Addressing Privacy in a Federated Identity Management Network for EHealth

Abstract

E-health networks can provide integrated services to patients and health care workers that are more broadly accessible by leveraging Internet technology and electronic health records. However, issues of security and privacy must be addressed. In particular, compliance with relevant privacy legislation must be established. Federated identity management can enable users and service providers to securely and systematically manage identities and user profiles in a single sign on framework that controls access to personal information. In this paper, we use a simple ePrescription scenario to analyze the business and technical issues that need to be addressed in a Liberty Alliance federated identity management framework. We look at the potential impact of privacy compliance on three existing components of the framework (Discovery Service, Identity Mapping Service, Interaction Service) as well as a fourth component (Audit Service) that has been proposed to address potential privacy breeches in Liberty Alliance.