TY  - CHAP
UR  - http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6026770&isnumber=6026719
N2  - The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it.
KW  - e-Health systems in developing countries
KW  -  information se-
curity
KW  -  healthcare technology standards
KW  -  e-Health experiences
AV  - public
ID  - eprints1579
TI  - A standard-driven communication protocol for disconnected clinics in rural areas
Y1  - 2011///
SP  - 304
T2  - Proceedings of 13th IEEE International Conference on e-Health Networking, Application Services (Healthcom)
A1  - Masi, Massimiliano
A1  - Pugliese, Rosario
A1  - Tiezzi, Francesco
SN  - 978-1-61284-696-5
EP  - 311
PB  - IEEE
ER  -