Access control: how can it improve patients' healthcare?

The Electronic Medical Record (EMR) is a very important support tool for patients and healthcare professionals but it has some barriers that prevent its successful integration within the healthcare practice. These barriers comprise not only security concerns but also costs, in terms of time and effort, as well as relational and educational issues that can hinder its proper use. Access control is an essential part of the EMR and provides for its confidentiality by checking if a user has the necessary rights to access the resources he/she requested. This paper comprehensively reviews the published material about access control in healthcare. The review reveals that most of the access control systems that are published in the literature are just studies or prototypes in which healthcare professionals and patients did not participate in the definition of the access control policies, models or mechanisms. Healthcare professionals usually needed to change their workflow patterns and adapt their tasks and processes in order to use the systems. If access control could be improved according to the users' needs and be properly adapted to their workflow patterns we hypothesise that some of the barriers to the effective use of EMR could be reduced. Then EMR could be more successfully integrated into the healthcare practice and provide for better patient treatment.

[1]  J. Wyatt,et al.  Evaluating computerised health information systems: hard lessons still to be learnt , 2003, BMJ : British Medical Journal.

[2]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[3]  Ab R. Bakker,et al.  Access to EHR and access control at a moment in the past: a discussion of the need and an exploration of the consequences , 2004, Int. J. Medical Informatics.

[4]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[5]  Lisa Sprague,et al.  Electronic health records: How close? How far to go? , 2004, NHPF issue brief.

[6]  Benita Cox,et al.  Potential impacts of patient access to their electronic care records. , 2005, Informatics in primary care.

[7]  Ricardo João Cruz Correia,et al.  Integration of hospital data using agent technologies - A case study , 2005, AI Commun..

[8]  Peter Alterman The US Federal PKI and the Federal Bridge Certification Authority , 2001, Comput. Networks.

[9]  Bernd Blobel,et al.  Authorisation and access control for electronic health record systems , 2004, Int. J. Medical Informatics.

[10]  Janice Redish,et al.  User and task analysis for interface design , 1998 .

[11]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[12]  Edward D. Lemaire,et al.  A secure web-based approach for accessing transitional health information for people with traumatic brain injury , 2006, Comput. Methods Programs Biomed..

[13]  P. Lehoux The problem of health technology : policy implications for modern health care systems , 2006 .

[14]  I. Sim,et al.  Physicians' use of electronic medical records: barriers and solutions. , 2004, Health affairs.

[15]  Chen-Tan Lin,et al.  Review Paper: The Effects of Promoting Patient Access to Medical Records: A Review , 2003, J. Am. Medical Informatics Assoc..

[16]  Amy Butros,et al.  Research Paper: Giving Patients Access to Their Medical Records via the Internet: The PCASSO Experience , 2002, J. Am. Medical Informatics Assoc..

[17]  Ana Silva,et al.  Why facilitate patient access to medical records. , 2007, Studies in health technology and informatics.

[18]  Robert H. Miller,et al.  Physician use of IT: results from the Deloitte Research Survey. , 2004, Journal of healthcare information management : JHIM.

[19]  Shon Harris,et al.  CISSP All-in-One Exam Guide , 2001 .