HelseID – Dag Helge Østerhagen & Rune Andreas Grimstad – NDC Security 2022
Since 2015 we have been working to establish a national trust service in the Norwegian health sector. The service – HelseID – is now protecting a large portion of the national health care APIs in Norway, and it is an essential part of the national data-sharing strategy for the Norwegian directorate of eHealth.
Seen from a technical perspective HelseID is an OAuth2 and OpenID Connect implementation. Both of these protocols were designed (and are continually adjusted) with modern web applications and modern infrastructure in mind. As health care by nature is a very conservative industry, legacy (non web-native) software is more the norm than not. Thus, introducing a service like HelseID has been and is a challenge.
In this talk we will look at HelseID, what it is and what we have done to make sure it covers the particular needs of the Norwegian health sector. Furthermore we will dig into some of the unique challenges we must handle in a high risk sector like health care. Finally we will look at some real-life examples of how we support legacy systems while also supporting modern applications.