Federated, secure trust networks for distributed healthcare IT services

摘要

Recent US regulations mandate the privacy and security of healthcare data at a level never previously contemplated. Our research group is developing a prototype healthcare IT system and medical data portal based upon a Web services approach. An authentication Web service manages trust levels, issues authorization tickets, and uses biometric devices to establish identity; an authorization Web service determines what data may be accessed, in what way, and by whom. Hospital administrators set access privileges for recursively-defined groups, subgroups, and individuals. All patient records and medical images are protected using AES encryption with 256-bit keys. Offnetwork entities such as pharmacies, insurance companies, and other medical service providers participate through a federated trust-sharing arrangement. Electronic prescriptions are transmitted securely to participating pharmacies and pick-up notifications are provided to the patient using the preferred notification method (email, alerts to a PDA, automated telephone call) stored in the patient's profile.