Skip to main content
Article thumbnail
Location of Repository

Experiences of Using a Public Key Infrastructure to Access Patient Confidential Data over the Internet

By David W. Chadwick, C Carroll, S. Harvey, John New and Andrew J. Young


A project to enable health care professionals (GPs, practice nurses and diabetes nurse specialists) to access, via the Internet, confidential patient data held on a secondary care (hospital) diabetes information system, has been implemented. We describe the application that we chose to distribute (a diabetes register); the security mechanisms we used to protect the data (a public key infrastructure with strong encryption and digitally signed messages, plus a firewall); the reasons for the implementation decisions we made; the validation testing that we performed and the results of the first set of user trials. From a user acceptance perspective, we conclude that perceived usefulness and perceived ease of use on their own, are insufficient to guarantee that a new application will be used extensively in its new environment. Other domain specific factors, such as the compatibility and integration of the new computing system with the old, the working practices of the clinicians, the costs of using the new system compared to the old, and the actual location of the computing equipment all need to be taken into account when establishing untried information technology in 'real world' settings

Topics: QA76
Year: 2002
OAI identifier:

Suggested articles


  1. (1978). A Method for Obtaining Digital Signatures and Public Key Cryposystems”,
  2. (1995). An empirical study of the relationships among end-user information systems acceptance, training, and effectiveness.”
  3. (1996). Applied Cryptography”, 2nd edition,
  4. (1994). Confidentiality, Use and Disclosure of Personal Health Information”, DoH Health Care (Administration) Division
  5. (1997). Creating an environment for project success”.
  6. (1999). Examining the Technology Acceptance Model Using Physician Acceptance of Telemedicine Technology”,
  7. (1998). Hackers to Users, Feds: Internet is 30
  8. (1994). If we build it they will come: designing information systems that people want to use”.
  9. (1998). Internet Risks For Companies”,
  10. (1994). Network Firewalls”,
  11. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology”,
  12. (1997). Recommendation X.509: ‘The Directory -Authentication Framework’.
  13. (1999). Smart Cards aren't always the Smart Choice”,
  14. (1995). The UK Diabetes Dataset: a standard for information exchange.’ Diabetes Audit Working Group of the Research Unit of the Royal College of Physicians. British Diabetic Association.
  15. (1999). Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations”. Macmillan Technical Publishing,
  16. (1988). Variations in Critical Success Factors Over the Stages in the Project Life Cycle”,

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.