Future-Proof Security Architecture for Healthcare Communications
Access control based on zero trust principles is thus a data-driven, fine-grained approach to information security, one that not only addresses external threats but also internal ones. The zero trust approach differs in this respect from traditional security design, which usually focuses on making company boundaries secure.
All Parties Integrated Equally
“Our proposal for a TI security architecture 2.0 enables a zero trust approach without having to use proprietary components. Instead, the security architecture relies on the end devices that users of healthcare services already have and takes their security functions into account when authorizing individual access to a service. We explored options for various scenarios such as access by insured parties, medical practices or hospitals,” explains Martin Seiffert, senior scientist in the Secure Systems Engineering department located at Fraunhofer AISEC in Berlin.
A further advantage of the new security architecture is that the user pool can be expanded. “With the existing VPN infrastructure, direct access to healthcare services is only available to service providers such as medical practices with a fixed location, using the VPN connector as a proprietary component. This access route is not suitable for service providers with no fixed location, or for insured parties. The design behind TI 2.0, however, allows for standard access mechanisms for all user groups, and also for using mobile devices,” emphasizes Monika Kamhuber, a scientist from the Secure Operating Systems department at Fraunhofer AISEC in Garching.
Dynamic, Versatile, Adaptable Set of Rules
Another strength of the security architecture design is that when controlling access, not only is the identity of the user crucial, but additional factors such as the time and place of access, as well as security requirements for end devices, can be taken into account. The details specifically required for authorizing access to healthcare data are defined in a dynamic set of rules that evolve as technology advances: The set of rules rapidly integrates current developments in information security and changes relating to the use of healthcare services without having to update each individual service separately.
Access requirements can be defined for the various user groups and applications, depending on the risk, and adjusted again as appropriate. For example, tougher security requirements may be necessary for doctors accessing a large volume of patient data than for insured parties who are only looking to view their own personal data.
Special Protection for Sensitive Patient Data
The secure management of patient data and safeguarding data protection take top priority in sensitive environments such as healthcare. Against this background, the new design from Fraunhofer AISEC and its partners tries to avoid the omnipotence of single actors by ensuring that no infrastructure component alone provides access to the healthcare services. So to access TI 2.0, besides proof of identity, verifying the presence of a one-time registered device can also be made a requirement so that stolen or manipulated proof of identity is not sufficient to gain access, nor is using a stolen registered end device.
“Because the telematics infrastructure is a network where primarily patients’ personal healthcare data is processed, the TI 2.0 is subject to very high security requirements. Our architecture uses various standard components in the areas of identity and access management that are well-established within the context of zero trust, allowing us to meet these requirements,” says Seiffert.