Federation and security aspects for the management of the EHR in Italy

The Electronic Health Record (EHR) or Electronic Patient Record is a collection of electronic health information about a patient, created to increase personal safety through more accurate evidence-based decision support. Healthcare organizations, especially in different regions/local governments, can have different architectural solutions and procedures, and thus different access control policies. The requirement of compliance with previously developed architectural solutions binds them to using a single Federated infrastructure model. Since data stored in the EHR Infrastructure concerns the health status of patients, they must be considered critical and their confidentiality and integrity must be protected by proper security support. In this paper we will present the analysis of federation and security aspects and issues for the management of the Electronic Health Record in Italy, suggesting a possible solution.