Privacy-preserving access to e-health systems

Abstract

The Regulation (EU) N. 910/2014 enables secure and seamless electronic interactions between citizens and public authorities. It allows a citizen to access a service provided by a relying party by exploiting the same credential used with her/his national identity provider. However, in the identification process, the identity provider becomes aware about the type of service accessed by the citizen and this can result in a breach of privacy in several cases, especially when the service is related to health. In this paper, we highlight this breach of privacy and propose a possible solution.