Abstract
Healthcare has always been a sensitive and a complex process. Rapid strides have been made both in the field of information technology as well as health care successfully integrating both for better facilities and services offered by the health-givers. Electronic health records (EHRs) is the product of this integration and forms an integral part of the automated healthcare system. Accessing of EHR by each stakeholder complements the issues of data disclosure, confidentiality, authenticity and privacy that are likely to occur due to many reasons. This paper aims at studying and identifying security threats to EHR in the hospital information system currently prevailing in the hospitals (HIS). It further categorizes the threats based on security characteristics and rates them on the basis of impact and magnitude of loss to the patients. The paper highlights real-time scenarios with each as an important requirement of the health-givers on one hand, can also be a reason of security breaches on other hand. It concludes by listing challenges and recommendations to curb security threats commonly found in the physical setup of healthcare environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Fisher, S.R., Creusat, J.-P., McNamara, D.A.: 2008 McKesson Corporation, Improving Physician Adoption of CPOE Systems, http://www.strategiestoperform.com/volume3_issue2/docs/ImprovingPhysicianAdoption.pdf
Lin, S.-C., Tsai, W.-H., Tseng, S.-S., Tzeng, W.-G., Yuan, S.-M.: A framework of high confidence e-healthcare information system. In: International Conference WWW/Internet 2003 (2003)
Alanazi, H.O., Jalab, H.A., Alam, G.M., Zaidan, B.B., Zaidan, A.A.: Security characteristics: Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. Journal of Medicinal Plants Research 4(19), 2059–2074 (2010)
Fernando, J.: Jabberwocky, The Nonsense of Clinician Ehealth Security. International Journal of Digital Society (IJDS)Â 1(3) (September 2010)
Omary, Z., Lupiana, D., Mtenzi, F., Wu, B.: School of Computing, Dublin Institute of Technology, Tanzania Case, Analysis of the Challenges Affecting E-healthcare Adoption in Developing Countries: A Case of Tanzania. International Journal of Information Studies 2(1) (2010)
HIPAA Compliance Review Analysis and Summary of Results, Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS), Reviews, 2008 HIPAA Compliance Reviews CMS Office of E-Health Standards and Services (2008)
Appari, A., Johnson, M.E.: Information Security and Privacy in Healthcare: Current State of Research (August 2008)
Patients’ and Citizens Task Force of the European Health Telematics Association (EHTEL), Angelica Frithiof, Rod Mitchell, IAPO, Nicola Bedlington, European Patients Forum, Harm Jan Roelants, Jean Luc Bernard, Le CISS, Johan Hjertqvist, David Garwood, Formulation of policies and standards: The Electronic Health Record, A Position Paper, 25 September (2006)
Gostin, L.O., Turek-Brezina, J., Powers, M., Kozloff, R., Faden, R., Steinauer, D.D.: Privacy and security of personal information in a new health care system. The Journal of the American Medical Association 270(20), 2487–2493 (1993)
The Department of Information Technology (DIT) (Ministry of Communication & Information Technology (MCIT)) with the support of the project Implementation Agency Apollo Health Street Limited (AHSL), Framework for Information Technology Infrastructure for Health, vol. I, II (2004)
Wainer, J., Campos, C.J.R., Salinas, M.D.U., Sigulem, D.: Security Requirements for a Lifelong Electronic Health Record System: An Opinion. Open Med. Inform. Journal 2, 160–165 (2008)
Electronic Health Records: Manual for Developing Countries, © World Health Organization (2006)
2011 HIMSS Security Survey, © 2011 Healthcare Information and Management Systems Society, supported by The Medical Group Management Association (MGMA) (November 2011), http://www.himss.org
Guide for Mapping Types of Information and Information Systems to Security Categories, National Institute of Standards and Technology (NIST), 1 revision, vol. I, 53 pages. NIST Special Publication 800-60 (August 2008)
Jean DerGurahian, Data privacy and Security, SearchHealthIT.com (April 2011)
Robert Richardson, CSI Director, CSI Computer Crime and Security Survey (2010, 2011), http://www.GoCSI.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Bhartiya, S., Mehrotra, D. (2013). Threats and Challenges to Security of Electronic Health Records. In: Singh, K., Awasthi, A.K. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Networks. QShine 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37949-9_48
Download citation
DOI: https://doi.org/10.1007/978-3-642-37949-9_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37948-2
Online ISBN: 978-3-642-37949-9
eBook Packages: Computer ScienceComputer Science (R0)