- A security analysis of the Dutch electronic patient record system
- Number of pages
- Amsterdam: University of Amsterdam, System and Network Engineering research group (SNE)
- Technical reports
- Volume | Edition (Serie)
- Document type
- Faculty of Science (FNWI)
- Informatics Institute (IVI)
In this article, we analyze the security architecture of the Dutch Electronic Patient Dossier (EPD) system. Intended as a national infrastructure for exchanging medical patient records among authorized parties (particularly, physicians), the EPD has to address a number of requirements, ranging from scalability and performance to security and privacy - as well as usability in (clinical) practice. The EPD is partially centralized. Patient records are stored decentrally, while a central component takes care of authentication and authorization of health professionals and of the mechanics required for exchanging patient records.
The requirements for the EPD, as well as descriptions of solutions and protocols, are described in a set of documents that are publicly available. This paper describes the security and privacy implications of the EPD design, argues where it falls short, and briefly discusses some improvements that may alleviate some of the risks that exist in the current design.
If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library, or send a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.