Security and privacy in electronic health records: a systematic literature review

From Clinfowiki
Revision as of 07:36, 9 April 2015 by GraceOkoroji (Talk | contribs)

Jump to: navigation, search

Introduction

Privacy and Security in Electronic Health Record (EHR) is still an ongoing initiative in most Healthcare Industries. It is huge and rules are constantly changing. Most vendors are also working hard in developing, creating and embedding Privacy and Security within the system.

Objective

The authors of this study aims to “report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) system.” [1] One of their goals was to find out if certain EHRs were utilizing rules/regulations related to security and privacy

Methods

The selection process included articles dealing with Security and Privacy of EHR Systems from various data sources such as MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. They used a pre-defined search string and able to extract 775 articles which were reviewed and narrowed down to 49 articles by the three authors. [1]


Results

Among the 49 articles that were subject to their system review, study revealed the following: 

 * 26 used standards and regulations related to the Privacy and Security of EHR Data. The most widely used regulations are:
        **Health Insurance Portability and Accountability Act (HIPAA) and 
        **The European Data Protection Directive 95/46/EC 
 * 23 articles used symmetric key and/or asymmetric key schemes 
 * 13 articles employed the pseudo anonymity technique in EHR systems  
 * 11 articles proposed the use of a digital signature scheme based on PKI (Public Key Infrastructure)
 * 13 articles proposed a login/password (seven of them combined with a digital certificate or PIN) for authentication.[1] 
 * 27 studies included Role-Based Access Control (RBAC) and seemed to be the most preferred
 * 25 studies included availability of Audit-log files [1]

Comments

The works of the authors are highly admirable. It was very tedious and time very consuming yet they came up with very informative and accurate results. I do agree with the authors that Privacy and Security Standards and regulations have always been in place and integrated in the EHR Systems. However, it is ongoing and continues to evolve and need more enhancements from time to time. With Meaningful Use as one its drivers to implement Privacy and Security, more initiatives are coming on this area of the EHR.

References

  1. 1.0 1.1 1.2 1.3 Fernández-Alemán JL, et. al (2013). Security and privacy in electronic health records: a systematic literature review. Journal of biomedical informatics, 46(3), 541-562. Accessed from http://www.ncbi.nlm.nih.gov/pubmed/23305810. 04/07/2015./
Retrieved from "http://www.clinfowiki.org/wiki/index.php?title=Security_and_privacy_in_electronic_health_records:_a_systematic_literature_review&oldid=22845"