- Security in the Dutch electronic patient record system
- 17th ACM Conference on Computer and Communications Security 2010 (CCS '10), Chicago, IL, USA
- Book/source title
- 2nd ACM CCS Workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS'10), Chicago, IL, USA
- Pages (from-to)
- New York, NY, USA: ACM
- Document type
- Conference contribution
- Faculty of Science (FNWI)
- Informatics Institute (IVI)
In this article, we analyze the security architecture of the Dutch Electronic Patient Dossier (EPD) system. Intended as a mandatory infrastructure for exchanging medical records of most if not all patients in the Netherlands among authorized parties (particularly, physicians), the EPD has to address a number of requirements, ranging from scalability and performance to security and privacy - as well as usability in practice. The EPD is partially centralized. Patient records are stored decentrally, while a central component takes care of authentication and authorization of health professionals and of the mechanics required for exchanging patient records.
The requirements for the EPD, as well as high-level descriptions of solutions and protocols, are described in a set of documents that are publicly available. This paper describes the security and privacy implications of the EPD design, argues where it falls short, and briefly discusses some improvements that may alleviate some of the risks that exist in the current design.
- go to publisher's site
If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library, or send a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.