Skip to content

Audit Trail and Node Authentication (IHE ATNA)

Name: Audit Trail and Node Authentication (IHE ATNA)

Identifier: IHE ATNA

Issuing Organisation: Integrating the Healthcare Enterprise (IHE)

Country: International

Language: English

Organization website (opens in new window): https://www.ihe.net/

Link to standard (opens in new window): https://wiki.ihe.net/index.php/Audit_Trail_and_Node_Authentication

Availability: Free to Access

Type: IHE Profile

Issue Year: unknown

Forward Review Date: Not known

Fields: Communication and Information  Digital Health  Health and Wellbeing 

Intended Audiences: Third (Voluntary) Sector Bodies, Private Sector Bodies, Professional and Trade Bodies, and Governmental and Public Sector Bodies

Abstract:

The Audit Trail and Node Authentication (ATNA) Integration Profile establishes security measures which, together with the Security Policy and Procedures, provide patient information confidentiality, data integrity and user accountability. ATNA contributes to access control by limiting network access between nodes and limiting access to each node to authorized users. Network communications between secure nodes in a secure domain are restricted to only other secure nodes in that domain. Secure nodes limit access to authorized users as specified by the local authentication and access control policy.
User Authentication
The Audit Trail and Node Authentication Integration Profile requires only local user authentication. The profile allows each secure node to use the access control technology of its choice to authenticate users. The use of Enterprise User Authentication is one such choice, but it is not necessary to use this profile.
Connection Authentication
The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node. The DICOM, HL7, and HTML protocols all have certificate-based authentication mechanisms defined. These authenticate the nodes, rather than the user. Connections to these machines that are not bi-directionally node-authenticated shall either be prohibited, or be designed and verified to prevent access to PHI.
Audit Trails
User Accountability is provided through Audit Trail. The Audit Trail needs to allow a security officer in an institution to audit activities, to assess compliance with a secure domain’s policies, to detect instances of non-compliant behavior, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI).

Relevance to Active and Healthy Ageing: Medium

Older Person Specific: No

Usage / Adoption status: IHE Profile endorsed by European Commission for Public Procurement

Comments:

This IHE Profile is an essential building block in establishing interoperable digital tools in support of healthcare, thereby supporting seamless integrated healthcare for all generations incl. the elderly. This IHE Profile is mentioned in COMMISSION DECISION (EU) 2015/1302 of 28 July 2015 on the identification of ‘Integrating the Healthcare Enterprise’ profiles for referencing in public procurement (see Official Journal of the European Union, L199/43): (7) On 2 October 2014, the European multi-stakeholder platform on ICT standardisation evaluated 27 ‘Integrating the Healthcare Enterprise’ (IHE) profiles against the requirements set out in Annex II to Regulation (EU) No 1025/2012 and gave a positive advice to their identification for referencing in public procurement. The evaluation of the 27 IHE profiles was subsequently submitted to consultation of the eHealth network established by Article 14 of Directive 2011/24/EU of the European Parliament and of the Council (2) that confirmed the positive advice to their identification. (8) IHE develops ICT technical specifications in the field of healthcare information technology. The 27 IHE profiles are detailed specifications developed over a period of 15 years within the committees of IHE that optimise the selection of well-established standards describing the different layers of interoperability (i.e. protocol communication, technical, syntactical, semantic and application levels) with a view to find interoperability solutions for exchanging or sharing medical data. (9) The 27 IHE profiles have the potential to increase interoperability of eHealth services and applications to the benefit of patients and medical community. The 27 IHE profiles should therefore be identified as ICT technical specifications eligible for referencing in public procurement.

How useful was this content?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this content.

We are sorry that this content was not useful for you!

Let us improve this content!

Tell us how we can improve this content?

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Font Resize
Contrast

By continuing to use the PROGRESSIVE Project website, you agree to its use of cookies, as described in the Privacy Policy. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close