Security in the Dutch electronic patient record system
| Authors | |
|---|---|
| Publication date | 2010 |
| Book title | 2nd ACM CCS Workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS'10), Chicago, IL, USA |
| ISBN |
|
| Event | 17th ACM Conference on Computer and Communications Security 2010 (CCS '10), Chicago, IL, USA |
| Pages (from-to) | 21-32 |
| Publisher | New York, NY, USA: ACM |
| Organisations |
|
| Abstract |
In this article, we analyze the security architecture of the Dutch Electronic Patient Dossier (EPD) system. Intended as a mandatory infrastructure for exchanging medical records of most if not all patients in the Netherlands among authorized parties (particularly, physicians), the EPD has to address a number of requirements, ranging from scalability and performance to security and privacy - as well as usability in practice. The EPD is partially centralized. Patient records are stored decentrally, while a central component takes care of authentication and authorization of health professionals and of the mechanics required for exchanging patient records.
The requirements for the EPD, as well as high-level descriptions of solutions and protocols, are described in a set of documents that are publicly available. This paper describes the security and privacy implications of the EPD design, argues where it falls short, and briefly discusses some improvements that may alleviate some of the risks that exist in the current design. |
| Document type | Conference contribution |
| Language | English |
| Published at | https://doi.org/10.1145/1866914.1866918 |
| Permalink to this page | |