Georgoulas Aggelos, Bourka Athena, Kaliontzoglou Alexandros, Polemi Nineta, Koutsouris Dimitris
National Technical University of Athens in the School of Electrical and Computer Engineering, Athens, Greece.
Stud Health Technol Inform. 2003;96:51-9.
Electronic communication of healthcare related information (in the framework of Regional Healthcare Information Networks), introduces a number of security risks with regard to confidentiality, integrity and availability, which can become quite crucial taking into account its sensitive nature. Public Key Infrastructure (PKI) is acknowledged as an appropriate means for dealing with such risks, as long as all the involved critical factors are first practically assessed. This paper presents a best-practice approach for secure regional healthcare networks in Europe, examining all the identified crucial parameters (technical, organisational, legal/regulatory, medical and business). Our approach is conducted at two levels (the regional and the European), including the integration of PKI-aware security mechanisms (strong authentication, encryption, digital signature, time-stamping) in three regional pilot sites in Greece, Finland and Germany and demonstrating their interconnection in a pan-European architecture. Following the above approach, some major conclusions are excluded, pointing out existing open issues and possible steps forward.
(在区域医疗信息网络框架内)医疗相关信息的电子通信,在保密性、完整性和可用性方面带来了一些安全风险,考虑到其敏感性质,这些风险可能变得相当关键。只要首先对所有涉及的关键因素进行实际评估,公钥基础设施(PKI)就被认为是应对此类风险的适当手段。本文提出了一种欧洲安全区域医疗网络的最佳实践方法,研究了所有已确定的关键参数(技术、组织、法律/监管、医疗和业务)。我们的方法在两个层面(区域层面和欧洲层面)进行,包括在希腊、芬兰和德国的三个区域试点站点集成支持PKI的安全机制(强认证、加密、数字签名、时间戳),并展示它们在泛欧架构中的互连。按照上述方法,排除了一些主要结论,指出了现有的未解决问题和可能的前进步骤。
