In accordance with the National Board of Health and Welfare regulations SOSFS 2008:14 2 Chapter 5, a care provider who uses an open network to handle patient data is responsible not only for ensuring that the management system contains routines which safeguard transfer of patient data in such a manner that unauthorised persons can not access the data, but also for ensuring that access to patient data uses strong authentication.
Many quality registers, called the register below, are currently accessible over open networks which is why strong authentication is necessary for log in. An e-service card is a physical, electronic ID action that can be used for strong authentication of the user's identity. The e-service card contains both a personal ID and a service ID.
An e-service card that is based on SITHS (Secure IT in Health and Care Services) complies with the security standard that is common for all County Councils throughout the country.
Because of this, UCR has elected to implement a security solution based on the e-service card and SITHS for those quality registers that UCR manages. The solution utilises the service ID, i.e. the user's HSA-ID as user authentication.
The service ID contains information on your service identity as an employee in the health and care services and can be used to identify you in various care systems nationally, including the quality register managed by UCR.
The following is a brief description of how the SITHS card and HSA-ID can be used for strong authentication with registers affiliated with the UCR Centre of Expertise.