Cryptographic protection of health information: cost and benefit.

Medical, legal, and economic reasons inevitably force health care establishments to apply more and more open distributed IT systems rather than the less flexible and more expensive mainframes. Managing, for example, electronic patient records by various users at different locations by means of large scale client server systems requires new security provisions for storing, archiving and communicating those data. Using an analogy, data processing is being changed from railroads to highways. Formerly, only one engine-driver was responsible for the security of a whole train whereas now the car-drivers themselves are responsible each for his own car. Unless the cars are equipped with suitable security mechanisms like breaks and safety belts this change endangers individuals within and outside the cars. Cryptography provides many of the relevant security mechanisms for open distributed health care IT systems. Indeed, suitable cost effective cryptographic products are available but are rarely found in health care IT systems. The reason is more political than economic, diverging national security interests in the EU have prevented strong security in public telecommunication infrastructures arguing that, e.g. criminals would profit, too. The resulting uncertainty of investments delays the development, standardisation and installation of cryptographic solutions.

Cryptographic mechanisms for health care IT-systems.

Present health care information and communication system sufficiently respect neither the interests of the professional users (physicians, nurses, etc.) nor those of the usees (patients) concerning informational self-determination, integrity, and non-repudiation. The EU-AIM-SEISMED project has attacked this challenge. There is consensus that legal regulations and organisational measures around health care IT-systems have to be revisited and harmonised. However, the increasing processing capacities of IT-systems demand that the legitimate security interests of users and usees are enforced in advance--not only after the fact. This cannot be achieved against -----stems but only by the help of IT-systems. Since cryptographic mechanisms are an essential tool to this end SEISMED provides guidelines and technical recommendations on cryptographic mechanisms.

How to achieve secure environments for information systems in medicine.

The efficiency of modern health care relies more and more upon a computerized infrastructure. Open distributed IT-systems have started to bring professionals together from all around the world. Multimedia applications integrate formerly separated functionalities. On the one hand, easy processing and communication of images, sounds, and texts will help to represent illnesses and diseases holistically. But, on the other hand, such technology may compromise the privacy of patients, and may subvert the accountability and professional secrecy of health care professionals. The European Union has initiated a multi-disciplinary project to come up with practical guidelines on how to achieve a Secure Environment for Information Systems in MEDicine (SEISMED). It has taken into account the traditional and proven principles of health care data processing, the various legislations within the EU, the enormous and subtle risks of health care IT-systems, and the cost of changing existing technology.

Security for decentralized health information systems.

Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).