Rights Management Technologies: A Good Choice for Securing Electronic Health Records?

  • Milan Petković
  • Stefan Katzenbeisser
  • Klaus Kursawe


Advances in healthcare IT bring new concerns with respect to privacy and security. Security critical patient data no longer resides on mainframes physically isolated within an organization, where physical security measures can be taken to defend the data and the system. Modern solutions are heading towards open, interconnected environments where storage outsourcing and operations on untrusted servers happen frequently. In order to allow secure sharing of health records between different healthcare providers, Rights Management Techniques facilitating a datacentric protection model can be employed: data is cryptographically protected and allowed to be outsourced or even freely float on the network. Rather than relying on different networks to provide confidentiality, integrity and authenticity, data is protected at the end points of the communication. In this paper we compare Enterprise/Digital Rights Management with traditional security techniques and discuss how Rights Management can be applied to secure Electronic Health Records.


Electronic Health Records Data Owner Electronic Health Records System Digital Right Management Protected Health Information 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Char06]
    R. Charette, Dying for Data, IEEE Spectrum, October2006, pp. 16–21Google Scholar
  2. [Ford0l]
    W. Ford, P. Hallam-Baker, B. Fox, B. Dillaway, B. LaMacchia, J. Epstein, J. Lapp, XML Key Management Specification (XKMS), 2001, W3C http://www.w3.org/TR/xkmsGoogle Scholar
  3. [HIMSS03]
    Healthcare Information and Management Systems Society (HIMSS), EHR Definition, Attributes and Essential Requirements; 2003; http://www.himss.org/content/files/EHRAttributes.pdfGoogle Scholar
  4. [HL7]
    Health Level Seven (HL7), http://www.M7.orgGoogle Scholar
  5. [SAML]
    Security Assertion Markup Language, Version 2.0, OASIS Security Service TC, http://www.oasisopen.org/spec s/index.php#saml2.0Google Scholar
  6. [XMLEn]
    XML Encryption, http://www.w3.org/Encryption/2001Google Scholar
  7. [XMLSi]
    XML Signatures, http://www.w3.org/SignatureGoogle Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Milan Petković
    • 1
  • Stefan Katzenbeisser
    • 1
  • Klaus Kursawe
    • 1
  1. 1.Philips ResearchInformation and System Security DepartmentUSA

Personalised recommendations