You are here

Assuring International Authentication & Authorization with STORK 2.0

HealthConnect implements STORK for eHealth

No matter where you are, you want your health to be taken care of. But information about your health is probably one of the aspects of your life you want to have the best protection. Indeed, you only want your information to tbe visible to the right eyes: your doctor, your caring family, ... Also from the care professional’s view, the respect for professional secrecy needs to be respected.

At HealthConnect, we work hard to connect health actors and citizens alike, guaranteeing the proper security protection. For the authentication & authorization we use a layered framework to assure that only the designated people can access data or functionality.

Through identification (e.g. a unique number) and authentication, a confirmed claim of identity can be made. Using the profile information belonging to the confirmed identity, coarse grained authorization (e.g. access to an application) and fine grained authorization (e.g. access to a certain field of a patient’s file) can be enforced. In Belgium, the identification and authentication of healthcare profesionnals and citizens typically happens through the use of the eID card. For coarse grained authorizations, authentic sources (registries, therapeutic relationships, ...) are set-up and exposed as services through the eHealth platform.

At the European level, STORK pushed the lines for wider uptake of eID in Europe, aiming at realising a single European electronic identification & authentication area. Starting beginning 2012, STORK 2.0 will give more additional “attributes” to the citizens so that they can also identify themselves in their professional field of activity as well.