OBJECTIVES
The healthcare systems of all developed countries face the challenge for improving quality, efficiency and safety of patients' care. For meeting this challenge, health is moving from being organisation-centred to process-based care. This process will continue in the future turning health towards person-centred architectures. This system transformation is combined with extended and advanced communication and collaboration supported and enabled by appropriate information and communication technologies (ICT), also called e-health. The resulting solutions have to be trustworthy.
METHODS
There is a set of security services needed for realising trustworthy e-health solutions. Those security services must be comprehensively integrated in the e-health application. Furthermore, a set of infrastructure services has to be specified and implemented. For keeping the solutions future-proof, they have to comply with architectural principles and paradigms.
RESULTS
After shortly introducing meanwhile internationally acknowledged architectural paradigms for applications, means and infrastructures providing security services, existing, or specified advanced solutions are described and compared. In that context, the Electronic Health Record as e-health core application has been especially considered. Based on published work as well as on explored solutions, the security services needed are summarised and evaluated. The pros and cons of investigated examples are collected and interpreted. In that context, especially the German health telematics framework architecture and security infrastructure and the corresponding implementable solutions on the one hand and the USA Veterans Health Administration approach to security have been carefully considered.
CONCLUSION
Processes and systems are determined by policies, which define and distinguish constraints for communication and collaboration. Therefore, formally modelling policies and performing policy bridging are the main challenges to be met. As result of investigations, recommendations have been derived for establishing the trustworthiness required for any e-health solution at different level from regional to national, European, and even global scale, which are included in the conference summary.
[1]
Bernd Blobel,et al.
Modelling privilege management and access control
,
2006,
Int. J. Medical Informatics.
[2]
Andreas Matheus,et al.
How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML)
,
2005,
Proceedings of the 38th Annual Hawaii International Conference on System Sciences.
[3]
Darren Mundy,et al.
Privilege Management Infrastructure
,
2005
.
[4]
Emil C. Lupu,et al.
Ponder: A Language for Specifying Security and Management Policies for Distributed Systems
,
2000
.