Together with the Central Personal Data Controller (CPDC) you must decide when you should and can introduce strong authentication for the register. A few factors must be considered before taking this decision. It is ultimately the responsibility of the CPDC to ensure that access to personal data is done correctly based on current legislation.

Does the register already support log on using the SITHS card?

Click the answer below that best fits the register's current situation.

+ - Om ja… Click to collapse
  1. All users must be informed if, in the future, the register will require strong authentication at log in. For example, via the web page, mailings or the management organisation.

  2. Encourage all users to get an e-service card via their local administrator if they do not already have one. (See point 1 above)

  3. Set a date after which it will not be possible to log in without strong authentication. You must take a principle decision on how to deal with those people who will not be able to meet all the commitments. Will they be allowed log in after the date expires when you know that there is an ongoing process to meet all the requirements? If yes, for how long? Will there be an absolute final date? It could be an idea to set an official date, but have an unofficial cut off date when you actually block all remaining users if they have not met the log in requirements by then.
+ - Om nej… Click to collapse
  1. Agree the current status for your register with UCR.

  2. Based on when you anticipate that your register will receive support for log in using an e-service card, start the remaining measures conditional on the register supporting log in with the SITHS card, (see above under "If Yes").

  3. Agree with the CPDC who has the ultimate responsibility for ensuring that access to personal data that is processed locally complies with current laws and regulations.

 

 

UCR has cooperated with representatives from the Swedish Association of Local Authorities and Regions, SALAR, which has determined that all quality registers should comply with the standard based on SITHS, which is common to all county councils in Sweden, for the design of services for strong authentication. UCR has elected to design a service for strong authentication in compliance with the SITHS specification for all registers administrated by UCR.

UCR anticipates the service will be available for all relevant registers managed by UCR no later than the last day of June (2011-30-06). In practice, this means that the affected registers will be able to use strong authentication at log in no later than July 1 (2011-01-07).

The service operates so that for each care unit there is a setting which can be used to determine whether the care unit should only permit log in using strong authentication. For those care units that do not require strong authentication, log on will take place using a combination of username and password and the e-service card. The service does not, at the moment, replace the the need for the user to have a current username and authorisation entered in the register, it only replaces the need to log in to the register with username and password.

During a transition period, it will be possible to choose not to require strong authentication; in this case, some of the users will use strong authentication while another group will be able to log in using a combination of username and password. The decision can be taken later that only log in using strong authentication will be permitted for that care unit once the majority of users have acquired and activated their e-service card.

UCR's service also provides support for access control because user activity is logged by the register. It is possible to monitor the data accessed using log analyses. Log analyses support follow up of the data that an individual user has accessed. Similarly, the possibility to follow up which users have looked at specific data in the register is supported.

An e-service card enhances security at log in to various computer systems. The e-service card is a physical and electronic ID that generally contains both the care unit's identity i.e. service identification and personal identification.

SERVICE IDENTIFICATION AND E-IDENTIFICATION
The service identification is comprised of your service identity as an employee in the health and care services, and is based on SITHS. Your personal e-identification is comprised of your personal identification number, and can be used in contact with the Swedish Social Insurance Agency and the Swedish Tax Agency.

PERSONAL
The card is personal and must not be lent to other people.

CODES FOR THE CARD
You card has two PIN codes and a PUK code, i.e. altogether three different codes that will be sent from Telia via the postal services to your officially registered address. 

  1. One PIN code is to be used for identification/authentication
  2. There is another PIN code which is used for Signing/Signature
  3. The PUK code is used for unlocking the card and works in principle in the same way as the PUK code for the SIM card for a mobile phone.

LOST CARD CODES
The codes must be kept safe just like a valuable document; if they are lost, replacement codes must be ordered. Apply to your local card administrator or the organisation that issued the card.

It takes about three days to get a replacement PUK code. These must be collected from the post office or their representative.

LOST CARD
Lost cards must be blocked. A blocked card is invalid and can not be used for identification. There may be backup cards; one for entry and one for electronic identification. If you lose your card, apply to your local administrator.

CARD READER
A card reader that can read the information on the card is required to use the e-service card. Operating routines must also be installed on the card reader for the computer that is to be used.

SOFTWARE FOR PROCESSING CERTIFICATES
The computer from which the e-service card is to be used must also have software or other program for processing certificates installed. Telia e-identification and/or other certificates issued by Telia for web-based e-identification services can use the NetID software.

TESTING THE E-SERVICE CARD
Test your e-service card using the following link

https://test.siths.se

UCR
UCR offers services that utilize the e-service card as authentication at log in to quality registers. Contact your local administrator if you have any questions or need help with your e-service card.

All county councils are today connected, and have signed contracts on using e-service cards that are based on SITHS. This means that in each county council/care provider administration, there is an organisation for obtaining an e-service card.

If you belong to a care provider whose organisation is not part of the county council, start by contacting the county council or nearest municipality. You can also apply to Svensk e-identitet or Lorensbergs Communication both of which are affiliated with SITHS. For the current status, go to Inera's website.

For more information on SITHS see the Inera website on  SITHS.

Click on the image to download a document as a pdf.
UCR e tjanstekort small

Download the texts for questions 1 to 10 on e-service cards in quality registers managed by URC, as a pdf.

The document was last updated 2011-25-05.

NB! The most relevant texts are always found under respective. The document is only intended as an aid or supplement to the web page texts.

 SITHS Test

Download the texts for testing e-service cards in quality registers managed by URC, as a pdf. The document was last updated 2011-30-05.
 
  1. Suggestions for text on the register's home page
  2. I get a SSL Certificate Verification Error (ssl_failed) message ?
  3. I click on the link for "card log in" but only get a message that the page can not be displayed.
  4. Using the e-service card in a register

Page 1 of 3

We use cookies
Cookies make this site work properly. By continuing to use the site, you agree that we use cookies.
OK
Our policy on cookies and personal data