The national implementation of Electronic Health Care Records is a hot topic within the UK government and the UK National Health Service. The population’s understanding of what an electronic health care record represents and how they will interact with it is mainly determined by its exposure in the media. Ultimately the acceptance of the longitudinal eHCR by the population will be dependent on its ability to reflect the wishes of the population. On an operational level it must also be simple enough to be deployed to the NHS user community. CBCU in conjunction with the OPERA group at Cambridge University Computer Labs identified that electronic health care records on a national scale will require a new thinking in the field of scalability, authorisation, security policy and expression of an individual’s preferences.
Initial research has shown that existing authorisation techniques do not scale to the levels required by a national system. Existing systems do not allow the organisations responsible for the health care episodes to define the local access policies.
This project is addressing these issues by applying distributed policy definition and authorisation theories. These theories have been developed by the Cambridge University Computer Labs over the past 15 years. To date the project has implemented a demonstrator authorisation framework that illustrates the operation of the system in a distributed environment.
The architecture of the authorisation framework enables individual health care episodes to be aggregated into a complete health care record for the subject patient. This record is then accessible by any suitably authenticated user, and the content of the visible record is controlled by user/data level authorisation policies that may be defined by the organisations responsible for each constituent health care episode.
CBCU is continuing to work with primary service providers to develop this framework into a longitudinal eHCR system.
- Team leader: Ian Boston [Software Developer]
- Team members for CBCU: Tim Mills, John Norman [Director of CBCL], Jem Rashbass; for OPERA: Ken Moody, Jean Bacon, David Eyers, Walt Yao
- Technologies: x509 Certificates, J2EE [Java 2 Platform, Enterprise Edition], Web Services, Message Oriented Middleware, SOAP [Simple Object Access Protocol], XML [Extensible Markup Language], XSLT [Extensible Stylesheet Language Transformations], HTML [Hypertext Markup Language]
- Funding: Research Grant
- Start: March 2002