CHAPTER ONE

Introduction

1.1 Background

“e-Health is an emerging field in the intersection of medical informatics, public health and

business, referring to health services and information delivered or enhanced through the Internet

and related technologies”

The healthcare industry is undergoing fundamental changes. Examples of such changes

include a shift from hospital-centric services to a more ambulatory system (with homecare, day

care clinics, and so on) and the treatment of chronic diseases that actively involves the patient

himself/herself. The emergence of Web-based e-Health portals is a natural result of such

changes because such portals provide patients and healthcare professionals easy accesses to

information no matter where they are. According to a recent survey, most patients say they are

very interested in and capable of accessing healthcare information and services via a Web-based

portal system

1.2 Motivation

The design of e-Health portal is, however, particularly challenging due to its unique

functionality and security requirements. First, a traditional design of portal systems will

encounter difficulties in integrating heterogeneous e-Health services implemented with different

technologies. The complexity of such integration will make it difficult to extend an existing

system with new services. Second, a general purpose Web-based portal usually cannot meet the

security requirements of an e-Health portal system because the consequence of a security breach

is far more serious in the latter. For example, an inappropriate disclosure of patient data will lead

to privacy breaches and legal issues, whereas an improper modification to diagnosis results or a
denial of critical healthcare service may threaten a patient’s health or even his/her life.

We address the above issues through the design and implementation of a secure Web-based e-
Health portal. To meet the functional requirements, we adopt a service-oriented approach to the
design of our portal. We then tackle various security issues involved in such a design. More
specifically, we outline our solutions for authentication and authorization of users for local and
remote services in different operating modes, for trust management between patients and doctors
using PKI and biometrics, and for preserving patients’ privacy through preference negotiation
and database technology. We also discuss implementation issues of the proposed portal system