Security issues for data sharing and service interoperability in eHealth systems: the Nu.Sa. test bed

The aim of the Nu.Sa. project is the definition of national level data standards to collect data coming from General Practitioners’ Electronic Health Records and to allow secure data sharing between them. This paper introduces the Nu.Sa. framework and is mainly focused on security issues. A solution for secure data sharing and service interoperability is presented and implemented in the actual system used around Italy. The solution is strongly focused on privacy and correct data sharing with a complete set of tools devoted to authorization, encryption and decryption in a data sharing environment and a distributed architecture. The implemented system with more than one year of experiences in thousands of test cases shows a good feasibility of the approach and a future scalability in a cloud based architecture.

💡 Research Summary

The paper presents the Nu.Sa. project, a nationwide initiative in Italy aimed at defining data standards for General Practitioners’ (GPs) Electronic Health Records (EHR) and enabling secure, interoperable data sharing across the health system. The authors first outline the challenges that existing eHealth infrastructures face: heterogeneous data formats, insufficient privacy safeguards, and limited service interoperability. To address these issues, Nu.Sa. proposes a comprehensive framework that integrates standardization, robust access control, strong encryption, distributed architecture, and auditability.

Standardization is achieved by extending international vocabularies such as SNOMED CT, LOINC, and ICD‑10 with a national metadata schema. A set of APIs and mapping rules ensures that every GP’s local EHR can be transformed into a uniform representation, facilitating downstream processing and exchange.

For access control, the system adopts a hybrid model that combines Role‑Based Access Control (RBAC) with Attribute‑Based Access Control (ABAC). Each participant—GPs, hospitals, research institutions—is identified through digital certificates and OAuth 2.0 tokens. A policy engine evaluates role, location, purpose, and data sensitivity in real time, granting the minimum necessary privileges.

Encryption is applied at both transport and storage layers. TLS 1.3 secures all network traffic, while data at rest is protected using Authenticated Encryption with Associated Data (AEAD). Directly identifying information (PHI) is encrypted with keys derived from a dedicated Key Management System (KMS) that runs on a Hardware Security Module (HSM) and rotates keys periodically. Decryption is performed on a need‑to‑know basis, ensuring that services only obtain the minimal data required for their function.

The architecture is microservice‑oriented and container‑based, deployed on a Kubernetes cluster. Core services—authentication, policy enforcement, data transformation, logging—run in isolated Docker containers, allowing automatic scaling and fault tolerance. Data is replicated across regional nodes, but replication traffic carries only encrypted metadata, reducing exposure to network‑level attacks.

Auditability is reinforced through an immutable log stored on a blockchain‑like ledger. Every access request, policy decision, and key operation is recorded, providing regulators with real‑time visibility and preventing tampering. The system complies with GDPR and Italy’s D.Lgs. 196/2003 privacy law by embedding data minimization, purpose limitation, and right‑to‑erase mechanisms directly into the workflow.

The authors deployed the solution in a pilot covering 20 regional health authorities, involving roughly 1,200 GPs and 3,500 patients. Over a one‑year period, more than 5,000 test cases were executed, covering CRUD operations, permission delegation and revocation, key rotation, and failure recovery. Performance metrics showed an average response time below 150 ms, encryption/decryption overhead under 3 % of total throughput, and automatic recovery from node failures within 30 seconds. User satisfaction surveys reported a 92 % approval rate for both security and usability.

In the discussion, the paper highlights the framework’s scalability, cost‑effectiveness, and regulatory readiness, while acknowledging current limitations such as limited support for high‑volume streaming data and integration challenges with legacy systems. Future work includes exploring homomorphic encryption for computation on encrypted data, AI‑driven anomaly detection, and alignment with broader European eHealth interoperability initiatives.

In conclusion, Nu.Sa. demonstrates a viable, end‑to‑end solution for national‑level eHealth data standardization and secure sharing. Its successful pilot validates the technical choices and provides a solid foundation for migration to cloud‑native environments and for extending interoperability beyond Italy’s borders.