Secure Document Circulation: An Architecture For E-Health

We present an architecture for the secure circulation of electronic medical records. The architecture considers two issues prevalent in e-health - inter-operability and security and privacy - and is designed for inter- organisational information flow. We focus our attention on the protection of patient privacy and discuss how privacy policies are applied and enforced on medical records. We also consider privacy protection based on trust relationships formed by the patient. A key feature of the architecture is that privacy policies are not assumed to be complete. For cases where policies do not contain sufficient information to make a privacy-related decision, we show how a simple reasoning scheme can be used based on the "need to know" principle.