SSO for the HIS (Hospital Information System)

The range of front-office applications in a hospital sometimes makes it difficult or even impossible to exchange information between services.

Each service has its own applications. The information in these applications either only concerns the service itself, or must be shared with other services treating the same patient.

In addition, from the point of view of the central information system, some of these specific applications are black boxes that manage themselves (but unfortunately do not correct themselves).

The isolation of the applications affects patient management on inter-service interactions. Thus, inter-service requests use paper forms. It is not unusual for nurses to spend half their working hours checking that a patient's history is complete, that requested tests have indeed been performed and the results received.

The hospital patient history has been designed to meet this requirement of controlled sharing of data. It is a central application containing the diagnosis and therapy information needed to coordinate the patient's treatment: reports, protocols, analysis results, etc. It usually contains a summary of the data, and may also be coupled to a server providing full analysis and examination results.

Unfortunately, this patient history does not completely solve all problems linked to access to a patient's data. In particular, confidentiality is an unavoidable issue in the health field, subject to rules such as the European directive 95/46 and the US HIPAA law.

This white paper addresses the issues to consider in setting up secure SSO access to Hospital Information Systems.