Security and privacy of electronic health records: Concerns and challenges

Abstract Electronic Medical Records (EMRs) can provide many benefits to physicians, patients and healthcare services if they are adopted by healthcare organizations. But concerns about privacy and security that relate to patient information can cause there to be relatively low EMR adoption by a number of health institutions. Safeguarding a huge quantity of health data that is sensitive at separate locations in different forms is one of the big challenges of EMR. A review is presented in this paper to identify the health organizations’ privacy and security concerns and to examine solutions that could address the various concerns that have been identified. It shows the IT security incidents that have taken place in healthcare settings. The review will enable researchers to understand these security and privacy concerns and solutions that are available.

[1]  Douglas H. Fernald,et al.  Electronic Health Record Challenges, Workarounds, and Solutions Observed in Practices Integrating Behavioral Health and Primary Care , 2015, The Journal of the American Board of Family Medicine.

[2]  C Jason Wang,et al.  The HIPAA conundrum in the era of mobile health and communications. , 2013, JAMA.

[3]  Clemens Scott Kruse,et al.  Security Techniques for the Electronic Health Records , 2017, Journal of Medical Systems.

[4]  Andrew J. Rohm,et al.  Just what the doctor ordered: The role of information sensitivity and trust in reducing medical information privacy concern , 2004 .

[5]  Qingxiong Ma,et al.  An Integrated Framework for Information Security Management , 2009 .

[6]  E. S. Hunter Electronic Health Records in an Occupational Health Setting—Part I. A Global Overview , 2013 .

[7]  Ali Sunyaev,et al.  Secure provision of patient-centered health information technology services in public networks—leveraging security and privacy features provided by the German nationwide health information technology infrastructure , 2014, Electron. Mark..

[8]  B. B. Zaidan,et al.  MIRASS: Medical Informatics Research Activity Support System Using Information Mashup Network , 2014, Journal of Medical Systems.

[9]  Dean F Sittig,et al.  A new sociotechnical model for studying health information technology in complex adaptive healthcare systems , 2010, Quality and Safety in Health Care.

[10]  Jernej Završnik,et al.  Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues? , 2013, Journal of medical Internet research.

[11]  Nor Badrul Anuar,et al.  The landscape of research on smartphone medical apps: Coherent taxonomy, motivations, open challenges and recommendations , 2015, Comput. Methods Programs Biomed..

[12]  B. B. Zaidan,et al.  Systematic Review of Real-time Remote Health Monitoring System in Triage and Priority-Based Sensor Technology: Taxonomy, Open Challenges, Motivation and Recommendations , 2018, Journal of Medical Systems.

[13]  B. B. Zaidan,et al.  A security framework for mHealth apps on Android platform , 2018, Comput. Secur..

[14]  M. Ufuk Çaglayan,et al.  Trust assessment of security for e-health systems , 2014, Electron. Commer. Res. Appl..

[15]  Kuang-Ming Kuo,et al.  How Do Patients Respond to Violation of Their Information Privacy? , 2014, Health information management : journal of the Health Information Management Association of Australia.

[16]  Vasa Curcin,et al.  Possible Sources of Bias in Primary Care Electronic Health Record Data Use and Reuse , 2018, Journal of medical Internet research.

[17]  Ritu Agarwal,et al.  The Digitization of Healthcare: Boundary Risks, Emotion, and Consumer Willingness to Disclose Personal Health Information , 2011, Inf. Syst. Res..

[18]  Jessica S. Ancker,et al.  Consumer experience with and attitudes toward health information technology: a nationwide survey , 2013, J. Am. Medical Informatics Assoc..

[19]  B. B. Zaidan,et al.  Meeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing , 2014, Journal of Medical Systems.

[20]  Hasan Sarwar,et al.  Blockchain-Based Information Security of Electronic Medical Records (EMR) in a Healthcare Communication System , 2020 .

[21]  David W. Bates,et al.  Leveraging health information technology to achieve the "triple aim" of healthcare reform , 2015, J. Am. Medical Informatics Assoc..

[22]  Ammar Almomani,et al.  Enhancing the Security of Exchanging and Storing DICOM Medical Images on the Cloud , 2018, Int. J. Cloud Appl. Comput..

[23]  Todd Cooper,et al.  Technology risk assessment in healthcare facilities. , 2013, Biomedical instrumentation & technology.

[24]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[25]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[26]  David Gefen,et al.  The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online , 2010, Decis. Support Syst..

[27]  Li Li,et al.  Deep Patient: An Unsupervised Representation to Predict the Future of Patients from the Electronic Health Records , 2016, Scientific Reports.

[28]  K. Win A Review of Security of Electronic Health Records , 2005, Health information management : journal of the Health Information Management Association of Australia.

[29]  D. Ledbetter,et al.  The Geisinger MyCode Community Health Initiative: an electronic health record-linked biobank for Precision Medicine research , 2015, Genetics in Medicine.

[30]  Marcie C. Jannetti Safeguarding patient information in electronic health records , 2014 .

[31]  Isabel de la Torre Díez,et al.  Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective , 2012, Journal of Medical Systems.

[32]  Susan S Woods,et al.  Patient Interest in Sharing Personal Health Record Information , 2011, Annals of Internal Medicine.

[33]  Clemens Scott Kruse,et al.  Health Information Technology Continues to Show Positive Effect on Medical Outcomes: Systematic Review , 2018, Journal of medical Internet research.

[34]  Luc Bouganim,et al.  Secure Personal Data Servers: a Vision Paper , 2010 .

[35]  Muhammad Ghulam,et al.  Edge Computing with Cloud for Voice Disorder Assessment and Treatment , 2018, IEEE Communications Magazine.

[36]  Suanu Bliss Wikina What caused the breach? An examination of use of information technology and health data breaches. , 2014, Perspectives in health information management.

[37]  Ritu Agarwal,et al.  An Empirical Examination of the Importance of Defining the PHR for Research and for Practice , 2006 .

[38]  Patricia Gillard,et al.  Perspectives of Australian adults about protecting the privacy of their health information in statistical databases , 2012, Int. J. Medical Informatics.

[39]  Roger Collier US health information breaches up 137% , 2014, Canadian Medical Association Journal.

[40]  Rüdiger Zarnekow,et al.  Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios , 2013, AMCIS.

[41]  Kaija Saranto,et al.  Definition, structure, content, use and impacts of electronic health records: A review of the research literature , 2008, Int. J. Medical Informatics.

[42]  Melinda Whetstone,et al.  Factors influencing intention to use personal health records , 2009 .

[43]  Thomas A. Horan,et al.  Personal health records , 2011, Health Informatics J..

[44]  Chin-Ling Chen,et al.  A secure electronic medical record authorization system for smart device application in cloud computing environments , 2020, Human-centric Computing and Information Sciences.

[45]  Sean A. Munson,et al.  Social Participation in Health 2.0 , 2010, Computer.

[46]  Heng Xu,et al.  Individuals’ Attitudes Towards Electronic Health Records: A Privacy Calculus Perspective , 2016 .

[47]  V. Liu,et al.  Data breaches of protected health information in the United States. , 2015, JAMA.

[48]  R. Collier New tools to improve safety of electronic health records , 2014, Canadian Medical Association Journal.

[49]  B. B. Zaidan,et al.  Systematic Review of an Automated Multiclass Detection and Classification System for Acute Leukaemia in Terms of Evaluation and Benchmarking, Open Challenges, Issues and Methodological Aspects , 2018, Journal of Medical Systems.

[50]  Anne Holbrook,et al.  Views on health information sharing and privacy from primary care practices using electronic medical records , 2011, Int. J. Medical Informatics.

[51]  Justin Scott Giboney,et al.  The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes , 2018, Journal of medical Internet research.

[52]  D. Agrawal,et al.  Handbook of Research on Cloud Computing and Big Data Applications in IoT , 2019, Advances in Computer and Electrical Engineering.

[53]  Emmanuel Kusi Achampong,et al.  Electronic Health Record (EHR) and Cloud Security: The Current Issues , 2014, CloudCom 2014.