Sabiá: an authentication, authorization, and user data delivery architecture based on user consent for health information systems in Brazil

Purpose: Health information systems in Brazil have been designed and developed in a heterogeneous manner based on local regional characteristics, resulting in a lack of health information integrity. In this context, the Brazilian Ministry of Health pointed out the need for interoperability solutions of health information systems, noting the importance of integration with national databases and alignment with Brazilian data protection laws. Therefore, this paper presents Sabiá, a platform for authentication, authorization, and data delivery based on user consent for health information systems in Brazil. Methods: Sabiá’s architecture is designed to achieve the following requirements: (R1) Provide a Federated Identity; (R2) Be a Federated Resource Manager; (R3) Collect user data from different information systems; and (R4) Deliver user data to systems based on user consent. Sabiá consists of three main components: (1) Sabiá Authorization Server, responsible for implementing Open Authentication; (2) Sabiá Collector, responsible for collecting data from different information systems; and (3) Sabiá Resource Server, responsible for delivering data previously authorized by the user to the systems. Results: After analyzing historical data, R4 functionality was selected to be submitted to performance testing because it is the process that most affects overall system performance. The tests aimed at analyzing Sabiá’s behavior in the heaviest scenario based on historical data. Conclusion: The results showed no flaws and indicated system stability and consistency, in which the user perceives a system reaction instantaneous, whose response time averages remained below 100 ms. © 2020, Sociedade Brasileira de Engenharia Biomedica.