Other eHealth Use Cases
eHealth: PACS Use Case
A picture archiving and communication system (PACS) is a medical imaging technology that provides storage of, and convenient access to, images from multiple modalities. PACS has four main uses, namely: (i) hard copy replacement; (ii) remote access that provides capabilities of off-site viewing and reporting enabling practitioners in different physical locations to access the same information simultaneously; (iii) an electronic image integration platform that provides interfacing with other medical automation systems such as Electronic Medical Record (EMR) systems; and (iv) radiology workflow management. Given that PACS must deal with very sensitive data, accessed from different organisations (hospitals) and by different users (radiologist, technician, clinical researcher, general practitioner, and perhaps the patient) in a distributed system, it is of paramount importance to ensure proper user authentication and authorisation. In order to comply with legislation, in medical systems like PACS patient permissions to access data must be properly regulated (proper patient digital consent management).
Such a user centric, federated approach contrasts to the “backend attribute exchange” model, which typically involves transmission of user information without involvement or consent by the user and the use of common identifiers across domains. Furthermore remote access by healthcare providers from their own mobile devices to PACS is also emerging. Assurance of trustworthiness of the mobile device and attribute claims play an important role here as well. Finally, access to sensitive medical information as PACS records is usually regulated by access control policies, which specify which parties and under what conditions may access information. If the information is confined within a single, trusted system, policy enforcement can be achieved using traditional enforcement mechanisms. When information needs to be disclosed across different organisational and jurisdictional domains (e.g. different hospitals that host practitioners involved in teleradiology), however, guaranteeing policy enforcement becomes more challenging. Therefore attribute-based policy enforcement techniques will play an important role here.
eHealth: DNA Management Use Case
Recent advances in DNA sequencing technologies have attracted considerable attention from the healthcare domain, since healthcare applications can use complete DNA sequences in order to provide diagnoses, personalised medical treatments and even personalised drug design. Medical research, diagnostics and treatment that are based on genomic data, however, require not only access to DNA data and collaboration between different parties such as pharmacies, sequencers, researchers and patients, but also intensive computational resources. To support such collaborations, distributed, (possibly cloud-based) DNA archiving systems, similar to PACS, become a necessity. Remarkably, DNA data are self-identifying sensitive data meaning that they are a unique identifier of human beings that contain information used for disease risk profiling, ancestry determination and, potentially, other more personal physiological aspects. Therefore proper access management in distributed DNA-systems needs to be built on an advanced Authentication and Authorisation framework, that also supports a combination of policy-based access control with more sophisticated techniques to protect DNA data. Naturally, digital consent management must be incorporated here, just as in the PACS use case.