|
|
|
|
|
Updated: Jun 3, 97 |
TRUSTHEALTH | |
| Trustworthy health telematics |
| Project Nr: | HC 1051 | Group: I | Project Duration: 18 months |
| Key words: | |||
| Category: | Data Protection in Open Telematics Systems | ||
| Summary: | Provide security related services like cryptographic digital signature, smart cards and Third Trusted Party Services. Develop tool kits to integrate them into applications. Investigate the legal issues regarding national prospects and creating awareness of the related issues. | ||
| Mission: | In TRUSTHEALTH, a network of bona fide national organisations working in health care computerisation will show how openly-linked European telematics systems can employ modern data security measures. Based on a 1994 EU user survey, the project will adopt coded digital signature techniques to meet legal requirements and sustain public confidence in information security. Among numerous urgent application areas are drug prescriptions, electronically exchanged laboratory data and health centre invoicing. Network partners will collaborate in delivering security techniques for subsequent transfer to permanent health service operations. | ||
| URL: | www.ehto.be/projects/trusthealth/ | ||
| |||||
| Name of Institution | City+Postal Code | Country | Region |
|---|---|---|---|
| National Health Services Executive’s Information Management Centre | Birmingham B15 1JD | GB | UK73 |
| KITH - Norwegian Centre for Medical Informatics | Trondheim N-7005 | NO | NO |
| Unisource Business Networks BV | Hoofdorp Ne-2130 | Netherlands | NL33 |
| Georg-Aug-Universität Göttingen | Göttingen D-37027 | Germany | DE915 |
| Alcatel ISR | Evry F-91034 | France | FR1 |
| Ramit vzw | Gent B-9000 | Belgium | BE234 |
|
The aim of this project is to demonstrate how trustworthy telematic systems can be established with the use of modern security techniques while maintaining the possibility for open systems connectivity and trans-European interoperability. Cryptographic digital signature techniques should be applied to allow the telematics systems to comply with the legal requirements and to maintain the public confidence in the way sensitive personal information is managed. This project is based on a user requirement study involving nine countries performed during 1994 under the INFOSEC programme on Electronic Signatures and Trusted Third Parties of DG XIII. The project Trusted Health Information Systems identified a number of very urgent application areas such as Prescriptions for medical drugs, Laboratory requests and results sent via Electronic Data Interchange (EDI), Invoices from health care establishments to payment providers, Signing of locally stored medical records in hospitals and general practices, Secure user authentication based on cryptographic smart cards, from the PC work station to local and remote servers using the same procedures, Transfer of multimedia medical records with origin authentication and confidentiality protection, Access control to medical information on patient data cards, Exchange of session keys for confidentiality protection in real time and messaging systems.
The present first phase of the TrustHealth project will focus on establishing a necessary infrastructure of Trusted Third Party Services (TTPs) for health care to support the above mentioned security requirements. The TTPs will assist in issuing cryptographic key cards to the users and signed certificates linking the user identity to a public key component used for verification of signatures. The project will develop and operate such structures based on Nationally trustworthy organisations related to the health care sector linked in a pan-European network through the participating telecom operators. It is assumed that after the project these trusted third party services will be transferred to permanent service operations.
|
|
Users involved Five of the seven full partners represent users, major university hospitals in Gent and Göttingen and in Sweden, Norway and England, public healthcare institutions. In addition two hospitals will be validating the systems. A large group of health care organisations are included in reference groups. Technologies and/or approach used The security solutions are based on cryptographic techniques using smart cards held by the professional users. Public key encryption with RSA is used for digital signatures, authentication and session key exchange. Trusted third parties will employ X.509 standard directories and EDIFACT for messaging. Expected benefits for the citizen The adequate protection of the patient privacy when health care information is used in telematic services is very important. A fairly large number of European citizens need medical attention in another country while being migrant workers or tourists and thus pan-European security solutions are required. Expected benefits for the users of the application The security techniques proposed based on personally carried cards may facilitate log on procedures and allow secure work from any workstation. The digital signature techniques allow proof of accountability for the health care professionals using IT. Expected benefits for the European Industries Suppliers of health care IT-solutions demand common European requirements and technical framework for security. Tool-kits for easy integration into applications will facilitate development. The infrastructure of TTP-services to be provided is an important prerequisite for many telematic solutions. Contribution to EU-policies As pointed out in the Bangeman report on Europe and the Information Society, the special data protection concerns of health care data need attention if this potential should be realised. The EU Data Protection directive emphasises this. The project will also promote, The free movement of people (patients and professionals), An open internal market for specialised medical services using telematics, The internal market for IT&T systems. |
| Danderyds Sjukhus | Stockholm | Stockholm | SE |
| Georg-Aug-Universität | Göttingen | Braunschweig | DE |
| Ullevål Hospital | Oslo | NO | |
| Gent University Hospital | Gent | Oost-Vlanderen | BE |
| |
 |
 |
|
|
Copyright 1997 © EHTO All rights reserved This server is the only official EHTO WWW knowledge repository. Mail suggestions to: webmaster@ehto.org |