Abstract
A growing capacity of information technologies in collection, storage and transmission of information in unprecedented amounts has produced significant problems about the availability of wide limit of the consumers of Electronic Health Records of Patients. With regard to the existence of many approaches to developing Electronic Health Records, the basic question is what kind of Model is suitable for the guarantee of the security of Electronic Health Records? The present study is a descriptive–comparative investigation conducted in Iran in 2007, along with comparisons made Electronic health records information security requirements of Australia, Canada, England and U.S.A with. The research was based on the study of texts such as articles, library’s books and journals and reliable websites from 1992 to 2006. Based on the collected data, a primary Model was designed. The Delphi Technique was offered to evaluate the questionnaire and final Model was designed and proposed. Australia, Canada, England and U.S.A have requirements related to organizing information security, classifying and controlling information asset, security of human resources, environmental and physical security, Operational and communication management security, information access control security and development and Maintenance security of Electronic Health Records information systems. In the U.S.A, the above security requirements are presented in administrative, Physical and Technical safeguards. Based on the research findings, a comprehensive model of electronic health record security requirements in seven pivots is presented for Iran. This model is a collection of EHR security requirements from studied countries. The studied countries are solely subject to part of elements of this model. The suggested model is different from the ones used in other countries in some respects and is recommended for application in Iran.
Similar content being viewed by others
References
National Electronic Health Records taskforce [Internet]. A health information Network for Australia. 2000 July-[cited 2006]. Available from: http://www.health.gov.au/internet/hconnect/publishing.nsf/content/7746B10691FA666CCA257128007B7EAF/$File/ehrrept.pdf.
Lyons, R., Payne, C., McCabe, M., and Fielder, C., Legibility of doctor’s hand writing: quantitative comparative study. BMJ. 317:863–864, 1998.
Woodward, B., The computer-based patient record and confidentiality. N. Engl. J. Med. 333:1419–1422, 1995. doi:10.1056/NEJM199511233332112.
Aspen Reference Group, Health information management manual, 1st ed. Aspen: Maryland, 1999, p. 5:1.
Van der Haak, M., et al., Data security and protection in cross institutional electronic patient records. Int. J. Med. Inform. 70:117–130, 2003. doi:10.1016/S1386-5056(03)00033-9.
Zahedifar, R., Study rate of respect for patients Rights in Medical Records Units of Isfahan University of Medical Sciences [Thesis]. Medical Information Management Faculty, Tehran: Iran University of Medical Sciences, 2002.
Salahi, M., An Investigation on Conditions of Storage and Retrieval of Patients’ Medical Records in Teaching Hospitals of Iran University of Medical Sciences and Their Comparison with National Standards and Standards in the US. [Thesis]. Medical Information Management Faculty, Tehran: Iran University of Medical Sciences, 1998.
HIMSS [Internet], 2004 HIMSS National health information infrastructure survey; 2004 July-[cited 2006]. Available from http://www.himss.org/content/files/2004.
Canada Health infoway [Internet], Infoway pan-Canadian EHR survey phase. I. Results and Analysis; 2003 January-[cited 2006]. Available from: http://www.canadahealthinfoway.ca/pdf/EHR-survey-phaseI.pdf.
Bitaraf, E., Riazi, H., and Fathi Roodsari, B., Comparative study of Electronic Health in the word, 2/2 ed. Ministry of Health and Medical Education: Tehran, 2007, p. 398.
Riazi, H., Fathi Roodsari, B., and Bitaraf, E., Electronic health record, concepts, standards and development approaches, 1st ed. Ministry of Health, and Medical education: Tehran, 2007, p. 125.
Cornwall, A. [internet]. Electronic health Records: An international perspective; 2002-[cited 2006]. Available from: http://www.home.vicnet.net.au.
Gupta, A. K. [Internet]. How to protect Your Data when you are on the web. 2008 Apr-[cited 2009]. Available from: http://www.aafp.org/fpm/20080400/29howt.html-.
Itiran [Internet], Looking to progress path of electronic health records. 2008 Oct-[cited 2009]. Available from: http://itiran.com/?type=article&id=9999.
Commonwealth Department of Health and Aged Care [Internet], The benefits and difficulties of introducing a national approach to electronic health records in Australia; 2002 April-[cited 2006]. Available from: http://www.health.gov.au.
Commonwealth of Australia [Internet], International approaches to the electronic health record; 2003 January-[cited 2006]. Available from: http://www.healthconnect.gov.au/internet/hconnect/publishing.nsf/Content/43598FE37A3E7270CA257128007B7EB7/$File/v3-1.pdf.
National committee on vital and Health statistics [Internet]. Information for health; 2001 November-[cited 2006]. Available from http://www.ncvhs.hhs.gov/nhiilayo.pdf.
Behnam, S., A Comparative Study of Accessibility levels and confidentiality of Medical Records in Selected Countries [Thesis]. Medical Information Management Faculty, Tehran: Iran University of Medical Sciences; 2005.
CIHI [Internet]. Privacy and Confidentiality of health information at Canadian institute for health information; 2002-[cited 2006]. Available from: http://www.secure.cihi.ca/cihiweb/en/downloads/privacy_policy_priv2002_e.pdf.
Department of Health and Human Services [Internet]. 45CFRparts 160,162 and 164 Health Insurance Reform: security standard; Final Rule; 2003 February-[cited 2009]. Available from: http://www.hipaa.org.
Canada Health infoway [Internet]. Electronic Health Record privacy and security Requirements; 2005-[cited 2006]. Available from: http://www.canadahealthinfoway.ca.com.
ABC pty Ltd IT Services [Internet]. Information Security Controls and procedures manual; 2006-[cited 2006].Available from: http://www.maralan.com.au.
NHS [internet]. IM &T security policy; 2004 Nov-[cited 2006]. Version 1.1. Available from: http://www.northumberlandcaretrust.nhs.uk.
Mohammad pour A. A Comparative Study on the Hospital Standards of Ministry of Health and International Standards of Joint Commission on Accreditation of Hospital [Thesis]. Medical Information Management Faculty, Tehran: Iran University of Medical Sciences; 2006.
AHIMA [Internet]. The state of HIPAA privacy and security compliance. 2006 April-[cited 2009]. Available from: http://www.ahima.org/emerging_issues/2006statefHIPAAcompliance.pdf.
Schaectel, D., How to build safety management system, 1st ed. Professional Safety: USA, 1997.
Schackow, E., Palmer, T., Epperly, T. [Internet]. How to protect your patient Data. 2008 Jun-[cited 2009]. Available from: http://www.aafp.org/fpm/20080600/a3ehrm.html-.
Acknowledgement
The authors would like to thank Abbas Zare-ee from the English Department, University of Kashan for editing the manuscript.
Conflict of interests
No conflicts of interest have been declared.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Farzandipour, M., Sadoughi, F., Ahmadi, M. et al. Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study. J Med Syst 34, 629–642 (2010). https://doi.org/10.1007/s10916-009-9276-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-009-9276-7