This Profile is one of the most simple profiles in the IHE toolbox. Indeed it should take absolutely no development by anyone as the protocol has been incorporated into operating systems since the early 2000s. Windows XP enables it by default and connects to the internet to get the time. This is similar with the various flavors of Linux as well. This need to have a reasonably synchronized clock is universal and not specific to healthcare. But in IHE we leverage this profile in a couple of ways. First ATNA (defined later) profile leverages the Consistent Time profile to assure that audit logs are all timestamped with a comparable time-stamp. In this way a security officer can look at the audit logs coming from different machines and be able to know which things happened at the same time, which things happened first and what happened next. This profile is also used by EUA (defined later) as it is important to the authentication protocol that the client, authority, and servers all have a clock that is pretty closely synchronized. This profile has been leveraged in Patient Care Devices to assure that events that are recorded by medical devices have a reasonably accurate clock, and identify some use-cases where higher accuracy is needed.
One should note that this Profile does not say what system must be a time source, it is possible that a large hospital wants to run their own isolated time-clock. Another organization may choose to utilize one of the time-sources on the internet such as pool.ntp.org (see http://www.pool.ntp.org/en/). Although the concept is simple, the practice of actually keeping clocks synchronized even within 1 second is quite complex.
- Status: Final Text
- IHE ITI Technical Framework
- Vol 1: Section 7
- Vol 2a: Section 3.1
- Standards Used
- RFC-1305 Network Time Protocol (NTP)
- RFC-4330 Simple Network Time Protocol (SNTP)
Back links
This is part of a blog presentation of the IHE Privacy and Security Profiles Overview:
- Introduction to IHE impact on Meaningful Use
- IHE - Privacy and Security Profiles - Introduction
- This Page
- IHE - Privacy and Security Profiles - Audit Trail and Node Authentication
- IHE - Privacy and Security Profiles - Enterprise User Authentication
- IHE - Privacy and Security Profiles - Cross-Enterprise User Assertion
- IHE - Privacy and Security Profiles - Document Digital Signature
- IHE - Privacy and Security Profiles - Basic Patient Privacy Consents
- IHE - Privacy and Security Profiles - Document Encryption
- IHE - Privacy and Security Profiles - Access Control
- IHE - Privacy and Security Profiles - Miscellaneous
- IHE - Privacy and Security Profiles - Conclusion
No comments:
Post a Comment