Implementing Authentication (LAP) and Monitoring in Healthcare Information Systems

Abstract

Throughout the healthcare domain, paper records and forms are being supplanted by electronic records, which are now routinely transmitted over intranets (within organizations), extranets (between organizations) and the Internet (to multiple organizations, worldwide). The potential for greater efficiency, lower costs and enhanced quality of care afforded by electronic versus paper-based records and communication in healthcare is vast. Electronic messaging is quickly becoming the standard for transmitting information in the healthcare industry. The security of transmitted information is a very critical issue. In this article, we report on the development of a Lightweight Authentication Protocol (LAP), which makes a mobile and distributed system more secure and flexible, and we implement it in a healthcare environment where the clinicians use mobile and wireless devices like PDAs. The implementation scenario and the special characteristics of healthcare information systems are described in detail. We also propose a monitoring system that involves patient credentials in order to monitor doctor access to the medical records. Our work shows that it is possible for a PDA to have access to a system like a healthcare Web database system with reasonable performance according to the theoretical analysis.