This website is intended for healthcare professionals only.

Hospital Healthcare Europe
Hospital Healthcare Europe

The need for security and identity management standards in eHealth

Claudia Hildebrand
1 January, 2008  

Claudia Hildebrand

Hans Demski
GSF – National
Research Centre for Environment and Health
Institute of Medical ­Informatics

Peter Pharow
Dipl Biol
Competence Centre University of Regensburg Medical Centre, Germany

Modern European healthcare is changing dramatically. It has to accommodate sociological­ challenges such as the free movement of citizens, demographic changes or changing work ­practices. Patient care is being shared cooperatively between several ­carers; ­hospitals are becoming increasingly an integrative part of a growing health infrastructure with differing­ tasks. Information and communications technology (ICT) and new technologies support the processes. They link the various sectors, providing ­communication channels and enabling access to essential information, such as electronic health records (EHRs). Broadband networks and wireless communication make it possible for citizens in underdeveloped or rural regions to benefit via telemedicine from the knowledge of experts practising in other areas or in hospitals.

Flexibility and security
Interoperability, safety and privacy are key aspects to ensure the acceptance of eHealth. The ­corresponding applications, devices and systems must be secure. They have to obey data protection rules at all times and be based on trustworthy and reliable communication systems. This goes for the access to ­personal information and its transfer, and also for the recording and archiving of information. Legal and ­ethical aspects have to be met. Requirements of security lead to advanced electronic identity management and the use of biometrics.

The “i2010 – a European Information Society for growth and employment” initiative – which builds on the policy objectives specified in the Lisbon Declaration and on the European eHealth Action Plan 2005 – promotes an “inclusive European Information Society, supported by efficient and user-friendly ICT enabled public services”.(1,2) eHealth interoperability is seen as a prerequisite, and standardisation benefits interoperability.

The European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (CENELEC)(3) and the European Telecommunications Standards Institute (ETSI)(4) are the main European standards-developing organisations (SDOs) active in ICT. Directive 98/34/EC provides the legal basis for European standardisation.(5) The 2006 ICT work programme gives an inventory of the relevant legal framework, sets out priorities for SDOs and a timetable for its execution. eHealth was seen as a major domain.

Though standardisation has a long history in Europe and the European Commission has been ­supporting activities for many years – CEN was founded in 1961 – the acceptance, use and implementation of standards often do not meet expectations.(6) One reason is that information on standards is not easily accessible. This proves a major business disadvantage, especially to small and medium enterprises (SMEs) building eHealth applications.

Europe Innova, an initiative funded by the European Commission, aims to back SMEs by ­supplying them with supporting information to help them compete with larger industries.(6) BioHealth (security and ­identity management standards in eHealth, including biometrics) is part of the Innova Standards networks and is solely concerned with the eHealth domain.(8) The project’s work is concentrating on eHealth security standards’ analysis, the security of data and identity management, and legal, confidentiality, security and ethical issues concerning biometrics and identity management.

The main aspects of this coordinated activity are the identification and formation of stakeholder groups (industries, SMEs, NGOs, service providers, healthcare professionals, authorities and institutions, citizens, governments, policymakers, insurers and researchers) and the organisation of national and regional open meetings for these groups. By setting up guidelines, BioHealth aims to support the implementation of standards.

BioHealth partners are very close to these standardisation bodies and offer to interact between them and users. This requires a close dialogue with the users. A website provides background ­information, reports and news on related topics, and material on the BioHealth project itself (see Resource). It is a first step to an open platform for those involved and interested in this topic.

Radiofrequency identification
The eHealth electronic identification (eID) business is currently the third-largest-growing business in Europe, preceded­ only by banking and telecommunications. Radiofrequency identification (RFID) and ­biometrics ­encourage smooth eID implementation. However, RFID’s public perception in terms of the privacy ­concerns and lack of understanding of the new technologies seems one of the obstacles to adopting eID within the eHealth domain.

Still, RFID holds a large potential for improving healthcare in hospitals. RFID tags may be used to follow up a patient in an emergency setting or to monitor and locate patients. Via RFID tags, medical drugs can be tracked in hospitals. Other than for out-of-stock situations, the use of RFID may increase patient safety in providing the proper drug in the accurate quantity to the correct person as ­prescribed by the medical staff and, by means of single-item tagging and temperature-enabled RFID tags, by being certain of the integrity of the drug. Potential misuse and physical and ethical implications caused by RFID are being watched critically by BioHealth.

Any hospital – private or public – with today’s organisation and infrastructure has to undergo major changes to meet new demands. Efficiency and profitability are intial requirements. The patient will be staying for a much shorter time. Equipped with an eID device (eg, RFID tag, smartcard or mobile phone) enabling access to their EHR, patients will undergo the various examinations by different ­specialists in various institutions in a continuous workflow, thus saving a lot of time. They will enable them to choose between any European hospital, and the hospital staff will have to deal with more patients unable to speak their language.

Biometrics can provide a reliable means for the verification of the patients’ as well as the ­carers’ identities. The experience gained by the use of electronic passports will support the introduction of cross-border eHealth.

Hospitals that will be using standardised solutions will have a clear advantage, as they will be able to securely exchange medical and administrative information and cooperate with others more easily.

At the eHealth conference 2007, EU-27 and the members of the European Economic­ Area adopted a common declaration on their commitment to pursue structured cooperation on cross-border electronic health services across Europe.(9) Improved patient summaries in different health ­contexts such as medical emergencies or the writing and dispensing of prescriptions are to be tested in large-scale pilot programmes. The scenarios will concentrate on chronically ill patients and on the care of the ­elderly. The increased use of electronic health data and research results and the coordination of norms and developments, which are vital for cross-border developments, will finally result in a single European eHealth area. BioHealth is actively supporting these aims by providing information on standardisation to all identified stakeholder communities.


  1. European Communities. i2010 – a European Information Society for growth and employment.
  2. European Communities. eEurope 2005 Action Plan.
  3. European Committee for Standardisation (CEN).
  4. European Telecommunications Standards Institute.
  5. Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations.
  6. European Communities. Enterprise and Industry Directorate General. Action Plan for European Standardisation.
  7. European Commission. Europe INNOVA – the network driving European innovation.
  8. BioHealth Consortium. BioHealth – security and identity management standards in eHealth including biometrics – specific requirements having an Impact on the European society and on standardisation.
  9. European ­Communities. eHealth Declaration 2007.