KEY ISSUES AND FUTURE PERSPECTIVES ON IDENTITY

MANAGEMENT IN EHEALTH

A Review

Maria João Campos

1,2

and Pedro Pereira Rodrigues

1,3

Faculty of Medicine of the University of Porto, Al. Prof. Hernâni Monteiro, 4200-319 Porto, Portugal

Faculty of Sciences of the University of Porto, Rua do Campo Alegre, s/n, 4169-007 Porto, Portugal

LIAAD - INESC Porto, L.A. & CINTESIS

Center for Research in Health Technologies and Information Systems, Porto, Portugal

Keywords: Identity management, eHealth.

Abstract: Identity management represents an essential component for identification, authentication and authorization

of patients, professionals, stakeholders and organizations in eHealth, combining information technologies

and organizational procedures to provide security and privacy to health information. A literature search was

conducted to identify relevant articles which were then grouped into themes according to the main subject.

From the selected articles, plus their references, main findings, issues and future perspectives were

systematized. A total of 31 articles were obtained, and after selection methodology 13 articles were included

and grouped in four different themes: identity pseudonymisation and anonymization for secondary use,

privacy preserving identity, identification, authentication and authorization identity in eHealth and identity

and standardization. Through references cited in articles, research programs and working areas were also

identified. Very few implementations could be found in literature, showing that this problem is even more

complex than it seems and future adoption requires further research on new models and architectures.

Furthermore, there is the need for a standard methodology for identity attributes interoperability between

different stakeholders. Although there is a known large research effort in the context of identity in the

information society in general, very few studies and experiences were found in the eHealth context.

1 INTRODUCTION

In the nineties eHealth (Oh, 2005) was related with

the transition from paper based to electronic health

records. However eHealth has today a broader scope

and the emphasis has been changing from the

process and the health organization to citizen or

patient centred healthcare. Different stakeholders

(Slamanig, 2008) play a role in eHealth, information

exchange must be established in different contexts,

such as between patient, health care professional,

different hospitals, external laboratories, health

center and pharmacy. In these contexts the patient

empowered is needed and there is a strong

requirement for an easy access to health information.

Identity management is related with the secure

management of identities, the identification process

during which an entity may be authenticated in some

context. The context for the identification process

may be within one organization, or federated across

different organizations. It covers the lifecycle of the

identities, and respective information, as they are

established, modified, suspended, terminated or

archived. Entities might be anything that can be

uniquely identified, such as persons, organizations

or goods (Hildebrand, 2006).

As long as information exchange is needed, data

security, safety and the protection of privacy are

essentials for eHealth acceptance. Safety and privacy

protection assurance are related with the level of

security provided by the authentication mechanism

used, but also by the registration process preceding

them, its respective lifecycle, associated

technologies, trust and transparency.

The main goal of this study is to conduct a

literature review for the key issues and future

perspectives on identity management in the eHealth

context.

455

Campos M. and Pereira Rodrigues P..

KEY ISSUES AND FUTURE PERSPECTIVES ON IDENTITY MANAGEMENT IN EHEALTH - A Review.

DOI: 10.5220/0003124504550458

In Proceedings of the International Conference on Health Informatics (HEALTHINF-2011), pages 455-458

ISBN: 978-989-8425-34-8

 2011 SCITEPRESS (Science and Technology Publications, Lda.)

2 METHODOLOGY

In this section, search query, study selection criteria

and study characteristics defined are described.

2.1 Search Strategy and Study

Characteristics

A comprehensive literature search was conducted on

PubMed and IEEE Xplorer to identify relevant

articles published. The keywords that were used

include identity, identity management, identity-

management and identification, authentication and

authorization. These terms were used in conjunction

with eHealth, e-Health or electronic health.

2.2 Study Selection

The titles and abstracts of the identified studies were

analyzed. Studies that cover identity, but with

general reviews and not focused on identity

management in context of eHealth were excluded.

This exclusion criteria was used because the primary

aim of the review was to provide an identification of

the main findings, issues and future perspectives on

identity management in eHealth context and articles

targeting other application areas other than the

eHealth context (e.g., information society) were

beyond the scope of this review.

For the studies selected to be included in this

review, the references cited were also manually

examined to identify additional relevant studies and

studies were grouped in themes, based on the main

area of each study and its main findings.

3 RESULTS

First, general overview result are presented

following a thematic analysis with identified themes.

Finally, research programs and working groups cited

in studies are described.

3.1 General Overview

Following the previously described method, the

search queries in Pubmed identified 17 studies and

14 in Xplorer database. Most of the studies included

were conducted in Europe (69%) and Australia

(15%), and most of them were conducted in the past

three years (85%). No studies were found, conducted

in United States.

These studies approach identity management

from different perspectives and enabled the

identification of key themes, based on the main

study subject identified as: identity

pseudonymisation and anonymization for secondary

use, privacy preserving identity, identification,

authentication and authorization and identity and

standardization. References and citation from other

included studies can be included in thematic

analysis.

3.2 Thematic Analysis

In this section, thematic analyses from the results of

the review are presented, grouped by the themes

previously identified.

3.2.1 Pseudonymisation and Anonymisation

Identity for Secondary Use

The pseudonymisation and anonymisation for

secondary use of electronic health records or

personal medical records, is important to ensure the

protection of private and personal data, when it

leaves the control and protection sphere of the health

care, for secondary uses such as clinical or

epidemiological and health care research projects,

assessment of treatment quality or economic

assessments (Iacono, 2007). For these uses, in

general the patient identity is not needed, and

therefore the data must be anonymised or

pseudonymised. Technical approaches for

pseudonymisation and anonymization for preserving

patient identity privacy are presented, whereas for

one-time use of the data the procedure for

anonymisation is straightforward, long term data

accumulation or the need for re-identification

process requires a more sophisticated approach

(Pommerening, 2004).

3.2.2 Privacy Preserving Identity

When considering access to eHealth systems and

sharing of personal health information in distributed

systems within different organizations, security and

privacy must be addressed, in particular, compliance

with relevant privacy legislation must be established.

Some solutions are pointed out, such as federated

identity management, that can enable users and

service providers to securely and systematically

manage identities and user profiles in a single sign

on framework that controls access to personal

information (Peyton, 2007). However, federated

identity management presents a specific privacy

threat because it makes intensive use of identity

information (Mina, 2008) between different health

care providers.

HEALTHINF 2011 - International Conference on Health Informatics

456

A key component for user privacy is preserving

the ability to remain anonymous (Au, 2008).

Anonymisation can represent a threat because

accountability is important in data security

management (Au, 2008).

Privacy-preserving allow different uses of

identifiers called pseudonyms in different medical

contexts to preserve user privacy. Sensitive medical

information can be collected from distributed health

record databases in different health organizations

and linked together dynamically without revealing

the consumer’s real identity using concepts like

identity management. Anonymity and obfuscation

are under well-defined policies with legal-

compliance (Au, 2008) and prevents disclosure

attacks and statistical analysis (Slamanig, 2008).

Sharing medical data on large scale can also expose

the patient privacy-related threats, such as massive

data aggregation or profiling (Mina, 2008)..

3.2.3 Identity, Authentication

and Authorization

Medical data security is an important issue that

poses technical, organizational and ethical

challenges (Al-Nayadi, 2007). Identity,

authentication and authorization level depends on

who is getting the access, and different levels are

defined for different resources. Attribute certificates,

identity certificates, patient consent are important

mechanisms to define fine grained rules to grant

access.

Some studies (Dagdee, 2009, Hildebrand, 2006)

proposed systems that are able to define access

control rules using combination of standard, identity

and authorization credentials simplifying the

specification of access control policy. However, the

use of associated attributes with the standard

credentials considerably helps in achieving the

required fine grained access control. Another

important issue that is addressed (Quantin, 2007) is

when eHealth systems are used anywhere, through

internet access. In order to know that the right

person is getting access to the right record anywhere,

strict identity check is needed and cryptographic

techniques, such as those of electronic signature

should be use. This will ensure the authentication of

the requests sender and the integrity of the data and

also the protection and confidentiality of the access

follow up.

3.2.4 Identity Management

and Standardization

Several standards are under development for Health

Informatics and security domains, such as

ISO/TC215 and ISO/IEC-CD24760 with the scope

defined for Standardization in the field of

information for health, and health information and

communications technology (ICT) and identity

management respectively. The identity management

standard aims to provide a framework for the

definition of identity and secure, reliable and private

management of identity information. Other ISO

committees activities under the group of security

techniques (Hildebrand, 2006). Standardization is

needed to provide interoperability between different

eHealth systems, providing the privacy and security

related with identity exchange information and

controlling process of observability, linkability, data

aggregation and profiling (Hildebrand, 2006).

Significant work has been done on

standardization, but many of the results are not

known to the user nor has their usability been fully

evaluated. Standardization bodies are urging input

from the users (Hildebrand, 2006).

3.3 Research Programs and Working

Groups

BioHealth and the Liberty Alliance are research

programs, focused on identity and standards,

promoting awareness, knowledge and understanding

of privacy issues and existing and emerging security

standards in the area of eHealth. Some of their main

results and future perspectives are presented in

several articles (Hildebrand, 2006, Peyton, 2007).

In Australia, electronic health implementation

(Au, 2008) was promoted, through HealthConnect

scheme and more recently through the Australian

National e-Health Transition Authority (NETHA,

2007), whose expectation is that through such

initiatives this research on consumer-centric identity

management will be able to gain acceptance (Au,

2008).

4 DISCUSSION

Research has been made, in eHealth context, in the

last three years (11 studies) and based on the

literature, research was essentially made in Europe

and the main interest was in exploring different

architectures and models that can be implemented in

the future with identity management in eHealth,

based on a patient’s centric approach and on

federated model in identity management.

Significant evidence has been found highlighting

major issues in dealing with identity, especially in

KEY ISSUES AND FUTURE PERSPECTIVES ON IDENTITY MANAGEMENT IN EHEALTH - A Review

457

the context of eHealth, because of the sensible

information, data security and privacy. On the other

hand, legal barriers on exchange identities

information, makes the need for research new

compliance architectural and models. In general,

very few studies have been implemented. This is an

indicator that identity management in eHealth is

much more complex than it seems and that, reliable

and trustable, data security and privacy are very

difficult to achieve.

Considering the patients and health professionals

mobility and that the access should be granted

anywhere, several research groups are defining

standards to provide interoperability between

different eHealth systems. The standards should

provide privacy and security related with identity

exchange information and the control of key issues

such as observability, linkability, data aggregation

and profiling. Also, there is no consensus and no

standardization methods for anonymisation

identification for research propose.

EHealth allows patients to actively participate in

the process of health care, improves their awareness

and feeling of security, and ultimately leads to their

empowerment. Nevertheless, there is no evidence

found on the acceptance of patients and health care

providers on the use of trustable mechanisms and

models on identity management to provide enhanced

security and privacy. Attitude and behaviour for

patient and health care providers related with

identity management in eHealth should be

considered for further research.

5 CONCLUSIONS

Identity management is a key component for

eHealth. The need for a standard methodology for

identity and authentication interoperability between

different stakeholders in eHealth was identified.

Although a large research effort was found in the

context of identity management in the information

society, very few studies and experiences were

found in the eHealth context. Since eHealth deals

with sensible information there is a need for further

research work showing evidence that privacy and

security are really achieved.

Legal and security issues associated with

availability, integrity and confidentiality, related

with identity in eHealth, were expected to be found

in the literature. However no such themes were

found. These are important themes that should be

further discussed because they are the main barriers

for the implementation of identity management in

the context of eHealth.

ACKNOWLEDGEMENTS

The authors acknowledge the help of Luis Antunes

for fruitful discussions on this work.

REFERENCES

Al-Nayadi, F., Abawajy, J. 2007. An Authentication

Framework For E-Health Systems. Signal Processing

And Information Technology, 2007 Ieee International

Symposium On.

Au, R., Croll, P. 2008. Consumer-Centric And Privacy-

Preserving Identity Management For Distributed E-

Health Systems. Hawaii International Conference On

System Sciences, Proceedings Of The 41st Annual.

Dagdee, N., Vijaywargiya, R. 2009. Credencial Based

Hybrid Access Control Methodology For Shared

Electronic Health Records. Information Management

And Engineering, 2009. Icime '09. International

Conference On.

Hildebrand, C., Pharow, P., Engelbrecht, R., Blobel, B.,

Savastano, M., Hovsto, A. 2006. Biohealth-The Need

For Security And Identity Management Standards In

Ehealth. Stud Health Technol Inform.

Iacono, L. L. 2007. Multi-Centric Universal

Pseudonymisation For Secondary Use Of The Ehr.

Stud Health Technol Inform.: Pubmed.

Mina, D., Scandariato, R., De Cock, D., Preneel, B.,

Joosen, W. 2008. Identity In Federated Electronic

Healthcare. Wireless Days, 2008. Wd '08. 1st Ifip.

Netha. 2007. “Framework For Analysing, Planning And

Implementing Identity Management Within E-Health”,

[Online]. [Accessed 8 January 2010].

Oh, H., Rizo, C., Enkin, M., Jadad, A. 2005. What Is

Ehealth (3): A Systematic Review Of Published

Definitions. Journal Of Medical Internet Research, 7

(1).

Peyton, L., Jun, Hu., Chintan, Doshi., Seguin, P. 2007.

Addressing Privacy In A Federated Identity

Management Network For Ehealth. . Eighth World

Congress On The Management Of Ebusiness, 2007.

Wcmeb 2007. .

Pommerening, K., Reng, M. 2004. Secondary Use Of The

Ehr Via Pseudonymisation Stud Health Technol

Inform. Pubmed.

Quantin, C., Allaert, F. A., Fassa, M., Riandey, B.,

Avillach, P., Cohen, O. 2007. How To Manage Secure

Direct Access Of European Patients To Their

Computerized Medical Record And Personal Medical

Record. Stud Health Technol Inform. Pubmed.

Slamanig, D., Stingl, C. 2008. Privacy Aspects Of

Ehealth. Availability, Reliability And Security. Third

International Conference On 2008.

HEALTHINF 2011 - International Conference on Health Informatics

458