A Study on FIDO Authentication System for Reinforcing the Security of Electronic Medical Records

Abstract

The target of compulsory certification in Information Security Management System has extended to medical institutions. This caused us to recognize the importance of information security in modern hospital information system that has changed from the medical record management that was recorded and managed largely in paper chart in the past to the Electronic Medical Record that medical personnel enter patient information into a computer directly for building a database. As medical institutions manage sensitive information like personal information basically, personal medical data infringement accident, if occurred can become a big social issue. Currently, the medical information in medical institutions are stored in electronic medical records and to access, user authentication is required by means of accredited certificate as security measure. Accredited certification has technical problems such as certificate storage method and security level of password and managerial problems such as certificate copy/leak/share. In this respect, this study proposes and presents how to build the FIDO-based authentication system that applies UAF or U2F authentication mechanism depending on the authority and work scope of medical personnel and medical support assistant like staffs, officers, licensed practical nurse and so on, within large medical institutions that use medical information system. The aim is to solve problems in accredited certificate authentication method in the existing medical institutions with the FIDO-based authentication system proposed in this study.