Policies in the health care to support public key infrastructure

Abstract

In this thesis, an approach for securing health information transactions over the public Internet or private networks is investigated. This is commonly proposed to assist in secure transactions. The approach is based on developing custom policies that will help health organizations in developing an effective strategy for exploiting the public and private internet-based networks to improve quality of care. At the same time this approach is designed to help preserve patient privacy, patient data confidentiality, and human safety. The requirements for designing the policies for the implementation of a complete Public Key Infrastructure (PKI) system [9, 22, and 29] that would cover the health care sector of Cyprus are analysed, including potential risks. The first policy is the certificate policy (CP), which defines the set of rules for the operation and management practice of certification authorities (CAs) issuing qualified certificates. The second policy proposed is the certificate practice statement (CPS), which outlines the technical, procedural and personnel policies and practices of a particular CA. Both of them comply with the “Internet X.509 V3 Public Key Infrastructure Certificate Policy and Certification Practices Framework” [5]. As a result of the adoption of the proposed policies the Hippocrates CA was implemented, the goal of which is the coverage of the Pancyprian health care sector. Hippocrates CA is still at an experimental stage however, and its first users will be the Bank of Cyprus Oncology Centre (BOCOC) and the Cyprus Association of Cancer Patients and Friends (PASYKAF).