A Security Focused Integration Architecture for an Electronic Observation Chart

Abstract

An observation chart contains a collection of information from several different health information systems used at a hospital. Today, health personnel often has to access these health information systems during patient care and manually register information from them into the observation chart. Integration of the health information systems which constitute an observation chart is therefore needed. Integration means that systems used by a large amount of users are put together in such a way that all users gain access to the information they need. An integration will increase the efficiency of information flow by automatically retrieving information from relevant health information systems into an electronic observation chart. These improvements in turn will hopefully result in better quality of patient care, reduced time spent on treating each patient and therefore also reduced costs. This thesis describes a security focused integration architecture for an electronic observation chart system (EOC-system). This thesis also explores standards, strategies, laws and regulations relevant for the architectural description of the EOC-system. The EOC-system is going to be developed by CARDIAC, a company focusing on technology within health care, and the architectural description will be a support in this development process. The architectural description for CARDIAC s EOC-system is based on the Model-based Architecture description Framework for Information Integration Abstraction (MAFIIA), which is an architectural description framework for software intensive systems with a specialization towards Information Integration Systems (IIS). The architectural description has also followed MAFIIA s two extensions, MAFIIA/H and MAFIIA/RBAC, which respectively relate to the health care domain and to role-based access control (RBAC). The work with this thesis, following the MAFIIA architectural description framework, has resulted in a detailed and structured architectural description which sees the architecture from several viewpoints and describes different aspects of it. Security and integration are emphasized in the architectural description; a combination of a service-oriented and portal-oriented integration architecture is chosen and the security mechanisms digital signing, secure communication, auditing and access control are ensured.