Pharow Peter, Blobel Bernd
eHealth Competence Center, University of Regensburg Medical Center, Germany.
Stud Health Technol Inform. 2006;121:349-63.
Communication and co-operation in healthcare and welfare require a well-defined set of security services based on a standards-based interoperable security infrastructure and provided by a Trusted Third Party. Generally, the services describe status and relation of communicating principals, corresponding keys and attributes, and the access rights to both applications and data. Legal, social, behavioral and ethical requirements demand securely stored patient information and well-established access tools and tokens. Electronic signatures as means for securing integrity of messages and files, certified time stamps and time signatures are important for accessing and storing data in Electronic Health Record Systems. The key for all these services is a secure and reliable procedure for authentication (identification and verification). While mentioning technical problems (e.g. lifetime of the storage devices, migration of retrieval and presentation software), this paper aims at identifying harmonization and interoperability requirements of securing data items, files, messages, sets of archived items or documents, and life-long Electronic Health Records based on a secure certificate-based identification. It's commonly known that just relying on existing and emerging security standards does not necessarily guarantee interoperability of different security infrastructure approaches. So certificate separation can be a key to modern interoperable security infrastructure services.
医疗保健和福利领域的通信与合作需要基于标准的可互操作安全基础设施,并由可信第三方提供一套明确的安全服务。一般来说,这些服务描述通信主体的状态和关系、相应的密钥和属性,以及对应用程序和数据的访问权限。法律、社会、行为和道德要求需要安全存储患者信息以及完善的访问工具和令牌。电子签名作为确保消息和文件完整性的手段、经过认证的时间戳和时间签名对于在电子健康记录系统中访问和存储数据非常重要。所有这些服务的关键是一个安全可靠的认证程序(识别和验证)。在提及技术问题(如存储设备的使用寿命、检索和呈现软件的迁移)时,本文旨在确定基于安全的基于证书的识别来保护数据项、文件、消息、存档项或文档集以及终身电子健康记录的协调和互操作性要求。众所周知,仅仅依靠现有和新兴的安全标准并不一定能保证不同安全基础设施方法的互操作性。因此,证书分离可能是现代可互操作安全基础设施服务的关键。
