Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Within this website:
External resources:
Within this website:
External resources:
  • the dblp Computer Science Bibliography

Dagstuhl Seminar 09073

Model-Based Design of Trustworthy Health Information Systems

( Feb 11 – Feb 14, 2009 )

(Click in the middle of the image to enlarge)

Please use the following short url to reference this page:




Press Room

Press Review


New technologies for Health Information Systems (HIS) offer a revolutionary new way for the interaction between medical patients and Healthcare providers. Although healthcare like other information-intensive industries has developed and deployed standards-based, secure information infrastructures it is still dependent upon paper records and fragmented, error-prone approaches to service delivery. Thus healthcare has been characterized as a ‘trillion dollar cottage industry’. One of the main concerns is security and privacy that needs to be organically integrated into HIS architectures. Widely cited reports of the U.S. Institute of Medicine and National Research Council have documented weaknesses in information security related to healthcare, the costs and impact of medical errors (a substantial proportion of which involve a component of information mismanagement), lack of a systems approach to complex, team-oriented interdisciplinary care, and the unrealized potential of using the Internet to improve the quality and availability of healthcare services.

How can Health Information Systems help?

Complementing the recognition of the weaknesses are three major drivers that push the healthcare industry towards radical change: (1) the dramatic increase of genetic information and the opening opportunity to provide personalized healthcare, (2) the economic pressures to move healthcare from institutions toward homes, and (3) the rapidly increasing use of Internet and information appliances in society. This fundamental change will be enabled by advanced information technology, including ubiquitous communication and sensing, extensive use of web portals as a central point of access for communication and documentation of health care efficiency. Quality of patient specificity will be achieved via extensive use of clinical decision support systems combined with automated event monitors.

What are the key challenges?

HIS shall support patients and also doctors, nurses, paramedicals and other health care providers in diagnosing, treating and supporting patients. Health care is not only a health but also a life and death issue. In this existential situation patients have to trust on caregivers and both patients and caregivers depend on the trustworthiness of the information systems used. Not only the highly delicate relation between caregivers and patients but also the data related to this situation need particular protection from misuse. But unfortunately privacy and security requirements are frequently expressed in vague, contradictory and complex laws and regulations; it is a major concern that requires new approaches in systems design. Trustworthy HIS need to provide effective, high quality support for providing the best care for patients but without compromising their privacy, security and safety.

How to solve these challenges?

End-to-end architecture modeling integrated with privacy and security models offer new opportunities for system designers and end users. Model-based approaches to HIS are investigated extensively in Europe and in the US. While initial results show promise, many fundamental problems remained unsolved, such as modeling of privacy and security policies, and verification of their consistency, and compliance to requirements. HIS requires new architectures that are sufficiently flexible to support personalized health care without causing harm and can be adapted to changing policies.

Goals and Expected Results

The goal of this seminar was to help the computer science community understanding the unique challenges of this field and offer insight for HIS developers in the state of the art in model-based design technologies. The objective was to understand the challenges and promising approaches in HIS design as the intersection of five major areas: health information systems, model-based software and systems design, reliability, security and privacy science, enterprise information systems and legal policy. The seminar combined presentations with discussions in groups and in the plenary.

  • Ruth Breu (Universität Innsbruck, AT) [dblp]
  • Oliver Burgert (Universität Leipzig, DE)
  • Thomas Bürkle (Universität Erlangen-Nürnberg, DE)
  • Lori A. Clarke (University of Massachusetts - Amherst, US) [dblp]
  • Anupam Datta (Carnegie Mellon University - Pittsburgh, US) [dblp]
  • Gerard Freriks (Conexis - Buitenkaag, NL)
  • Carl A. Gunter (University of Illinois - Urbana-Champaign, US) [dblp]
  • Michael Hafner (Universität Innsbruck, AT)
  • Patrick Hung (UOIT - Oshawa, CA)
  • Frank Innerhofer-Oberperfler (Universität Innsbruck, AT)
  • Christoph Isele (Siemens Medical Solutions - Berlin, DE)
  • Martin Jason (Vanderbilt University School of Medicine, US)
  • Jan Jürjens (TU Dortmund, DE) [dblp]
  • Basel Katt (Universität Innsbruck, AT)
  • Bradley Malin (Vanderbilt University - Nashville, US) [dblp]
  • Lorenzo D. Martino (Purdue University - West Lafayette, US)
  • Fabio Massacci (University of Trento, IT) [dblp]
  • John C. Mitchell (Stanford University, US) [dblp]
  • Leon J. Osterweil (University of Massachusetts - Amherst, US) [dblp]
  • Barbara Paech (Universität Heidelberg, DE) [dblp]
  • Reinhard Posch (TU Graz, AT)
  • Alexander Pretschner (TU München, DE) [dblp]
  • Roland Rieke (Fraunhofer SIT - Darmstadt, DE) [dblp]
  • André Scedrov (University of Pennsylvania - Philadelphia, US)
  • Klaus Schindelwig (Tiroler Landeskrankenanstalten, AT)
  • Vitaly Shmatikov (University of Texas - Austin, US) [dblp]
  • Martin Staemmler (Hochschule Stralsund, DE)
  • Ketil Stølen (SINTEF - Oslo, NO) [dblp]
  • Janos Sztipanovits (Vanderbilt University, US) [dblp]
  • Alfred Winter (Universität Leipzig, DE)
  • Rebecca Wright (Rutgers University - Piscataway, US)

  • modelling / simulation
  • security / cryptography
  • sw-engineering
  • Interdisciplinary with non-informatics-topic: Health Information Systems

  • trustworthy systems
  • health information systems
  • model-based design
  • security policies
  • service oriented architecture