Experiences of using a PKI to access a hospital information system by high street opticians

Quantified Score

Visualization

Abstract

This paper describes a system that gives opticians Internet access from their high street shops to patient data held in a hospital Diabetes Information System (DIS), using a standard Web browser. The system is a revision of an earlier one we provided to General Practitioners (GPs), and uses a public key infrastructure with strong encryption and digitally signed messages to secure the data as it traverses the Internet. We describe the PKI and the security architecture, the DIS we chose to distribute, the changes that we made to the Web interface to tailor it to the opticians needs, the validation testing we performed, the results of the pilot testing and the feedback we obtained from the opticians. We also compare the results with our earlier work with GPs. We found that in a well-designed system the underlying PKI is virtually invisible to the users, and its security is taken for granted. Users then concentrate on the costs and benefits of the electronic application. In our system, benefits can accrue to opticians by giving them access to the latest patient data, and this can help to improve patient care. Benefits also accrue to the DIS administrators and the wider community of DIS users, in that data quality can be significantly improved. However, we found that the slow speed of Internet access via a dial up connection is a significant impediment to its frequent use. We also found that it is extremely difficult to produce a user interface that pleases everyone. Finally, in complex information systems such as this PKI, failure of just one component or administrative procedure can have a catastrophic effect on the availability of the entire system.