eIDAS - Electronic Identification for Cross Border eHealth

eIDAS - Electronic Identification for Cross Border eHealth

Antonios Ch. Stasis (Hellenic Ministry of Administrative Reconstruction, Athens, Greece), Loukia Demiri (Department of Project Implementation, Hellenic Ministry of Administrative Reconstruction, Athens, Greece) and Eleni Chaniotaki (Hellenic Ministry of Administrative Reconstruction, Athens, Greece)
Copyright: © 2018 |Pages: 17
DOI: 10.4018/IJRQEH.2018040104

Abstract

This article aims at presenting the provisions of eIDAS regulation and the related implementing acts along with the work of the eSENS project, regarding the cross - border identification of a patient, using the infrastructure foreseen in the eIDAS and in the Directive 2011/24/EU. The Patient Identifier is crucial information that is needed for Health Care Services, and currently, the eIDAS has no explicit provision for that. The work in the eSENS project depicted that this information can be transferred through the eIDAS infrastructure and the National Contact Point (NCP) from country to country, exploiting eIDAS node specification for additional attributes to transfer the patient identifier information. In addition to that, the aggregation of patient's identifier attribute with the eID attributes was done either using a national method or reusing a functionality that was developed in STORK2 project. The eSENS plugin software module allowed STORK2 infrastructure to interoperate with eIDAS. The results of the eSENS Health Care pilot from Greece and Austria are also being analyzed.
Article Preview

Introduction

eHealth Care Services apply strong security measures to ensure that a) the exchange of patients’ medical record and the related information is transferred securely and b) is only accessible by the authorized health care professional according to the will and consent of the patient. Moreover, the Health Care Providers require to uniquely identify the patient and confirm that (s)he has the appropriate insurance to cover the cost of the treatment. These needs become more urgent when the patient comes from a foreign country. In this case, the electronic transfer of the medical records is the only feasible way to get the necessary information on time and ensure that the cost of the health care services offered will be reimbursed to the health care provider. The main stakeholders in these transactions are: 1) the health care professional, 2) the patient, 3) the identity provider that verifies the identification of the patient, 4) eHealth National Infrastructure of the patient’s county.

The eIDAS Regulation (European Commission, 2014) provisions and infrastructure aims to facilitate the cross - border electronic identification. The Directive 2011/24/EU (European Commission, 2011a) on the application of patients’ rights in cross border health care foresees the National Contact Point i.e. an infrastructure that was developed in the context of European Patient Smart Open Services (EPSOS) project (EPSOS, 2008) to connect the national health care infrastructure at cross - border level so that services such as ePrespriction, eConfirmation and transfer of patient summary can be offered among the European Economic Area Member States.

In this context, it is crucial to successfully connect the eIDAS infrastructure with the National Contact Point so that the services can be compliant both with the eIDAS Regulation and the Directive EU/2011/24. This connection was initially successfully tested in eSENS project (eSENS, 2013). The results of eSENS in the Health Care domain regarding the connection of eIDAS infrastructure with National Contact Point are being briefly described in this article.

This paper aims to facilitate and accelerate the discussion on the extension of eIDAS regulation in specific domain attributes considering the example of the health care domain. The architecture and the approach that was applied in eHealth can be reused as a generic paradigm for treating additional domains in a similar way. Currently, discussions are in progress with mandates on behalf of legal persons, academic information, financial and banking information for cross border services. Therefore the paper has the following objectives apart from presenting the current legal provisions of eIDAS regulation:

  • To highlight the existing limitations of the current architecture of the eIDAS node,

  • To propose a generic solution for aggregating and handling additional attributes in the eIDAS infrastructure applied in eHealth,

The structure of this article includes the following six sections:

  • 1.

    Section 1: Introduction

  • 2.

    Section 2: eIDAS Regulation, Commission Implementing Decisions

  • 3.

    Section 3: The eIDAS node as the main interoperability infrastructure for cross border authentication

  • 4.

    Section 4: The proposal of the eSENS project regarding the attribute handling for the generic health care scenario

  • 5.

    Section 5: The results of the eSENS work

  • 6.

    Section 6: Conclusion and future work

Eidas Regulation, Commission Implementing Decisions

The scope of Regulation (EU) N°910/2014 “on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC” (eIDAS Regulation) is i) to ensure that people and businesses can use their national Electronic IDs to authenticate themselves to public services that are offered by other EU countries and ii) raise trust between the stakeholders in the internal market.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 8: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 7: 4 Issues (2018)
Volume 6: 4 Issues (2017)
Volume 5: 4 Issues (2016)
Volume 4: 4 Issues (2015)
Volume 3: 4 Issues (2014)
Volume 2: 4 Issues (2013)
Volume 1: 4 Issues (2012)
View Complete Journal Contents Listing