COVER -- TITLE PAGE -- TABLE OF CONTENTS -- 1 INTRODUCTION -- 1.1 THE HEALTH SYSTEMS' CHALLENGE -- 1.2 DEFINITION OF "SHARED CARE" -- 1.3 OBJECTIVES OF THE BOOK -- 1.4 THIS BOOK'S SCOPE -- 1.5 HOW TO READ THE BOOK -- 2 PARADIGM CHANGES IN HEALTH INFORMATION SYSTEMS -- 2.1 HEALTHCARE, HEALTH INFORMATION SYSTEMS AND COMMUNICATION -- 2.2 HEALTH INFORMATION SYSTEMS -- 2.3 E-HEALTH -- 2.4 COMMUNICATION IN HEALTHCARE -- 2.4.1 Communication Content -- 2.4.2 Communication Partners -- 2.4.3 Communication Infrastructure -- 2.4.4 Communication Services -- 2.5 PATIENT CARE AND HEALTH NETWORKS -- 2.6 COMMON MIDDLEWARE CONCEPTS -- 2.7 SUMMARY AND CONCLUSION -- 3 COMPARING IMPLEMENTED MIDDLEWARE CONCEPTS FOR ADVANCED HEALTHCARE SYSTEM ARCHITECTURES -- 3.1 INTRODUCTION -- 3.2 CORBA -- 3.2.1 Concepts -- 3.2.2 Architectural framework -- 3.2.3 Relevance for healthcare enterprises -- 3.3 DHE -- 3.3.1 Concepts -- 3.3.2 Architectural framework -- 3.3.3 Relevance for healthcare enterprises -- 3.4 HL7 -- 3.4.1 Concepts -- 3.4.2 Architectural framework -- 3.4.3 Relevance for healthcare enterprises -- 3.5 COMPARISON OF THE APPROACHES -- 3.6 OTHER CONCEPTS -- 3.6.1 Distributed System Object Model -- 3.6.2 Distributed Component Object Model -- 3.6.3 ActiveX -- 3.6.4 Distributed Computing Environment -- 3.6.5 JavaBeans -- 3.6.6 .NET -- 3.7 SUMMARY AND CONCLUSIONS -- 4 A GENERIC COMPONENT MODEL TO EVALUATE ARCHITECTURAL APPROACHES -- 4.1 COMPONENT-BASED ANALYSIS AND DESIGN OF SYSTEMS -- 4.1.1 The UML Modelling Methodology -- 4.1.2 Basic Concepts and UML Presentation of Components -- 4.1.3 The Domain Concept -- 4.1.4 Component Models for Real-World Systems -- 4.1.5 Unification of Different Modelling Approaches -- 4.2 A GENERIC MODEL OF COMPONENT SYSTEMS -- 4.3 SUMMARY AND CONCLUSIONS -- 5 THE ELECTRONIC HEALTHCARE RECORD IN THE ARCHITECTURAL CONTEXT -- 5.1 INTRODUCTION.

5.1.1 EHR-Related Definitions -- 5.1.2 EHR Requirements -- 5.1.3 EHR - A Document or a Service? -- 5.1.4 The XML Standard Set -- 5.2 PRINCIPLES OF EXISTING EHR APPROACHES -- 5.3 EXAMPLES OF THE EHR ONE MODEL APPROACH -- 5.3.1 The European Standards' Approach for Electronic Healthcare Record Extended Architectures -- 5.3.2 The Governmental Computerised Patient Record -- 5.4 EXAMPLES OF THE EHR DUAL MODEL APPROACH -- 5.4.1 The Recent HL7 Approach on Electronic Healthcare Record -- 5.4.2 The Australian Good Electronic Health Record Project -- 5.4.3 OpenEHR Package Structure -- 5.4.4 EHCR/EHR Architecture Model Harmonisation and Emerging Projects -- 5.5 CORBA 3 COMPONENT ARCHITECTURE -- 5.5.1 CORBA Valuetypes -- 5.5.2 CORBA Persistent State Service -- 5.5.3 CORBA Portable Object Adapter -- 5.5.4 CORBA Component Model -- 5.5.5 Model Driven Architecture -- 5.6 COMPARISON OF THE ADVANCED EHR APPROACHES -- 5.6.1 Common Features of the EHR Approaches Presented -- 5.6.2 Missing Features -- 5.6.3 Harmonisation Platform -- 5.7 SUMMARY AND CONCLUSIONS -- 6 A SYSTEMATIC APPROACH FOR SECURE HEALTH INFORMATION SYSTEMS -- 6.1 INTRODUCTION -- 6.2 SECURITY THREATS AND RISKS -- 6.3 METHODS -- 6.4 THE GENERAL CONCEPTUAL SECURITY MODEL -- 6.5 DOMAIN MODEL AND DOMAIN INTEROPERABILITY -- 6.6 METHODOLOGY PROPOSED -- 6.7 SECURITY SERVICES -- 6.8 SECURITY MECHANISMS -- 6.9 MODELLING OF USERS' SECURITY NEEDS -- 6.10 HEALTH USE CASES -- 6.11 HEALTH USE CASE EXAMPLES -- 6.12 SECURITY USE CASES -- 6.12.1 Abstract Security Use Cases -- 6.12.2 Derived Issues on Application Security -- 6.13 MANAGEMENT OF PRINCIPALS -- 6.13.1 Roles -- 6.13.2 Certification Procedure -- 6.13.3 Attestation and Assignment -- 6.13.4 Qualification and Permission -- 6.13.5 Managing Certification, Attestation, and Assignment -- 6.13.6 Authorisation Objects -- 6.14 XML DIGITAL SIGNATURE.

6.14.1 The W3C IETF XML-Signature Core Syntax and Processing -- 6.14.2 The ETSI XML Advanced Digital Signatures Standard -- 6.15 ALTERNATIVE AUTHORISATION MODELS -- 6.16 SECURITY FRAMEWORK FOR EHCR SYSTEMS -- 6.16.1 TTP Use Cases -- 6.17 SUMMARY AND CONCLUSIONS -- 7 SOME LEGAL AND PRACTICAL ASPECTS OF ASSESSMENT AND USE OF THE RESULTS ACHIEVED IN DISTRIBUTED HEALTH INFORMATION SYSTEMS -- 7.1 INTRODUCTION -- 7.2 LEGAL ASPECTS -- 7.2.1 Peer Entity Authentication -- 7.2.2 Data Protection -- 7.2.3 Data Confidentiality -- 7.2.4 Electronic Authentication -- 7.2.5 Authorisation -- 7.2.6 Access Control -- 7.2.7 TTP Rules -- 7.2.8 German Organisational and Legal Obligations -- 7.2.9 The European Technical and Legal Security Framework at the Glance -- 7.3 ALTERNATIVE APPROACHES TO A SECURITY CONCEPT -- 7.4 CATEGORIES OF COMMUNICATION AND THEIR SECURITY REQUIREMENTS -- 7.4.1 Simple Communication Services -- 7.4.2 Advanced Communication Services -- 7.5 APPLICATION SECURITY SERVICES -- 7.5.1 Basic Access Models -- 7.5.2 Security Rules -- 7.6 SUMMARY AND CONCLUSIONS -- 8 SECURITY MODELS FOR OPEN ARCHITECTURE CONCEPTS -- 8.1 CORBA CONCEPTUAL SCHEME IN THE CONTEXT OF SECURITY CONCEPTS -- 8.2 SECURITY FEATURES AVAILABLE IN CORBA -- 8.3 CORBA SECURITY SERVICES IN THE HEALTHCARE CONTEXT -- 8.3.1 CORBA Person Identification Service (formerly Patient Identification Service) -- 8.3.2 CORBA Resource Access Decision Service -- 8.3.3 CORBA Terminology Query Service (formerly Lexicon Query Service) -- 8.3.4 Recommendations for Security Objects -- 8.3.5 CORBA TTP Approach -- 8.4 SUMMARY AND CONCLUSIONS -- 9 SECURITY INFRASTRUCTURE PRINCIPLES AND SOLUTIONS -- 9.1 INTRODUCTION -- 9.2 SECURITY SERVICES CATEGORISATION -- 9.2.1 Basic Security Services -- 9.2.2 Infrastructural Services -- 9.2.3 Value Added Security Services -- 9.3 BASICS OF THE SECURITY INFRASTRUCTURE.

9.4 HEALTH PROFESSIONAL CARDS -- 9.5 SECURITY TOOLKITS -- 9.6 TRUSTED THIRD PARTY SERVICES -- 9.6.1 General Description -- 9.6.2 The ISO Public Key Infrastructure Technical Specification -- 9.6.3 Enhanced Trusted Third Party Services -- 9.7 THE GERMAN SECURITY INFRASTRUCTURE FRAMEWORK -- 9.8 THE SECURITY INFRASTRUCTURE WITHIN THE MAGDEBURG ONCONET PILOT -- 9.8.1 The Regional Clinical Cancer Registry Magdeburg/Saxony-Anhalt -- 9.8.2 Health Professional Cards Used -- 9.8.3 Architecture and Services of the Pilot TTP -- 9.9 SUMMARY AND CONCLUSIONS -- 10 SECURITY ENHANCED EDI COMMUNICATION -- 10.1 INTRODUCTION -- 10.2 STANDARD GUIDE FOR SPECIFYING EDI (HL7) COMMUNICATION SECURITY -- 10.2.1 Scope -- 10.2.2 EDI Communication Security Services -- 10.2.3 Merging secured Data Elements to EDI Messages -- 10.3 STANDARD GUIDE FOR IMPLEMENTING EDI (HL7) COMMUNICATION SECURITY -- 10.3.1 Scope -- 10.3.2 Basics -- 10.3.3 Security Services and General Realisation -- 10.3.4 The Secure File Transfer Protocol (SFTP) -- 10.4 IMPLEMENTATIONS -- 10.5 SUMMARY AND CONCLUSIONS -- 11 SECURE CHIPCARD-BASED HEALTH INFORMATION SYSTEMS - THE DIABCARD EXAMPLE -- 11.1 INTRODUCTION -- 11.2 ADVANTAGES AND DISADVANTAGES OF NETWORK-BASED AND CHIPCARD-BASED HEALTH INFORMATION SYSTEMS -- 11.3 THE DIABCARD -- 11.4 DIABCARD THREATS -- 11.5 OVERALL DESCRIPTION OF THE PILOT AND SECURITY REQUIREMENTS -- 11.6 TYPICAL SCENARIOS FOR INTERACTIONS BETWEEN PATIENT, DOCTOR AND THE SYSTEM -- 11.7 THE HEALTH PROFESSIONAL CARD -- 11.8 PLACEMENT OF APPLICATION SECURITY SERVICES IN THE DIABCARD ENVIRONMENT -- 11.9 APPLICATION SECURITY SERVICES -- 11.10 COMMUNiCATION SECURITY SERVICES -- 11.11 NOT USER-RELATED SECURITY SERVICES -- 11.12 DIRECTORY SERVICES -- 11.13 ACCESS CONTROL -- 11.13.1 Access Control to DCC -- 11.13.2 Access Control to PDD -- 11.13.3 Access Control to DCS -- 11.14 ACCOUNTABILITY.

11.15 AUTHORISATION -- 11.16 CONFIDENTIALITY -- 11.16.1 Confidentiality of the DIABCARD Server -- 11.16.2 Confidentiality of Paradox Database Table Data -- 11.17 AUDIT -- 11.18 THE ADVANCED DIABCARD SECURITY SOLUTION -- 11.18.1 Additional Security Services of the Advanced DIABCARD -- 11.18.2 Advanced Application Security Services -- 11.19 THE DIABCARD INTEGRATION IN HEALTH NETWORKS -- 11.19.1 The Next Generation DIABCARD Patient Data Card -- 11.19.2 Alternative Solutions for Access to Cards -- 11.20 SUMMARY AND CONCLUSIONS -- 12 A FUTURE-PROOF CONCEPT FOR DISTRIBUTED INTELLIGENT HEALTH INFORMATION SYSTEMS ON THE INTERNET -- 12.1 DESIGN OF FUTURE-PROOF HEALTH INFORMATION SYSTEMS -- 12.2 BASIC PACKAGES OF FUTURE-PROOF HIS -- 12.3 TOOLS NEEDED FOR SPECIFYING AND RUNNING FUTURE-PROOF HIS -- 12.4 META-MODEL TRANSFORMATION -- 12.5 HARP BASED IMPLEMENTATION TOOLS -- 12.6 THE HARP CLINICAL STUDY DEMONSTRATOR -- 12.7 HARP CROSS SECURITY PLATFORM -- 12.7.1 The Need of Policy Enforcement -- 12.7.2 HARP Cross Security Platform Specification -- 12.8 DECISION SUPPORT SYSTEMS -- 12.8.1 Electronic Guideline Representation -- 12.8.2 Security Services for Clinical Guidelines -- 12.8.3 Further XML-Related Security Specifications -- 12.9 SUMMARY AND CONCLUSIONS -- 13 EUROPEAN PROJECTS CONTRIBUTING TO THE PAPER -- 13.1 INTRODUCTION -- 13.2 THE DIABCARD PROJECT -- 13.3 THE HANSA PROJECT -- 13.4 THE ISHTAR PROJECT -- 13.5 THE TRUSTHEALTH PROJECT -- 13.6 THE EUROMED-ETS PROJECT -- 13.7 THE MEDSEC PROJECT -- 13.8 THE HARP PROJECT -- 13.9 THE RESHEN PROJECT -- 13.10 GERMAN PARTNERS -- 14 CONCLUSIONS -- 15 DEFINITION AND INTERPRETATION OF BASIC TERMS USED -- 16 REFERENCES -- 17 ANNEX A: NORMATIVE REFERENCES -- 18 ANNEX B: LIST OF ABBREVIATIONS -- 19 ANNEX C: TRUSTHEALTH-2 PILOT - REQUIREMENTS AND SOLUTIONS FOR THE SECURE ONCONET MAGDEBURG/SAXONY-ANHALT.

19.1 CANCER CENTRE MAGDEBURG.