|Workshop on Standardization in E-Health
Geneva, 23-25 May 2003
Confidentiality and Security Standards for e-Health Information
C. Peter Waegemann
CEO, Medical Records Institute
Chair, ASTM Standards Committee E31 on Health Informatics
Chair, US TAG to ISO TC 215 on Health Informatics
Vice-Chair, Mobile Healthcare Alliance (MoHCA)
It is important to have an understanding what we mean by e-Health. For the purpose of this presentation,
the common understanding that e-Health covers specific Internet systems and solutions for health care is not
used. Rather, e-Health is considered as the summary of all health information communication technology solutions.
In this context, the field of confidentiality and security is so wide-ranging that one needs to focus on the
main standards areas. ASTM has a general listing of applicable standards for security and confidentiality.
It covers 15 pages of single-lined information. In order to give an overview, it is intended to address
confidentiality, authentication, data integrity, and information security in an electronic environment.
A patientís right to privacy that provides assurance and means to maintain confidentiality was established
over 2,000 years ago. Different regions and countries have varying levels of confidentiality standards and
legislation. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) has
created the strictest confidentiality legislation affecting every practitioner and provider. The standards
committee ASTM E31ís subcommittee on confidentiality has created E1869-97 Standard Guide for Confidentiality,
Privacy, Access, and Data Security Principles for Health Information Including Computer-Based Patient Records.
It covers basic principles and ethical practices for handling confidentiality, access, and security of health
information that are contained in a myriad of federal and state laws, rules and regulations, and in ethical
statements of professional conduct.
ISO TC 215 has its Working Group 4 to address security and confidentiality standards on a global basis.
Unfortunately, there has not been a serious proposal to work on a standard that defines minimum confidentiality
practices to be used on an international basis. While the European Directives on privacy are considered by many
as "guiding principles", it is disappointing that they have not been incorporated into international standards work yet.
One of difficult issues of e-Health security is authentication. How can one establish without fail who was the
author of a computer-generated document and that the document has not been changed since its creation? This involves
the issue of a valid signature as well as the provision of non-repudiation. Common wisdom has been that a digital
signature system using a public key infrastructure (PKI) and X.509 is the only way to establish non-repudiation for
e-Health. In response, a number of PKI standards specific to health care have been created, some on national
levels (Sweden, US, Canada, Australia, etc.) and others on regional or international bases (ISO TC 215, CEN TC 251).
However, PKI systems have not been accepted by the professional communities, and a number of countries are
experimenting with electronic signatures that have lower value in the five signature criteria. No easy solution
is in sight. ASTMís standard on authentication of health information (ASTM E1762) is an accepted guide for signatures
in health care. But it is only a guide; national or international standards are missing. Authentication remains
the main hurdle for e-Health as insufficient authentication forces providers to retain a (legal) paper-based back-up
copy of medical record information.
Related to authentication and equally difficult is the requirement to prove subsequent to authentication that digital
information has not been changed or lost. This requires strict policies by healthcare providers.
Information and Systems Security in an Electronic Environment
Two areas need to be addressed in regard to e-Health security. The first is in regard to ICT systems security.
The other is Internet security for Internet care, Internet-based pharmacy operations, personal health records on
commercial and other websites, and web-based person identification.
In regard to e-Health system identification, one must consider secure information flow and the chain of trust.
End-to-end authentication is another issue, covering security issues and particular data integrity from the point
of origination to each subsequent point of access. The following areas must be addressed: stewardship levels,
audits, access control, encryption, trusted data stores, trusted communications, data/function classifications,
user/role clearances, backup systems, recovery modes, and emergency mode operations.
In regard to Internet systems, international standards are needed for non-visit care, Internet care
(where practitioners and patient may never meet in person), e-pharmacy (where patients buy medication
over the Internet), and personal health records. In 2001, some 13 million people had created their ow
n personal health records with one of the 120+ commercial and other organizations in order to be able
to share such information with healthcare providers and pharmacies. The ASTM E2211 Standard Specification
for Relationship Between a Person (Consumer) and a Supplier of an Electronic Personal (Consumer) Health Record
clarifies the rights and obligations of both the patient and the e-Health organization storing personal health
As the above summary demonstrates, confidentiality and security are complex and key areas for the successful
implementation of e-Health systems. More standards need to be developed on both the national and the international
level to achieve the intent and benefits of both of these concepts.
[ Back ]