Pharow Peter, Blobel Bernd
Otto-von-Guericke University Magdeburg, Medical Faculty, Institute for Biometry and Medical Informatics, Leipziger Str. 44, D-39120 Magdeburg, Germany.
Stud Health Technol Inform. 2004;103:434-40.
Communication and co-operation in the domain of healthcare and welfare require a well-defined set of security services based on a Public Key Infrastructure and provided by a Trusted Third Party (TTP). These services describe both status and relation of communicating principals, corresponding keys and attributes, and the access rights to applications and data. Additional services are needed to provide trustworthy information about dynamic issues of communication and co-operation such as time and location of processes, workflow relations, and system behaviour. Legal, social, behavioural and ethical requirements demand securely stored patient information and well-established access tools and tokens. Electronic (and more specifically digital) signatures--as important means for securing the integrity of a message or file--along with certified time stamps or time signatures are especially important for purposes of data storage in electronic archives and electronic health records (EHR). While just mentioning technical storage problems (e.g. lifetime of the storage devices, interoperability of retrieval and presentation software), this paper identifies mechanisms of securing data items, files, messages, sets of archived items or documents, electronic archive structures, and life-long electronic health records. Other workshop contributions will demonstrate related aspects of policies, patient privacy, and privilege management.
医疗保健和福利领域的通信与合作需要基于公钥基础设施并由可信第三方(TTP)提供的一套明确的安全服务。这些服务描述了通信主体的状态和关系、相应的密钥和属性,以及对应用程序和数据的访问权限。还需要额外的服务来提供关于通信与合作动态问题的可信信息,如流程的时间和地点、工作流关系以及系统行为。法律、社会、行为和道德要求需要安全存储的患者信息以及完善的访问工具和令牌。电子(更具体地说是数字)签名——作为确保消息或文件完整性的重要手段——连同经过认证的时间戳或时间签名,对于电子档案和电子健康记录(EHR)中的数据存储尤为重要。虽然本文仅提及技术存储问题(如存储设备的寿命、检索和呈现软件的互操作性),但它确定了保护数据项、文件、消息、存档项或文档集、电子档案结构以及终身电子健康记录的机制。其他研讨会论文将展示政策、患者隐私和权限管理的相关方面。
