gms | German Medical Science

49. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie (gmds)
19. Jahrestagung der Schweizerischen Gesellschaft für Medizinische Informatik (SGMI)
Jahrestagung 2004 des Arbeitskreises Medizinische Informatik (ÖAKMI)

Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie
Schweizerische Gesellschaft für Medizinische Informatik (SGMI)

26. bis 30.09.2004, Innsbruck/Tirol

How do you know who I am? : Advanced Authentication Methods for Personal Health Records

Meeting Abstract (gmds2004)

Search Medline for

  • corresponding author presenting/speaker Ulrich Sax - Children's Hospital Informatics Program, Boston, USA
  • Kenneth D. Mandl - Children's Hospital Informatics Program; Harvard Medical School, Boston, USA

Kooperative Versorgung - Vernetzte Forschung - Ubiquitäre Information. 49. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie (gmds), 19. Jahrestagung der Schweizerischen Gesellschaft für Medizinische Informatik (SGMI) und Jahrestagung 2004 des Arbeitskreises Medizinische Informatik (ÖAKMI) der Österreichischen Computer Gesellschaft (OCG) und der Österreichischen Gesellschaft für Biomedizinische Technik (ÖGBMT). Innsbruck, 26.-30.09.2004. Düsseldorf, Köln: German Medical Science; 2004. Doc04gmds025

The electronic version of this article is the complete one and can be found online at:

Published: September 14, 2004

© 2004 Sax et al.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License ( You are free: to Share – to copy, distribute and transmit the work, provided the original author and source are credited.




Computer users are used to typing in usernames and passwords to protect their sensitive computer applications. Usually every single application requires a different password. Thus people tend to be very creative to keep track of their password, often with the disadvantage, that they are not secure any more. Furthermore, passwords can easily be guessed or cracked [1], [2]. Protecting a Personal Health Record with a username and a password only does not seem to be a good idea. Unfortunately, that's the way how most of today's electronic health record systems are protected [3], [4], [5], [6], [7], [8], [9], [10].


Strong authentication makes use of the "techniques that permit entities to provide evidence that they know a particular secret without revealing the secret". The most well known strong authentication system is pubic key encryption and the related Public Key Infrastructure (PKI) to ensure identity of the users [11]. Each user's public key is published in a directory, whereas the private key has to be stored on a secure device like a smartcard. Other tokens could be a key file, crypto hardware, USB-Dongle or a subscriber identity module (SIM) equipped cell phone.


Advanced Personal Health Records need strong authentication, as the records may contain more sensitive information than any hospital record[5]. Future implementations will even contain genomic data of patients [12], [13] the patient as record owner will be able to annotate the data [9]. Secondly these records will be used anywhere - not predominantly in a trustworthy environment.

Achieving a balance between providing the necessary security, while promoting user acceptance, is a major obstacle in large-scale deployment of PHRs.

Strong authentication with standard PKI components generally meets the demands, but the traditional tokens and the corresponding equipment are hard to deploy in an inhomogeneous environment. Furthermore the acceptance of additional tokens is generally bad [14], [15]. These tokens have to be deployed, need additional hardware like card readers and additional software like hardware drivers.

Wireless authentication with cell phones could redundantize the deployment of personal tokens and raise acceptance for strong security measures. Albeit standard cell phones can only be used to some degree for wireless authentication, new third generation (3G) cell phones together with a mobile authentication service could meet all the demands of strong authentication and achieve user acceptance.

Cell phone authentication offers interesting possibilities for patients and medical staff to access patient data, which would not be disclosed without strong authentication.


We see a necessity of strong authentication especially in the usage of PHRs in insecure environments. USIM-equipped cell phones could be useful devices for healthcare-related applications requiring strong authentication. Nevertheless there are several problems to be addressed in future investigations. They mainly arise from the need for usability and high availability including the registration process, the Mobile Authentication Service, the lag time and the evaluation.

Due to the shortcomings of authentication methods based on SIM-equipped devices [16], [17] we should build strong authentication capabilities using USIM-based 3G mobile equipment [18].

Cell phone-mediated authentication provides the security strength of PKI and avoids the problems that traditionally plague the PKI implementations. Therefore strong authentication via mobile equipment has potential to provide strong authentication in health care.


Proctor RW, Lien MC, Vu KP, Schultz EE, Salvendy G. Improving computer security for authentication of users: influence of proactive password restrictions. Behav Res Methods Instrum Comput 2002;34(2):163-9.
VeriSign_White_paper. The Security Risks of Using Passwords. In; Accessed June 20, 2003.
Ueckert FK, Prokosch HU. Implementing security and access control mechanisms for an electronic healthcare record. Proc AMIA Symp 2002:825-9.
Waegemann CP. Status Report 2002: Electronic Health Records. In: MRI; 2002.
(IOM) IoM. Key Capabilities of an Electronic Health Record System - Letter Report. In; 2003.
Sittig DF. Personal health records on the internet: a snapshot of the pioneers at the end of the 20th Century. Int J Med Inf 2002;65(1):1-6.
Kim MI, Johnson KB. Personal Health Records - Evaluation of Functionality and Utility. J Am Med Inform Assoc 2002;9(2):171-180.
Personal_Health_Working_Group. Personal Health Working Group - Final Report. In. Boston, MA; 2003.
Riva A, Mandl KD, Oh DH, Nigrin DJ, Butte A, Szolovits P, et al. The personal internetworked notary and guardian. Int J Med Inf 2001;62(1):27-40.
Mandl KD, Szolovits P, Kohane IS. Public standards and patients' control: how to keep electronic medical records accessible but private. Bmj 2001;322(7281):283-7.
Tardo J, Alagappan K. SPX: Global Authentication Using Public Key Certificates. Proc IEEE Symp. Research in Security and Privacy 1991(IEEE CS Press):232-244.
Ford JH, 2nd, Turner A, Yoshii A. Information requirements of genomics researchers from the patient clinical record. J Healthc Inf Manag 2002;16(4):56-61.
Kohane IS. Bioinformatics and clinical informatics: the imperative to collaborate. J Am Med Inform Assoc 2000;7(5):512-6.
Is PKI breathing it's last breath? In:; 2002. modules.php?name=News&file=article&sid=163
Barnett D. Public Key Infrastructure Concerns in Healthcare Settings. In: Kaiser Permanente; February 26, 2000.
Campbell R, Mckunas D. Analysis of Third Generation Mobile Security. In: Computer Science Department University of Illinois at Urbana-Champaign; Accessed June 30, 2003.
Perttula k-p. UMTS security. In: Helsinki University of Technology; Accessed June 30, 2003.
3GPP. TS 11.11 V8.9.1 (2003-06) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Terminals Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface (Release 1999). In; Accessed June 26,2003.