Interoperability Among Healthcare Organizations Acting as Certification Authorities

IEEE Transactions on Information Technology in Biomedicine

Volumn 7, Issue 4, 2003, Pages 364-377

  Bourka, A ^a   Polemi, D ^a   Koutsouris, D ^b  

^a NATIONAL TECHNICAL UNIVERSITY OF ATHENS   (Greece)

^b Expertnet SA   (Greece)

Author keywords

Certificate policy (CP); Cross certification; Healthcare security; Public key infrastructure (PKI) interoperability

Indexed keywords

ALGORITHMS; AUTOMATION; DECISION MAKING; INFORMATION ANALYSIS; INTEROPERABILITY; JAVA PROGRAMMING LANGUAGE; PUBLIC POLICY; REGULATORY COMPLIANCE; SOCIETIES AND INSTITUTIONS; WORLD WIDE WEB;

CERTIFICATE POLICIES (CP); CROSS-CERTIFICATION; HEALTHCARE SECURITY; PUBLIC KEY INFRASTRUCTURE (PKI) INTEROPERABILITY;

HEALTH CARE;

ARTICLE; CERTIFICATION; COMPARATIVE STUDY; COMPUTER NETWORK; COMPUTER SECURITY; CONFIDENTIALITY; DATA BASE; DECISION SUPPORT SYSTEM; EVALUATION; HEALTH SERVICE; INFORMATION SYSTEM; INTERNATIONAL COOPERATION; INTERNET; MEDICAL RECORD; ORGANIZATION AND MANAGEMENT; POLICY; PUBLIC RELATIONS; STANDARD; SYSTEM ANALYSIS;

CERTIFICATION; COMPUTER COMMUNICATION NETWORKS; COMPUTER SECURITY; CONFIDENTIALITY; DATABASE MANAGEMENT SYSTEMS; DECISION SUPPORT TECHNIQUES; HEALTH SERVICES ADMINISTRATION; INFORMATION MANAGEMENT; INTERINSTITUTIONAL RELATIONS; INTERNATIONAL COOPERATION; INTERNET; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; ORGANIZATIONAL POLICY; SYSTEMS INTEGRATION;

EID: 1442264193     PISSN: 10897771     EISSN: None     Source Type: Journal    
DOI: 10.1109/TITB.2003.823291     Document Type: Review

References (45)

1. A. Arsenault and S. Turner. (2002) Internet X.509 public key infrastructure: Roadmap, internet draft. PKIX Working Group, IETF. [Online]. Available: http://ieft.org/internet-drafts/drafts-ieft-pkix-roadmap-08.txt
2. R. Housley, W. Ford, W. Polk, and D. Solo. (1999) Internet X.509 public key infrastructure certificate and CRL profile, IEFT RFC standard 2459. [Online]. Available: http:www.ieft.org/rfc/rfc2459.txt
3. Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, CCITT Rec. X.509/ISO/IEC Standard 9594-8, 1994.
4. P. Harris, J. Hermans, J. Hilton, M. Hoeke, K. Hodgson, and R. Koorn. (2002) PKI usage within user organizations: An examination of the current and future use and implementation of PKI within the ICT user community. EEMA, Security Interest Group. [Online]
5. (2002) A bridge CA for Europe's Public Administrations. European commission - Enterprise DG, public key infrastructure for closed user groups project (PKIUG). [Online]. Available: http://europa.eu.int/ISPO/ida/
6. "X509 certificate policy for the healthcare PKI," Federal Government, Tech. Rep. version 0.3.1, 2001.
7. National PKI framework for health. Canadian Institute for Health Informatics (CIHI), CA. [Online]. Available: http://secure.cihi.ca
8. (2000) PKI in healthcare: Recommendations and guidelines for community based testing. Healthkey. [Online]. Available: http://www.health.key.org
9. A. Bourka, A. Georgoulas, D. Polemi, B. Blobel, P. Pharow, and P. Itkonen, "Survey on current security practices and solutions in the field of regional healthcare information networks," RESHAN project, Final Deliverable D.2.1, 2001.
10. Information technology - open systems interconnection - security frameworks for open systems: Overview, JTC1 ISO/IEC standard 10181-1 (1996). [Online]. Available: http://www.iso.org
11. (1999) Data encryption standard (DES), FIPS PUB 46-3 standard. US Department of Commerce, NIST. [Online]. Available: http://csrc.nist.gov/cryptval/cmvp.htm
12. R. L. Rivest, A. Shamir, and L. M. Adleman, "On digital signatures and public key cryptosystems," MIT Laboratory for Computer Science, USA, Tech. Rep., MIT/LCS/TR-212, 1979.
13. C. Adams, P. Chain, D. Pinkas, and R. Zuccherato. (2001) Internet X.509 public key infrastructure: Time stamp protocol (TSP), IETF RFC standard 3161. [Online]. Available: http://www.ieft.org/rfc/rfc3161.txt
14. "Identification and authentication in e-Government," eEurope smart Cards, Trailbrazer 2, European Commission, White Paper, 2002.
15. B. Blobel, Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems. Amsterdam, The Netherlands: IOS Press, 2002.
16. (2001) Cross Certification Guidelines. Canadian institute for health informatics (CIHI), CA. [Online]. Available: http://secure.cihi.ca
17. "Cross certification methodology and criteria, tech. document, " Treasury Board Secretariat of Canada, Government of Canada, Ottawa, Canada, 2001.
18. Z. Kardasiadou, B. Blobel, and S. Amberla. (2001) Legal and policy issues of pki adoption in health telematics applications in Greece, Germany and Finland, Tech. Del. D.2.2. RESHEN Project, European Commission. [Online]. Available: http://www.biomed.ntua.gr/reshen
19. S. Chokhani and W. Ford. (1999) Internet X.509 public key infrastructure certificate policy and certification practices framework, IEFT RFC standard 2527. [Online]. Available: http://www.ieft.org/rfc/rfc2527.txt
20. (2000) Policy requirements for certification authorities issuing qualified certificates, ETSI TS 101 456. [Online]. Available: http://portal.etsi.org/sec/el-sign.asp
21. K. Louwerse, F. A. Allaert, B. Blobel, and B. Barber, Security Standards for Healthcare. Amsterdam, The Netherlands: IOS Press, 2002.
22. R. Fraser, "Healthcare PKI standards development," in 2001 Canadian Institute for Health Information Workshop, Ottawa, Canada.
23. Healthcare Informatics - Public Key Infrastructure, ISO TS 17090 Parts 1-3, 2001.
24. Healthcare certificate policy, ASTM standard E31.20 (2000). [Online]. Available: http://www.cio.gov/fpkisc
25. A. Bourka, D. Polemi, and D. Koutsouris, "An overview in healthcare information systems security," in 2001 MEDINFO Conference, London, U.K.
26. "Directive 1999/93/EC of the european parliament and of the council of 13 December 1999 on a community framework for electronic signatures," Official J., vol. L 013, pp. 0012-0020, Jan. 2000.
27. A. Bourka, "Advanced public key infrastructure services for healthcare: development of secure application for e-Healthcare documents communication - Implementation of prototype method for automated certificate policies compatibility assessment," Ph.D. dissertation, Dept. Elect. Comput. Eng., National Tech. Univ.Athens, Athens, Greece, 2002.
28. "Model certificate policy for a healthcare PKI," Tunitas Group, 2000.
29. "X.509 certificate policy for the federal bridge certification authority (FBCA)," Federal PKI Task Force, USA, Tech. Rep. version 1.9, 2000.
30. (2000) EuroPKI certificate policy, Tech. Report Version 1.1 (Draft 4). Computer and Network Security Group of Politecnico di Torino. [Online]. Available: http://www.europki.org
31. "Network and information security: Proposal for a european policy approach," European Commission, Communication of the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, 2002.
32. A. Asay, C. S. Brandt, B. Daniels, D. Greenwood, J. Larimer, and W. T. Vincent III (2000) Certification Authority of Rating and Trust (CARAT) Guidelines. National Automated Clearing House Association (NACHA), The Internet Council. [Online]. Available: http://internet-council.nacha.org/Projects/default.html
33. (2000) Health OCA certificate policy. Baltimore Certificates Australia Pty Limited, Australia. [Online]
34. (2001) Healthcare OCA Gatekeeper Individual Accredited Healthcare certificate policy. Heath Insurance Commission, Australia. [Online]. Available: http://www.hesa.com.au
35. (2001) Model digital signature and confidentiality certificate policies for health PKI. National PKI Framework for Health, Canadian Institute for Health Informatics (CIHI), Canada. [Online]
36. E. Tiantaphyllou, Multi-Criteria Decision-Making Methods: A Comparative Study. Dordrecht, The Netherlands: Kluwer, 2002.
37. T. Bray, J. Paoli, C. M. Sperberg-MCQueen, and E. Maler. (2000) Extensible markup language (XML) 1.0 recommendation (Second Edition). XML Standard, W3C. [Online]. Available: http://www.w3.org/TR/REC-xml
38. D. Eastlake, J. Reagle, and D. Solo. (2001) XML-signature syntax and processing IETF RFC standard 3075. [Online]. Available: http://www.ietf.org/rfc/rfc3075.txt
39. T. Imamura and B. Dillaway. (2002) XML encryption syntax and processing W3C candidate recommendation. [Online]. Available: http://www.w3.org/TR/xmlenc-core/
40. Specification for XML DTD's in healthcare, draft ASTM E31.25 standar (2001). [Online]. Available: http://www.openhealth.org/ASTM/
41. (1999) Health level seven XML patient record architecture, HL7, SGML/XML SIG. [Online]. Available: http://xml.cover-pages.prg/hl7PRA.html
42. "JBUILDER 5 documentation," BORLAND, Scotts Valley, CA, 2000.
43. (2002) IBM XML SECURITY SUITE. IBM, New York. [Online]. Available: http://www.alphaworks.ibm.com
44. (2002) IAIK JCE 3.0. Graz Univ. Technol., Graz, Austria. [Online]. Available: http://jcewww.iaik.tu-graz.ac.at/products/jce
45. "Improvement and modernization of the national health system, chapter a: Regional healthcare systems," Official J. Govern. Greek Democ., vol. 37, 2001.