GEMSS: Privacy and security for a medical Grid

Stuart E. Middleton, J. A M Herveg, F. Crazzolara, D. Marvin, Y. Poullet

Research output: Contribution to journalArticlepeer-review


Objectives: The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. Methods: We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Results: Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. Conclusion: The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health core sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

Original languageEnglish
Pages (from-to)182-185
Number of pages4
JournalMethods of Information in Medicine
Issue number2
Publication statusPublished - 20 Jun 2005


  • Grid
  • Legal
  • Medical
  • Personal data
  • Security

Fingerprint Dive into the research topics of 'GEMSS: Privacy and security for a medical Grid'. Together they form a unique fingerprint.

Cite this