Factsheet

Download our factsheet "epSOS - Technical Aspects"! To access other epSOS documents and print materials, please visit the Download Area.

Auditing

All attempts to access a patient’s data through epSOS are recorded in audit trails. By regular evaluation of audit trails illegitimate disclosures of medical data can be detected and prosecuted.

Auditing and Authentication are achieved using the IHE Profile “Audit Trail & Node Authentication”. This profile contributes to access control by limiting network access between nodes and limiting access to each node to authorized users. Network communications between secure nodes in a secure domain are restricted to other secure nodes in that domain. Secure nodes limit access to authorized users as specified by the local authentication and access control policy.

  • User Authentication
    The Audit Trail and Node Authentication Integration Profile requires local user authentication. The profile allows each secure node to use the access control technology of its choice to authenticate users. The use of Enterprise User Authentication is one such choice, but it is not mandatory to use this profile.
  • Connection Authentication
    The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node. The DICOM, HL7, and HTML protocols all have certificate-based authentication mechanisms defined. These authenticate the nodes, rather than the user. Connections to machines that are not bi-directionally node-authenticated are either prohibited, or designed and verified to prevent access to PHI.
  • Audit Trails
    User Accountability is provided through Audit Trail. The Audit Trail permits a security officer in an institution to audit activities, to assess compliance with a secure domain’s policies, to detect instances of non-compliant behavior, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI).

Profile secure communication is realized through RFC 2246 Transport Layer Security (TLS) 1.0 and WS-I Basic Security Profile 1.1. Audit Log transport is executed using RFC 5424/5425/5426 Syslog Protocol, and Audit Log messages are performed using RFC 3881 Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications.