Course Summary

Prerequisites: Basic knowledge of Computer Networks, Network Security, Programming and Databases.

Course Level: Master

Learning effort: min. of 150 hours of study (30 hrs. e-learning directed study, 15 hrs. collaborative online lab, 15 hrs. collaborative project, 60 hrs. preparation/follow up of labs/project, 30 hrs. follow up independent study and individual preparation for exam).

Credits: 6 ECTS

Teaching method: Blended Learning

The instructor answers students’ questions (Q&A), presents demos and/moderates the presentation of case studies conducted by industry experts, moderates discussions using interactive systems, e.g. webinar or video conference. These weekly supportive sessions are announced a priori to the participants.

Learning objectives:

Upon completion of this course students will be able to:

  • Understand terminology and concepts of e-Health
  • Design and develop e-Health applications
  • Understand the security issues in the e-Health area
  • Understand the importance of interoperability and related issues
  • Understand and implement the ISO/IEEE 11073 standard
  • Understand the HL7 family of standards
  • Use HL7 standards in applications development
  • Understand the risk of attacks for patients and healthcare personnel
  • Understand and evaluate biometric based security
  • Use tools and techniques to protect e-Health system components
  • Design, develop and manage security mechanisms adapted to specific e-Health systems

General description:

The course presents the main concepts of e-Health systems, the security of e-Health systems, and standards for interoperability of e-Health applications. The first part of the course introduces fundamental topics: e-Health terminology and e-Health application types, e-Health standards, interoperability and security issues. The second part presents the most important standards used for e-Health applications, i.e. ISO/IEEE 11073 and the HL7 family of standards, and introduces a hands-on security analysis of IEEE 11073 and HL7 message protocols, types of attacks on e-Health systems, medical data privacy, sensitive data access control policies and protection methods (e.g. data encryption, biometric authentication, role/attribute policies).

Course content:

The course is structured into 7 chapters divided into 14 learning units.
Chapter 1: Introduction to e-Health

  • e-Health and related terms: e-Health, m-health, telemedicine, Hospital Information System (HIS), Electronic Medical Record (EMR), Electronic Health Record (EHR)
  • The impact of e-Health
  • e-Health standards: terminology of standards, messaging standards, document and data standards, security standards
Chapter 2: e-Health Applications
  • Hospital management systems
  • Tele-Health applications
  • m-health applications
  • IoT-based mobile medical applications
  • IoT and BYOD security challenges for Hospitals
  • Case study
Chapter 3: Electronic Health Record (EHR) standards
  • EHR as the core of e-Health systems
  • Standards for interoperable EHRs
  • Installation and evaluation of EHR and PHR Systems
  • Cross-Enterprise Document Sharing (XDS)
  • Case study
Chapter 4: Interoperability of e-Health components and systems
  • Standards for interoperability
  • Tele-Health Reference Architecture
  • Continua Health Alliance (CHA) architecture
  • Interfaces and standards
  • Interoperability advantages according to CHA
  • Interoperability Reference Architecture
  • Case study
Chapter 5: Security of e-Health systems
  • Security issues and challenges in e-Health systems
  • Healthcare-specific Security Standards
  • Security of EHR Systems
  • Security of m-health systems
  • Case study: Biometric authentication
Chapter 6: Managing security for Tele-Health systems
  • Agent and Manager model
  • Personal Health LAN: Domain Information Model, Service Model, Communication Model
  • Managing the security of Bluetooth HDP (Health Device Profile)
  • Managing the security of ISO/IEEE 11073-20601(OEP) protocol
  • Case study: Implementing biometric authentication for ISO/IEEE 11073
Chapter 7: Managing security for the Health Level 7 (HL7) family of standards
  • HL7 family of standards: overview
  • HL7 V3 Reference Information Model (RIM)
  • HL7 V3 Data types and messaging
  • HL7 Fast Healthcare Interoperability Resources (FHIR)
  • Security of data storage and data transmission
  • Case study: HL7-based e-Health systems

Lab assignments:

Each learning unit ends with a set of quizzes and lab assignments related to the multimedia interactive reading materials which address the students' creativity and analysis capabilities. These require students to do the following: prove their understanding of the materials and express their personal view on the topics such as Security attacks on WiFi connections between medical devices, work with EHR and PHR applications, program an Android application that replies to medical notifications, build HL7 messages and FHIR resources, program access to patient data using the eXtensible Access Control Markup Language (XACML), improve the security of a mobile medical network using biometric authentication based on fingerprints, implement an authentication extension of ISO/IEEE 11073 protocol.

Collaborative and cumulative project:

Case study: “Implementing access control to sensitive health data using policy technology”
The project will be carried out in a collaborative manner by international teams of 2-3 students. It will be presented in a form of a wiki, a presentation or a portfolio. The project will be cumulative, i.e. each project step is based on the framework provided by the prior steps.
The project results will be evaluated by the instructor of the course.


Throughout the course, students will be involved in e-discussions related to the course content, through means specific to e-learning, such as forums, wikis, e-portfolios etc. As part of the virtual community, each student will give feedback to at least two colleagues in the forums.


  • Lab performance = 30% of the final grade.
  • Project performance = 20% of the final grade.
  • Discussions performance = 10% of the final grade.
  • Written presence exam (60 min.) = 40% of the final grade. (conducted at the home university with a help of a trusted teacher)
The result of the evaluation will be expressed in percentage and transferred to the students’ home university by the instructor.

Reading List:

  1. Tim Benson, “Principles of Health Interoperability HL7 and SNOMED, Health Information Standards”, Springer London, 2012
  2. M. Balachandran, ”Introduction to Fast Healthcare Interoperability Resources”,, last access 30.08.2016
  3. SNOMED CT-The Global Language of Healthcare:
  4. ISO/IEEE11073 Health informatics. Health informatics — Personal health device communication — Part 20601: Application profile — Optimized exchange protocol,, last access 30.08.2016
  5. William Stallings & Lawrie Brown: "Computer Security: Principle and Practice", 3rd Edition, Pearson Education Ltd., 2015
  6. James F. Kurose and Keith W. Ross: "Computer Networking", 6th Edition Pearson, Addison Wesley, New York, 2013
  7. XACML Version 2.0,, last access 30.08.2016
  8. XACML Version 3.0, 2013:, last access 30.08.2016
  9. Clinical Document Architecture, R2 (CDA): Implementation guide for clinical document architecture, release 2,, last access 30.08.2016
  10., last access 30.08.2016
  11. Healthcare Information Technology Standards Panel Standards,, last access 30.08.2016
  12. IHE Standards,, last access 30.08.2016
  13. FHIR Security,, last access 30.08.2016
  14., last access 30.08.2016
  15., last access 30.08.2016
  16., last access 30.08.2016

Professor dr. ing. Florica Moldoveanu
University POLITEHNICA of Bucharest, Romania, Faculty of Automatic Control and Computers, Department of Computer Science and Engineering
Research interests: Image processing, eHealth

“I am specialized in Computer Graphics, Computer Vision, Software Engineering and eHealth. At the same time, I am also the president of the Association HL7 Romania which promotes standardization in the eHealth domain. Bine ati venit la cursul nostru!