Responding to President Clinton's Call for Healthcare Privacy, the OMG Announces Availability of RAD Facility.Business Editors and Health/Medical Writers NEEDHAM, Mass.--(BUSINESS WIRE)--Dec. 22, 2000 The Object Management Group(TM) (OMG (1) See Object Management Group. (2) "Oh my God!" See digispeak. OMG - Object Management Group (TM)) recently completed work on a standard that addresses the fine-grain access control required to protect the confidentiality and privacy of medical records demanded by legislation announced this week. The OMG is a not-for-profit consortium of technology vendors developing information technology interoperability standards. OMG work on this problem began in early 1998 with an RFP (Request For Proposal) A document that invites a vendor to submit a bid for hardware, software and/or services. It may provide a general or very detailed specification of the system. 1. (business) RFP - Request for Proposal. 2. from the Healthcare Domain Task force. The resulting Resource Access Decision Facility (RAD) specification has been available since April of 1999 and with the recent exit from the finalization phase of technology adoption (a step required to ensure specifications are implemented and issues resolved by vendors); RAD has been recommended to the OMG Board of Directors by the Domain Technical Committee for final adoption. On Wednesday, Dec. 20, 2000, the Clinton administration Noun 1. Clinton administration - the executive under President Clinton executive - persons who administer the law announced new regulations that will provide far reaching privacy protection of a patient's electronic medical records, paper records and oral communication pertaining per·tain intr.v. per·tained, per·tain·ing, per·tains 1. To have reference; relate: evidence that pertains to the accident. 2. to the patient's condition. The new privacy rules will address problems that arise due to the widespread ease of information sharing See data conferencing. and availability brought on by technological innovations. For instance, two weeks ago, The Washington Post reported that a hacker gained access to confidential medical records at the University of Washington Medical Center The University of Washington Medical Center is a nationally renowned hospital located in the University District of Seattle, Washington, USA. It is one of the teaching hospitals affiliated with the University of Washington School of Medicine. The 2007 issue of U.S. in May and June of the year 2000. Thousands of patient names, conditions, home addresses and Social Security numbers were all downloaded by a hacker who used the Internet to break into a publicly available Web site at the University of Washington Medical Center. The incident demonstrated how chillingly possible it is to obtain access to such highly confidential medical information. The OMG's Healthcare Domain Task Force recognized that a computing architecture that respects separation of concerns is crucial to implementation of a security infrastructure that can be understood by business leaders, managed by security administrators, and audited against increasingly stringent requirements of legislators and consumers. The catalyst for this work was a realization that access control is becoming increasingly unmanageable in enterprise application integration environments. Vendors are spending an increasing percentage of their development time building access control into their applications. This is accomplished in a variety of ways with the obvious problem that each time an enterprise purchases a software component, they are also purchasing an access control mechanism that must be deployed and administered as part of their security infrastructure. This fact has made it impossible for enterprises to design and implement consistent application resource access control policy. In addition, healthcare vendors are increasingly asked to be security vendors and this is driving up the cost of solutions. The healthcare industry must integrate existing security architectures, technologies and security products and not continue to develop proprietary security solutions. The OMG Resource Access Decision Facility (RAD) addresses these problems. RAD is a framework that facilitates access control decisions based on application domain factors while maintaining the separation (or de-coupling) of authorization logic from application business. It provides a uniform way for application systems to enforce resource-oriented access control policies and was designed by security specialists to the requirements of the healthcare industry. The RAD facility is not a replacement or substitution for a Security authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. service. The RAD service is used in conjunction with other security infrastructure to provide enhanced access decisions. "The designers of the specification wanted to be certain that the framework was architecturally consistent with the CORBA (Common Object Request Broker Architecture) A software-based interface from the Object Management Group (OMG) that allows software modules (objects) to communicate with each other no matter where they are located on a private network or the global (R) security service, but that it was not restricted from usage with other security authentication technology and infrastructures. This pattern of designing with an eye toward integration with diverse technologies is an important aspect of many of the OMG specifications. It was anticipated that vendors will provide integration with existing security mechanisms, allowing healthcare enterprises to protect the investments they have made in authentication technology and/or aid in the migration to digital certificates as a source of an individuals security attributes," stated Carol Burt, Chair of the RAD Finalization Task Force. The specification standardizes the interface in ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. IDL (1) (Interface Definition Language) A language used to describe the interface to a routine or function. For example, objects in the CORBA distributed object environment are defined by an IDL, which describes the services performed by the object and how the data but leaves implementation details to the vendors. Clever implementations co-locate all interfaces and cache access policy. RAD supports use of a wide variety of access control policies and provides a framework for plug-in of diverse policy enforcement engines. "Usage of a RAD facility removes the requirement that the application developer understand which security attributes are necessary to allow access to a secured resource. That is, the access control mechanism may be developed, purchased, and administered separate from the application and integrated at deployment time, " continued Burt. To learn more about OMG's initiatives in providing secure software for the healthcare industry, the following series of seminars will be featured and sponsored by the Object Management Group and its Healthcare Domain Task Force at the OMG's Technical Meeting in Irvine, CA from February 26 - March 2, 2001. The series is intended to provide a forum for discussing current security concerns facing the healthcare community, and to address these issues with real world solutions built on commercially-available products. The following sessions will be offered: - Medical Records Disclosure: Dealing with Patient Consent, Privacy, and Confidentiality; - Administering Security Policies in your Enterprise; - Security Policy Interoperability: Working policies across organizations - How to protect your medical records in the e-world. For details about the sessions and registration information, refer to our website at http://www.omg.org About The OMG With the support of its membership of software vendors, software developers and end users, the OMG's CORBA is "The Middleware That's Everywhere(TM)." Since 1989, the OMG has been "Setting The Standards For Distributed Computing (1) The use of multiple computers networked throughout a wide geographical area, or the world via the Internet, in order to solve a single problem. See grid computing. (2) The use of multiple computers in an enterprise rather than one centralized system. (TM)" through its mission to promote the theory and practice of object technology for the development of distributed computing systems. The goal is to provide a common architectural framework for object-oriented applications based on widely available interface specifications. The OMG is headquartered in Needham, MA, USA, with an office in Tokyo, Japan as well as international marketing offices in Bahrain, Germany, India, and the UK, along with a U.S. government representative in Washington, DC, USA. The OMG is also a major sponsor of the Integrate 2001 trade show and conference, which will be held September 19-21, 2001 in New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. . For information on joining the OMG or additional information, please contact OMG headquarters by phone at +1-781-444 0404, by fax at +1-781-444 0320, or by email at info@omg.org. The OMG provides current information and services for Distributed Object Distributed objects are software modules that are designed to work together, but reside either in multiple computers connected via a network or in different processes inside the same computer. Computing through The Information Brokerage(R) on the World Wide Web at www.omg.org and at www.corba.org. Information about OMG Japan can be found at www.omgj.org. Note to editors: CORBA(R), The Information Brokerage(R), CORBA Academy(R), IIOP (Internet Inter-ORB Protocol) The CORBA message protocol used on a TCP/IP network (Internet, intranet, etc.). CORBA is the industry standard for distributed objects, which allows programs (objects) to be run remotely in a network. (R) and the Object Management Group logo(R) are registered trademarks of the Object Management Group. OMG(TM), Object Management Group(TM), the CORBA Logo(TM), ORB(TM), Object Request Broker See ORB. (programming) Object Request Broker - (ORB) Part of the OMG CORBA specification, an ORB's basic function is to pass method invocation requests to the correct objects and return the results to the caller. (TM), the CORBA Academy logo(TM), XMI (1) (XML Metadata Interchange) An XML-based representation of a UML model. XMI is used to transfer UML diagrams between various modeling tools. See UML. (2) An earlier high-speed bus from Digital that was used in large VAX machines. (TM), MOF (1) (Managed Object Format) An ASCII file that contains the formal definition of a CIM schema. See CIM. (2) (Meta Object F (TM), CWM(TM), OMG Interface Definition Language See IDL. Interface Definition Language - (IDL) 1. An OSF standard for defining RPC stubs. 2. Part of an effort by Project DOE at SunSoft, Inc. to integrate distributed object technology into the Solaris operating system. (TM), IDL(TM), CORBAservices(TM), CORBAfacilities(TM), CORBAmed(TM), CORBAnet(TM), UML (Unified Modeling Language) An object-oriented analysis and design language from the Object Management Group (OMG). Many design methodologies for describing object-oriented systems were developed in the late 1980s. (TM), the UML Cube Logo(TM), "We're Known By The Companies We Connect(TM)" and Unified Modeling Language See UML. (language) Unified Modeling Language - (UML) A non-proprietary, third generation modelling language. The Unified Modeling Language is an open method used to specify, visualise, construct and document the artifacts of an object-oriented software-intensive system (TM) are trademarks of the Object Management Group. All other products or company names mentioned are used for identification purposes only, and may be trademarks of their respective owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion