Security in e-Health scenarios

Important progresses in medicine and healthcare has been made during the last century. The duration of the life of human beings is dramatically increased. Population of the developed countries is aging, causing serious problems in the health sector. In Europe it is expected that the number of citizens aged over 65 will rise up to 123 millions in 2030. This fact will have a huge impact on social, economic, and health aspects. On the other hand, access to healthcare treatment is not always granted in developing countries where healthcare and communications infrastructures are missing. Electronic health (e-Health) can help to overcome these problems. The aim is to make it possible for patients to maintain a mobile and independent lifestyle. The e-Health has the possibility to bring electronic healthcare treatments to citizens and regions, which otherwise would not have access to it, and improves their quality of life. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. This seminar will introduce de-facto security standards for e-Health software interoperability (OASIS, Hl7, IHE) in Service Oriented Architectures. Common problems and security flaws found in real project specifications will be covered.