Integrity for electronic patient record reports

The use of an EPR within a hospital is essential in order to integrate and centralize patient healthcare information. With the introduction of this technology information security becomes an important issue, moreover when the EPR integrates several exam results and reports that need to be properly stored and managed. The Biostatistics and Medical Informatics Department in Porto´s Faculty of Medicine is implementing a centralized electronic patient record, the HSJ.ICU, to integrate several departments´ information that comprises mainly electronic reports. The provision for the integrity of these documents is essential. Usually, the users of the system have blind trust in the information they access. The HSJ.ICU is implementing a process that digitally signs reports automatically, and therefore does not interfere with system´s usability. It also provides for simple key management with the use of only one public key pair focusing protection in one single point. The digital signature provides real trust in the way it prevents and detects inconsistencies or errors that may affect information integrity. The approach presented in this paper will guarantee that when there is the need to access patient reports, whether now or in 20 years´ time, those are still trustable and valid to be integrated within the EPR.