• No results found

2014 Defense Health Information Technology Symposium Cloud Computing in the Defense Health Agency

N/A
N/A
Protected

Academic year: 2021

Share "2014 Defense Health Information Technology Symposium Cloud Computing in the Defense Health Agency"

Copied!
17
0
0

Loading.... (view fulltext now)

Full text

(1)

2014 Defense Health Information Technology

Symposium

Cloud Computing in the

Defense Health Agency

Maj Todd Roman, SM Project Officer

(2)

DHA Vision

“A joint, integrated, premier system of

health, supporting those who serve in

(3)

Understand the Fundamental Benefits of

Cloud Computing

Realize Challenges for Cloud Adoption

Identify Compliance with DoD Requirements

for Entering the Cloud

Recognize Contractual Concerns with DoD

Cloud

(4)

Learning Objectives

Benefits of Cloud Computing

Exchanging Data with Partners

Challenges of Cloud Computing within

Healthcare

DoD Cloud Computing Requirements

Reaching the Cloud

Med-COI FOC State

Contractual Concerns with DoD Cloud

(5)

Benefits of Cloud Computing

*Source: FY 2012 President's Budget position for DHP O&M

Includes Normal Cost contributions to the Medicare Eligible Retiree Health Care Fund (MERHCF)

The government can use cloud computing to rid itself of billions annually in duplicative IT spending.

Cloud computing offers the government an opportunity to be more efficient, agile, and innovative through more effective use of IT investments.

(6)

Exchanging Data with Partners

Department of Veteran Affairs (VA)

Department of Health and Human Services (HHS) Centers for Medicare and Medicaid (CMS)

Federal Drug Administration (FDA)

Health Information Exchanges (HIE) (created by ACA) -More than 100 across the country

-No Industry Standard Interfaces

HIE

Additional requirements to meet Office of National Coordinator (ONC) for Health Information

(7)

Challenges of Cloud

Computing within Healthcare

Federal Cloud Computing

Strategy

Security Controls

Compliance

(8)

DoD Cloud Computing Requirements

DISA ECSB Security Model 1 U-Public NA-L-x 2 U-Limited Access 3 CUI L-M-x 4 CUI M-M-x 5 CUI H-H-x 6 Classified

(9)

HITECH Act

While increasing the use of electronic health records, securing patient

health Information (PHI) remains a major component of the HITECH.

Data Ownership

Office of the General

Council (OGC)

Privacy Office

Health Information Technology for Economic and Clinical Health (HITECH)

(10)

Reaching the Cloud

Creating an

enterprise-wide digital

backbone

Increase Speed, Mobility and Collaboration of Healthcare

Encourage the healthcare industry to meet DoD specific security requirements

Separate the Healthcare Network from the DoD Information Network (DoDIN)

Establish the Medical Community of Interest (MEDCOI) Support the Joint Information Environment (JIE)

(11)

Cloud Adoption

*Source: http://csrc.nist.gov/groups/SNS/cloud-computing/, http://www.nist.gov/itl/cloud/index.cfm

Catalyzing Cloud Adoption

Leveraging cloud computing accelerators

Ensuring a secure, trustworthy environment

Streamlining procurement process

Establishing cloud computing standards

Recognizing the international dimensions of cloud

computing

(12)

Medical Community of Interest

(Med-COI) FOC State

DoD / VA Data

Interoperability

Commercial Business

Partners and Service

Providers

JIE Common / Core Services

DoD Mission Partners

IAP OneVA WAN VA Enterprise Gateway (TIC 2.0) N+1 Data Centers EHR Europe (RPC) EHR Pacific (RPC) MPLS-VPN over DISN** Nationwide Health Information Network (NwHIN) ‘HIE’ Enabled Business Partner Extranets (BPEs) JIE (NIPRNet & Other DoD-COIs) MHSi/Med-COI Enterprise Gateways (1 of 9) Kaiser Permanente United Healthcare LabCorp Quest Labs

Other DoD COIs and Intranets Med-COI Regional Gateways (1 of 4) OCONUS SWA CENTCOM PACOM EUCOM IdM & Federated

Directory Service (mJAD) DMDC PDR/DEERS VA-IdMS MVI Security/Access Gateways Med IPNs/SSPNs Med-COI Intranet/ Extranet Gateway VA Austin Information Technology Center (AITC) Core and Regional Data Centers (CONUS) EHR Theater Site EHR Theater Site EHR Theater Site VAMC (DoD/VA Sharing Site)* DoD MTF (CONUS) DoD MTF (CONUS) Legend: (1 of 4) CONUS OV-1 Medical Community of Interest Network (Med-COI)

Final Operation Configuration

(proposed) DoD MTF OCONUS DoD MTF OCONUS DoD MTF OCONUS DoD MTF OCONUS Mission Partner Gateway Internet Service Base/Post Enclave Service Base/Post Enclave DoD-DMZ (1 of 5) CONUS & OCONUS VAMCs (1 of 135) DHS/ DHMSM VistA RDCs (1 of 8) Connected Via MPGs FedRAMP Certified Provider Notes:

* Sharing Sites and extension to Sites in Joint Market Areas Post Phase 3 ** Confidentiality Service (IP-SEC) maintained for PHI/PII Data Types

‘Trusted’ EHR/CSPs DoD Enterprise Services (JIE)

Virtual Connect over DISN-COI transport - MPGs to TIC/Fed G/Ws

(supports non-Medical Mission Partner connections)

(13)

Business Associates Agreements (BAAs) - need to be evaluated down to the lowest subcontractor to support Privacy Impact Assessment (PIA)

Service Level Agreement (SLAs) - need to be reviewed down to the lowest

subcontractor level for PIA

Federal Risk and Authorization Management Program (FedRAMP) -

certifications need to be validated

Ongoing Monitoring – What will you do to ensure monitoring according to

FedRAMP/DoD requirements?

Private or Public Cloud considerations – FedRAMP, NIST, and ECSB all require

Private for PHI.

Cloud is NOT outsourced IT – full Infrastructure, Platform and Software Security

compliance needs to be assessed

Data Ownership – Who owns the data within the system and what is it used for?

What happens to the data when you terminate this contract? What happens if a subcontractor goes out of business?

(14)

Come see us if…

You’re already

operating in the

cloud

You plan to be in the

(15)

Evaluations

(16)

Speaker Info

Andrew “Jake” Jacobs ITILv3, Net +, CHSP, CEP, VEP

Acting Branch Chief, Strategy and Planning,

Innovation and Advanced Technology Development (IATD) Division

[email protected]

703-681-6759

MAJ Todd Roman, USAF MSC, CAAMA

Project Officer, Secure Messaging Defense Health Services Systems (DHSS)

[email protected]

(17)

References

Related documents

o mesmo ocorreu com a disartria em relação à fala; o AVC foi a etiologia neurológica predominante; em relação ao número geral de casos avaliado verificou-se que 50% do grupo

Occupational Safety and Health (Classification, Labelling and Safety Data Sheet of Hazardous Chemicals) Regulations 2013. Occupational Safety and Health (Use and Standards of Exposure

possessing gender specific risk factors show better prognosis of cerebral venous and sinus thrombosis (CVST) compared to men 5.. One recent study from Indian

Sala dos Tratados do Palácio do Itamaraty, em Brasília. A pesquisadora esteve pessoalmente presente nesse pronunciamento, ocasião em que pode tomar nota das

OPTION 3 – CLICK & COLLECT (online) Available all year round Visit: booklists.ziggies.net.au School-Year Code: TSHSC-9 Password:

As  anticipated  in  the  introduction,  the  year  1920  featured  the  approval  of  a  major  piece 

In the European Prospective Investigation into Cancer and Nutrition study, we used multivariable joint Cox proportional hazards models, which accounted for tumors

In summary, this study for the first time directly compares the prognostic value of measuring the systemic inflammatory response with composite ratios and cumulative scores in