Abstract
E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.
Similar content being viewed by others
References
Häyrinen, K., Saranto, K., and Nykänen, P., Definition, structure, content, use and impacts of electronic health records: A review of the research literature. Int. J. Med. Inform. 77:291–304, 2008.
Slamanig, D., and Stingl, C., Electronic health records: An enhanced security paradigm to preserve patient’s privacy. Communications in Computer and Information Science 52:369–380, 2010.
Sadan, B., Patient data confidentiality and patient rights. Int. J. Med. Inform. 62:41–49, 2001.
Huang, L., Chu, H., Lien, C., Hsiao, C., and Kao, T., Privacy preservation and information security protection for patients’ portable electronic health records. Comput. Biol. Med. 39(9):743–750, 2009.
Sucurovic, S., and Simic, D., An approach to access control in electronic health record. J. Med. Syst. 34:659–666, 2010.
Jin, J., Ahn, G., Hu, H., Covington, M. J., and Zhang, X., Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30:116–127, 2011.
Steele, R., and Min, K. Role-based access to portable personal health records. Management and Service Science, pp. 1–4, 2009.
Guo, X., and Zhuang, T., A region-based lossless watermarking scheme for enhancing security of medical data. J. Digit. Imaging 22(1):53–64, 2009.
Alanazi, H. O., Jalab, H. A., Alam, G. M., Zaidan, B. B., and Zaidan, A. A., Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res. 4(19):2059–2074, 2010.
Van der Lindena, H., Kalrab, D., Hasmanc, A., and Talmon, J., Inter-organizational future proof EHR systems: A review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.
Dorr, D., Bonner, L. M., Cohen, A. N., Shoai, R. S., Perrin, R., Chaney, E., and Young, A. S., Informatics systems to promote improved care for chronic illness: A literature review. J. Am. Med. Inform. Assoc. 14:156–163, 2007.
Law 41/2002 of November 14, basic regulator of the patient’s autonomy and rights and obligations of clinical information and documentation matters. BOE 274, sec. 1, pp. 40126–40132.
Law 15/1999 of December 13, of the Protection of Personal Data. BOE 298, sec. 1, pp. 43088–43099.
U.S. Department of Health & Human Services, HIPAA Administrative Simplification Statute and Rules, www.hhs.gov, last visit March 6 2011.
Nahra, K. J., HIPAA security enforcement is here. IEEE Secur. Priv. 6:70–72, 2008.
McGuire, A. L., Fisher, R., Cusenza, P., Hudson, K., Rothstein, M. A., McGraw, D., Matteson, S., Glaser, J., and Henley, D. E., Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: Points to consider. Genet. Med. 10(7):495–499, 2008.
Massey, A. K., Otto, P. N., Hayward, L. J., and Antón, A. I., Evaluating existing security and privacy requirements for legal compliance. Secur. Requir. Eng. 15:119–137, 2010.
Riedl, B., and Grascher, V. Assuring integrity and confidentiality for pseudonymized health data. Proceedings of ECTI-CON 2010, pp. 502–506, 2010.
Riedl, B., Grascher, V., Fenz, S., and Neubauer, T. Pseudonymization for improving the Privacy in e-Health Applications. Hawaii International Conference on System Sciences, pp. 255–255, 2008.
Neubauer, T., and Heurix, J., A methodology for the pseudonymization of medical data. Int. J. Med. Inform. 80(3):190–204, 2011.
Daglish, D., and Archer, N. Electronic personal health record systems: A brief review of privacy, security, and architectural issues. Privacy, Security and Trust and the Management of e-Business, pp. 110–120, 2009.
Hiller, J., McMullen, M. S,, Chumney, W. M., and Baumer, D. L. Privacy and security in the implementation of health information technology (Electronic Health Records): U.S. and EU Compared. J. Sci. Technol. 1: 2011.
Jha, A. K., Bates, D. W., Jenter, C., Orav, E. J., Zheng, J., Cleary, P., and Simon, S. R., Electronic health records: Use, barriers and satisfaction among physicians who care for black and Hispanic patients. J. Eval. Clin. Pract. 15:158–163, 2009.
Srinivasan, U., Datta, G., Hons, M. S., Hons, B. E. Personal Health Record (PHR) in a Talisman. International Conference on e-Health Networking, Application and Services, pp. 277–279, 2007.
Cheong, H. J., Shin, N. Y., and Joeng, Y. B. Improving Korean service delivery system in health care: Focusing on national E-health system. International Conference on eHealth, Telemedicine, and Social Medicine, pp. 263–268, 2009.
Farzandipour, M., Sadoughi, F., Ahmadi, M., and Karimi, I., Security requirements and solutions in electronic health records: Lessons learned from a comparative study. J. Med. Syst. 34:629–642, 2010.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Tejero, A., de la Torre, I. Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective. J Med Syst 36, 3019–3027 (2012). https://doi.org/10.1007/s10916-011-9779-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-011-9779-x