Meeting EHR Security Requirements: Authentication as a Security Service

Electronic Health Record (EHR) is a promising concept to collect and manage electronic health information of all citizens. Integration the Heathcare Enterprise (IHE) was one of the first initiatives that aims at standardizing the way healthcare systems exchanging information in a distributed environment. Based on EHR concepts and IHE profiles different approaches have been introduced in the industry and the literature to implement and apply solutions for different stakeholders in the healthcare domain (see e.g., http://www.ith-icoserve.com/). Due to the sensitivity of the data dealt with in these systems, security is a major concern that must be considered. In previous work we have presented a general architectural solution to apply the evolving Security as a Service (SeAAS) paradigm in distributed architectures for EHR in conformance to IHE–proposed profiles. While our architecture proposed is generic and covers all security requirements, we focus in this work on one security requirement, namely, authentication and show how it can be offered as a service while adhering to IHE profiles. 1