User-centric and secure electronic authentication for digital health services: a case study for Brazil
Pages 151 - 158
Abstract
Digital transformation of the health domain is in the spotlight of the digitalization of public services across the globe. In line with Brazil's digital agenda (ICP Brazil), digitalization has been accelerated in Brazil in the recent past. eID or digital ID is a recognized and trusted person identification solution when seeking public services using digital means. ICP Brazil has listed several eID solutions in use at different levels of maturity, security and usability. However, it is also essential that the health sector requires an eID service with comparatively higher security and privacy level than an eID used for other public services, due to the sensitivity of health data and processes. This leads to a question of how adequate the current eID solutions are in health service provisions, specifically for patients. Unfortunately, the current knowledge domain lacks the evidence for a concrete answer to this question, and in such circumstances, a thorough and deep analysis of current eID solutions is in demand. This study results in such an attempt and will systematically analyse the technical viability and the issues/opportunities of the available eID services. The outcome leads to proposing a way forward for a suitable eID solution that can be used for the digital health domain in Brazil. It furthermore leads to showing the need for a cloud-based and federated wallet solution instead of eIDs with individual trust certificates. The next step of this work is to define the concrete requirements for a complete solution of the eID system for the health domain.
References
[1]
“Once Only Principle,” CEF Digital. https://ec.europa.eu/cefdigital/wiki/cefdigital/wiki/display/CEFDIGITAL/Once+Only+Principle (accessed Jul. 15, 2021).
[2]
G. Aichholzer and S. Strauß, “Electronic identity management in e-Government 2.0: Exploring a system innovation exemplified by Austria,” Information Polity, vol. 15, no. 1–2, pp. 139–152, Jan. 2010.
[3]
R. Dass and S. Pal, “Feasibility and Sustainability Model for Identity Management,” Digital Identity and Access Management: Technologies and Frameworks, 2012. https://www.igi-global.com/chapter/content/www.igi-global.com/chapter/content/61530 (accessed Dec. 07, 2022).
[4]
S. Suoranta, L. Haataja, and T. Aura, “Electronic Citizen Identities and Strong Authentication,” in Secure IT Systems, S. Buchegger and M. Dam, Eds., in Lecture Notes in Computer Science. Cham: Springer International Publishing, 2015, pp. 213–230.
[5]
J. Liu-Jimenez, R. Sanchez-Reillo, R. Blanco-Gonzalo, and B. Fernandez-Saavedra, “Making stronger identity for EU citizens,” in 2015 International Carnahan Conference on Security Technology (ICCST), Sep. 2015, pp. 333–339.
[6]
S. Strauß and G. Aichholzer, “National electronic identity management: the challenge of a citizen-centric approach beyond technical design,” International Journal on Ad-vances in Intelligent Systems, vol. 3, no. 1, 2010.
[7]
M. Hoffmann, “User-Centric Identity Management in Open Mobile Environments,” in Privacy, Security and Trust within the Context of Pervasive Computing, P. Robinson, H. Vogt, and W. Wagealla, Eds., in The International Series in Engineering and Computer Science. Boston, MA: Springer US, 2005, pp. 99–104.
[8]
“Legislation in a nutshell.” https://ec.europa.eu/digital-building-blocks/wikis/digital-building-blocks/wikis/display/DIGITAL/Legislation+in+a+nutshell (accessed May 07, 2023).
[9]
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, vol. 257. 2014. Accessed: May 07, 2023. [Online]. Available: http://data.europa.eu/eli/reg/2014/910/oj/eng
[10]
“Recommendation on a European Electronic Health Record exchange format | Shaping Europe's digital future,” Feb. 06, 2019. https://digital-strategy.ec.europa.eu/en/library/recommendation-european-electronic-health-record-exchange-format (accessed May 07, 2023).
[11]
“Ministério da Saúde,” Ministério da Saúde. https://www.gov.br/saude/pt-br/pagina-inicial (accessed May 08, 2023).
[12]
“Conheça as sete prioridades da Estratégia de Saúde Digital para o Brasil,” Ministério da Saúde. https://www.gov.br/saude/pt-br/assuntos/noticias/2023/marco/conheca-as-sete-prioridades-da-estrategia-de-saude-digital-para-o-brasil (accessed May 08, 2023).
[13]
“VHL Primary Health Care – Translating scientific knowledge into the practice of health care.” https://aps.bvs.br/ (accessed May 08, 2023).
[14]
“Sweden Brazil Innovation Initiative SBII.” https://www.sbii.org/RD_Areas_LifeScience.html (accessed May 08, 2023).
[15]
M. Quasthoff and C. Meinel, User Centricity in Healthcare Infrastructures. Gesellschaft für Informatik e. V., 2007. Accessed: Dec. 07, 2022. [Online]. Available: http://dl.gi.de/handle/20.500.12116/22656
[16]
“Germany - eID User Community -.” https://ec.europa.eu/digital-building-blocks/wikis/display/EIDCOMMUNITY/Germany (accessed May 07, 2023).
[17]
“Benefits of eID.” https://ec.europa.eu/digital-building-blocks/wikis/digital-building-blocks/wikis/display/DIGITAL/Benefits+of+eID (accessed May 07, 2023).
[18]
EUR-Lex, Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, vol. 257. 2014. Accessed: Jun. 07, 2022. [Online]. Available: http://data.europa.eu/eli/reg/2014/910/oj/eng
[19]
EU 2016/679, “REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016,” EUR-Lex - Access to European Union law, 2016. https://eur-lex.europa.eu/eli/reg/2016/679/oj (accessed Aug. 09, 2020).
[20]
“Country overview,” Jul. 29, 2021. https://ec.europa.eu/digital-building-blocks/wikis/digital-building-blocks/wikis/display/DIGITAL/Country+overview (accessed May 07, 2023).
[21]
World Bank, “Technology Landscape for Digital Identification.” 2018. [Online]. Available: https://documents1.worldbank.org/curated/en/199411519691370495/Technology-Landscape-for-Digital-Identification.pdf
[22]
“Index - FHIR v5.0.0.” http://hl7.org/fhir/ (accessed May 07, 2023).
[23]
EC, “REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity,” 2021. https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0281&from=EN (accessed May 08, 2023).
[24]
“The European Digital Identity Wallet Architecture and Reference Framework | Shaping Europe's digital future,” Feb. 10, 2023. https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-wallet-architecture-and-reference-framework (accessed May 07, 2023).
[25]
“Legislação,” Instituto Nacional de Tecnologia da Informação. https://www.gov.br/iti/pt-br/assuntos/legislacao/legislacao (accessed May 08, 2023).
[26]
“BRAZILIAN PUBLIC KEY INFRASTRUCTURE MANAGEMENT COMMITTEE | STIP Compass.” https://stip.oecd.org/stip/interactive-dashboards/policy-initiatives/2021%2Fdata%2FpolicyInitiatives%2F26623 (accessed May 08, 2023).
[27]
“Ecossistema ICP-Brasil,” Instituto Nacional de Tecnologia da Informação. https://www.gov.br/iti/pt-br/assuntos/icp-brasil/ecossistema-icp-brasil (accessed May 08, 2023).
[28]
“NeoID,” Loja SERPRO. https://www.loja.serpro.gov.br/neoid (accessed May 08, 2023).
[29]
“AR CFM - Digital Certificate.” https://certificadodigital.cfm.org.br/ (accessed May 08, 2023).
[30]
“Certificado Digital A1, A3 para pessoa física ou jurídica. | Certisign.” https://loja.certisign.com.br/Certificados/certificado-digital (accessed May 08, 2023).
[31]
“SafeID | Certificado Digital em nuvem,” Safeweb | Certificado Digital. https://safeweb.com.br/produtos/safeid (accessed May 08, 2023).
[32]
“Bird ID.” https://www.birdid.com.br/ (accessed May 08, 2023).
[33]
“CFO electronic prescription portal.” https://prescricaoeletronica.cfo.org.br/ (accessed May 08, 2023).
[34]
“Soluti Certificado Digital | Líder em Certificado Digital.” https://soluti.com.br/ (accessed May 08, 2023).
[35]
“Digital signature - NeoID - Documentation.” https://neoid.estaleiro.serpro.gov.br/documentacao/utilizacao-certificado/assinatura-digital/ (accessed May 08, 2023).
[36]
N. Pope, D. Pinkas, and J. Ross, “CMS Advanced Electronic Signatures (CAdES),” Internet Engineering Task Force, Request for Comments RFC 5126, Mar. 2008.
[37]
“Capítulo 2. Funcionalidades relativas ao Certificado.” https://www.frameworkdemoiselle.gov.br/v3/signer/docs/certificate-funcionalidades.html (accessed May 08, 2023).
Index Terms
- User-centric and secure electronic authentication for digital health services: a case study for Brazil
Index terms have been assigned to the content through auto-classification.
Recommendations
New perspectives for electronic government in Brazil: the adoption of open government data in national and subnational governments of Brazil
ICEGOV '12: Proceedings of the 6th International Conference on Theory and Practice of Electronic GovernanceThe development of information and communication technologies (ICTs) enabled production of bases containing raw data which can be freely manipulated, filtered or being crossed to build new applications. These possibilities of using this raw data and its ...
An efficient privacy mechanism for electronic health records
Electronic health records (EHRs), digitization of patients' health record, offer many advantages over traditional ways of keeping patients' records, such as easing data management and facilitating quick access and real-time treatment. EHRs are a rich ...
Enhancing accountability of electronic health record usage via patient-centric monitoring
IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics SymposiumElectronic Health Record (EHR) and Personal Health Record (PHR) systems could allow patients to better manage their health information and share it to enhance the quality and efficiency of their healthcare. Unfortunately, misuse of information stored in ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
September 2023
509 pages
ISBN:9798400707421
DOI:10.1145/3614321
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 November 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
ICEGOV 2023
ICEGOV 2023: 16th International Conference on Theory and Practice of Electronic Governance
September 26 - 29, 2023
Belo Horizonte, Brazil
Acceptance Rates
Overall Acceptance Rate 350 of 865 submissions, 40%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 374Total Downloads
- Downloads (Last 12 months)374
- Downloads (Last 6 weeks)57
Reflects downloads up to 20 Nov 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in