Steria implements a secure infrastructure for 300,000
Steria implements a secure infrastructure for 300,000 Swedish healthcare professionals. Carelink, an association which was created to develop the use of IT within Sweden's strongly decentralised healthcare sector, chose Steria to implement a secure infrastructure for its healthcare professionals. The Malmo region in the south of Sweden was the first to start using an authentication and electronic signature system on 1 July 2003, allowing around 2,000 agents to produce electronic invoices. This was the first stage in Steria's implementation of a national-scale electronic certification infrastructure for healthcare services. The project aims to secure information management in the healthcare chain with the help of information encryption systems (PKI*) and smart cards. It is thus possible to communicate confidential information between the different healthcare providers, irrespective of organisational boundaries (local governments, county councils, private healthcare providers, and so on). Physicians can, for example, access patient information and other documentation regardless of where the patient has previously been treated. Ensuring secure exchanges for 300,000 healthcare professionals Healthcare systems have much to gain from the standardised management of security solutions such as secure login, electronic signatures, encryption and anti-intrusion systems. That is why Carelink called upon Steria to install encrypted systems and provide electronic ID cards to some 300,000 people working in the healthcare sector. It will thus be possible to send digital x-rays to experts in another part of the country, who will then be able to return electronically signed medical opinions. Steria is also responsible for distributing encryption certificates issued by the Certification Authorities (AC)* throughout Sweden. * see glossary "This solution also offers efficiency-enhancing functions such as access to several systems via a Single Sign-On and an effective system for the administration of authorisations and the issuing of smart cards. Ultimately, it means a considerable upgrade of security within the Swedish healthcare system. The daily working lives of thousands of healthcare workers will also improve significantly," says Mats Larson, CEO of Carelink. Pilot phase in the south of Sweden (Malmo region) The solution, which allows 2,000 agents to use electronic invoices, is based on smart card identification (EID cards) with a citizen certificate identifying the cardholder. "We also have other projects which include Steria's PKI solution, such as signed and encrypted e-mail, strict authentication for access to medical data and exchange of confidential information between the hospital and the local healthcare provider. And this is just the start. The potential of this partnership with Steria is huge," explains Britt Lagerlund, in charge of information security in the Skane region. Steria has carried out numerous IT security projects in Europe, including the EURODAC project for the European Commission, where secure management of fingerprints is used in asylum request processing; the electronic ID card project in Belgium; case management for courts in Andalusia, Spain; on-line tax payments for the French Ministry of Economy, Finance and Industry and secure e-mail for the Criminal Cases Review Commission in the United Kingdom. Steria has recently published a White Paper in conjunction with IDC France called "IT Security Priorities in a Brave New World", which can be downloaded from the steria.com website. Glossary PKI - (Public Key Infrastructure): infrastructure for encryption with a public key. System which, with the help of an electronic certificate, makes it possible to check that a given public key actually belongs to the stated owner. With PKI it is possible to securely identify senders and recipients, shield against unauthorised access, replace signatures with digital signatures and shield against manipulation and refusal. Certification Authority (CA): an organisation that issues and recalls certificates for public key cryptography. The aim is to make it possible to check that a given public key really belongs to the stated owner. A certification authority therefore requires secure procedures for checking the identity of the people it issues certificates to. Certification authorities are an essential component of PKI. Registry Authority (RA): an entity to which the CA assigns responsibility for identifying and registering key holders and managing various decentralised procedures related to certificate ordering, blocking, key generation, etc. *** About Steria (www.steria.com) With a 2002 revenue of ?1.018 billion and more than 8000 employees, Steria is one of the top ten IT services companies in Europe. Present in 12 countries worldwide, the Group is positioned as an end-to-end IT services provider through the mastery of its three core businesses: consulting, systems integration and managed services. Its acknowledged expertise in managing large-scale projects and its range of industrialised solutions in Europe enable Steria to offer its customers a reliable service with commitment to cost and risk control. The Group has strong sector-based expertise in the Public Services, Banking and Insurance, Manufacturing-Utilities-Transport and Telecommunications markets. Created in 1969, the Steria group is a pioneer in employee shareholding, with 30% of its capital held by employees. Steria is listed on the Premier Marché of the Paris Stock Exchange and in the SBF 120 index. Steria Group Press Office Dominique Lambert Tel: +33 1 34 88 64 44 e-mail: dominique.lambert@steria.com Actus PR Laurent Meggs Tel: +33 1 53 67 36 39 e-mail: lmeggs@actus.fr ------------------------------------------------------------ This information was brought to you by Waymaker http://www.waymaker.net The following files are available for download: http://www.waymaker.net/bitonline/2003/10/14/20031014BIT00440/wkr0002.pdf