The Australian PCEHR system: Ensuring Privacy and Security through an Improved Access Control Mechanism

An Electronic Health Record (EHR) is designed to store diverse data accurately from a range of health care providers and to capture the status of a patient by a range of health care providers across time. Realising the numerous benefits of the system, EHR adoption is growing globally and many countries invest heavily in electronic health systems. In Australia, the Government invested $467 million to build key components of the Personally Controlled Electronic Health Record (PCEHR) system in July 2012. However, in the last three years, the uptake from individuals and health care providers has not been satisfactory. Unauthorised access of the PCEHR was one of the major barriers. We propose an improved access control model for the PCEHR system to resolve the unauthorised access issue. We discuss the unauthorised access issue with real examples and present a potential solution to overcome the issue to make the PCEHR system a success in Australia.

[1]  G. Voerman,et al.  Review Article: Effectiveness of Patient Care Teams and the Role of Clinical Expertise and Coordination , 2009, Medical care research and review : MCRR.

[2]  Vimla L. Patel,et al.  Considering complexity in healthcare systems , 2011, J. Biomed. Informatics.

[3]  Ning Zhang,et al.  A Purpose-Based Access Control Model , 2007 .

[4]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[5]  Qi Shi,et al.  Journal of Information Assurance and Security , 2009 .

[6]  Sérgio Shiguemi Furuie,et al.  A contextual role-based access control authorization model for electronic patient record , 2003, IEEE Transactions on Information Technology in Biomedicine.

[7]  Christopher Pearce,et al.  Electronic medical records--where to from here? , 2009, Australian family physician.

[8]  Xuemin Shen,et al.  PEACE: An efficient and secure patient-centric access control scheme for eHealth care system , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[9]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[10]  Shon Harris,et al.  CISSP All-in-One Exam Guide , 2001 .

[11]  Elisa Bertino,et al.  Building access control policy model for privacy preserving and testing policy conflicting problems , 2014, J. Comput. Syst. Sci..

[12]  Ramaswamy Chandramouli,et al.  Role-Based Access Control (2nd ed.) , 2007 .

[13]  Ji Zhang,et al.  Outlier detection from large distributed databases , 2013, World Wide Web.

[14]  Bradley Malin,et al.  Learning relational policies from electronic health record access logs , 2011, J. Biomed. Informatics.

[15]  D. McInnes,et al.  General practitioners’ use of computers for prescribing and electronic health records: results from a national survey , 2006, The Medical journal of Australia.

[16]  Renato Iannella,et al.  Privacy oriented access control for electronic health records , 2012, WWW 2012.

[17]  Cátia Santos-Pereira,et al.  A secure RBAC mobile agent access control model for healthcare institutions , 2013, Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems.

[18]  Mark Evered,et al.  A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.

[19]  Yanchun Zhang,et al.  Securing Electronic Medical Record and Electronic Health Record Systems Through an Improved Access Control , 2015, HIS.

[20]  Yanchun Zhang,et al.  A flexible payment scheme and its role-based access control , 2005, IEEE Transactions on Knowledge and Data Engineering.