Trust negotiation for authentication and authorization in healthcare information systems

The expanding availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care. The implementation of electronic medical record systems has been hindered by inadequate security provisions. This paper describes the use of trust negotiation as a framework for providing authentication and access control services in healthcare information systems. Trust negotiation enables two parties with no pre-existing relationship to establish the trust necessary to perform sensitive transactions via the mutual disclosure of attributes contained within digital credentials. An extension of this system, surrogate trust negotiation is introduced as a way to meet the security requirements of healthcare delivery systems based on mobile computing devices and wireless communication technologies. These innovative technologies have enormous potential to improve the current state of security in healthcare information systems.