EESZT INTRODUCTION

System of Electronic Health Services

National eHealth Platform
Budapest, 18/09/2018, ESIF
Zoltán Schweinitzer
schweinitzer.zoltan@partner.t-systems.hu
 MAIN GOALS OF THE PLATFORM

Central collection, storage and controlled sharing of Hungarian national medical

data,support of a paper-free redeeming of prescriptions

EESZT
pharmacy
patient
3 200
10 000 000
Medical
general practitioner Institutions
5 500 300
2018.02.08 2
 PLATFORM CONNECTIONS

On-line connection between institutions

General practitioner systems

5 country-wide suppliers, further 10 smaller suppliers

Pharmacies
3 country-wide pharmacy systems, further 5 smaller
suppliers

Hospitals and outpatient systems

4 country-wide system suppliers, further 4 smaller SOAP calls + WS-Security – SAML 2.0
suppliers

2018.02.08 3
 PLATFORM SECURITY REQUIREMENTS
Act L of 2013 on the electronic information security of state and local
government organisations
41/2015 (VII. 15) BM decree on technological security requirements,
requirements on secure information devices and products and requirements on
security classification and security rating defined in Act L. of 2013. on the
electronic information security of state and local government organisations.
Base: NIST SP 800 53 rev4 Security and Privacy Controls for
Federal Information Systems and Organizations

2018.02.08 4
 Sector / Institution ARCHITECTURE
Citizen Administratorr

System admin
Tűzfal

System admin WAF

VPN Admin
Sectorial
WEB Patient Portal
Portal portal
zone
Active Directory Authorisation
API Gateway – interfaces manager

Supervision
ESB
Application
zone
Management Modul 1 Modul 2 Modul n Modul m
zone
LOG

Database
zone Healthcare Further data Security
database base zone
(Non-SQL) 2018.02.08 5
 INFRASTRUCTURE DESIGN

Performance
3 000 000 transactions / 10 hours (only prescription 800 000 / day on average)
850 ms average response time

Size
4 separate environments
Virtual machines: 224 pcs (84 pcs production)

Dual-site operation → extreme reliability, disaster recovery

Clustered components→ horizontally scalable

2018.02.08 6
 AUTHORISATION MANAGEMENT

L0: Authentication

L1: Functional layer

L2: Role layer EESZT

L3: Module layer

L4: Patient
authorization check
2018.02.08 7
 AUTHORISATION MANAGEMENT

L0: Authentication

L1: Functional layer

OTP

L2: Role layer

EESZT
L3: Module layer
eSZIG

L4: Patient
authorization check
2018.02.08 8
 AUTHORISATION MANAGEMENT

L0: Authentikáció OAM, TLS

SAML ticket

L1: Functional layer OSB Business modules Patient authorization

L2: Role layer LDAP EESZT IAM

• Users
• L1-L2 authorizations
L3: Module layer • L2 supervision
operations

AUTHORISATIONS USERS
L4: Patient Institutions Sectorial registries
authorization check
2018.02.08 9
 ENSURE A CLOSED SYSTEM
Module 1

Module 2

System admin Technical

Module n Institutional
Business
Event Log Log
SIEM Module 1

Module 2

Module m

2018.02.06 10
 THANKS FOR YOUR
ATTENTION
Zoltán Schweinitzer
schweinitzer.zoltan@partner.t-systems.hu