Available under a Creative Commons Attribution Non-Commercial Share Alike 4.0 International Licence
1.2 COMPUTER AND INFORMATION SCIENCE
The related and often challenging topics of identity management and access control form an essential foundation for e-health infrastructure. Several approaches and supporting specifications for electronic healthcare record system (EHR-S) communication have been proposed by research projects and standards development organizations in recent years. For instance, part four of the CEN TC251 EN13606 EHRcom standard and the HL7 Role Based Access Control Draft Standard for Trial Use have helped to specify the nature of access control behaviour in relation to EHR communication within and between healthcare organisations. Access control services are a core component not only of the integrated care EHR-S but also for other information systems in the e-health domain. To underpin functionality of this type in a distributed environment, it is necessary to provide access to scalable, secure and uniform ID domains for users and patients.
This paper considers the use of part four of the EHRcom standard in the context of the availability (or lack thereof) of national identification systems for patients and for users of an integrated care EHR-S. This work begins with a brief summary of the state-of-the-art in identity management and access control in the health domain and a description of approaches that could lead to a secure and interoperable identification mechanism. To address the identification problem, the authors describe well known EHR access control viewpoints that are compatible with the CEN standard for EHR communication, EN13606 and describe how an identification service can support this functionality.
Chen, X., Berry, D., & Grimson, W. (2009). Identity Management to Support Access Control in E-Health Systems., 4th European Conference of the International Federation for Medical and Biological Engineering.
Health Information and Quality Authority of Ireland