Sabiá: an authentication, authorization, and user data delivery architecture based on user consent for health information systems in Brazil

Purpose Health information systems in Brazil have been designed and developed in a heterogeneous manner based on local regional characteristics, resulting in a lack of health information integrity. In this context, the Brazilian Ministry of Health pointed out the need for interoperability solutions...

Full description

Saved in:
Bibliographic Details
Published in:Research on biomedical engineering 2020-06, Vol.36 (2), p.197-202
Main Authors: de Paiva Marques Carvalho, Túlio, de Paiva, Jailton Carlos, de Medeiros Valentim, Ricardo Alexsandro, Silva, Carlos Breno Pereira, de Lima, Diêgo Ferreira, Silva, Emerson Costa
Format: Article
Language:English
Subjects:
Biomaterials
Biomedical Engineering and Bioengineering
Biomedical Engineering/Biotechnology
Engineering
Technical Communication
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Purpose Health information systems in Brazil have been designed and developed in a heterogeneous manner based on local regional characteristics, resulting in a lack of health information integrity. In this context, the Brazilian Ministry of Health pointed out the need for interoperability solutions of health information systems, noting the importance of integration with national databases and alignment with Brazilian data protection laws. Therefore, this paper presents Sabiá, a platform for authentication, authorization, and data delivery based on user consent for health information systems in Brazil. Methods Sabiá’s architecture is designed to achieve the following requirements: (R1) Provide a Federated Identity; (R2) Be a Federated Resource Manager; (R3) Collect user data from different information systems; and (R4) Deliver user data to systems based on user consent. Sabiá consists of three main components: (1) Sabiá Authorization Server, responsible for implementing Open Authentication; (2) Sabiá Collector, responsible for collecting data from different information systems; and (3) Sabiá Resource Server, responsible for delivering data previously authorized by the user to the systems. Results After analyzing historical data, R4 functionality was selected to be submitted to performance testing because it is the process that most affects overall system performance. The tests aimed at analyzing Sabiá’s behavior in the heaviest scenario based on historical data. Conclusion The results showed no flaws and indicated system stability and consistency, in which the user perceives a system reaction instantaneous, whose response time averages remained below 100 ms.
ISSN:2446-4732
2446-4740
DOI:10.1007/s42600-020-00058-8