PATIENTAUTHENTICATIONSYSTEM Technical Specifications Document

chainbirdinhandΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 5 μήνες)

73 εμφανίσεις











PATIENT

AUTHENTI
CATION

SYSTEM

Technical
Specification
s Document






Version
1.1




Prepared By:


Technical Working Group





Created On:


8
th

July

2012







T
ABLE OF
C
ONTENTS




Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
2

of



REVISION HISTORY

................................
................................
................................
................................
..........

3

1.

INTRODUCTION

................................
................................
................................
................................
.........

4

1.1.

P
URPOSE OF
T
HIS
D
OCUMENT

................................
................................
................................
.................

4

1.2.

S
COPE OF
T
HIS
D
OCUMEN
T

................................
................................
................................
.....................

4

2.

OVERALL DESCRIPTION

................................
................................
................................
.........................

5

2.1.

P
ROJECT
P
ERSPECTIVE
................................
................................
................................
............................

5

2.2.

P
RO
JECT
S
TAKEHOLDERS

................................
................................
................................
........................

5

2.3.

A
SSUMPTIONS AND
C
ONSTRAINTS

................................
................................
................................
...........

5

2.4.

O
UT OF
S
COPE

................................
................................
................................
................................
.........

6

3.

PROPOSED SOLUTION

................................
................................
................................
............................

8

3.1.

H
IGH
L
EVEL
S
OLUTION
A
RCHITECTURE

................................
................................
................................
...

8

3.2.

A
PPLICATIONS
R
EQUIREMENTS

................................
................................
................................
................

8

3.2.1.

HAAD Gateway (Web server)

................................
................................
................................
............

8

3.2.2.

Client Side Application

................................
................................
................................
.......................

8

3.2.3.

Audit Appl
ication

................................
................................
................................
................................
..

9

3.3.

I
NFRASTRUCTURE
R
EQUIREMENTS

................................
................................
................................
........

12

3.4.

S
UPPORT
&

M
AINTENANCE

................................
................................
................................
....................

13

4.

RISKS

................................
................................
................................
................................
.........................

14

5.

GLOSSARY

................................
................................
................................
................................
................

15

6.

APPENDIX

................................
................................
................................
................................
..................

16

6.1.

P
ATIE
NT
A
UTHENTICATION
W
EB
S
ERVICE
(P
ROPOSED
)

................................
................................
.......

16

6.1.1.

Service Header

................................
................................
................................
................................
....

16

6.2.

A
UDIT
Q
UERY
W
EB
S
ERVICE
(P
ROPOSED
)

................................
................................
...........................

16

6.2.1.

Service Header

................................
................................
................................
................................
....

17

6.3.

V
ALIDATION
G
ATEWAY
:

B
ENCHMARK
T
ESTING
A
NALYSIS

................................
................................
.....

17

6.3.1.

VG with local secure messaging

................................
................................
................................
....

17

6.3.2.

VG with remote secure messaging

................................
................................
................................

20

7.

REVIEW SIGN OFFS

................................
................................
................................
................................
.

23

8. REVIEW SIGN OFFS
(CONT.)

................................
................................
................................
.....................

25





Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
3

of



Revision History


Date

Version

Description

Author

22 May 2012

0.1


Created

MOU
Technical

Working Group

30 May 2012

0.1

Updated

Applications Requir
ements,
Database Requirements,
Infrastructure Requirements

MOU
Technical

Working Group

31 May 2012

0.1

Updated Web Service Specifications

MOU
Technical

Working Group

7
th

June 2012

0.1

Updated High Level Solution
Architecture, Infrastructure
Requirements
, and Estimated Costs

MOU
Technical

Working Group

20
th

June 2012

0.1

Updated High Level Solution
Architecture, Infrastructure
Requirements, Estimated Costs
, and
Assumptions

MOU
Technical

Working Group

26
th

June 2012

1.0

Updated Risks and Assumptions

MOU
Technical

Working Group

1
st

July 2012

1.1

Updated Client Side Application,
Patient Authentication Web Service
,
and Risks

MOU
Technical

Working Group







Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
4

of



1.

Introduction

1.1.

Purpose of This Document

This
document describes the
Technical

Specifications
of

Patie
nt Authentication Project
as per the
mandate of the Emirates ID MOU Steering Committee to implement and integrate
EID

within the
healthcare sector under the “Cooperation Agreement regarding ID uniform usage in Abu Dhabi
healthcare sector” dated 14 4 2011.




1.2.

Scope of This Document

This document stipulates the
Technical

Requirements for the
Patient Authentication Project
. It
describes the
technical architecture in terms of application, infrastructure &
database. Moreover, it also
entails the licensing & cos
ting details.


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
5

of



2.

Overall description

2.1.

Project

Perspective


As per the mandate of the Emirates ID MOU Steering Committee to implement and integrate EID within
the healthcare sector under the “Cooperation Agreement regarding ID uniform usage in Abu Dhabi
healthc
are sector” dated 14 4 2011, the
Patient Authentication Project
is a joint initiative undertaken by
the MOU Steering Committee to utilize the “coding abilities” of the EID card to raise the e
-
security level of
transactions where this card is used. Impleme
nting mutual authentication in healthcare is the highest
priority and delivers against a number of initiatives simultaneously.

There are no current business processes for electronic authentication of patients via EID integration
across the four entities.
Completion of patient identity is by visual inspection of the photo and
demographic information printed on the EID card,

when provided by the patient at the point of registration.
The EID number is recorded on e
-
claims when submitted to HAAD and Payers via

the e
-
claims process.
Otherwise, a code value for “Reason for no EID number” is entered on the e
-
claim as per HAAD Data
Standards.

The project will enable a technology based “Authentication System” and “Authentication Log” via EID
integration for electro
nic authentication of patient’s identity during encounters with health care providers.
The project aims to improve business processes that include completion of patient identification using
existing technology and available on the EID card, recording of e
vents to a secured log within a secured
Health Cloud and integration via standard application to provide EID data to the End User Applications.
The Authentication Log can then be used for authentication of events by authorized users, such as the
use case
for integrating mutual authentication with e
-
claims.

The EID number will continue to be recorded on e
-
claims when submitted to HAAD and Payers via the e
-
claims process. Otherwise, a code value for “Reason for no EID number” is entered on the e
-
claim as per

HAAD Data Standards.

2.2.

Project

Stakeholders


The following comprises the internal and external
stakeholders whose requirements are
represented
by this document:


S.
No.

Stakeholders

1.

Emirates Identity Authority “EID
A


2.

National Health Insurance Comp
any
-

“DAMAN” PJSC

3.

Abu Dhabi Health Services Company “SEHA”

PJSC

4.

Health Authority
-

Abu Dhabi “HAAD”


2.3.

Assumptions and
Constraints


Following are the assumptions and constraints in the project, but not limited to:


S. No.

Assumptions


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
6

of



1.


Data on EID

card is assumed to be always correct as Healthcare Entities have no
means of verifying it.

2.


EIDA
Validation

Gateway
will entertain the required number of hits.


3.


EIDA
Validation

G
ateway will be connected with HSM.

4.


Currently
EIDA
Validation

Gateway
can

respond to only 200 requests
simultaneously.

5.


Fingerprint template stored in the ID card is about 504
Byte,

the captured image
from sensor size is
100KB and

the image converted to template before sending is
1KB.

6.


ADNet connectivity should be available.

7.


Integration with the Validation Gatew
ay is done using Java Applet or
ActiveX at
the client, logically speaking the
Applet or ActiveX

communicate directly with the
Validation

Gateway
, through a reverse proxy server
.



8.


SDK
may not be required
as VG will
facilitate all the requirements or needs.

9.


HAAD data center
will be under
the Tier

IV

design
, and
therefore
it has not been
added up in the estimated solution cost.

10.


Any changes in the EIDA Validation Gateway will always have a
backward
compatibility

wit
h proper change control mechanism.

11.



N
o record will be registered in Audit DB, if the EID card is damaged or cannot be
read.


S. No.

Constraints

1.

Regarding
Validation

Gateway, t
he

recommended

server

code is Java

and so the
solution should

be built usi
ng Java technology on the server side
.


2.



2.4.

Out of Scope


1.

In light of new development leading to availability of VG,
HSM requirements and analyses are

being
considered as
out of scope.







Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
7

of





Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
8

of



3.

Proposed

Solution

3.1.

High Level Solution Architecture






3.2.

Appl
ication
s

Requirements

3.2.1.

HAAD
Gateway
(W
eb server)


This component would act as gateway for all public and private providers for authentication and querying.



Key tasks would include:



Control and manage the connection between the Client and EIDA Validation G
ateway.



Save the required information in the Audit database during the whole transaction whenever it

s
applicable.



The
Webserver

should save the fields in the Audit database.

(Please refer to Secti
on 6
.2: Audit
Query Web Service)

3.2.2.

Client
Side A
pplication

Th
e vendor should work on the Service Oriented Architecture

in order to build the solution that is not
only
based on
currently known demands, but should also be able to respond to new opportunities or
changes.


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来
9

of



EIDA’s toolkit and documentation is available to

providers in order to integrate

their applications
.
EIDA extended support on tools and ADSIC’s experience to achieve integration with EIDA card.
SEHA would develop client specific framework with EIDA however below is high level diagram
:


3.2.3.

Audit Application


This would provide capab
ility to search HAAD data store.


3.2.3.1.

Data
base Requirements

T
RANSACTION
T
ABLE

(P
ROPOSED
)



Authentication Transaction

S.
No.

Field

Field
type

Mandatory/
Optional

Lengt
h

Validation

Additional Info

1.


Unique transaction
id

Number

Mandatory






Reference number for
indexing

2.


EID Number






Text

Mandatory





The definition of EID Number
is according to the
Cooperation Agreement
regarding ID uniform usage in
Abu Dha
bi healthcare sector
(MOU 2011; page 3)

3.


Authentication Date

Datetime

Mandatory




Only date

mm/dd/yyy
y

Authentication Date
-
Time
should be analogous to
HAAD's

Transaction Date definition


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



4.


Authentication Time

Datetime

Mandatory



Only time
24 hours
forma
t

Authentication Date
-
Time
should be analogous to
HAAD's Transaction Date
definition

5.


Authentication
Location

Text

Mandatory





Authentication Location
Facility ID is the HAAD Facility
License number. There needs
to be a mechanism to link
devices to a Fa
cility License
number.

6.


Authentication type

Text

(
Dropbox
)

Mandatory



Values
from the
master
"AUTHEN
TICATION
TYPES"

-

Biometric + Card Match is a
Match on all the components
of Person (i.e. Biometric),
Data, Card, Card Reader and
HSM Server

-

Card Only i
s a Match on
Data, Card, Card Reader and
HSM Server

7.


Authentication
Result

Text

(
Dropbox
)

Mandatory



Values
from the
master
"AUTHEN
TICATION
RESULT"

Values Pass or Fail

8.


Causes of
authentication failure

Text

(
Dropbox
)

Optional



Values
from the
master
"C
AUSES
OF
AUTHENTI
CATION
FAILURE"



9.


Reasons
authentication not
completed

Text

(
Dropbox
)

Optional








M
ASTER
T
ABLES

(P
ROPOSED
)



Causes of authentication failure

S.
No.

Field

Field
type

Mandatory/
Optional

Length

Validation

Additional Info

1.


Cause of
Authentication failure
code

Text

Mandatory





Unique value

2.


Cause of
Authentication failure
desc
ription

Text

Mandatory



For example : Reader
Device Failure


3.


Cause of
Authentication failure
definition

Text

Mandatory








Reasons for authentication
not completed

S.
No.

Field

Field
type

Mandatory/
Optional

Length

Validation

Additional Info

1.


Reason
authentication not
completed code

Text

Mandatory





Unique value


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



2.


Reason
authentication not
completed
desc
ription





For example : Patient
Refusal to A
uthenticate

3.


Reason
authentication not
completed definition

Text

Mandatory










Authentication types

S.
No.

Field

Field
type

Mandatory/
Optional

Length

Validation

Additional Info

1.


Authentication type
code

Text

Mandatory





Unique value

2.


Authentic
ation type
desc
ription

Text

Mandatory






For example : Biometric +
Card Match

3.


Authentication
definition

Text

Mandatory







Authentication results

S.
No.

Field

Field
type

Mandatory/
Optional

Length

Validation

Additional Info

1.


Authentication resul
t
code

Text

Mandatory





Unique value

2.


Authentication result
desc
ription

Text

Mandatory



For example : Pass and Fail

3.


Authentication result
definition

Text

Mandatory








M
ASTER
T
ABLE
V
ALUES

(P
ROPOSED
)



Cause of authentication failure values

S.
No
.

Values

Definition

1.


Biometric Mismatch

Person Biometric and EID Card Biometric do not
match

2.


No Fingerprint on card

Person Biometric is not stored on EID Card.


Reasons Authentication not completed values

S.
No.

Values

Definition

1.


Patient Refus
al to Authenticate

Patient unwilling to provide EID card or complete the
authentication process

2.


System Down

Internal/External application, system or components
down and not available to complete the authentication
process.

3.


Data Component Issues

Any dat
a related component that prevents End User
from completing the authentication process.







Authentication type values


S.
Values

Definition


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



No.

1.


Biometric + Card Match

Biometric + Card Match is a match on all the
components of Person (i.e. Biom
etri
c), Data, Card,
Card Reader, and VG

2.


Card Only

Card Only is a match on Data, Card, Card Reader and
HSM Server.







Authentication results values

S.
No.

Values

Definition

1.


Pass

Authentication Type Criteria Met

2.


Fail

Authentication Type Criteria Fai
led


3.3.

I
nfrastructure
Requirements











Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



3.4.

S
upport & Maintenance




The vendor should propose a system which should provide
24x7 support and maintenance
.




The vendor should design a system with SLA of
5 seconds response time

from client request to
respon
d

provided all technical requirements needed to enable these transactions are in place.




Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



4.

Risks



S. No.

Risk

Probabilit
y

Impact

Mitigation

1.


We don’t have any testing
results/benchmark for more than
200
concurrent
requests to

Validation

Gateway
.


0.7

High

The vendor

should conduct a
Performance Testing with around
500
-
700 concurrent requests prior to
Go LIVE.


2.


Currently there is no Disaster
recovery

(for EIDA VG)
, only high
availability option.

0.5

High

N/A.


Note:
TWG would like Steering
Committee to adv
ice further over it.


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



5.

Glossary


Term/Acronym

Definition

EID Card

Identity Card issue
d

by Emirates Identity Authorit
y
to all citizens
and residents of UAE

"Trusted Third Party"

Trusted Third Party whom HAAD, EID, SEHA, Daman have
entrusted to host and op
erate the Health Cloud Systems

Health Cloud

Private for Abu Dhabi Health Sector computing cloud that
provides “trusted” secure environment for maintaining shared
information systems accessible to licensed Healthcare Entities

Authentication System

A stan
dard system that integrates with Provider information
systems to enable EID authentication of patients at the point of
care and provide Provider systems with the authentication result
as well as the data stored on EID card to be used in Patient
registratio
n process

Authentication Log

Information systems that maintains a log of authentication
events and controls access to this information and provides
reports through standard web services

HSM

Hardware Security Module

VG

Validation Gateway






















Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



6.

Appendix


6.1.

Patient Authentication Web Service

(Proposed)



Service Name

HAAD_PATIENT_AUTHENTICATION

Service Type

Interactive, on
-
demand

Data Owner

EIDA

Service Provider

HAAD

Service Consumer

SEHA & Facilities

Input Parameters

Is_Patient_
Authentica
te
(EID Number
, Fingerprint Template,
Captured Image
)

Output Parameters

Service output (0
-
success,1
-
Failure)

Sample Request




6.1.1.

Service Header



Field Name

Type

Sample Data

Mand
atory

Code
list

EID Number

Varchar2(15)

999
-
9999
-
999999
-
9

Y

-

Authorized

Nu
mber

0 (Success)/1(Failure)

Y

-

Transaction Date

&
Time

DATE

System Date

Y

-

Reason for failure

Varchar2(150)

Xyz.

Y

Y


6.2.

Audit Query Web Service

(Proposed)


Service Name

HAAD_PATIENT_AU
DIT_QUERY

Service Type

Interactive, on
-
demand

Data Owner

HAAD

Serv
ice Provider

HAAD

Service Consumer

SEHA, Facilities & Insurance Companies

Input Parameters

Patient_
Au
dit_Query(
Batch No,

EID Number, Fa
c
ility ID,
Encounter Date
)

Output Parameters

Service output (
Batch No,

EID Number, Fa
c
ility ID,
Authentication Result,

Authentication Date, Authentication
Failure
Reason
)

Sample Request






Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



6.2.1.

Service Header


Field Name

Type

Sample Data

Mand
atory

Code
list

Batch

Number

Varchar2(15)

AAA999

Y

-

EID Number

Varchar2(15)

999
-
9999
-
999999
-
9

Y

-

Facility ID

Varchar2(15
)

MF9999

Y

-

Encounter/Authentication
Date

DATE

Sysdate

Y

-

Authentication Result

Number

0 (Success)/1(Failure)


-

Authentication Failure
Reason

Varchar2(150
)

Xyz.


-





-


6.3.


Validation
Gateway: Benchmark
Testing
Analysis


This
section

documents a benchmark
analysis conducted by Lo
gica on the Validation Gateway
(VG
). This
study has been requested by EIDA as a means to establish that the hardware that will be procured by
Logica for the PKI & FIM project infrastructure will be sufficient enough to cope with the

requirements
(throughput) received from ADSIC.



The main results of the benchmark testing are as follow:


Concurrent users

Total transactions
in 1 minute

Average
VG
transactions/sec

No.

of errors

100

119071


658

0

200

128470

712

0



6.3.1.

VG with
local

se
cure messaging


In this case, the VG uses a Secure Messaging (SM) module locally on the same VG server.

6.3.1.1.

Benchmark case 1

100

concurrent users executed repeatedly VG requests for 1 minute. Results were as follow:

a)

Total number of VG transactions: 119071 Tra
nsactions

b)

Average Throughput = 658 VG transactions/sec

c)

Errors = 0


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of





Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of





6.3.1.2.

Benchmark case 2


200

concurrent users executed repeatedly VG requests for 1 minute. Results were as follow:

a)

Total number of VG transactions: 128470 Transactions

b)

Average Throughput = 71
2 VG transactions/sec

c)

Errors = 0





Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of




6.3.2.

VG with
remote

secure messaging


In this case, the VG uses a Secure Messaging (SM) module deployed on a separate physical server.

6.3.2.1.

Benchmark case 1


100

concurrent users executed repeatedly VG requests for 1 minute. R
esults were as follow:

1.

Total number of VG transactions: 21552 Transactions

2.

Average Throughput = 120 VG transactions/sec

3.

Errors = 0





Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of




6.3.2.2.

Benchmark case 2


200

concurrent users executed repeatedly VG requests for 1 minute. Results were as follow:

a)

Total numb
er of VG transactions: 18062 Transactions

b)

Average Throughput = 100 VG transactions/sec

c)

Errors = 0.34






Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of




6.3.2.3.

Benchmark case 3


120

concurrent users executed repeatedly VG requests for 40 minutes. Results were as follow:

d)

Total number of VG transactions: 1303
244 Transactions

e)

Average Throughput = 72 VG transactions/sec

f)

Errors = 0.16





Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



7.

Review Sign offs


We

have reviewed the above stated
technical specifications

of
Patient Authentication Project
.
We
hereby grant
approval to proceed to develop the system.


We

u
nderstand that further changes will likely result in a delay in the final delivery date.



Name:







_______________________________


D
esignation
:






__________
_________
_____________


Department/Section:





_________
______
___
___
___________


Health Au
thority
-

Abu Dhabi

“HAAD”
:



________
______
____
___
___________



_______________
___
____________________

Signature:


Date:

_____________
___
_________________




Name:







________________________________


D
esignation
:






_
__
_
_
_______
_________
____________
_


Department/Section:





___
_
_
_
_____
______
___
___
___________


A
bu Dhabi Health Services Co. “SEHA” P.J.S.C.
:


______
__
_
______
____
___
_____
_
______



_______________
___
____________________

Signature:


Date:

_____________
___
_________________


Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of





Health Authority Abu Dhabi

Technical Specification

Document






Confidential Document


Ve爠ㄮ1

偡来


of



8.
Review Sign

offs (cont.)


We

have reviewed the above stated
technical specifications

of
Patient Authentication Project
.
We
hereby grant
approval to proceed to develop the system.


We

understand that further changes will likely result in a delay in the final delivery

date.


Name:







_________________________________


D
esignation
:






________
_
__
_________
_____________



Department/Section
:





_________
______
___
___
____
_
_______


Emirates Identity Authority “EIDA”
:



________
______
____
___
____
_
_______



_____________
__
___
____________________

Signature:


Date:

_____________
___
_________________



Name:







_________________________________


D
esignation
:






__________
_________
________
_
_____


Department/Section
:





_________
______
___
___
_______
_
____


National Health I
nsurance Co.
-

Daman P.J. S. C
:


________
______
____
___
________
_
___



_______________
___
____________________

Signature:


Date:

_____________
___
_________________