Communications of the ACM
A security policy model for clinical information systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Controlled dissemination of electronic medical records
HealthSec'11 Proceedings of the 2nd USENIX conference on Health security and privacy
Integrity of electronic patient records
EGOV'11 Proceedings of the 10th IFIP WG 8.5 international conference on Electronic government
Hi-index | 0.00 |
In this article, we analyze the security architecture of the Dutch Electronic Patient Dossier (EPD) system. Intended as a mandatory infrastructure for exchanging medical records of most if not all patients in the Netherlands among authorized parties (particularly, physicians), the EPD has to address a number of requirements, ranging from scalability and performance to security and privacy - as well as usability in practice. The EPD is partially centralized. Patient records are stored decentrally, while a central component takes care of authentication and authorization of health professionals and of the mechanics required for exchanging patient records. The requirements for the EPD, as well as high-level descriptions of solutions and protocols, are described in a set of documents that are publicly available. This paper describes the security and privacy implications of the EPD design, argues where it falls short, and briefly discusses some improvements that may alleviate some of the risks that exist in the current design.