Saturday, May 28, 2011

IHE - Privacy and Security Profiles - Consistent Time

This Profile is one of the most simple profiles in the IHE toolbox. Indeed it should take absolutely no development by anyone as the protocol has been incorporated into operating systems since the early 2000s. Windows XP enables it by default and connects to the internet to get the time. This is similar with the various flavors of Linux as well. This need to have a reasonably synchronized clock is universal and not specific to healthcare. But in IHE we leverage this profile in a couple of ways. First ATNA (defined later) profile leverages the Consistent Time profile to assure that audit logs are all timestamped with a comparable time-stamp. In this way a security officer can look at the audit logs coming from different machines and be able to know which things happened at the same time, which things happened first and what happened next. This profile is also used by EUA (defined later) as it is important to the authentication protocol that the client, authority, and servers all have a clock that is pretty closely synchronized. This profile has been leveraged in Patient Care Devices to assure that events that are recorded by medical devices have a reasonably accurate clock, and identify some use-cases where higher accuracy is needed.

The profile simply shows some of the use-cases and indicates that the Network Time Protocol (NTP) with it's simplified Simple Network Time Protocol (SNTP) be used. There really are no restrictions on these protocols, besides some emphasis of things that the standard it-self says.
One should note that this Profile does not say what system must be a time source, it is possible that a large hospital wants to run their own isolated time-clock. Another organization may choose to utilize one of the time-sources on the internet such as (see Although the concept is simple, the practice of actually keeping clocks synchronized even within 1 second is quite complex.


Back links

No comments:

Post a Comment