Exchange of patient records-prototype implementation of a security attributes service in X.500

Abstract

In Europe, the use of computers in health care industry has increased rapidly in recent years. This increase, however, has been accomplished with research efforts in the area of privacy and confidentiality of personal data. In the German legislation, protection of personal data is guaranteed by the constitution, granting a general right to privacy. This constitutional right has been amended by the German Central Court (Bundesverfassungsgericht). It says that each individual has the right to decide to whom and where he wants to give personal information.In the US, similar problems of granting privacy and confidentiality of sensitive medical data will emerge. The Clinton administration's health plan has led to a discussion on privacy and data protection in the US. If that health plan is realised, it will lead to an exchange of personal medical data over data-highways.In this paper, we will describe a prototype implementation of a secure hospital environment offering the basic functionality that is necessary for secure medical information storage and exchange inside a hospital computer network and the secure exchange of medical information over publicly accessible networks between different security domains. The functionality and security requirements have been derived in cooperation with a large university hospital in Germany, the University Hospital Freiburg. The relevant technical solution has been developed jointly by the IBM European Networking Center in Heidelberg and the Institute for Computing and Society University Freiburg. This paper will focus on the technical solutions to provide the needed functionality.The main topics of this paper will be the security services granted, especially the role-based Access Control as well as the storage and retrieval of the Privilege Attributes (ECMA-138) for the various users. We shall describe how the Directory Service (X.500) is used for storage, retrieval and management of organizational structure information as well as for the dynamic handling of user roles and Privilege Attributes Certificates according to the suggestions of ECMA-138.As a result, it can be shown that the security services and architectures currently under standardization are capable of providing sufficient security mechanisms. They also provide the flexibility necessary for the adoption to environments that deal with highly sensitive data even in a distributed applications environment.