Article Preview
TopIntroduction
eHealth Care Services apply strong security measures to ensure that a) the exchange of patients’ medical record and the related information is transferred securely and b) is only accessible by the authorized health care professional according to the will and consent of the patient. Moreover, the Health Care Providers require to uniquely identify the patient and confirm that (s)he has the appropriate insurance to cover the cost of the treatment. These needs become more urgent when the patient comes from a foreign country. In this case, the electronic transfer of the medical records is the only feasible way to get the necessary information on time and ensure that the cost of the health care services offered will be reimbursed to the health care provider. The main stakeholders in these transactions are: 1) the health care professional, 2) the patient, 3) the identity provider that verifies the identification of the patient, 4) eHealth National Infrastructure of the patient’s county.
The eIDAS Regulation (European Commission, 2014) provisions and infrastructure aims to facilitate the cross - border electronic identification. The Directive 2011/24/EU (European Commission, 2011a) on the application of patients’ rights in cross border health care foresees the National Contact Point i.e. an infrastructure that was developed in the context of European Patient Smart Open Services (EPSOS) project (EPSOS, 2008) to connect the national health care infrastructure at cross - border level so that services such as ePrespriction, eConfirmation and transfer of patient summary can be offered among the European Economic Area Member States.
In this context, it is crucial to successfully connect the eIDAS infrastructure with the National Contact Point so that the services can be compliant both with the eIDAS Regulation and the Directive EU/2011/24. This connection was initially successfully tested in eSENS project (eSENS, 2013). The results of eSENS in the Health Care domain regarding the connection of eIDAS infrastructure with National Contact Point are being briefly described in this article.
This paper aims to facilitate and accelerate the discussion on the extension of eIDAS regulation in specific domain attributes considering the example of the health care domain. The architecture and the approach that was applied in eHealth can be reused as a generic paradigm for treating additional domains in a similar way. Currently, discussions are in progress with mandates on behalf of legal persons, academic information, financial and banking information for cross border services. Therefore the paper has the following objectives apart from presenting the current legal provisions of eIDAS regulation:
- •
To highlight the existing limitations of the current architecture of the eIDAS node,
- •
To propose a generic solution for aggregating and handling additional attributes in the eIDAS infrastructure applied in eHealth,
The structure of this article includes the following six sections:
- 1.
Section 1: Introduction
- 2.
Section 2: eIDAS Regulation, Commission Implementing Decisions
- 3.
Section 3: The eIDAS node as the main interoperability infrastructure for cross border authentication
- 4.
Section 4: The proposal of the eSENS project regarding the attribute handling for the generic health care scenario
- 5.
Section 5: The results of the eSENS work
- 6.
Section 6: Conclusion and future work
TopEidas Regulation, Commission Implementing Decisions
The scope of Regulation (EU) N°910/2014 “on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC” (eIDAS Regulation) is i) to ensure that people and businesses can use their national Electronic IDs to authenticate themselves to public services that are offered by other EU countries and ii) raise trust between the stakeholders in the internal market.