A review of security of electronic health records

From Clinfowiki
Jump to: navigation, search

This is a review of Khin Than Win’s 2005 article, “A review of security of electronic health records”. [1]


The article delves into security technologies in an Electronic Health Record EHR system and the importance of security mechanisms and patient consent in ensuring privacy and confidentiality of patient health Information.

With increasing implementation, adoption and use of EHR's and the potential benefits with other Health Information Systems, there have been concerns about the confidentiality and integrity of patient’s information regarding security in these systems.

The article review answers important questions such as: How is Information security represented per the use of EHRs? Is Information Security an important aspect for EHRs? And what are the current state of technologies that are available which ensures EHR’s are secure?


Maintaining patient privacy plays an important part in the use of EHRs, as patients consent should be obtained before individual health information can be utilized for any reason; whether for research or for other purposes deemed legitimate. Consent plays an important role as it ensures that HIPAA privacy and security regulations are adhered to and also notifies patients about the contents of their health information and the reasons for such use.

Information Security and Technology

There are various security authentication and role-based access control mechanisms in an EHR. Mechanisms for verification and authentication include the use of biometrics identification where human body characteristics such as voice, retina, palm and thumb prints based on pattern recognition can be used to authenticate users. Other security mechanisms include single sign-on, two-step verification and use of audit logs and audit trails.


Information security features and security mechanisms are considered an important functionality in an EHR, while these technologies can be found in virtually any EHR, due to emerging threats and increasing incidents of security breaches, more efforts should be directed at improving security features.


According to the article, most breach in patient health data as reported seem to occur due to abuse of user privileges and from users with authorized access. With such incidents, users should be made aware of the legal and ethical responsibilities and potential repercussions.

Related article


  1. Win, K. T. (2005). A review of security of electronic health records. Health Information Management, 34(1), 13-18. http://www.ncbi.nlm.nih.gov/pubmed/18239224