Skip to main content

Advertisement

Log in

Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective

  • ORIGINAL PAPER
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Häyrinen, K., Saranto, K., and Nykänen, P., Definition, structure, content, use and impacts of electronic health records: A review of the research literature. Int. J. Med. Inform. 77:291–304, 2008.

    Article  Google Scholar 

  2. Slamanig, D., and Stingl, C., Electronic health records: An enhanced security paradigm to preserve patient’s privacy. Communications in Computer and Information Science 52:369–380, 2010.

    Article  Google Scholar 

  3. Sadan, B., Patient data confidentiality and patient rights. Int. J. Med. Inform. 62:41–49, 2001.

    Article  Google Scholar 

  4. Huang, L., Chu, H., Lien, C., Hsiao, C., and Kao, T., Privacy preservation and information security protection for patients’ portable electronic health records. Comput. Biol. Med. 39(9):743–750, 2009.

    Article  Google Scholar 

  5. Sucurovic, S., and Simic, D., An approach to access control in electronic health record. J. Med. Syst. 34:659–666, 2010.

    Article  Google Scholar 

  6. Jin, J., Ahn, G., Hu, H., Covington, M. J., and Zhang, X., Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30:116–127, 2011.

    Article  Google Scholar 

  7. Steele, R., and Min, K. Role-based access to portable personal health records. Management and Service Science, pp. 1–4, 2009.

  8. Guo, X., and Zhuang, T., A region-based lossless watermarking scheme for enhancing security of medical data. J. Digit. Imaging 22(1):53–64, 2009.

    Article  Google Scholar 

  9. Alanazi, H. O., Jalab, H. A., Alam, G. M., Zaidan, B. B., and Zaidan, A. A., Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res. 4(19):2059–2074, 2010.

    Google Scholar 

  10. Van der Lindena, H., Kalrab, D., Hasmanc, A., and Talmon, J., Inter-organizational future proof EHR systems: A review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.

    Article  Google Scholar 

  11. Dorr, D., Bonner, L. M., Cohen, A. N., Shoai, R. S., Perrin, R., Chaney, E., and Young, A. S., Informatics systems to promote improved care for chronic illness: A literature review. J. Am. Med. Inform. Assoc. 14:156–163, 2007.

    Article  Google Scholar 

  12. Law 41/2002 of November 14, basic regulator of the patient’s autonomy and rights and obligations of clinical information and documentation matters. BOE 274, sec. 1, pp. 40126–40132.

  13. Law 15/1999 of December 13, of the Protection of Personal Data. BOE 298, sec. 1, pp. 43088–43099.

  14. U.S. Department of Health & Human Services, HIPAA Administrative Simplification Statute and Rules, www.hhs.gov, last visit March 6 2011.

  15. Nahra, K. J., HIPAA security enforcement is here. IEEE Secur. Priv. 6:70–72, 2008.

    Article  Google Scholar 

  16. McGuire, A. L., Fisher, R., Cusenza, P., Hudson, K., Rothstein, M. A., McGraw, D., Matteson, S., Glaser, J., and Henley, D. E., Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: Points to consider. Genet. Med. 10(7):495–499, 2008.

    Article  Google Scholar 

  17. Massey, A. K., Otto, P. N., Hayward, L. J., and Antón, A. I., Evaluating existing security and privacy requirements for legal compliance. Secur. Requir. Eng. 15:119–137, 2010.

    Article  Google Scholar 

  18. Riedl, B., and Grascher, V. Assuring integrity and confidentiality for pseudonymized health data. Proceedings of ECTI-CON 2010, pp. 502–506, 2010.

  19. Riedl, B., Grascher, V., Fenz, S., and Neubauer, T. Pseudonymization for improving the Privacy in e-Health Applications. Hawaii International Conference on System Sciences, pp. 255–255, 2008.

  20. Neubauer, T., and Heurix, J., A methodology for the pseudonymization of medical data. Int. J. Med. Inform. 80(3):190–204, 2011.

    Article  Google Scholar 

  21. Daglish, D., and Archer, N. Electronic personal health record systems: A brief review of privacy, security, and architectural issues. Privacy, Security and Trust and the Management of e-Business, pp. 110–120, 2009.

  22. Hiller, J., McMullen, M. S,, Chumney, W. M., and Baumer, D. L. Privacy and security in the implementation of health information technology (Electronic Health Records): U.S. and EU Compared. J. Sci. Technol. 1: 2011.

  23. Jha, A. K., Bates, D. W., Jenter, C., Orav, E. J., Zheng, J., Cleary, P., and Simon, S. R., Electronic health records: Use, barriers and satisfaction among physicians who care for black and Hispanic patients. J. Eval. Clin. Pract. 15:158–163, 2009.

    Article  Google Scholar 

  24. Srinivasan, U., Datta, G., Hons, M. S., Hons, B. E. Personal Health Record (PHR) in a Talisman. International Conference on e-Health Networking, Application and Services, pp. 277–279, 2007.

  25. Cheong, H. J., Shin, N. Y., and Joeng, Y. B. Improving Korean service delivery system in health care: Focusing on national E-health system. International Conference on eHealth, Telemedicine, and Social Medicine, pp. 263–268, 2009.

  26. Farzandipour, M., Sadoughi, F., Ahmadi, M., and Karimi, I., Security requirements and solutions in electronic health records: Lessons learned from a comparative study. J. Med. Syst. 34:629–642, 2010.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Isabel de la Torre.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tejero, A., de la Torre, I. Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective. J Med Syst 36, 3019–3027 (2012). https://doi.org/10.1007/s10916-011-9779-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-011-9779-x

Keywords

Navigation