNA |
R |
Figure 2 - 1 Interface Interactions
Figure 2-1 illustrates the mutual authentication of nodes producing a secured communication channel. The detailed interface interactions for authentication are deliberately omitted from the diagram and are incorporated by reference through IHE-ITI-TF2, Section 3.19.
The act of node authentication precedes all Transactions for HITSP interoperability constructs that require a secured communication channel. Once the secured communication channel is established, the HITSP Transactions continue inside the channel according to the Interoperability Specification.
Table 2 - 3 Pre-conditions
|
Pre-condition |
|
A policy defining what is to be audited exists |
|
Audit record repository is active and designated as the destination for recorded audit events |
|
Audit record source is initialized to the audit policy |
|
Consistent Time construct is a pre-requisite for this Transaction |
|
Existence of active and network accessible nodes |
|
Identities are managed |
|
Policy defining the protection of the log and audit exists and is being enforced |
|
There is a mutually agreed upon set of policies and procedures for establishment of mutually acceptable identity credentials |
Table 2 - 4 Process Triggers
|
Process Trigger |
|
The Secured Communication Channel Transaction is triggered when a secured information exchange between two nodes is requested. The node interface represented in this Transaction is equivalent to the secure node interface in the IHE-ITI-TF ATNA Transaction. All triggers associated with this Transaction are specified in the IHE-ITI-TF ATNA Transaction |
Table 2 - 5 Post-conditions
|
Post-condition |
|
A secured communication channel providing transmission confidentiality, transmission integrity, and session authenticity is established between the two nodes. This secured communication channel will be used for all future secure transmissions between the two nodes |
Table 2 - 6 Required Output
|
Required Output |
Format/Usage |
|
Enable node to record an audit event to indicate successful connection from nodes that are mutually authenticated |
See HITSP/T15 - Collect and Communicate Security Audit Trail |
|
Require node to record an audit event to indicate attempted connections from nodes that are not mutually authenticated |
See HITSP/T15 - Collect and Communicate Security Audit Trail |
This is an IHE ATNA Node Authentication Transaction, which in turn calls on various standards, such as TLS and RSA certificates. Please refer to IHE-ITI-TF2, Section 3.19 Authenticate Node for details on data flow.
Table 2 - 7 List of HITSP Constructs
|
Construct Name |
Description |
Event/Action Code |
Content |
|
HITSP/T15 - Collect and Communicate Security Audit Trail |
Provides a means to ensure that security policies are being enforced and that risks are being mitigated |
Various (HITSP Use Case dependent) |
Identification and management of audit trigger events and audit event outputs |
Table 2 - 8 Construct Dependencies
|
Construct |
Depends On |
Dependency Type |
Purpose |
|
HITSP/T17 - Secured Communication Channel |
HITSP/T15 - Collect and Communicate Security Audit Trail |
General |
Identification and management of audit trigger events and audit event outputs |
Table 2 - 9 Additional Constraints on Required Constructs
|
Data Element |
Construct |
Constraint |
Constraint Type |
Purpose |
|
No applicable constraints |
|
|
|
|
Table 2 - 10 Regulatory Guidance
|
Standard |
Description |
|
No applicable regulatory guidance |
|
Table 2 - 11 Selected Standards
|
Standard |
Description |
|
Integrating the Healthcare Enterprise (IHE) IT Infrastructure Technical Framework (ITI-TF) Revision 4.0 or later, Audit Trail and Node Authentication (ATNA) Integration Profile, Section 9.1 Authentication |
Audit Trail and Node Authentication (ATNA) establishes the characteristics of a Basic Secure Node. It describes the security environment (user identification, authentication, authorization, access control, etc.) assumed for the node so that security reviewers may decide whether this matches their environments. It defines basic auditing requirements for the node. It defines basic security requirements for the communications of the node using TLS or equivalent functionality. It establishes the characteristics of the communication of audit messages between the Basic Secure Nodes and Audit Repository nodes that collect audit information. This integration profile has been designed so that specific domain frameworks may extend it through an option defined in the domain specific technical framework. Extensions are used to define additional audit event reporting requirements, especially interface specific requirements. The latest version of the IHE Technical Framework is available at www.ihe.net |
Table 2 - 12 Informative Reference Standards
|
Standard |
Description |
|
No applicable informative reference standards |
|
|
Return to detail page at www.hitsp.org | HITSP/T17 |
| Prev TOC Next |