An authentication architecture for healthcare information systems

Abstract

The medical community is moving towards an environment where automated patient medical records and electronically interconnected healthcare facilities are prevalent. The primary reason is that the electronic healthcare record, coupled with the electronic networking of hospitals, can provide healthcare organizations with more efficient, seamless service, resulting in higher quality care and reduced costs. The information contained in electronic records is an important and valuable asset of a healthcare organization. Thus, it needs to be protected to ensure its confidentiality, integrity and availability. A critical point in security is to set up efficient and flexible access control policies and procedures for protecting information. However, user authentication remains a prerequisite for really secure information services especially in distributed systems. In this paper, an authentication architecture for healthcare environments is presented. The proposed authentication architecture is based on a particular authentication protocol, which exploits the benefits of symmetric and asymmetric cryptography in order to provide a simple and self-confident authentication system. © 2002, Sage Publications. All rights reserved.