Establishing End-to-End Security in a Nationwide Network for Telecooperation Martin STAEMMLER a,1 , Michael WALZ b , Gerald WEISSER c , Uwe ENGELMANN d , Robert WEININGER e , Antonio ERNSTBERGER f , Johannes STURM g a University of Applied Sciences, Stralsund, Germany b Ärztliche Stelle für Qualitätssicherung in der Radiologie Hessen, TÜV SÜD Life Service GmbH, Frankfurt, Germany c Radiologie und Geschäftsfeld Informationstechnologie und Qualitätssicherung, Universitätsmedizin Mannheim, Germany d Chili GmbH, Dossenheim/Heidelberg, Germany e pegasus gmbh, Regenstauf, Germany f Abteilung für Unfallchirurgie, Universitätsklinikum Regensburg, Germany g Akademie der Unfallchirurgie GmbH, München, Germany Abstract. Telecooperation is used to support care for trauma patients by facilita- ting a mutual exchange of treatment and image data in use-cases such as emer- gency consultation, second-opinion, transfer, rehabilitation and out-patient after- treatment. To comply with data protection legislation a two-factor authentication using ownership and knowledge has been implemented to assure personalized access rights. End-to-end security is achieved by symmetric encryption in combination with external trusted services which provide the symmetric key solely at runtime. Telecooperation partners may be chosen at departmental level but only individuals of that department, as a result of checking the organizational assignments maintained by LDAP services, are granted access. Data protection officers of a federal state have accepted the data protection means. The telecooperation platform is in routine operation and designed to serve for up to 800 trauma centers in Germany, organized in more than 50 trauma networks. Keywords. Telecooperation, authentication, end-to-end security, trusted services, trauma Introduction High quality care of trauma patients requires cooperation from several involved centers, thereby extending over institutional boundaries. On the one hand use cases such as “second opinion”, “clarification for transfer” or the “transfer” result from emergency situations. On the other hand subsequent treatment may lead to the following use cases: “rehabilitation”, “physiotherapy” or “out-patient after-treatment”. Within the German Trauma Society (DGU) [1] more than 50 trauma-networks have been established representing 800 trauma centers. Trauma centers are entitled to apply for certification as local, regional and supra-regional trauma center according to 1 Martin Staemmler, University of Applied Sciences, Stralsund, Medical Informatics, Zur Schweden- schanze 15, D-18435 Stralsund, Germany, martin.staemmler@fh-stralsund.de. Quality of Life through Quality of Information J. Mantas et al. (Eds.) IOS Press, 2012 © 2012 European Federation for Medical Informatics and IOS Press. All rights reserved. doi:10.3233/978-1-61499-101-4-512 512