Swisscom Trust Services - Trust Blog

Security and integrity in digital healthcare | Trust Blog

Written by Kurt Rindle | 2/7/24 9:45 AM

Health Info Net AG (HIN), a Swiss provider of secure collaboration, offers a community of thousands of healthcare professionals and institutions the ability to sign medical documents in a tamper-proof environment. HIN achieves this by combining Certifaction's privacy-first eSigning solution with Swisscom Trust Services' technological backbone infrastructure.

 

HIN was established in 1996 by the Swiss Medical Association (FMH) and the Physicians' Cooperative Society to enable privacy-compliant digital communication and collaboration among doctors and healthcare professionals. HIN maintains a virtual trust space accessible to uniquely identified healthcare professionals and institutions. This so-called HIN Community now includes over ninety percent of the relevant stakeholders in the Swiss healthcare system.

The HIN trust space offers various services, including HIN Mail (encrypted email) and HIN Sign (electronic signing). To access these services, individuals need to become members. HIN provides all members with an electronic identity (HIN identity), which is the key to accessing the trust space and its services.

Authenticity and integrity

The HIN identity ensures the authenticity of healthcare professionals in the digital space. For example, it guarantees that the issuer of an electronic medical letter is indeed the person. Additionally, each member receives an email address that allows them to securely communicate via HIN Mail with other healthcare professionals and even patients.

In addition to authenticity and encrypted communication, the integrity of documents plays a crucial role in a secure digital healthcare system. For medical information that is shared with third parties in the form of documents, it is essential to ensure the immutability of the content. This applies to prescriptions, medical certificates, medical reports, billing, and specialist referrals.

Secure signing

HIN evaluated various eSigning partners and ultimately chose the Swiss provider Certifaction because of its privacy-first technology that effectively protects the confidentiality of sensitive medical documents. This is achieved through local processing and end-to-end encryption. The technology ensures that documents are already encrypted on users' devices, guaranteeing that neither the solution providers (HIN, Certifaction, and Swisscom Trust Services) nor any third party can access the confidential medical documents. Additionally, Certifaction has a strong partner in Swisscom Trust Services, which ensures the integrity of the documents with its advanced electronic seal.

Electronic seals are certificates created based on the document's hash value (a type of checksum) to be sealed using asymmetric cryptography. If tampering is done to the sealed document, the hash value will change, rendering the seal invalid. The validity of a seal can easily be verified at any time, as it only requires a public key, thanks to asymmetric cryptography. The corresponding private key needed to generate the seal remains securely under the issuer's control – in this case, with Swisscom in the data center within Switzerland. This guarantees that only the organization to which specific seals are bound can issue them.

In the secure trust space of HIN, the seal is used to authenticate all members. This means doctors do not need their electronic seal or a qualified personal signature. The usage is included in the HIN membership and is not billed on a transaction basis. In the future, however, the option will be created for hospitals, for example, to have their seals.

"With Certifaction and Swisscom Trust Services, we have found ideal partners with the highest security requirements. Swisscom is a strong Swiss brand that instills additional trust in the sensitive healthcare sector," says Peer Hostettler, a member of the management board at HIN. "The collaboration during the implementation was excellent, as Certifaction supported us in every aspect in a cooperative and uncomplicated manner."

"We are proud to contribute to driving the digitization of the healthcare market in Switzerland forward with HIN and Certifaction," says Mario Voge, Head of Strategic Growth Management at Swisscom Trust Services. "The two partners are doing a great job making the healthcare system more efficient and enjoyable for patients."

Complex ecosystem - simple for users

Amid digitization, security, data privacy, cost pressures, and ever-changing regulatory requirements, healthcare professionals and providers face significant challenges. They need to streamline bureaucracy to have more time for their patients. This can usually only be achieved through extensive digitization, which must also be affordable.

With Certifaction for eSigning, Swisscom Trust Services as a trust service provider, Swisscom's curaMED as a practice information system, and HIN, the complexity for users has been minimized through mutual integrations. Users are usually unaware of many background processes, such as seal creation, while always ensuring security.