An Electronic Health Record (EHR) is a personal health record that is accessible online from separate, interoperable automated systems. A transition to EHR management enables remote access to health information, removes administrative burdens, enhances productivity, and reduces the occurrence of medical errors.
Privacy, security, and autonomy concerns are major impediments to EHR management for individuals and medical professionals alike. At the same time, healthcare regulations are pushing security technologies for access to health records to the forefront.
U-Prove has been designed to address many of the concerns:
- U-Prove enables healthcare organizations to electronically share EHR information without thereby in effect creating a system-wide identifier for each individual that would allow central parties to monitor all uses of EHR information.
- Authorized parties can digitally sign EHR entries they add or modify. This enables medical professionals to verify the source and integrity of EHR entries on which they rely. In this manner, professionals and service providers can maintain partial ownership of EHRs and avoid legal liabilities resulting from corrupted EHR information.
- Patients or their authorized representatives can be given the ability to manage the links between their dispersed EHR information at different health organizations, without giving central parties the power to link all of their EHR information.
- Medical professionals and other authorized parties can access EHR information based on their role or other access privileges, without being personally identifiable to access providers where this is undesirable.
- Authorized parties can access EHR information offline, that is, without having to involve a central party (such as an identity provider) for each and every access.
- Portable patient devices can copy relevant up-to-date EHR data at point-of-care terminals in a manner that cryptographic protects against unauthorized cloning, lending, pooling, and discarding. These same devices can also selectively disclose minimal EHR information to service providers at other points of care.
For details, see our paper on electronic health.