Project Overview

The rapid worldwide deployment of the Internet and Web is the enabler of a new generation of e-healthcare applications, but the provision of a security architecture that can ensure the privacy and security of sensitive healthcare data is still an open question. Current solutions to this problem are application-dependent and do not address the privacy and security requirements mandated by HIPAA.  Our research group believes that web services represent a promising technology for solving this problem. To that end we are building a prototype system to protect the privacy and security of medical data that has these attributes:

Security Architecture

Figure 1 shows our security architecture.

Figure 1.  Security Architecture for Protecting Medical Data

Upon accessing the medical portal, the user presents his/her authentication token from previous logins, if any. The trust level of the prior identification is contained in the authentication token along with its period of validity. If no authentication token is presented, then whenever the user first attempts to access a protected object, the user is redirected to the Secure Token Service to establish identity. The STS issues an appropriate authentication token that establishes identity and also encodes the reliability of identity establishment; that token is stored as a cookie (with an expiration time) on the local access device for future use.  The action request and the authentication token are forwarded to the medical data web service, whose Policy document determines the conditions of access.  The access request and authentication token are forwarded to the authorization web service which retrieves the appropriate authorization rule for the object in question.  The web service evaluates the access request and makes an access determination, which is then returned to the medical data web service which then grants or denies data access.

Access to auxiliary services requires crossing a trust domain.  For example, to send an electronic prescription from the hospital to the pharmacy requires access to the pharmacy's portal, which in turn requires verification of the prescription. The hospital's STS provides its credentials to the pharmacy's STS.  If, per the pharmacy's Policy document, the credentials are acceptable, then a local authorization token in the pharmacy domain is created to accompany the prescription.