Skip to main content

Advertisement

SpringerLink
Log in

Personal Health Record Systems and Their Security Protection

  • Original Article
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Eysenbach, G., Consumer health informatics: Recent advances Br. Med. J. 320:1713–1716, 2000.

    Article  Google Scholar 

  2. Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inf. 73:305–309, 2004.

    Article  Google Scholar 

  3. Lemos, R. 2000, Medical Privacy Gets CPR, December. Available at http://www.zdnet.com/zdnn/stories/news/0,4586, 2667243,00.html accessed May 17, 2001.

  4. Win, K. T., A review of security of electronic health records. Health Inf. Manage. J. 34(1):13–18, 2005.

    Google Scholar 

  5. Stallings, W., Cryptography and Network Security: Principle and Practices, 4th edn., Prentice-Hall, Englewood Cliffs, NJ, 2006.

  6. Varadharajan, V., and Mu, Y., Design of secure end-to-end protocols for mobile systems. In Encarnacao, J. L., and Rabaey, K. M. (eds.), Mobile Communications, Chapman and Hall, London, pp. 258–266, 1996.

  7. Waegemann, C. P., Status Report 2002: Electronic Health Records, Medical Records Institute, available at www.medrecinst.com/, 2002.

  8. Committee on Data Standards for Patient Safety, Key Capabilities of an Electronic Health Record System, Institute of Medicine, The National Academies, Washington, DC, 2003.

    Google Scholar 

  9. NSW Ministerial Advisory Committee on Privacy and Health Information, ANACEA OR PLACEBO? Linked Electronic Health Records and Improvements in Health Outcomes, December, 2000.

  10. Australian Medical Council 2003, Legal, ethical and organisational aspects of the practice of medicine. In Marshall, V. C. et al. (ed.), Anthology of Medical Conditions, Australian Medical Council, Inc., Barton, ACT, Australia.

  11. Ross, S., and Chen, T. L., The effects of promoting patient access to medical records. J. Am. Med. Inf. Assoc. 10:129–138, 2003.

    Article  Google Scholar 

  12. Sittig, D. F., Middleton, B., and Hazlehurst, L. B., Personalized Health Care Record Information on the Web, Proceedings of the Quality Healthcare Information on the “Net'99 Conference, October 13, 1999 in New York. Available at: http://www.informatics-review.com/thoughts/personal.htm, 1999.

  13. Treseder, P., Keeping Your Health on Record, ISO/TC 215, Health Informatics. Available at; http://www.iso.ch/iso/en/commcentre/pdf/Health0011.pdf, (Accessed: February 2, 2004), 2000.

  14. Cimino, J. J., Patel, V. L., and Kushniruk, A. W., The patient clinical information system (PatCIS): Technical solutions for and experience with giving patients access to their electronic medical records. Int. J. Med. Inf. 68:113–127, 2002.

    Article  Google Scholar 

  15. Win, K. T., Web-based personal health record systems evaluation, Int. J. Healthc. Technol. Manage. 7(3/4):208–217, 2006.

    Google Scholar 

  16. Galvanon, News and Events: GE Healthcare's Health Kiosks Enable Easy “ATM style” Access to Electronic Medical Records [Online]. Available URL: http://www.galvanon.com/healthcare/whitepapers/ge_kiosks.htm, [Accessed 25 May 2005], 2005.

  17. Nicholas, D., Huntington, P., and Williams, P., An evaluation of the use of NHS touch-screen health kiosks: A national study, Aslib Proc. 54(6):372–384, 2002.

    Article  Google Scholar 

  18. Briggs, B., Patients Step Up to Kiosks—Warily. Health Data Manage. 13(6):88–90, 2005.

    Google Scholar 

  19. Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report. Monash University, The Department of General Practice in Affiliation with the Dept of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.

  20. Benoit, A., and Hamel, G., Adoption of Smart Cards in the Medical Sector: The Canadian Experience. Soc. Sci. Med. 53(7):879–894, 2001.

    Article  Google Scholar 

  21. Smart Card Alliance, The Taiwan Health Care Smart Card Project [Online]. Available URL: http://www.smartcardalliance.org/pdf/about_alliance/user_profiles/Taiwan_Health_Card_Profile.pdf [Accessed 24 March 2005], 2005a.

  22. Chan, A., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Commun. ACM 44(9):77–82, 2001.

    Article  Google Scholar 

  23. PAERS, Patient Access to Electronic Medical Record and Automatic Arrival System [Online]. Available URL: http://www.bromba.com/download/PAERSsystem_detailed.pdf, [Accessed 5 October 2005], 2004.

  24. Kim, M., and Johnson, K., Personal health records: Evaluation of functionality and utility. J. Am. Med. Inf. Assoc. 9(2):171–180, 2002.

    Article  Google Scholar 

  25. Tobacman, J. K., Kissinger, P., Wells, M., Prokuski, J., Hoyer, M., McPherson, P., Wheeler, J., Kron-Chalupa, J., Parsons, C., Weller, P., and Zimmerman, B., Implementation of personal health records by case managers in a VAMC general medicine clinic. Patient Educ. Couns. 54:27–33.

  26. Fowles, J. B., Kind, A. C., Craft, C., Kind, E. A., Mandel, J. L., and Adlis, S., Patient’ interest in reading their medical record: Relation with clinical and sociodemographic characteristics and patients’ approach to health care. Arch. Intern. Med. 164:793–780, 2004.

    Article  Google Scholar 

  27. Songini, M. C., and Dash, J., Hospital confirms hacker stole 5,000 patient files: Attack points to need for standards for patient records. Comput. World 34(51):7, 2000.

    Google Scholar 

  28. Chin, T., Security breach: Hacker gets medical records. Am. Med. News 44:18–19, 2001.

    Google Scholar 

  29. Chadwick, D. 2003, Patient privacy in electronic prescription transfer, IEEE Secur. Priv. 1(2):77–80.

    Article  Google Scholar 

  30. American Society for Testing and Materials, E1714-00: Standard Guide for Properties of a Universal Healthcare Identifier, Available at: http://www.astm.org/cgibin/SoftCart.exe/index.shtml?E+mystore>, (n.d.).

  31. Allaert, F. A., Le Teuff, G., Quantin, C., and Barber, B., The legal knowledge of the electronic signature: A key for a secure direct access of patients to their computerised medical record, Int. J. Med. Inf. 73:239–242, 2004.

    Article  Google Scholar 

  32. Horst, H., How to Tamper with Electronic Health Records. Available at: <http://www.gnumed.net/gnotary/tampering.html> (accessed May 2004), 2001.

  33. Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report, Monash University, The Department of General Practice in Affiliation with the Department of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.

  34. Bilykh, I., Bychkov, Y., Jahnke, J. H., McCallum, G., Obry, C., Onabajo, A., and Kuziemsky, C., Can GRID Services Provide Answers to the Challenges of National Health Information Sharing? Proceedings of the 2003 Conference of the Centre for Advanced Studies Conference, IBM, Canada, pp. 39–53, 2003.

  35. Sax, U., Kohane, I., and Mandl, K. D., Wireless technology infrastructures for authentication of patients: PKI that rings. J. Am. Med. Inf. Assoc. 12(3):263–268, 2005.

    Article  Google Scholar 

  36. Fried, B. M., and Pittman, S., Protecting medical privacy in a digital age: Beyond policies and procedures. A critical role for technology. California, Surf Control Inc. Available at:<http://itpapers.news.com>, 2001.

  37. Gao, Y., Mu, Y., and Susilo, W., A New Client Puzzle Scheme Against DoS/DDoS Attacks. International Journal of Computer Science and Network Security (IJCSNS), Vol. 5 No. 10, pp.189–200, 2005.

  38. Gao, Y., Mu, Y., and Susilo, W., Preventing DoS Attacks with A New Client Puzzle Scheme. The AUUG’2005 Annual Conference, pp. 3–16, 2005.

  39. Huang, J., Susilo, W., and Seberry, J., Observations on the Message Integrity Code in IEEE 802.11 Wireless LANs. The 3rd Workshop on the Internet, Telecommunications and Signal Processing (WITSP 2004), pp. 328–332, 2004.

  40. Huang, J., Seberry, J., Susilo, W., and Bunder, M., Security Analysis of Michael: The IEEE 802.11i Message Integrity Code. Second International Symposium on Ubiquitous Intelligence and Smart Worlds (UISW2005), Lecture Notes in Computer Science 3823, pp. 423–432, Springer-Verlag, Berlin, 2005.

Download references

Author information

Authors and Affiliations

  1. University of Wollongong, New South Wales, Australia

    Khin Than Win, Willy Susilo & Yi Mu

Authors
  1. Khin Than Win
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khin Than Win.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Win, K.T., Susilo, W. & Mu, Y. Personal Health Record Systems and Their Security Protection. J Med Syst 30, 309–315 (2006). https://doi.org/10.1007/s10916-006-9019-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-006-9019-y

Keywords

Search

Navigation