|
|
| (71 intermediate revisions by 8 users not shown) |
| Line 1: |
Line 1: |
| Audit Trail and Node Authentication [ATNA] describes certificate-based node authentication and transmitting PHI-related audit events to a repository. This helps sites implement confidentiality policies.
| | Basic security through (a) functional access controls, (b) defined security audit logging and (c) secure network communications |
| | |
|
| |
|
| __TOC__ | | __TOC__ |
|
| |
|
| | ==Formal Specification== |
|
| |
|
| ==Summary== | | ===[https://profiles.ihe.net/ITI/TF/Volume1/ch-9.html ATNA (html) specification]=== |
| | | * [https://profiles.ihe.net/ITI/TF/Volume1/ch-9.html Final Text] |
| The Audit Trail and Node Authentication (ATNA) Integration Profile establishes security measures which, together with the Security Policy and Procedures of the enterprise, provide patient information confidentiality, data integrity and user accountability. The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node, and requires that events concerning PHI use are recorded and transmitted to a repository where they can be monitored to detect indications of inappropriate activity.
| |
| | |
| | |
| ''<Include a simple graphic that, at a glance, gives an impression of what the profile does. See [[Help:Contents#Tips_.26_Tricks| Help - Tips and Tricks]] for details on including an image/graphic.>''
| |
| | |
| ==Benefits==
| |
| | |
| | |
| ==Details==
| |
| (From an email by Rob Horn)
| |
|
| |
|
| ATNA is already integrated into the full ITI Technical
| | ===Additional Supplements:=== |
| Framework. The ATNA core is section 9 of volume 1, and sections 3.16 and
| | * [[Add RESTful Query and Feed to ATNA]] - Trial Implementation |
| 3.17 of Volume II. The underlying DICOM standard can be found at:
| |
| ftp://medical.nema.org/medical/dicom/supps/sup95_fz.pdf The underlying
| |
| RFC can be found at a variety of RFC repositories. ATNA specializes these
| |
| for some purposes, but also invokes their general support so that we don't
| |
| have to redefine ATNA every time a new profile specializes an audit
| |
| message for some new purpose. There are individual profile
| |
| specializations scattered through all the different frameworks. This makes
| |
| it hard for an implementer. It's easy to pull out the core sections as a
| |
| starting point, but not the individual profile specializations.
| |
| | |
| You find sections of specializations in some of the other technical
| |
| frameworks. Radiology is probably the most complete for this. This
| |
| scattering of requirements reflects a fundamental conflict of
| |
| documentation uses. From one perspective you would like it all in one
| |
| place, and from another perspective you want it documented in the sections
| |
| that will actually be read by implementers.
| |
| We have done this only for profiles that were most critical (e.g. XDS, RFD, EUA, XUA). There is some interested in RID and PIX, we need help to create prioritized CP requests for clarity on profiles that the IHE community needs assistance with.
| |
| | |
| | |
| There is also some historical funny business. Originally HL7 was going to
| |
| issue an HL7 side equivalent to DICOM's Supplement 95, but that lost
| |
| sponsorship and got abandoned. So DICOM threw together some partial stuff
| |
| to cover the immediate needs of the imaging community. It deals with only
| |
| those HL7ish things that happen to DICOM equipment (like receiving
| |
| orders). DICOM didn't attempt to handle the rest of the HL7 world. So
| |
| the various IHE domains get creative in a variety of ways.
| |
| | |
| ==Systems Affected== | |
| ''<List (in user terms) systems that would be likely candidates for implementing this profile, e.g. RIS, PACS, HIS, CAD Workstation, etc. >''
| |
| | |
| ==References== | |
| | |
| Creating an IHE ATNA-Based Audit Repository, Gregg, B. et al, Journal of Digital Imaging, Vol. 19, Number 4, 2006, pp. 307-315
| |
|
| |
|
| ==See Also== | | ==See Also== |
| Profile Status: [[Comments| Final Text]]
| |
|
| |
|
| The [[Frameworks#IHE IT Infrastructure Technical Framework| IT Infrastructure Technical Framework]] is the official master document for this Profile.
| | This profile supports the security/privacy model discussed in [[IHE Security and Privacy for HIE]] white paper. |
|
| |
|
| ''<Replace the Template links below with links to the actual pages for the Profile>''
| | See [[ATNA FAQ]] for implementation assistance, and [[ATNA Profile FAQ]] for other random help. |
|
| |
|
| The [[ATNA Profile FAQ]] answers typical questions about what the Profile does.
| | For information related to testing the ATNA profile at IHE Connectathons, [https://gazelle.ihe.net/content/atna-testing-connectathon-digital-certificates read this][ |
|
| |
|
| The [[Profile Purchasing Template]] describes considerations when purchasing equipment to deploy this Profile.
| | NEMA White Paper on [http://www.medicalimaging.org/wp-content/uploads/2011/02/CertificateManagement-2007-05-Published.pdf Management of Machine Authentication Certificates] |
|
| |
|
| [[Audit Trail and Node Authentication Implementation]] provides additional information about implementing this Profile in software. Specific questions about how to implement this profile can be found in the [[ATNA FAQ]].
| | '''Related Profiles''' |
|
| |
|
| | * [[Add RESTful Query and Feed to ATNA]] option on ATNA to enable a FHIR AuditEvent feed and query |
| | * [[Audit Trail and Node Authentication - Radiology Option]] extends ATNA with Radiology-specific audit trail messages. |
| | * [[Consistent_Time | Consistent Time]] |
|
| |
|
| This page is based on the [[Profile Template]] | | This page is based on the [[Profile Template]] |
|
| |
|
| | [[Category:Profiles]] |
| | [[Category:ITI Profile]] |
| | [[Category:FHIR]] |
| | [[Category:Security]] |
|
| |
|
| [[Category:Profiles]] | | Current: [[Frameworks#IHE IT Infrastructure Technical Framework| IT Infrastructure Technical Framework]]. |
Basic security through (a) functional access controls, (b) defined security audit logging and (c) secure network communications
Formal Specification
Additional Supplements:
See Also
This profile supports the security/privacy model discussed in IHE Security and Privacy for HIE white paper.
See ATNA FAQ for implementation assistance, and ATNA Profile FAQ for other random help.
For information related to testing the ATNA profile at IHE Connectathons, read this[
NEMA White Paper on Management of Machine Authentication Certificates
Related Profiles
This page is based on the Profile Template
Current: IT Infrastructure Technical Framework.