Italian Electronic Health Record: a proposal of a Federated Authentication and Authorization Infrastructure

The Electronic Health Record (EHR) is a systematic collection of electronic health information about patients that can improve health care and personal safety through more accurate evidence-based decision support. EHRs comprise medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal stats such as age and weight, demographics and billing information. EHR is in digital format so can be shared across different healthcare settings/organizations. Healthcare organizations, primarily in different regions/local governments, can have different architectural solutions, procedures and access control policies, thus making it necessary to adopt a single Federated infrastructure model. Furthermore, data stored in the EHR Infrastructure concerns the health status of patients so are critical, and their confidentiality and integrity must be protected by proper security support. In this paper we present some ideas on how to manage federation and security issues for the management of the Electronic Health Record in Italy.