Options
2011
Presentation
Title
RLUS and SOA security: German National Personal Health Record
Title Supplement
Presentation held at SOA in Healthcare Conference, Hyatt Dulles Hotel, Herndon, VA, USA, July, 14th 2011
Abstract
In 2009 the German Federal Ministry of Health initiated an R&D project on the design and prototypical implementation of a German national Personal Health Record (PHR). Major requirements included advanced security and privacy means and a generic platform semantics that allows for operating various patient-centric eHealth applications within the PHR. Decision was made to use HSSP Retrieve, Locate and Update Service (RLUS) on top of a SOA security architecture. The German PHR platform will support both synchronous and asynchronous exchange of medical data between a physician and a patient. On the patient side RLUS services encapsulate existing PHR systems (e.g. Microsoft's healthvault) or simple medical data storage devices (e.g. USB cards). The RLUS services implement 6 different communication patterns for requesting and providing medical data that can be used as building blocks for implementing arbitrarily complex communication scenarios. RLUS semantic signifiers are used to refer to content specific information models and CDA schemas. The RLUS operations are safeguarded by SAML-coded security token that carry authentication and authorization data. The architecture allows for both pushing and pulling XACML policies. Pushing of policies is used for ad hoc authorization with a health card. In this case a XACML policy is generated on demand and pushed to the RLUS services within the SOAP header. The presentation will show how RLUS can be used to implement a health record infrastructure that is designed for scalability and rich functionality. It will be demonstrated how semantic signifiers support dealing with large amounts of health data within a single record and how the scale for a future support of record systems where health data might be organized according to medical domain models instead of being exchanged solely as static documents. The presentation will as well show how RLUS operations can be safeguarded with SOA-style security services that make use of standards such as WS-Trust, SAML and WSS.
Author(s)
Conference
Keyword(s)