Security infrastructure services for electronic archives and electronic health records.

Communication and co-operation in the domain of healthcare and welfare require a well-defined set of security services based on a Public Key Infrastructure and provided by a Trusted Third Party (TTP). These services describe both status and relation of communicating principals, corresponding keys and attributes, and the access rights to applications and data. Additional services are needed to provide trustworthy information about dynamic issues of communication and co-operation such as time and location of processes, workflow relations, and system behaviour. Legal, social, behavioural and ethical requirements demand securely stored patient information and well-established access tools and tokens. Electronic (and more specifically digital) signatures--as important means for securing the integrity of a message or file--along with certified time stamps or time signatures are especially important for purposes of data storage in electronic archives and electronic health records (EHR). While just mentioning technical storage problems (e.g. lifetime of the storage devices, interoperability of retrieval and presentation software), this paper identifies mechanisms of securing data items, files, messages, sets of archived items or documents, electronic archive structures, and life-long electronic health records. Other workshop contributions will demonstrate related aspects of policies, patient privacy, and privilege management.