Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective

E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.

[1]  Snezana Sucurovic An Approach to Access Control in Electronic Health Record , 2009, Journal of Medical Systems.

[2]  Kirk J. Nahra HIPAA Security Enforcement Is Here , 2008, IEEE Security & Privacy.

[3]  Kaija Saranto,et al.  Definition, structure, content, use and impacts of electronic health records: A review of the research literature , 2008, Int. J. Medical Informatics.

[4]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for electronic healthcare services , 2011, Comput. Secur..

[5]  Dipak Kalra,et al.  Inter-organizational future proof EHR systems: A review of the security and privacy related issues , 2009, Int. J. Medical Informatics.

[6]  Hamid A. Jalab,et al.  Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance , 2010 .

[7]  Tian-ge Zhuang,et al.  A Region-Based Lossless Watermarking Scheme for Enhancing Security of Medical Data , 2009, Journal of Digital Imaging.

[8]  Stefan Fenz,et al.  Pseudonymization for improving the Privacy in E-Health Applications , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[9]  G. Datta,et al.  Personal Health Record (PHR) in a Talisman: An Approach to Providing Continuity of Care in Developing Countries Using Existing Social Customs , 2007, 2007 9th International Conference on e-Health Networking, Application and Services.

[10]  Norm Archer,et al.  Electronic Personal Health Record Systems: A Brief Review of Privacy, Security, and Architectural Issues , 2009, 2009 World Congress on Privacy, Security, Trust and the Management of e-Business.

[11]  Daniel Slamanig,et al.  Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient's Privacy , 2009, BIOSTEC.

[12]  Bernhard Riedl,et al.  Assuring integrity and confidentiality for pseudonymized health data , 2010, ECTI-CON2010: The 2010 ECTI International Confernce on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology.

[13]  Robert Steele,et al.  Role-Based Access To Portable Personal Health Records , 2009, 2009 International Conference on Management and Service Science.

[14]  Amy N. Cohen,et al.  Review paper: Informatics Systems to Promote Improved Care for Chronic Illness: A Literature Review , 2007, J. Am. Medical Informatics Assoc..

[15]  Chia-Hung Hsiao,et al.  Privacy preservation and information security protection for patients' portable electronic health records , 2009, Comput. Biol. Medicine.

[16]  Amy L McGuire,et al.  Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider , 2008, Genetics in Medicine.

[17]  Thomas Neubauer,et al.  A methodology for the pseudonymization of medical data , 2011, Int. J. Medical Informatics.

[18]  Batami Sadan Patient data confidentiality and patient rights , 2001, Int. J. Medical Informatics.

[19]  Steven R Simon,et al.  Electronic health records: use, barriers and satisfaction among physicians who care for black and Hispanic patients. , 2009, Journal of evaluation in clinical practice.

[20]  Annie I. Antón,et al.  Evaluating existing security and privacy requirements for legal compliance , 2009, Requirements Engineering.

[21]  Janine S. Hiller,et al.  Privacy and Security in the Implementation of Health Information Technology (Electronic Health Records): U.S. and EU Compared , 2011 .

[22]  Maryam Ahmadi,et al.  Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study , 2010, Journal of Medical Systems.

[23]  Hee Jeong Cheong,et al.  Improving Korean Service Delivery System in Health Care: Focusing on National E-health System , 2009, 2009 International Conference on eHealth, Telemedicine, and Social Medicine.