Security of electronic health records in a resource limited setting: The case of smart-care electronic health record in Zambia

This paper presents a case study of security issues related to the operationalization of smart-care, an electronic medical record (EMR) used to manage Human Immunodeficiency Virus (HIV) health information in Zambia. The aim of the smart-care program is to link up services and improve access to health information, by providing a reliable way to collect, store, retrieve and analyse health data in a secure way. As health professionals gain improved access to patient health information electronically, there is need to ensure this information is secured, and that patient privacy and confidentiality is maintained. During the initial stages of the program there were security and confidentiality concerns arising from lost cards and unlimited access by clinical staff. However, the introduction of pin numbers for patient cards and clinical staff access cards with passwords helped address some of the concerns. Nonetheless, public health information technologists still advocate for security that provides more reliable measures that protect devices, networks, transmission, and applications. Since its inception in 2004, Smart-care has expanded to integrate more than 500 health facilities by the end of 2009. In rural and remote locations without internet, smart cards and mobile devices such as laptops are used to transfer data for onward merging with the national database.

[1]  Marc Berg,et al.  Viewpoint Paper: Some Unintended Consequences of Information Technology in Health Care: The Nature of Patient Care Information System-related Errors , 2003, J. Am. Medical Informatics Assoc..

[2]  I. Sim,et al.  Physicians' use of electronic medical records: barriers and solutions. , 2004, Health affairs.

[3]  Andrea Nucita,et al.  Bmc Medical Informatics and Decision Making a Global Approach to the Management of Emr (electronic Medical Records) of Patients with Hiv/aids in Sub-saharan Africa: the Experience of Dream Software , 2008 .

[4]  An information system to manage the rollout of the antiretroviral treatment programme in the Free State. , 2010, Curationis.

[5]  F. Dabis,et al.  Evaluation of Three Sampling Methods to Monitor Outcomes of Antiretroviral Treatment Programmes in Low- and Middle-Income Countries , 2010, PloS one.

[6]  S. Reid,et al.  Opt-out provider-initiated HIV testing and counselling in primary care outpatient clinics in Zambia. , 2011, Bulletin of the World Health Organization.

[7]  Victor R. Prybutok,et al.  Electronic medical records: tools for competitive advantage , 2012 .

[8]  Michael E. Lesk,et al.  Electronic Medical Records: Confidentiality, Care, and Epidemiology , 2013, IEEE Security & Privacy.

[9]  Roderick Neame Effective Sharing of Health Records, Maintaining Privacy: A Practical Schema , 2013, Online journal of public health informatics.

[10]  R. Neame Effective Sharing of Records and Maintaining Privacy , 2013 .

[11]  Tsung-Hung Lin,et al.  A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System , 2013, Journal of Medical Systems.