PKI Token System Adopted for Australian Health System

The Australian Health Insurance Commission has awarded a contract to Rainbow eSecurity, a provider of transaction security solutions, to provide Public Key Infrastructure (PKI)-based Internet security systems to be deployed across the Australian healthcare system.

The introduction of reliable, secure confidential electronic communications will enable confidential patient information and data to be exchanged electronically, providing a vital foundation for the development of e-health in Australia.

In the UK, by comparison, the NHS Information is not due to start introducing security and encryption products until 2002, and a national approach has yet to be agreed, limiting the clinical usefulness of connectivity and e-health in the NHS

The Australian HIC has already established the Health eSignature Authority (HeSA) Pty Ltd to act as a PKI registration authority. Crucially, PKI and associated PKI certificates – in this case embedded in a device such as a smart card — enables a secure means of sharing clinical communications over the Internet.

Under the Australian deal users will be authenticated using Rainbow eSecuity’s iKey PKI token system to verify their identity and then authorized to access health-related information, enabling a high degree of privacy.

Rainbow’s iKey will be used to store digital certificates and private keys distributed by HeSA, which will provide powerful two-factor authentication. Users will be able to maintain message integrity, and provide non-repudiation and confidentiality for all of their messaging.

"HIC PKI-secured software is internationally renowned for its innovative approach to secure online communication," said Dr. Brian Richards, chief information officer, HIC.

"The use of iKey to secure PKI keys complies with stringent policies to ensure the security and privacy of patient information by using a technology that is stable, robust and easy to use. All Australians have the right to expect their health information to be managed securely."

“Securing online communication is a critical requirement for the health care professionals of tomorrow,” said Shawn Abbott, president, Rainbow eSecurity. "By placing these resources online, HIC is demonstrating how secure internal and external electronic communications can improve the care given to patients anywhere in Australia."

A message digitally signed with iKey enables the recipient to identify who has sent the message (authentication) and confirms that the message content has not been altered in any way between the sender and the receiver (integrity). It also ensures that senders cannot, at some later stage, dispute that they created and sent the message (non-repudiation), and most importantly, that only the person to whom the message is directed can open it (confidentiality).