Quality labels for e-health

A drug e-prescription demonstrator was created in compliance with existing legislation as well as security and privacy standards. A professional ID-card was built on a high security chip (ISTEC E4 High; EAL-5) with a Hash hardware accelerator for a digital signature placed in a single chip USB token. Commercial software products as well as development kits of the new hardware designed in the project were used to build an authentication, authorisation and electronic signature demonstrator. The degree of legal compliance was evaluated. The tested novel single chip USB token was highly efficient but limited by its 1.1 interface speed (12 Mbit/s). The chip, initialised with a banking-mask, inefficiently managed space for the health-care chain of trust. The public key and privilege management infrastructure was not able to handle health-care attributes in the appropriate extensions. Templates for role-rule privileges were not available and healthcare standards for security and privacy were not found in commercial products. The paper points out the urgent need for an e-health conformance label as well as a quality label for liability and confidence to gain users' trust.

[1]  Marie Khair,et al.  Access Control based on Attribute Certificates for Medical Intranet Applications , 2001, Journal of medical Internet research.

[2]  Teresa Waring,et al.  Communicating the complexity of computer‐integrated operations: An innovative use of process modelling in a North East hospital Trust , 2002 .

[3]  William E. Johnston,et al.  Authorization and attribute certificates for widely distributed access control , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[4]  Dimitris Gritzalis A baseline security policy for distributed healthcare information systems , 1997, Comput. Secur..

[5]  Diomidis Spinellis,et al.  Trusted third party services for deploying secure telemedical applications over the WWW , 1999, Comput. Secur..

[6]  V Schmidt,et al.  MedStage--platform for information and communication in healthcare. , 2000, Studies in health technology and informatics.

[7]  Jan Trobitius,et al.  Anwendung der "Common Criteria for Information Technology Security Evaluation" (CC) / ISO 15408 auf ein SOA Registry-Repository , 2007, Informatiktage.

[8]  K. C. White,et al.  IDs—Not that Easy: Questions About Nationwide Identity Systems , 2002 .

[9]  Christos K. Georgiadis,et al.  Healthcare teams over the Internet: programming a certificate-based approach , 2003, Int. J. Medical Informatics.

[10]  Reardon Handbook of telemedicine , 1999, Telemedicine journal : the official journal of the American Telemedicine Association.

[11]  Suzy A. Buckovich,et al.  Viewpoint: Driving Toward Guiding Principles: A Goal for Privacy, Confidentiality, and Security of Health Information , 1999, J. Am. Medical Informatics Assoc..

[12]  Thomas Wetter,et al.  Data security and protection in cross-institutional electronic patient records , 2003, Int. J. Medical Informatics.