Skip to main content
SpringerLink
Log in
Book cover

Handbook of Medical and Healthcare Technologies pp 401–416Cite as

Security of the Electronic Medical Record

  • Chapter
  • First Online:

Abstract

The shift to the networked world, that has been made possible by the explosive increase in the provision of broadband services not only to organizations but to individuals as well, allows making much better use of health information, but it also exposes this same information to a variety of threats that would not otherwise exist. These threats may, if not appropriately countered, seriously affect the security of health information and the privacy of the underlying subjects. Security and privacy technologies have grown tremendously over the past twenty years and still continue to be a field of intensive research. The result is an extensive arsenal of technological solutions to a variety of security problems. Nevertheless, healthcare organizations suffer regularly from information security breaches. This is due to the fact that security is more than erecting physical and electronic barriers; these are practically useless without an information security management system in place. This chapter presents a manager’s roadmap for securing the electronic medical record.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. http://www.transparencymarketresearch.com/healthcare-cloud-computing.html. Accessed 30 January 2013.

  2. http://www.frost.com/prod/servlet/press-release.pag?docid=267265445. Accessed 30 January 2013.

  3. HIMSS, 5th Annual HIMSS Security Survey, December 12, 2012, available at http://www.himss.org/content/files/2012_HIMSS_SecuritySurvey.pdf. Accessed 30 January 2013.

  4. B. Schneier, Economics and Information Security, June 29, 2006, http://www.schneier.com/blog/archives/2006/06/economics_and_i_1.html. Accessed January 30, 2013.

  5. D. Garets, M. Davis, “Electronic Medical Records vs. Electronic Health Records: Yes, there is a difference”, A HIMSS Analytics White Paper, January 26, 2006. Available at http://www.himssanalytics.org/docs/wp_emr_ehr.pdf. Accessed 30 January 2013.

  6. ISO, “Health Informatics—Requirements for an Electronic Health Record Architecture”, ISO/TS 18308, 2003.

    Google Scholar 

  7. ISO, “Health Informatics—Electronic Health Record—Definition, scope and context”, ISO/TR 20514, 2005.

    Google Scholar 

  8. P. Tang, J. Ash, D. Bates, J. Overhage, D. Sands, “Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption”, J. of American Medical Informatics Association, Vol. 13, no. 2, 2006, pp. 121–126.

    Google Scholar 

  9. R. Zhang, L. Liu, “Security models and requirements for healthcare application clouds”, in Proceedings, 3rd International Conference on Cloud Computing (CLOUD), IEEE Press, pp. 268–275, 2010. Available at http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/index.html. Accessed 30 January 2013.

  10. National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook, US Department of Commerce, 1995.

    Google Scholar 

  11. A. Pouloudi, “Focus: Conflicting concerns over the privacy of electronic medical records in the NHSnet”, Business Ethics, vol. 6, no. 2, 1997.

    Google Scholar 

  12. S. D. Warren, L. D. Brandeis, “The right to privacy”, Harvard Law Review, vol. 4, issue 193, 1890.

    Google Scholar 

  13. S. Katsikas, J. Lopez, G. Pernul, “The challenge for security and privacy services in distributed health settings”, in B. Blobel, P. Pharow, M. Nerlich (Eds.), eHealth: Combining health telematics, telemedicine, biomedical engineering and bionfiromatics to the edge, IOS Press, 2008, pp. 113–125.

    Google Scholar 

  14. ISO/IEC, “Health Informatics—Information security management in health using ISO/IEC 27002”, ISO/IEC 27799, 2008.

    Google Scholar 

  15. American Health Information Management Association, “Auditing copy and paste”, Journal of American Health Information Management Association, vol. 80, issue 1, 2009, pp. 26–29.

    Google Scholar 

  16. L. B. Harman, C. A. Flite, K. Bond, ”Electronic Health Records: Privacy, Confidentiality and Security”, Virtual Mentor, Vol. 14, number 9, 2012, pp. 712–719.

    Google Scholar 

  17. G. Narayana Samy, R. Ahmad, Z. Ismail, “Security threats categories in healthcare information systems”, Health Informatics Journal, Vol. 16, number 3, 2010, pp. 201–209.

    Google Scholar 

  18. I. Maglogiannis, E. Zafiropoulos, “Modeling risk in distributed healthcare information systems”, in Proceedings of 28\(^{th}\) Annual International Conference of the IEEE on Engineering in Medical and Biology Society (EMBS), 2006, pp. 5447–5450.

    Google Scholar 

  19. I. Maglogiannis, E. Zafiropoulos, A. Platis, C. Lambrinoudakis, “Risk analysis of a patient monitoring system using Bayesian network modelling”, Journal of Biomedical Informatics, Vol. 39, 2006, pp. 637–647.

    Google Scholar 

  20. ENISA, Being diabetic in 2011: Identifying emerging and future risks in remote health monitoring and treatment, 2009.

    Google Scholar 

  21. http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html. Accessed 14 April 2013.

  22. http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/. Accessed 14 April 2013.

  23. http://healthcare.partners.org/phsirb/hipaaglos.htm. Accessed 14 April 2013.

  24. http://www.hhs.gov/ocr/hipaa. Accessed 14 April 2013.

  25. S. Kahn, V. Sheshadri, “Medical record privacy and security in a digital environment”, IT Pro, March/April, 2008, pp. 46–52.

    Google Scholar 

  26. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/. Accessed 14 April 2013.

  27. http://www2.ftc.gov/opa/2009/08/hbn.shtm. Accessed 14 April 2013.

  28. K. T. Win, “A review of security of electronic health records”, Health Information Management, Vol. 34, no. 1, 2005, pp. 13–18.

    Google Scholar 

  29. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:NOT. Accessed 14 April 2013.

  30. M. Verschuuren et al., “The European data protection legislation and its consequences for public health monitoring: a plea for action”, European Journal of Public Health, Vol. 18, no. 6, 2008, pp. 550–551.

    Google Scholar 

  31. R. Clark, “Implications of the EU data protection directive and council of Europe recommendations for healthcare establishments”, In The ISHTAR Consortium (Eds.), Implementing Secure Healthcare Telematics Applications in Europe, IOS Press, 2001, pp. 33–52.

    Google Scholar 

  32. C. Laske, “Legal liability for telemedicine and healthcare networking”, in The ISHTAR Consortium (Eds.), Implementing Secure Healthcare Telematics Applications in Europe, IOS Press, 2001, pp. 53–100.

    Google Scholar 

  33. http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm. Accessed 14 April 2013.

  34. http://www.imia-medinfo.org/new2/pubdocs/Ethics_Eng.pdf. Accessed 14 April 2013.

  35. http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_024277.hcsp?dDocName=bok1_024277. Accessed 14 April 2013.

  36. ISO/IEC, “Information technology—Security techniques—Code of practice for information security management”, ISO/IEC 27002, 2005.

    Google Scholar 

  37. http://www.27000.org/iso-27002.htm. Accessed 14 April 2013.

  38. http://www.iso.org/iso/catalogue_detail?csnumber=41298. Accessed 14 April 2013.

  39. S. Katsikas, “Risk Management”, in J. Vacca (Ed.), Computer and Information Security Handbook, Morgan Kaufmann, 2009.

    Google Scholar 

  40. ISO/IEC, “Information technology—security techniques—information security risk management”, ISO/IEC 27005:2011 (E).

    Google Scholar 

  41. S. K. Katsikas, S. Kokolakis, “High-level Security Policies for Health Care Establishments”, in B. Blobel (Ed). Health Informatics, IOS Press, 2003, pp. 98–104.

    Google Scholar 

  42. C. Cresson-Wood, Information Security Policies Made Easy, Baseline Software, USA, 1991.

    Google Scholar 

  43. S. K. Katsikas, D. G. Gritzalis, “The Need for a Security Policy in Health Care Institutions”, Int. J. of Biomedical Computing, Vol. 35 (Suppl.), 1994, pp 73–81.

    Google Scholar 

  44. S. K. Katsikas, D. Gritzalis, “High Level Security Policy Guidelines”, in Data Security for Health Care, Vols I-III, The SEISMED Consortium (Eds), IOS Press, 1996, pp. 57–81 (Vol. I), 164–188 (Vol. II), 53–77 (Vol. III).

    Google Scholar 

  45. S. K. Katsikas, “Health Care Management and Information Systems Security: Awareness, Training or Education?”, Int. J. of Medical Informatics, Vol. 60, 2000, pp. 129–135.

    Google Scholar 

  46. J. Davey, “IT security training”, in: ISHTAR Consortium (Eds.), in The ISHTAR Consortium (Eds.), Implementing Secure Healthcare Telematics Applications in Europe, IOS Press, 2001, pp. 149–166.

    Google Scholar 

  47. G. Aggelinos, S. Katsikas, “Enterprise Recovery in Health Care”, in P. Bath, K. Albright, T. Norris (Eds.), Proceedings of the 12th International Symposium on Health Information Management Research - ISHIMR, 2007, pp 63–73.

    Google Scholar 

  48. ISO/IEC, “Information technology–Security techniques—Guidelines for information and communications technology disaster recovery services”, ISO/IEC 24762:2008.

    Google Scholar 

  49. M. Swanson, P. Bowen, A. W. Phillips, D. Gallup, D. Lynes, Contingency Planning Guide for Federal Information Systems, NIST Special Publication 800–34 Rev. 1, available at http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf. Accessed 14 April 2013.

  50. ISO/IEC, “Information technology—Security techniques—Information security incident management”, ISO/IEC TR 18044, 2004.

    Google Scholar 

  51. G. Aggelinos, S. K. Katsikas, “Disaster Recovery Analysis and Management Method (DRAMM): An IT Management tool”, in Proceedings, Panhellenic Conference on Informatics (PCI) 2012, Piraeus, Greece, IEEE Press, 2012.

    Google Scholar 

  52. D. Gritzalis, K. Mavroudakis, S. K. Katsikas, “Developing a European Computer Security Incident Reporting Service for Health Care”, in The ISHTAR Consortium (Eds.), Implementing Secure Healthcare Telematics Applications in Europe, IOS Press, 2001, pp. 181–248.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Digital Systems, University of Piraeus, Piraeus, Greece

    Sokratis K. Katsikas

Authors
  1. Sokratis K. Katsikas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sokratis K. Katsikas .

Editor information

Editors and Affiliations

  1. Florida Atlantic University Dept. of Computer Science & Engineering, Boca Raton, Florida, USA

    Borko Furht

  2. Department of Computer Science and Engineering, Florida Atlantic University, Boca Raton, Florida, USA

    Ankur Agarwal

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this chapter

Cite this chapter

Katsikas, S.K. (2013). Security of the Electronic Medical Record. In: Furht, B., Agarwal, A. (eds) Handbook of Medical and Healthcare Technologies. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-8495-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-8495-0_18

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-8494-3

  • Online ISBN: 978-1-4614-8495-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation