Presented - ICMCC

Presented - ICMCC


citizen-managed electronic health records

Web 2.0 health digital identity scenarios

Filipa Falcão Reis

Patient Empowerment by the means of citizenmanaged

electronic health records



• Considerations regarding

patients privacy rights and

EHRs’ confidentiality in a

patient empowerment


• The use of smart cards in

healthcare (Portuguese CC).

• Health Digital Identities


Patient Empowerment process

The use of smart cards in


Health Digital Identities

Conclusion and future



Patient Empowerment by the means of citizenmanaged

electronic health records

CRACS - Center for Research in

Advanced Computing Systems

• Associated Lab of INESC Porto.

• Science Computers’ Department,

Faculty of Sciences, University of

Porto .


Patient Empowerment by the means of citizenmanaged

electronic health records

ALERT Life Sciences

Computing, S.A.

• Offices in the UK, USA, the

Netherlands, Dubai, Singapore..

• Paper-free healthcare.


• Patient centered software.



Electronic Health Records

We are witnessing an ever larger

increase on the deployment of

electronic health management

systems. These are not only

designed to integrate EHRs, but

also clinical decision support

systems, data storage,

prescription applications and

administrative tools. Therefore,

the number of individuals that

need to access this kind of

information has been increasing


Electronic Health Records’


The confidentiality of EHRs is

still an ethical and legal

obligation of the health


The growing number of

professionals, other than health

professionals, who have access

to EHRs is becoming a serious

threat to EHRs confidentiality.

Privacy concerning Electronic

Health Records

Nowadays, there are many

platforms that are specially

designed to help patients to

build their own Personal Health

Record (PHR).

Health Information is critical,

and in the wrong hands its

misuse could create havoc in

the social lives of the

individuals thus affected.

Patient Empowerment process

Patient Empowerment

The concept of ‘patient empowerment’





Exclusive patient point

of view

Digital Skills

Patient interaction with

computer systems

Patient Empowerment

By promoting a close relationship between

medical professionals, the patients and

their families so that the decisions taken

respect not only the patients needs but

also their preferences.

By given patients the education and

knowledge about the new technologies

they need to make decisions and to active

participate in their own treatment, having

full knowledge of their rights .

Patient Empowerment

With empowerment, patients are expected to better

self-manage their illness and be able to better

pondering their choices.

It is healthcare providers’ responsibility to provide

guidance and motivation for patients to learn how to

effectively self manage their illness and their lives.

The use of smart cards in


Smart Cards

Smart cards enable people's identities to be authenticated

and communications to be secured.

By 2008, 5.045 billion smart cards were shipped worldwide

Because of their size, flexible form factors, and relatively low

cost, smart cards are ideal for applications in healthcare

where personal identity, privacy, security, convenience, and

mobility are key factors

The use of the Portuguese

Citizen’s Card in healthcare

Extend eOID project to


Extended OpenID Project is a

conceptualization of this opportunity and

the idea was to provide every Portuguese

citizen with the possibility to enjoy Internet

services in a secure, user centric and

accessible way, by using their CCs to

provision and strongly authenticate an

OpenID digital identity.

Health Digital Identities

Patient Health Digital Identity

Patient Health Digital Identity


OpenID is a decentralized system protocol for user-centric

identification and digital identity management in the Internet.

It is also a “single sign on” (SSO) system, thus it eliminates

the need for multiple usernames and passwords across

different security domains.

Patient Health Digital Identity

eOID Server Functionalities

• OpenID Identifier flexibility: allows for two major URIs types

• Interoperability: Identity attributes can be directly stored into many

different database systems (mySQL, PostgreSQL, Oracle, …).

• Multiple-domain and multi-lingual support

• Strong authentication

• Automatic enrollment of CC identity attributes

• Multiple-passwords configuration and password recovery system

• Multiple-personas configuration and management:

• Addition and management of special attributes

• User control of RP trust level and RP access statistics

MedID – Digital Identity for health professionals

The use of digital identity certificates and federated identity

systems provides the means to assure health professionals the

opportunity to use their credentials in multiple health

environments from different health institutions.

Simultaneously, this will allow certifying health professionals

with the secure credentials to translate their physical world role

to the digital world.

Health ID (Patient + MedID)



... HIS n

HIS 1 HIS 2 ... HIS n

And now what?

Granting access to EHRs

The key feature in our vision is to provide the patient with the

tools to share his EHRs in a fast and secure way, without

having to reveal his access credentials in the process.

By using the OAuth security protocol, to grant conditional

access to patient data without having to share the patient’s


Granting access to EHRs

The use of ‘valet key’ authorization mechanisms for the issue

and user-centric management of temporal automatic access

authorizations for strongly identified entities on a federation of

trusted identity providers.

Regardless of what restrictions the valet key imposes, the idea

is that the owner gives limited access to his data to the bearer

of a certain ‘valet key’, while he continues to use his regular

key to access everything.

Granting access to EHRs



... HIS n

HIS 1 HIS 2 ... HIS n


Conclusion and future



Different healthcare providers are adopting ‘Patient Empowerment’

politics, which is allowing patients to access their EHRs.

Healthcare providers need to adopt a

patient-centered approach which

requires that they get personally

involved in the relationship with their

patients and implies a shift in the

representation of their roles, from

skilled technicians to persons, and

from knower to facilitator, thus

reducing the gap between doctors

and patients.


By combining OpenID with Oauth patients are able to share:



Correct person

(the doctor)

Proper time


Future Perspectives

The use of biometric authentication mechanisms in

federated environments to facilitate the issue of

valet authorization keys in contexts where the use of

other strong authentication mechanisms like smart

cards are not so appropriate.

Thanks for listening!

Filipa Falcão Reis

More magazines by this user
Similar magazines