Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study

A growing capacity of information technologies in collection, storage and transmission of information in unprecedented amounts has produced significant problems about the availability of wide limit of the consumers of Electronic Health Records of Patients. With regard to the existence of many approaches to developing Electronic Health Records, the basic question is what kind of Model is suitable for the guarantee of the security of Electronic Health Records? The present study is a descriptive–comparative investigation conducted in Iran in 2007, along with comparisons made Electronic health records information security requirements of Australia, Canada, England and U.S.A with. The research was based on the study of texts such as articles, library’s books and journals and reliable websites from 1992 to 2006. Based on the collected data, a primary Model was designed. The Delphi Technique was offered to evaluate the questionnaire and final Model was designed and proposed. Australia, Canada, England and U.S.A have requirements related to organizing information security, classifying and controlling information asset, security of human resources, environmental and physical security, Operational and communication management security, information access control security and development and Maintenance security of Electronic Health Records information systems. In the U.S.A, the above security requirements are presented in administrative, Physical and Technical safeguards. Based on the research findings, a comprehensive model of electronic health record security requirements in seven pivots is presented for Iran. This model is a collection of EHR security requirements from studied countries. The studied countries are solely subject to part of elements of this model. The suggested model is different from the ones used in other countries in some respects and is recommended for application in Iran.