Promoting the diffusion, knowledge and understanding of existing and emerging security standards in eHealth is a major contribution of the BIOHEALTH project.
 
eHealth systems should be secure and privacy compliant at all times. It builds upon reliable communication and application security services. The specific areas that have to be dealt with are confidentiality, authenticity, data integrity and accountability.

Identity management standards and the potential physical implications caused by biometric devices have been revised by the BIOHEALTH project. Reports will be published on the website after being evaluated externally.

These reports will examine the typical threats encountered in e-health data and information management and the solutions.

In brief, these threats & solutions in the e-health and information management are:

• Confidentiality
  Confidentiality is at risk while data is being generated, transferred or stored for any patient. A classical threat is the illegal capture of personal information. E.g. information on the person’s health status can be gained by intruding on the communication channels. This can be avoided thanks to encrypted communication protocols and encrypted storage at the different levels of communication.
  
  
• Authenticity
  Authenticity, including non-repudiation, is threatened by hampering the data at the front-end: for example, mobile terminals at the end-user’s application or at the Health server. If altered, the information cannot be attributed to the sender, or else the authorship of the information is being denied. Reliable safeguards are offered by Message Authenticity Codes (MAC).

• Data Integrity
  Data Integrity is at risk during transmission or during storage. In this case an intruder changes the data. Countermeasures consist in adding redundancy codes, the so-called Message Integrity Codes (MIC), to the data.

• Accountability means that users can rely on the information provided. It implies that all actions are traceable. This requires ethical standards and legal regulation.

• Secure management of identities
  Identification management consists of the secure management of identities, of the identification process during which an entity may be authenticated, and of the information associated with the identification of an entity within a given context. The entities can be anything that can be uniquely recognised and may have multiple identities that may be used in different contexts.
  This means that various health professionals will be able to share a patient record. In order to trace a patient's record across different health systems, link health records in different institutions and update information on the patient locally, adequate identity management is required.

Biometrics as a key technology for secure identification

Biometrics is an automated method of identifying a person or of verifying his/her identity based on a physiological (face, fingerprints, hand geometry, iris) or behavioural characteristics (handwriting, voice, etc). Biometric technologies are seen as a key technology for secure identification and for personal verification globally.

The European Commission encourages the development of consistent government policies regarding the use of biometrics and the consideration of interoperability and privacy.

Nevertheless biometrics raises a number of concerns. These range from the accessibility which can lead to the exclusion of a person because he/she is unable to prove his/her identity (e.g. a person with a crippled hand might not be able to identify him/herself by fingerprint) to threats posed by centralisation or even abuse of the data. Besides, different countries have different rules and legal regulations.

Specific attention will be brought by BIOHEALTH project to the analysis of such shortcomings and promote adapted standards solutions.