Date of Publication: 30-Nov--0001
Confidentiality in Electronic Health Records Systems: a Review
Author: Assiya El Kettani, Samy Housban, Zineb Serhier, Mohammed Bennani Othmani
Category: JMSR e-Health
Confidentiality in Electronic Health Records systems (EHRs) entails that only authorized users can access information. It is related to transmission and storage security, but also proper authorization so that users can only access information they need to access. It is considered as one of the main concerns in implementing digital health records, in order to ensure continuity of care records and coordination between caregivers. This work focuses on listing and discussing legal issues and standards in health informatics security, data protection technics, access control methods and rights to access to data in EHRs. It also gives an overview of the Moroccan legislation on automatic processing of health data. These confidentiality sides should be considered to develop a safe efficient standard-based model of management of access to data, considering social and cultural factors. However, there are still challenges in making EHRs accessible to patients and the lack of common standards worldwide still constitute a barrier for an inter-organizational security.
Keywords: Confidentiality, Electronic Health Records, Information System
1. Ahmadi M, Rezaee P, Shahmoradi L. Electronic Health Records: Structure, Content and Evaluation. Tehran, Iran: Jafari; 2008.
2. Goetz Goldberg D, Kuzel AJ, Feng LB, DeShazo JP, Love LE. EHRs in Primary Care Practices: Benefits, Challenges and Successful Strategies. Am J Manag Care. 2012 Feb 1;18 (2):e48-54.
3. Bell B, Thornton K. From promise to reality achieving the value of an EHR. Healthc Financ Manage. 2011 Feb; 65 (2):50-6.
4. Fowler SA, Yaeger LH, Yu F, Doerhoff D, Schoening P, Kelly B. Electronic health record: integrating evidence-based information at the point of clinical decision making. J Med Libr Assoc. 2014 Jan; 102(1): 52-55.
5. Allard T, Anciaux N, Bouganim L, Guo Y, Folgoc LL, Nguyen B et al. Secure personal data servers: a vision paper. PVLDB journal. 2010 ; 3 (1): 25-35
6. National Institute of Standards and Technology Computer Security Division. An Introduction to Computer Security: The NIST Handbook. U.S. Department of Commerce. Gaithersburg, MD: NIST; 1995:5.
7. Dehling T, Sunyaev A. Information Security and Privacy of Patient-Centered Health IT Services: What needs to be done? 47th Hawaii International Conference on System Science 2014 (HICSS '14). IEEE Computer Society, Washington, DC, USA, 2984-2993.
8. Venot A, Burgun A, Qunatin C. Informatique Médicale, e-Santé - Fondements et applications. France Springer-Verlag, 2013. http://www.springer.com/us/book/9782817803371.
9. Bouhaddou O, Cromwell T, Davis M, Maulden S, Hsing N, Carlson D et al. Translating standards into practice. Experience and lessons learned at the Department of Veterans Affairs. J Biomed Inform. 2012 Aug;45(4):813-23
10. Fernández-Alemán JL, Señor IC, Lozoya PÁ, Toval A. Security and privacy in electronic health records: a systematic literature review. J Biomed Inform. 2013 Jun; 46(3):541-62.
11. Fiza A R, Zuraini I, Ganthan Narayana S. Security Issues in Electronic Health Record. Open International Journal of Informatics 2013 (1): 59-68.
12. Ferraiolo D F, Sandhu R, Gavrila S, Kuhn D R, Chandramouli R. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 2001 4 (3): 224-274
13. Beard L, Schein R, Morra D, Wilson K, Keelan J. The challenges in making electronic health records accessible to patients. JAMIA 2012, 19(1): 116-120
14. Neubauer J. Heurix A. Methodology for the pseudonymization of medical data. Int J Med Inform 2011, 80 (3): 190-204
15. EFF Surveillance Self-Defense Project. What is Encryption?
16. Foster l, Zhao Y, Raicu L and Lu S. Cloud Computing and Grid Computing 360-Degree Compared, The Grid Computing Environments Workshop (GCE), Austin, TX, USA, 2008: 1-10.
17. AbuKhousa E, Mohamed N, and Al-Jaroodi J. E-Health Cloud: Opportunities and Challenges, Future Internet, 2012, 4 (3): 621-645.
18. Griebel L, Prokosch HU, Köpcke F, Toddenroth D, Christoph J, Leb I et al. A scoping review of cloud computing in healthcare. BMC Med Inform Decis Mak. 2015 Mar 19;15:17
19. CNDP http://www.cndp.ma/
20. AFAPDP http://www.afapdp.org/archives/1538