Developing a Public Key Infrastructure for a Secure Regional e-Health Environment

Abstract

Internet technologies provide an attractive infrastructure for efficient and low cost communications in regional health information networks. The advantages provided by the Internet come however with a significantly greater element of risk to the confidentiality and integrity of information. This is because the Internet has been designed primarily to optimize information sharing and interoperability, not security. The main objective of this paper is to propose the exploitation of public-key cryptography techniques to provide adequate security to enable secure healthcare Internet applications. Public-key cryptography techniques can provide the needed security infrastructure in regional health networks. In the regional health-care security framework presented in this paper, we propose the use of state-of-art Public Key Infrastructure (PKI) technology. Such on e-Health PKI consists of regional certification authorities that are implemented within the central hospitals of each region and provide their services to the rest of the healthcare establishments of the same region. Significant experience in this area has been gained from the implementation of the PKI@AUTH project. The developed PKI infrastructure already successfully provides its security services to the AHEPA university hospital. The same infrastructure is designed to easily support a number of hospitals participating in a regional health information network.