Presented - ICMCC

icmcc.org

Presented - ICMCC

PATIENT EMPOWERMENT by the means of

citizen-managed electronic health records

Web 2.0 health digital identity scenarios

Filipa Falcão Reis falcaoreis@dcc.fc.up.pt


Patient Empowerment by the means of citizenmanaged

electronic health records

Objective:

Introduction

• Considerations regarding

patients privacy rights and

EHRs’ confidentiality in a

patient empowerment

perspective.

• The use of smart cards in

healthcare (Portuguese CC).

• Health Digital Identities

architecture.

Patient Empowerment process

The use of smart cards in

healthcare

Health Digital Identities

Conclusion and future

perspectives

2


Patient Empowerment by the means of citizenmanaged

electronic health records

CRACS - Center for Research in

Advanced Computing Systems

• Associated Lab of INESC Porto.

• Science Computers’ Department,

Faculty of Sciences, University of

Porto .

3


Patient Empowerment by the means of citizenmanaged

electronic health records

ALERT Life Sciences

Computing, S.A.

• Offices in the UK, USA, the

Netherlands, Dubai, Singapore..

• Paper-free healthcare.

Anywhere.

• Patient centered software.

4


Introduction


Electronic Health Records

We are witnessing an ever larger

increase on the deployment of

electronic health management

systems. These are not only

designed to integrate EHRs, but

also clinical decision support

systems, data storage,

prescription applications and

administrative tools. Therefore,

the number of individuals that

need to access this kind of

information has been increasing

immensely.


Electronic Health Records’

Confidentiality

The confidentiality of EHRs is

still an ethical and legal

obligation of the health

professionals.

The growing number of

professionals, other than health

professionals, who have access

to EHRs is becoming a serious

threat to EHRs confidentiality.


Privacy concerning Electronic

Health Records

Nowadays, there are many

platforms that are specially

designed to help patients to

build their own Personal Health

Record (PHR).

Health Information is critical,

and in the wrong hands its

misuse could create havoc in

the social lives of the

individuals thus affected.


Patient Empowerment process


Patient Empowerment

The concept of ‘patient empowerment’

Inter-personal

Provider-patient

interaction

Intra-personal

Exclusive patient point

of view

Digital Skills

Patient interaction with

computer systems


Patient Empowerment

By promoting a close relationship between

medical professionals, the patients and

their families so that the decisions taken

respect not only the patients needs but

also their preferences.

By given patients the education and

knowledge about the new technologies

they need to make decisions and to active

participate in their own treatment, having

full knowledge of their rights .


Patient Empowerment

With empowerment, patients are expected to better

self-manage their illness and be able to better

pondering their choices.

It is healthcare providers’ responsibility to provide

guidance and motivation for patients to learn how to

effectively self manage their illness and their lives.


The use of smart cards in

healthcare


Smart Cards

Smart cards enable people's identities to be authenticated

and communications to be secured.

By 2008, 5.045 billion smart cards were shipped worldwide

Because of their size, flexible form factors, and relatively low

cost, smart cards are ideal for applications in healthcare

where personal identity, privacy, security, convenience, and

mobility are key factors


The use of the Portuguese

Citizen’s Card in healthcare


Extend eOID project to

healthcare

Extended OpenID Project is a

conceptualization of this opportunity and

the idea was to provide every Portuguese

citizen with the possibility to enjoy Internet

services in a secure, user centric and

accessible way, by using their CCs to

provision and strongly authenticate an

OpenID digital identity.


Health Digital Identities


Patient Health Digital Identity


Patient Health Digital Identity

OpenID

OpenID is a decentralized system protocol for user-centric

identification and digital identity management in the Internet.

It is also a “single sign on” (SSO) system, thus it eliminates

the need for multiple usernames and passwords across

different security domains.


Patient Health Digital Identity

eOID Server Functionalities

• OpenID Identifier flexibility: allows for two major URIs types

• Interoperability: Identity attributes can be directly stored into many

different database systems (mySQL, PostgreSQL, Oracle, …).

• Multiple-domain and multi-lingual support

• Strong authentication

• Automatic enrollment of CC identity attributes

• Multiple-passwords configuration and password recovery system

• Multiple-personas configuration and management:

• Addition and management of special attributes

• User control of RP trust level and RP access statistics


MedID – Digital Identity for health professionals

The use of digital identity certificates and federated identity

systems provides the means to assure health professionals the

opportunity to use their credentials in multiple health

environments from different health institutions.

Simultaneously, this will allow certifying health professionals

with the secure credentials to translate their physical world role

to the digital world.


Health ID (Patient + MedID)

PHR

HIS 1

... HIS n

HIS 1 HIS 2 ... HIS n


And now what?


Granting access to EHRs

The key feature in our vision is to provide the patient with the

tools to share his EHRs in a fast and secure way, without

having to reveal his access credentials in the process.

By using the OAuth security protocol, to grant conditional

access to patient data without having to share the patient’s

credentials.


Granting access to EHRs

The use of ‘valet key’ authorization mechanisms for the issue

and user-centric management of temporal automatic access

authorizations for strongly identified entities on a federation of

trusted identity providers.

Regardless of what restrictions the valet key imposes, the idea

is that the owner gives limited access to his data to the bearer

of a certain ‘valet key’, while he continues to use his regular

key to access everything.


Granting access to EHRs

PHR

HIS 1

... HIS n

HIS 1 HIS 2 ... HIS n

OAUTH


Conclusion and future

perspectives


Conclusion

Different healthcare providers are adopting ‘Patient Empowerment’

politics, which is allowing patients to access their EHRs.

Healthcare providers need to adopt a

patient-centered approach which

requires that they get personally

involved in the relationship with their

patients and implies a shift in the

representation of their roles, from

skilled technicians to persons, and

from knower to facilitator, thus

reducing the gap between doctors

and patients.


Conclusion

By combining OpenID with Oauth patients are able to share:

Accurate

information

Correct person

(the doctor)

Proper time

(now)


Future Perspectives

The use of biometric authentication mechanisms in

federated environments to facilitate the issue of

valet authorization keys in contexts where the use of

other strong authentication mechanisms like smart

cards are not so appropriate.


Thanks for listening!

Filipa Falcão Reis

falcaoreis@dcc.fc.up.pt

More magazines by this user
Similar magazines