PKI-secured health care networks allow safe patient data transfer and medical consultation across Europe

Athens 18 April 2001Within the European Commission's Fifth Framework Programme for Information Society Technologies (IST), a consortium of six partners has been awarded funding since January 2001 to build pan-European REgional Secure HEalth care Networks (RESHEN) based on the concepts of Public Key Infrastructure (PKI) and Trusted Third Parties (TTP). Three pilot sites will be established in Finland, Germany, and Greece to demonstrate in which ways medical information exchange with respect for privacy and safety can be set up between primary and secondary health care service providers on the one hand, and between doctors and pharmacies or patients on the other, both at a regional and cross-national level.


The RESHEN consortium doesn't start from scratch but relies on results and experiences acquired in previous health care networking projects like Chin, Euromed-ETS, Ishtar, MedSec, Terve, and TrustHealth. The aim is to apply the PKI-secured health care network concept in a series of carefully defined information flow scenarios which will be laid in at the twofold level of both regional and cross-border traffic of sensitive patient data. In each of these settings, the secondary medical service providers, such as the regional and peripheral hospitals, will act as Trusted Third Parties (TTPs) to provide the required security services in terms of registration, certification, directory management, optionally key management, and time stamping to the primary health care service providers. These could be local health centres and clinics or pharmacies, laboratories, and patients.

Though regional health care network connections are already operational in some countries, the implementation of a PKI architecture at a pan-European level constitutes a new challenge. The RESHEN team will be confronted with a number of hurdles to overcome in terms of interoperability of networks and systems; language problems; organisational aspects related to the utilisation of TTP, including cross-certification issues; and differing national regulations and laws with regard to security and exchange of medical information. While at the regional level, the pilot sites can exchange real data with prior patient consent, should the situation require this; at the European level, simulated data will be used in the demonstration, because it is not self-evident to find suitable patient data for cross-border interactions.

Data transfers as well as interpersonal communications between doctors, for instance, have to be protected by encryption mechanisms and standardised protocols, including TCP/IP, HTTP, Lightweight Directory Access Protocol (LDAP), and Secure Socket Layer (SSL). The certification service will be based on X.509v3 and CRLv2 structures. The directory service will be prescribed, applying standard object classes and attributes. Guidelines will be provided whereas a central linking service, based on LDAP referrals, has been defined. The RESHEN partners will integrate all these application protocols at three selected demonstration sites.

The Greek pilot site consists of the Regional Health care Network of Central Macedonia with 8 Health Centres (HC) and a number of Peripheral Infirmary Units (PIU). The objectives are to organise patient monitoring services for the benefit of the rural population by creating a generic Patient File, and provide regional and national health authorities with statistical data to optimise the planning of health services. The current system features dial-up connections between HCs and PIUs through ISDN lines, using routers and ISDN modems. In addition to data transfers, video-conferencing will be supported to enable remote consultations.

The Magdeburg University Hospital (UHM) is the partner responsible for the German pilot site. This constitutes a shared care oncology health network, called the Magdeburg/Saxony-Anhalt ONCONET in which a generic security infrastructure, based on Health Professional Cards (HPC) as security tokens and a PKI-enabled TTP, has already been established. Doctors can exchange electronic patient records and anonymous cancer patient data for statistical analysis to further diagnosis, treatment, education, and research. Next step will be the set-up of an organisational framework to manage registration and certification procedures within the German health care system. RESHEN is an opportunity for UHM to work out best practice guidelines for ONCONET and expand this initiative to a telematics services platform for health care in general.

The RESHEN partner for the Finnish pilot site is the North Karelia Hospital District (NKHD). Here, six health centres are interconnected through existing information network services in which the electronic patient record is being applied actively. Health care providers use a personal security card to gain access to the NKHD server via a dial-up connection or the Internet. Within the project, NKHD will act as TTP for regional as well as cross-national PKI-secured data communication.

In addition to the three participating regional networks, also three technical partners and four subcontractors are involved in the project. The National Technical University of Athens is the RESHEN co-ordinator with Data & Control Systems and Hitech as its subcontractors. Expertnet and Business Architects are responsible respectively for the technical implementation and the administrative support of the Greek pilot site. GMD is the subcontractor for UHM in Germany, and SecGo is the subcontractor for NKHD in Finland. More project details are available at the RESHEN Web site.

Leslie Versweyveld

[Medical IT News][Calendar][Virtual Medical Worlds Community][News on Advanced IT]