Secure interoperability of patient data cards in health networks.

In the healthcare area, chip card based information systems occur in the shape of patient data cards providing informational self determination and mobility of the users as well as quality, integrity, accountability, and availability of the data stored on the card, thus improving the shared care of patients. Dealing with sensitive personal medical information, shared care information systems have to provide appropriate security services, only authorized users allowing restricted rights to the patients' data according to the "need to know" principle. The DIABCARD project aims the implementation and evaluation of a chip card based medical information system (CCMIS) for facilitating communication and co-operation between health professionals in different organisations or departments caring the same patient with Diabetes as an example. In co-operation with the EC-funded TrustHealth project, the communication and application security services needed are provided as strong authentication and the derived services like authorization, access control, accountability, confidentiality etc. The solution is based on Health Professional Cards and Trusted Third Party services. Besides the secure handling of the patient's chip cart in DIABCARD workstations, also the secure communication between these workstations and related departmental systems has been implemented. Finally, a few legal issues, future trends like the XML standard set and their implications for the solution presented as well as for distributed health information systems in general are shortly discussed.