BarcelonaMarch 16, 2010

Contribution to:

Interoperability of health professionals’ authentication in Europe

Mariane Cimino, HPRO Card, ASIP-santé, France

General overviewGeneral overview

HPRO Card with a harmonized

European face

Phase 1 Phase 3Phase 2

HPROPresentationto EP

Oct. 2007

• Governance• HCP identity federation framework • Pilot epSOS, STORK…

HPRO Card

Phase 4

Pilots and implementation

Access managementto applications(ex. Electronic Health Record,e-prescription)

Work on professional qualifications

Directive2005/36/CE

Phase 0

•Competent authorities•Existing H Pro systems•Possible architectures•Interoperability issues

Future situationPast situation Present

HPRO Card workpackagesHPRO Card workpackages

• WP1 : Identification of the competent authorities for

health professionals in EU

• WP2 : Identification of health professionals cards in

Europe

• WP3 : Conditions for implementation of strong

authentication of health professionals

• WP4 : Interoperability between different health

professionals authentication systems

• WP5 : Project management

• WP6 : Dissemination

From March 2008 to November 2009

Jurisdiction # 1 Jurisdiction # 2

Function A

Organisational

Semantic

Technical

Political / Legal

Function A

Organisational

Semantic

Technical

Political / LegalIOp A

greement

Interface; Mapping;

Translation ...

Top-Down

Bottom-up

Education & Awareness raising

Interoperability levels

Organisational

Semantic

Technical

Registration procedures, verification procedures

Data models, identifiers, numbering systems

Certificates, ID-tokens (e.g. cards), directory databases, networking infrastructure

Political / LegalLegislation, nomination of responsible authorities, definition of covered entities

Interoperability levels in ID managementInteroperability levels in ID management

Electronic certificates’ productionElectronic certificates’ production

5 professions

27 state-members

893 Competent

authorities

Certification

authorities

Publication

authorities

Registration

authorities

PKI

Validation authorities

Databases or

Repositories

Access profiles

Competent AuthoritiesDirective 2005/36 (5 health professions)Competent AuthoritiesDirective 2005/36 (5 health professions)

� Identification of the competent authorities� Process of registration

ResultsResults

How many competent authorities in EU ?

about 893 competent authorities identified

� They can be classified in two main categories :- Professional organizations: Orders, Chambers, Associations …- State organizations: Ministry of Health, Agencies,- Health insurance…

� Depending on the administrational and political org anization of each country, they can be organized at the:

- National level (Sweden …)- Regional level (Germany …)- Local level (Italy …)

For example: Workflow for Estonia

HP Diploma’s provider

Right to practise provider

Sanction’s provider

Id’s provider

HP card’s provider

training

diploma

registration documents

right to practice / or not

registration documents

identifier

sanction / no sanction

registration documents

HP card

(Initial procedure or changes in the professional situation)

University2 Health care colleges****

Health Care Board*

* governmental agency, which started operations on 1st of January 2002 under the jurisdiction of the Ministry of Social Affairs, according to the Health Services Organization Act ** one association by profession, the sanctions are not registered (due to regulation on privacy)

*** there is no plan to issue professional cards**** for nurses and midwives

Conclusion for Estonia :

Competent Authorities = Health Care Board

Professional associations**

Health Care Board*Automatic calculation of theCode in the registry (Kood)

Id Card (for all citizens***) with : Name, Surname, Id Code, Date

of birth, Date of validity…

State Agency

National level

For example: Workflow for Spain

HP Diploma’s provider

Right to practise provider

Sanction’s provider

Id’s provider

HP card’s provider

training

diploma

registration documents

right to practice / or not

registration documents

identifier

sanction / no sanction

registration documents

HP card

(Initial procedure or changes in the professional situation)

Universities

Regional Medical Councils*

* 52 Regional Medical Councils in the 17 autonomous regionsdental surgeons ?? pharmacists ??, nurses ??, midwives ??

** CGCOM : El Consejo General de Colegios Oficiales de Médicos : The Spanish Medical Association groups together all Autonomous and Regional Medical Councils, and is the responsible of the relations with State Government and at the international level.*** Barcelona, Girona and national level

Regional Medical Councils

in coordination with CGCOM**: smart cards

Regional Medical Councils*CGCOM**

CGCOM** :• Central Registration Database • Central Ethics Commission

Regional Medical Councils

in coordination with CGCOM**

Conclusion for Spain :

Competent Authorities for Doctors = OMC

52 …/…

52 …/…

52 …/…

3***

Professional

organizations

Regional level

HP Diploma’s provider

Right to practise provider

Sanction’s provider

Id’s provider

HP card’s provider

training

diploma

registration documents

right to practice / or not

registration documents

identifier

sanction / no sanction

registration documents

HP card

(Initial procedure or changes in the professional situation)Universities

Chamber * Chamber *

* : for pharmacists, dentists and physicians** : for nurses and midwives

Chamber *

Ministry of health **Ministry of health **

Ministry of health **

Health insurance

No document

For ex: Workflow Czech Republic

Conclusion for Czech Republic- Pharmacists, dentists and physicians : national chambers

-Nurses and midwives : Ministry of Health

Mixed Nature

National level

ResultsResults

How many professionals in EU ?

� WHO’s database• Physicians: 1 543 500

• Dental practitioners: 303 900

• Pharmacists: 341 000

• Nurses: 3 488 400

• Midwives: 100 900

5 777 700 healthcare professionals in Europe

� HPRO Card’s database• 10 to 35% of discrepancies between WHO and HPRO databases

e.g. this represents a difference of 24000 HCP in Belgium, 169000 HCP in Poland

• 52% of discrepancies for Spanish nurses (= 110000 nurses)

• 87 % of discrepancies for Swedish pharmacists (= 2500 pharmacists)

Different dates, different definitions (active/non active persons…)

Health professionals’ identity documentsHealth professionals’ identity documents

• Some countries have no card. For example, Poland issues a professional passport and Luxembourg has a paper

certificate

• Some have plastic or paper cards. For example, France or

Ireland

Existing health professionals’ smart cardsExisting health professionals’ smart cards• Austria

• Pharmacists (Apothekerausweis)• Doctors in contract with social insurance (Ordinationskarte or o-card)

• France• All professions (Carte de Professionnel de Santé CPS)

• Germany• Doctors (Arztausweis)

• Hungary• Doctors

• Italy (Lombardy)• All professions (Carta SISS)

• Netherlands• All professions (UZI-pas)

• Portugal• Dentists

• Slovenia• All professions (Profesionalna kartica)

• Spain (3 regions)• Doctors (Carné de médico colegiado)

• Sweden• All professions (SIS card and SITHS card)

• UK• All professions (NHS CRS smartcard)

Projects of health professionals’ cardsProjects of health professionals’ cards

• Belgium (2010)• Pharmacists

• Finland (2011)• All professions

• Hungary (2011)• Doctors• Dentists• Pharmacists

• Ireland• Pharmacists

• Italy (Latina)• Doctors• Dentists

• Luxemburg• All professions

• Slovakia (2010)• All professions

• Spain• Pharmacists

• Switzerland• Doctors

• …

• eID card used by the doctors, for instance in Estonia

• Belgium eID card used on the eHealth platform

• Potential eID card used by doctors in Norway

e-Identity cards for health professionals

HPRO-Card.fr

Application

CRL

HPRO-Card.es

Validation demand/response

Proposed architecture

1. Authentication

2. Validation of the certificate

3. Verification of access rights

4. Secured access on the right application

PKI

Technical materials on 23 different systems

Health professionals’ databases

• Some online examples :� Austria: doctors

� Czech republic : doctors, dentists and pharmacists

� Estonian: doctors and pharmacists

� France: all regulated professions

� Lithuania : all regulated professions

� Ireland: nurses and midwives

� Norway : all regulated professions

� Poland: doctors and dentists

� Portugal : dentists

� Spain: doctors

� UK: doctors and pharmacists

Health professionals’ databases

•Eviden ční číslo : Evidence number •Jméno a p říjmení: Name and surname •Místo výkonu povolání : Instead profession •Odbornost : Expertise •Licence : License

In the register there are additional information (non public ones) : •date of birth•address

Health professionals’ databases

• A health professional wants to practice in another EU State Member for a temporary

providing of services.

• Studied issue : at which conditions he can use the workstation + card reader + application of

the foreign country ?

Use Case 1

German demonstratorGerman demonstrator

Country A Country B

Authentication signature

Authentication signature

Citizen card middleware that origins from eGovernment programmes

Own software Konnektor spezifikation

PKCS#11

MS CAPI

CDSA

PKCS#11 With the UZI-card the standard SafeSign Identity Client middleware is provided from A.E.T. Europe B.V for Windows, MacOS X and Linux.

Classic Client 5.1.7 - 004 for ZZZS

Common CSP (Cryptographic Software Provider) who understands PKCS#15 file

+ coop with CSP provider (SecMaker and their application – NetID) : both client and server additional functions, such as “Single-sign-on”

Workstation + reader

Applications

G&D SafeSign 2.2

?

Austria France Germany Italy Netherlands Slovenia Spain SwedenAustria

Middlewares

Use Case 2

• A health professional has to access medical data of a foreign patient in the patient’s country of

origin

• Studied issue : at which conditions he can authenticate himself and receive the access

rights ?

Reply

Spanish demonstrator

French medical consultation

Spanish hospital

Form and signature (PDF)

Phase 1 Phase 2Phase 3

Verification request

Reply Verification request

Spanish Medical Chamber

French Order of doctors

Spanish patient

Access for foreign doctorsto Xarxa Sanitària i Social de Santa TeclaAccess for foreign doctorsto Xarxa Sanitària i Social de Santa Tecla

e-signature of the patient to give access to a foreign doctore-signature of the patient to give access to a foreign doctor

e-Signature of the foreign doctor e-Signature of the foreign doctor

Verification of the foreign doctorVerification of the foreign doctor

HPRO.es

HPRO.fr

French doctor

Belgium demonstrator

1

1 12 11

2

French health assurance card

Belgium pharmacist card

French pharmacist card

French pharmaceutical record (4 months-history of delivered medicines in every French pharmacies)

Use Case 3

• A health professional wants to be recognized as a health professional in another country

• Studied issue : how can we verify the authenticity of his card ?

Result

Belgium demonstrator Website

Perspectives and orientationsPerspectives and orientations

Cartography of health professionals ID tools and databases

How to provide an infrastructure to interoperate at the EU level ?

www.hprocard.eumariane.cimino@sante.gouv.fr

More information