From business to the use case
HEALTHeID is a project born from the European Commission proposal to support countries in integrating Electronic Identification, Authentication and Trust Services (eIDAS) with cross-border services with the aim of improving the quality of services provided to EU citizens.
Set up by a consortium of European countries, HEALTHeID aims at the cross-border identification and authentication of citizens, enabling digital access to health records and services in Europe.
Electronic identification is a key mechanism to ensure the security of digital transactions, especially when it comes to health data. Therefore, HEALTHeID aims to improve the health system for citizens and professionals in the European context.
Relying on eIDAS policy framework for eHealth, HEALTHeID is anchored on:
eIDAS Regulation – promotes a standard where the citizens may identify and authenticate themselves using their national eID credentials via a trust network of national eIDAS nodes; once identified and authenticated, the patient may access cross border on-line services and control his own health data.
GDPR – General Data Protection Regulation, based on the subject’s consent to personal data processing, is applicable to HEALTHeID in as far as on-line services made available to the person/patient are concerned.
Directive 2011/24, Article 14 – establishes the mechanisms for cooperation and exchange of information among Member States working within a voluntary network, i.e. the eHealth Network, connecting national authorities responsible for eHealth designated by the MS.
Additionally, EC “Communication on enabling the digital transformation of health and care in the Digital Single Market; empowering citizens and building a healthier society” set the following priorities:
- Citizens’ secure access to electronic health records and the possibility to share their records across borders, and the use of e-prescriptions;
- Supporting data infrastructure, to advance research, disease prevention and personalised health and care in key areas included rare, infectious and complex diseases;
- Facilitating feedback and interaction between patients and healthcare providers, to support prevention and citizen empowerment as well as quality and patient-centred care, focussing on chronic diseases and on a better understanding of the outcomes of healthcare systems.
1. Compliance with eIDAS Regulation – exhausting possibilities for a viable solution within its provisions.
2. Privacy by design – respecting GDPR requirements, its enabling legal basis for access to health data and individual’s rights protection.
3. Security – ensure protection against security breaches and preserve the Level of Assurance (LoA) of patient authentication throughout the whole process.
4. Patient Empowerment – enhance citizen experience regarding own health data access and control.
5. Scalability – The solution must have the least impact on the current deployment of eHDSI, even though taking a longer-term perspective.
6. Availability – The approach must balance digital patient empowerment against accessibility by segments of population, exploiting widely used technologies by EU citizens (smartphones, connected devices) and considering alternatives for minority situations.
1. Adopt a coherent protocol profile to interact with the national eIDAS connector.
2. Have established a trust relationship with the national eIDAS connector.
3. Provide an interface for the insertion of the patient identifier.
4. Use the retrieved identification data to complete the patient identifier.
5. Adopt authentication schemes coherent with the LoA used in the eIDAS cross-border authentication scheme.
6. Provide an interface for the communication of the patient identifier towards the NCPeH component.
7. Ensure lawful processing of personal data presenting the user information about the foreseen use of the data, and the context of use (e.g. specific healthcare encounter).
8. Provide an interface for the patient to provide an informed consent.
9. Provide adequate input/output interfaces to allow patient use of personal devices (e.g. smartphones).
Why is HEALTHeD dealing with online patient-oriented services?
Because when a person electronically identified towards a service provider is to receive an online service by that service provider eIDAS electronic identification becomes crucial.
How did HEALTHeID proceed in creating patient oriented online services for demonstration purposes?
HEALTHeID explored how the concept of eIDAS based electronic identification could be transferred to the current cross border context of Patient Summary and ePrescription services and reached that:
1. Following GDPR patients must be informed on the purpose of data processing through a Patient/Privacy Information Notice (PIN). Therefore, providing an online PIN service is relevant to all MS;
2. Identification attributes provided by the Country of Affiliation (Country A) may not include a patient identifier. Consequently, providing a functionality for patient entering own identifier must be a second online service to certain MS;
3. Patient providing online consent in country B is an additional service, yet identified that would be relevant to certain MS as well.
HEALTHeID aims at developing, testing and delivering to the European Commission and the Member States (MSs) a reference implementation of an eID connector, linking the national OpenNCP-based National Contact Point for eHealth (NCPeH) to the eIDAS node and the relevant attribute providers. Such reference implementation will be transferable to all national scenarios.
Connecting the national eIDAS Infrastructure to the national NCPeH will enable secure access to cross border eHealth Information Services (CBeHIS). These services are provided by the NCPeH, according to the terms and conditions, agreed by the eHealth Network (eHN). The services concerned are “Access to Patient Summaries” and “ePrescription Services”.
In this context, the action will pilot, in a Technology Readiness Level (TRL) 7 environment, a cross-border health data exchange between four MS, leveraging on the eIDAS Network of Nodes, the national eID Schemes as well as the national eHealth infrastructures. All the resulting eID solution components will be made available as Open Source Software components to the eHealth Digital Service Infrastructure (eHealth DSI) and its National Contact Points for eHealth in order to incorporate them into the eHealth DSI reference implementation. The action builds on the piloting level achievements of the project Electronic Simple European Networked Services (e-SENS), funded by the EU Programme CIP-ICT PSP.
HEALTHeID will localize the connector in the core group of MS participating in the action and will leverage on synergies among the MS that have already piloted eIDAS eID in e-SENS (AT, IT, PT and GR) in migrating their cross-border eHealth eID to an eIDAS compliant implementation. This will, however, be pursued in cooperation with MS that have not piloted eIDAS eID in e-SENS but are in the process of setting up eIDAS nodes (CZ, LT, DE). By doing so, the action will provide a solid basis for the design and development of a reference implementation transferable to other MS and to the eHealth DSI. Alignment, both technical and timewise with the deployment of the eIDAS nodes will be secured. Collaboration with relevant EC services (e.g. DG SANTE and DG DIGIT) will be sought.
Activity 1: Identification of non-functional requirements
This Activity will identify non-functional requirements, covering policy, organizational and legal aspects, as well as usability guidelines for the eID solution components resulting from the action.
Activity 2: Development and testing of the reference implementation
The Activity will identify functional specifications for the eID component, develop and test its reference implementation. It will partially build on the set of e-SENS eHealth eID software components to consolidate physical token-based workflows without the need for further middleware.
The work will be carried out by a highly specialized 3-5-member team of experts which will liaise with the national experts leading technical implementation in the core MS to ensure adequate technical alignment at the national level.
Activity 3: Preparation for transfer of activities
The aim of this activity is to ensure transferability of the reference implementation to all MS.
Activity 4: Action co-ordination This activity provides the necessary co-ordination, technical and management support for the Action. The coordinator is the main contact point for INEA and will cooperate with the Technical Coordinator and the Activities leaders, responsible for the proper and timely implementation of the technical and non-technical aspects of the Action TabImagem
The consortium is composed by the competent organisations of 7 MS responsible for the eIDAS node and the NCPeH from each country. Where necessary these organizations brought in additional national organization (i.e. Greece, Portugal) or mandated other national organizations to carry out the tasks on their behalf (i.e. Italy, Czech Republic).
- Portugal
SPMS (Shared Services for Ministry of Health)
AMA (Administrative Modernization Agency)
Caixa Mágica Software (CMS)
- Austria
ATNA (Ministry of Health)
- Italy
POLITO (Politecnico di Torino)
LISPA (Lombardia Informatica S.p.A.)
- Germany
Gematik
- Lithuania
State Enterprise Centre of Registers
IT and Communications Department
- Czech Republic
Vysočina
- Greece
Helenic Ministry of Administrative Reconstruction (HMAR)
IDIKA S.A
AUTH – The Information Technology Laboratory of the Aristotelian University
TRANSFERATHON 28th – 30th October 2019
Representatives from 11 Member States, DG SANTE, DG DIGIT and eHMSEG travelled to Porto to attend TRANSFERATHON, currently taking place at the SPMS, EPE facilities.
Through the three-day event, HEALTHeID Consortium will be working together with Member States participants, as well as from the Commission to demonstrate the practical use of the HEALTHeID NCPeH-eIDAS connector, focusing on the validation of eID in the Health domain.
With two parallel working sessions: Business Workstream and Technical Workstream, TRANSFERATHON includes a set of workshops and hands-on demonstrations.
HEALTHeID – TRANSFERATHON main purpose is supporting European countries in integrating eIDAS (Electronic IDentification, Authentication and Trust Services) with cross-border services in order to improve the quality of services provided to citizens in Europe.
TRANSFERATHON |HEALTHeID Project DEMO
TRANSFERATHON will take place at the SPMS, EPE facilities in Porto, from 28th to 30th October 2019.
Within the Project HEALTHeID – aimed at integrating Electronic Identification, Authentication and Trust Services (eIDAS) with cross-border services, to improve health services provided to EU citizens, TRANSFERATHON comprises a set of technical workshops and practical demonstrations.
As the name suggests, TRANSFERATHON strives for the transferability of the reference implementation to all Member States. To this end, practical demonstrations of the use of the connector developed for the eHealth domain will be performed, focusing the validation of electronic identification (eID) in health domain by connecting eIDAS node with National Contact Points for eHealth (NCPeH) environments.
Representatives from DG SANTE, DG CONNECT, DG DIGIT, eHMSEG Chairs, Member States, entities responsible for eIDAS node & for NCPeH, National authorities, Competence Centres and Academia are the expected attendees for this three-day event.
Enabling citizens’ access to digital health records and services in Europe, ensuring digital transactions security are HEALTHeID main goals, hopefully TRANSFERATHON may be the kick-off.
4th HEALTHeID – Technical Working Meeting
The 4th HEALTHeID – Technical Working Meeting took place in Prague, Czech Republic, July 16th – 17th this year. Olšanka Hotel welcomed the working group focused on project activities’ development during the two-day meeting.
Diogo Martins – International Projects Coordinator from SPMS introduced both sessions, followed by the work state of play and discussion of ideas.
The first day’s agenda focused on the progress of HEALTHeID Activity 2 “Development and testing of the reference implementation”, which aims to identify functional specifications for the eID component, develop and test its reference implementation, based on e-SENS eHealth eID software. This work, carried out by a highly specialized team, aims to collaborate with the experts leading the technical implementation at national level in the main Member States to ensure appropriate technical alignment at national level. In this sense, the working group also focused on the involvement of these entities, foreseeing their participation and contribution.
On the second day Activity 1 of the Project “Identification of non-functional requirements” marked the beginning of the meeting, which consists of identifying non-functional requirements, relating political, organizational and legal aspects, as well usage guidelines for the components of eID solution, resulting from the action.
As electronic identification is an essential mechanism to ensure digital transactions’ security, especially regarding health data, in the framework of Activity 3 “Preparation for transfer of activities” the action plan, transfer processes and methodology were then discussed.
Objectively, HEALTHeID implementation envisages the identification and cross-border authentication of citizens in the health field, enabling digital access to health records and prescription services in Europe.
HEALTHeID Session at Lisbon eHealth Summer Week 19th-22nd June 2018
“Nobody else is building HEALTHeID. That’s us!” were the words of Henrique Martins – Chairman of the Board of SPMS during the Project’s first workshop, on the second day of the 2nd Lisbon eHealth Summer Week. The event took place at Belém Cultural Center aimed for eHealth-focused project meetings, fostering discussion of development strategies, implementation, added value and the future of different eHealth services that are critical to health.
Carried out by a consortium of European countries HEALTHeID foresees the identification and cross-border authentication of citizens in the health field, allowing the access to digital health records and electronic prescription services in Europe. Electronic identification is a key mechanism to ensure the security of digital transactions, especially when it comes to health data.
At this first meeting, implementation and its challenges were a priority, focusing on raising technical and legal issues such as the adoption of eIDAS (Electronic IDentification, Authentication and trust Services) regulation.
As HEALTHeID Coordinator, SPMS will continue to hold meetings for the Project development, seeking to improve the health system for citizens and professionals across Europe.
Transferathon
28th – 30th October
Agenda
