Current security issues faced by health care establishments and resulting requirements for a secure health information system architecture

As all the other contributions of this volume, the following chapter is based on earlier work like the SEISMED project results concerning comprehensive guidelines elaborated on security in Health Care Establishments' (HCE) information infrastructures. Dealing with current security issues in the healthcare domain, it consists of two parts. Considering the challenges for increased efficiency and quality of care and the corresponding changes in philosophy and paradigm of modern health care systems, the shared care health system architecture must be supported by adequate distributed networking health information systems enabling communication and co-operation between the systems' components according to the shared care paradigm. In the first part, trends and solutions for new health information systems architecture meeting these challenges have been analysed. In that context, open solutions for decentralised HCE information infrastructures emerging from international efforts in design and standardisation have been compared especially considering the most important healthcare-related architectural approach and the resulting security issues. Professionals involved in health care information management have to rely on standard hardware and software components with the trend to decentralised information infrastructure, thereby exposing the systems to serious security threats. Communication services relevant in decentralised health care information infrastructures have been identified and their security requirements highlighted using a general security model. Embedded in a detailed analysis of security threats for distributed health information system architectures, the policy securing such systems and the policy bridging needed for integration of the systems to provide interoperability are investigated and requirements are specified in the second part. Ongoing efforts and available solutions for specification, standardisation and implementation of security solutions in integrated health information systems are described, especially considering the results of related projects funded by the European Commission or the CEN TC251 but also referring to international work.