Picture of the logo of Health Informatics Europe
What's new
HIE wire
Meeting place
Who's who
Library
Directory
Search
About HIE


Editor
Dr Ahmad Risk 

Committed to the Open Source Movement in Healthcare

Established
16 October 1998

Copyright © 1998–2008
Health informatics Europe

HIE r_aro.gif (116 bytes) Library r_aro.gif (116 bytes) Papers

updated: 23 July 2003


The digital certificate — a new model for deployment

By Kevin Still, Diginus Ltd.

 

 

Digital certificate technology has a decidedly patchy healthcare track record. Can a new open-source model avoid the mistakes and deliver affordable, practical security?

The digital certificate was expected to allow better quality healthcare to be delivered faster and at lower cost by enabling the secure networked exchange and storage of patient and clinical data.

But it turned out to be difficult and costly to implement and the proprietary nature of many certificate solutions meant prospects for the important goal of interoperability looked bleak. As the recession bit, vendors found healthcare was among the first sectors to put certificate roll-outs on hold.

So what went wrong?

I believe the basic proposition was flawed. Digital certificates are created and managed by highly complex public key infrastructure (PKI) software. The major certificate PKIs were built for the needs of global commerce – a customer base flush with cash to spend on high-profile IT projects and with well-resourced internal IT departments. The contrast with healthcare could not be more stark.

It was no therefore no surprise that most certificate deployments in the UK public sector took place with the help of managed service providers. In theory these third parties bear the cost of buying and operating the PKI and pass on the economies of scale. In reality, their pricing is dictated by PKI vendors anxious to recover substantial development, marketing and sales costs.

But high up-front charges are not the only problem. Most proprietary PKI needs special software to act as a kind of middleware between certificates and desktop applications. Installation and maintenance of this means further cost. Often, still more budget is sucked up by the need to integrate new and existing applications with the digital certificate service.

Finally, managed service customers have found themselves vulnerable to the fluctuating fortunes of both service providers and PKI vendors. They can be left high and dry as a result of commercial collapse or a strategic withdrawal from a particular market.

None of this means PKI is fundamentally inappropriate for healthcare. But it does, in my view, mean the established delivery mechanism is wrong.

A radical new model retains the managed services provider, but instead of being proprietary, its PKI is built entirely from industry standards-based Open Source code. The service is also configured to deliver exactly the functionality required by healthcare and to operate in a way that conforms to health sector guidelines or local requirements. It works directly with existing, unmodified applications to encrypt and sign, using no special client-side software.

Open source has its critics -- almost all of them with proprietary positions to defend -- but it is very rapidly gaining acceptance world-wide and is proving highly robust. The core software used by the new model, Open CA, is a development of teams in Italy and Germany with EU-wide governmental support. The four other main technology components: the operating system Linux; the directory service Open LDAP; the database MySQL, and the cryptographic library Open SSL, are all widely respected, deployed and proven by international business and governments.

The new PKI model starts from a uniquely strong foundation because there are no software development costs to recover. Charges therefore need only reflect the cost of service provision. Unlimited numbers of digital certificates can be issued with customers paying a simple service fee. That means a 1,000 seat project will typically cost 60% less than the old model – and it becomes cheaper still in real terms for even larger roll-outs. The new model positively encourages bold certificate deployments.

The new model is strong too in the area of compatibility. It recognises that healthcare has a huge financial and training investment in mainstream third party software and so works directly with it, enabling a wide range of secure healthcare applications to be deployed quickly and cost-effectively. Typical examples include any kind of messaging application, including electronic links with partner organisations like suppliers and other public sector agencies.

Another major plus of the new paradigm is its trust model ( the hierarchy of people and organisations that make a digital certificate inherently trust-worthy). Some earlier managed services have been inflexible, insisting for example on a face-to-face verification process coupled to documentary evidence of identity. This added both delays and yet more cost.

Under the new model responsibility for verifying the identity of would-be certificate holders rests with certificate managers appointed within user organisations. They use local resources to verify applicants, then visit a dedicated Website to order certificates. The process typically takes less than 24 hours.

Early experience with the new model has been encouraging. Users have found their expectations of far lower costs to be realised. Delivered solutions have proved stable, robust, and easily integrated with existing systems.

 

Kevin Still, Diginus Ltd.
17 July 2003