Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Raza Nowrozy,Khandakar Ahmed,A.S.M. Kayes,Hua Wang,Timothy R. McIntosh

DOI: https://doi.org/10.1145/3653297

IF: 16.6

2024-03-19

ACM Computing Surveys

Abstract:Building a secure and privacy-preserving health data sharing framework is a topic of great interest in the healthcare sector, but its success is subject to ensuring the privacy of user data. We clarified the definitions of privacy, confidentiality and security (PCS) because these three terms have been used interchangeably in the literature. We found that researchers and developers must address the differences of these three terms when developing electronic health record (EHR) solutions. We surveyed 130 studies on EHRs, privacy-preserving techniques, and tools that were published between 2012 and 2022, aiming to preserve the privacy of EHRs. The observations and findings were summarized with the help of the identified studies framed along the survey questions addressed in the literature review. Our findings suggested that the usage of access control, blockchain, cloud-based, and cryptography techniques is common for EHR data sharing. We summarized the commonly used strategies for preserving privacy that are implemented by various EHR tools. Additionally, we collated a comprehensive list of differences and similarities between PCS. Finally, we summarized the findings in a tabular form for all EHR tools and techniques and proposed a fusion of techniques to better preserve the PCS of EHRs.

computer science, theory & methods

Pasupathy Vimalachandran,Hua Wang,Yanchun Zhang,Ben Heyward,Yueai Zhao

DOI: https://doi.org/10.48550/arXiv.1802.00575

2018-02-02

Abstract:As a consequence of the huge advancement of the Electronic Health Record (EHR) in healthcare settings, the My Health Record (MHR) is introduced in Australia. However security and privacy of the MHR system have been encumbering the development of the system. Even though the MHR system is claimed as patient-cenred and patient-controlled, there are several instances where healthcare providers (other than the usual provider) and system operators who maintain the system can easily access the system and these unauthorised accesses can lead to a breach of the privacy of the patients. This is one of the main concerns of the consumers that affect the uptake of the system. In this paper, we propose a patient centred MHR framework which requests authorisation from the patient to access their sensitive health information. The proposed model increases the involvement and satisfaction of the patients in their healthcare and also suggests mobile security system to give an online permission to access the MHR system.

Computers and Society

P. Vimalachandran,H. Wang,Y. Zhang,G. Zhuo

DOI: https://doi.org/10.4108/eai.9-8-2016.151633

2017-10-21

Abstract:An Electronic Health Record (EHR) is designed to store diverse data accurately from a range of health care providers and to capture the status of a patient by a range of health care providers across time. Realising the numerous benefits of the system, EHR adoption is growing globally and many countries invest heavily in electronic health systems. In Australia, the Government invested $467 million to build key components of the Personally Controlled Electronic Health Record (PCEHR) system in July 2012. However, in the last three years, the uptake from individuals and health care providers has not been satisfactory. Unauthorised access of the PCEHR was one of the major barriers. We propose an improved access control model for the PCEHR system to resolve the unauthorised access issue. We discuss the unauthorised access issue with real examples and present a potential solution to overcome the issue to make the PCEHR system a success in Australia.

Computers and Society,Cryptography and Security

Venkatesh Janarthanan,Senthil Kumaran M.,Ninad V Nagrale,O. Gambhir Singh,Karthi Vignesh Raj

DOI: https://doi.org/10.7759/cureus.56518

2024-03-20

Cureus

Abstract:Electronic health records (EHR) have revolutionized healthcare by providing efficient access to patient information, but their implementation poses various challenges. This paper examines the ethical and legal issues surrounding EHR adoption, particularly focusing on the healthcare landscape in India. Ethical considerations, including patient autonomy, confidentiality, beneficence, and justice, must guide EHR implementation to protect patient rights and privacy. Legal issues such as medical errors, malpractice, data breaches, and billing inaccuracies underscore the importance of robust policies and security measures. Threats to EHRs, such as phishing attacks, malware, encryption vulnerabilities, and insider threats, emphasize the need for comprehensive cybersecurity strategies. Overcoming challenges in EHR implementation requires meticulous planning, financial investment, staff training, and stakeholder support. Despite the complexities involved, the benefits of EHR adoption in improving patient care and operational efficiency justify the efforts required to address legal, ethical, and technical concerns. Embracing EHRs while mitigating associated risks is essential for delivering high-quality healthcare in the digital age.

Jong-Yi Wang,Hsiao-Yun Ho,Jen-De Chen,Sinkuo Chai,Chih-Jaan Tai,Yung-Fu Chen

DOI: https://doi.org/10.1186/s12913-015-0896-y

2015-07-12

BMC Health Services Research

Abstract:BackgroundIn this era of ubiquitous information, patient record exchange among hospitals still has technological and individual barriers including resistance to information sharing. Most research on user attitudes has been limited to one type of user or aspect. Because few analyses of attitudes toward electronic patient records (EPRs) have been conducted, understanding the attitudes among different users in multiple aspects is crucial to user acceptance. This proof-of-concept study investigated the attitudes of users toward the inter-hospital EPR exchange system implemented nationwide and focused on discrepant behavioral intentions among three user groups.MethodsThe system was designed by combining a Health Level 7-based protocol, object-relational mapping, and other medical informatics techniques to ensure interoperability in realizing patient-centered practices. After implementation, three user-specific questionnaires for physicians, medical record staff, and patients were administered, with a 70 % response rate. The instrument showed favorable convergent construct validity and internal consistency reliability. Two dependent variables were applied: the attitudes toward privacy and support. Independent variables comprised personal characteristics, work characteristics, human aspects, and technology aspects. Major statistical methods included exploratory factor analysis and general linear model.ResultsThe results from 379 respondents indicated that the patients highly agreed with privacy protection by their consent and support for EPRs, whereas the physicians remained conservative toward both. Medical record staff was ranked in the middle among the three groups. The three user groups demonstrated discrepant intentions toward privacy protection and support. Experience of computer use, level of concerns, usefulness of functions, and specifically, reason to use electronic medical records and number of outpatient visits were significantly associated with the perceptions. Overall, four categories of independent variables were associated with the mean difference in the perceptions.ConclusionsDiscrepant attitudes toward privacy and support among the three user groups are identified. Patients may require further education and communication regarding the system. Culturally fit e-Consent should be incorporated into the system to fully utilize the computing power of the Internet when also considering workload. The concern for misuse of EPRs might lead to low support among physicians. Highly readable EPR documents and managerial incentives for information exchange may improve system use.

health care sciences & services

Kundan Munjal,Rekha Bhatia

DOI: https://doi.org/10.1088/1742-6596/2327/1/012069

2022-09-08

Journal of Physics: Conference Series

Abstract:The variety and amount of patient healthcare digital data is rapidly expanding. The field of artificial intelligence has fast proven revolutionary for healthcare, allowing for unprecedented speed and precision in data analysis. Many hospitals have already transitioned to electronic health records (EHRs), a digital version of paper medical information. Information Technology has already aided in simplifying operations in this area, making the process far more efficient and patient-centered than in the past. A patient's trust may disintegrate in the face of recurrent incidents if there is no precise control and safety in place. As a result, it limits the potential for digital health to promote an age of more accessible, connected, and individualized treatment. When it comes to picking a cloud solution, healthcare providers are most concerned about security and privacy. In this research, we seek to demonstrate various ways that aid patient data privacy while simultaneously allowing cloud services to be used.

Farida Habib Semantha,Sami Azam,Bharanidharan Shanmugam,Kheng Cher Yeo,Abhijith Reddy Beeravolu

DOI: https://doi.org/10.1109/access.2021.3134873

IF: 3.9

2021-01-01

IEEE Access

Abstract:Privacy has become an increasingly significant apprehension in today’s rapidly changing economy primarily for personal and sensitive user data. The levels of personal data violation are increasing day by day however privacy-preserving frameworks are available. This paper conducted an in-depth analysis of contemporary frameworks to identify the key mechanisms to produce a sophisticated data privacy framework to reduce the rate of data breach particularly for the Patient Record Management System (PRMS). There are several studies available that stated healthcare data privacy, still, complete data protection solution with the application of privacy by design towards patients’ health data by ensuring privacy in each layer of the PRMS are quite limited, which is the focus of this study. PRMS manages personal and sensitive data while delivering healthcare services to the patients and as such, have also the potential to carry significant risks to the privacy of their data. A novel conceptual framework with three distinct and sequential phases is suggested in this research, each of which is defined in a distinct section. The first phase is defined as the planning to identify the key limitations of contemporary frameworks so these can be minimized to ensure privacy in each layer of data processing. The second phase incorporates the key components of data privacy to satisfy the efficiency and effectiveness of the proposed framework. Finally, the third phase is the implementation of the selected requirements of the assessment phase to prevent privacy incursion events in PRMS. The complete framework is anticipated to deliver a sophisticated resistance in contradiction to the continuous data breaches in the patients’ information domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hsin-Ginn Hwang,Yun Lin

DOI: https://doi.org/10.1007/s10916-020-01579-6

2020-05-07

Abstract:To address the issue of rising expenditure of healthcare service and to fulfill the skyrocketing demand for quality healthcare, the electronic medical records (EMR) exchange has become a vital and indispensable solution for healthcare facilities in terms of being able to share medical information among healthcare providers. Hence, EMR exchange was expected to improve the quality of healthcare and reduce the cost of repetitive medical check-ups and unnecessary treatments. However, recent reports affirming EMR data leaks and compromises have ignited major worldwide privacy concerns over the security of the EMR systems. How to effectively diminish patients' concern for EMR privacy has thus become an important issue that healthcare institution managers/stakeholders have to address urgently. This study leverages the power-responsibility equilibrium perspective to investigate the antecedents and consequences of concerns for the EMR exchange. A survey using 391 responses collected from medical centers, regional and district hospitals in Taiwan was used to conduct this study. The results show that government regulations have a positive effect on hospital privacy policies. Furthermore, both government regulations and hospital privacy policy are negatively associated with concern for EMR information privacy. Additional reports gathered from this study also showed that concern for EMR information privacy could result in patients' protective responses including refusal to provide personal health information (PHI), removal of PHI, negative word of mouth, complaining directly to the hospital, or complaining indirectly to third-party organizations. These findings demonstrate the need for healthcare facilities to formulate robust privacy policies in order to alleviate patients' concern for EMR information privacy based on governmental regulations. This regulation is top-priority as the incapability of reducing patients' concern for EMR information privacy may lead to the collapse of the campaign for the full-adoption of EMR or possibly jeopardize the promotion and application of EMR among healthcare facilities.

B. Surawicz

DOI: https://doi.org/10.1016/0002-9149(82)90190-4

1982-08-01

Abstract:

Vinaytosh Mishra,Kishu Gupta,Deepika Saxena,Ashutosh Kumar Singh

DOI: https://doi.org/10.1109/TCE.2024.3373912

2024-10-05

Abstract:Electronic Health Records (EHR) are crucial for the success of digital healthcare, with a focus on putting consumers at the center of this transformation. However, the digitalization of healthcare records brings along security and privacy risks for personal data. The major concern is that different countries have varying standards for the security and privacy of medical data. This paper proposed a novel and comprehensive framework to standardize these rules globally, bringing them together on a common platform. To support this proposal, the study reviews existing literature to understand the research interest in this issue. It also examines six key laws and standards related to security and privacy, identifying twenty concepts. The proposed framework utilized K-means clustering to categorize these concepts and identify five key factors. Finally, an Ordinal Priority Approach is applied to determine the preferred implementation of these factors in the context of EHRs. The proposed study provides a descriptive then prescriptive framework for the implementation of privacy and security in the context of electronic health records. Therefore, the findings of the proposed framework are useful for professionals and policymakers in improving the security and privacy associated with EHRs.

Machine Learning

Shekha Chenthara,Khandakar Ahmed,Hua Wang,Frank Whittaker,Zhenxiang Chen

DOI: https://doi.org/10.1371/journal.pone.0243043

IF: 3.7

2020-12-09

PLoS ONE

Abstract:The privacy of Electronic Health Records (EHRs) is facing a major hurdle with outsourcing private health data in the cloud as there exists danger of leaking health information to unauthorized parties. In fact, EHRs are stored on centralized databases that increases the security risk footprint and requires trust in a single authority which cannot effectively protect data from internal attacks. This research focuses on ensuring the patient privacy and data security while sharing the sensitive data across same or different organisations as well as healthcare providers in a distributed environment. This research develops a privacy-preserving framework viz Healthchain based on Blockchain technology that maintains security, privacy, scalability and integrity of the e-health data. The Blockchain is built on Hyperledger fabric, a permissioned distributed ledger solutions by using Hyperledger composer and stores EHRs by utilizing InterPlanetary File System (IPFS) to build this healthchain framework. Moreover, the data stored in the IPFS is encrypted by using a unique cryptographic public key encryption algorithm to create a robust blockchain solution for electronic health data. The objective of the research is to provide a foundation for developing security solutions against cyber-attacks by exploiting the inherent features of the blockchain, and thus contribute to the robustness of healthcare information sharing environments. Through the results, the proposed model shows that the healthcare records are not traceable to unauthorized access as the model stores only the encrypted hash of the records that proves effectiveness in terms of data security, enhanced data privacy, improved data scalability, interoperability and data integrity while sharing and accessing medical records among stakeholders across the healthchain network.

multidisciplinary sciences

Lawrence Gostin

DOI: https://doi.org/10.7326/0003-4819-127-8_part_2-199710151-00050

IF: 39.2

1997-10-15

Annals of Internal Medicine

Abstract:During the early 1990s, the U.S. government addressed the issue of providing universal health care to all its citizens. Although this issue has not been completely resolved, centralization of electronic data and sharing of health care information among insurers and providers have been pursued. The emergence of electronic data banks in health care has raised another issue: each citizen's right to privacy compared with the collective benefit to society when critical data on quality assurance and scientific research are shared by an array of network users. The choices we face are difficult, and the solution may necessarily reflect a compromise that alters traditional beliefs in the right to personal privacy. However, Congress can take the initiative by enacting statutes to ensure that sensitive information contained in electronic patient records is not divulged without a patient's consent and is protected against fraudulent access and abuse.

medicine, general & internal

Geneva Tamunobarafiri Igwama,Janet Aderonke Olaboye,Chukwudi Cosmos Maha,Mojeed Dayo Ajegbile,Samira Abdul

DOI: https://doi.org/10.51594/imsrj.v4i7.1357

2024-07-26

International Medical Science Research Journal

Abstract:This paper explores the challenges and solutions associated with integrating Electronic Health Records (EHR) systems across borders. Key challenges include interoperability issues, data security and privacy concerns, and infrastructure disparities. Policy barriers such as variability in health policies and legal constraints further complicate integration efforts. Proposed solutions involve developing universal interoperability standards, employing advanced technologies like blockchain, and harmonising health data regulations. The paper emphasises the importance of international cooperation and phased implementation frameworks. Future research should focus on refining standards and fostering global collaboration. This comprehensive approach aims to enhance patient care and improve health outcomes globally. Keywords: Electronic Health Records (EHR), Cross-border Integration, Interoperability, Data Security.

Rebecca Yoke Chan Ong,Sandy Sabapathy

DOI: https://doi.org/10.1177/1473779520914290

2020-03-01

Common Law World Review

Abstract:While it is true that the expanded use of health information and electronic health records (eHRs) can help deliver better healthcare, there remains the need to reconcile citizens’ legitimate concerns for privacy protection and confidentiality in the use of their personal health data, and the potential for violation of their privacy. Under the Hong Kong’s Electronic Health Record Sharing System (eHRSS), the eHR of the individual patient can be accessed and shared between healthcare providers for healthcare-related purposes. Although the Electronic Health Record Sharing System Ordinance (Cap 625) (the ‘eHRSSO’) and the Personal Data (Privacy) Ordinance (Cap 486) (the ‘PD(P)O’) provide protection for personal data and patients’ privacy, the eHRSS has come under greater scrutiny given the rise in data breaches experienced globally and in Hong Kong. The article’s objective is twofold. It first examines the eHRSS specifically with regard to some of the more pertinent provisions of the eHRSSO and the PD(P)O, to critically evaluate the extent to which these provisions ensure and protect patient privacy. Thence it offers suggestions and recommendations as to how protection for patient privacy can be enhanced and, indeed, altogether better ensured.

Stephen J Tipton,Sara Forkey,Young B Choi

DOI: https://doi.org/10.1007/s10916-016-0465-x

Abstract:This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual's Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today's technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

Sushil K. Sharma,Huinan Xu,Nilmini Wickramasinghe,Nazim Ahmed

DOI: https://doi.org/10.1504/IJEH.2006.008693

2006-01-01

Abstract:The shift in the nation's attention, resources and interest toward internet-related healthcare activities, often called 'e-health', is dramatic and a most significant development in the healthcare environment. E-health, while exciting and promising, also presents new challenges, particularly in regard to acceptable standards, choice of technologies, overcoming traditional jurisdictional boundaries, up-front investment and privacy and confidentiality. This paper presents e-health architecture and various issues and challenges that need to be resolved before e-health becomes commonplace.

Hemant B. Mahajan

DOI: https://doi.org/10.1007/s11277-022-09535-y

IF: 2.017

2022-09-15

Wireless Personal Communications

Abstract:Since the last decade, cloud-based Electronic Health Records (EHRs) have achieved important consideration to facilitate remote access of patient medical records. The modern evolution of Healthcare 4.0 applying the Internet of Things (IoT) elements with cloud computing reforms to obtain remote medical services has grown the researcher's recognition with the perspective of the smart city. The Healthcare 4.0 standard has consists of different layers to perform medical operations like periodic data sensing, data storage, data sharing, and auditing. The delicate and private medical records of victims lead to numerous difficulties while defending them from hackers. Therefore saving, obtaining, and distributing the patient medical data on the remote storage requires safety attentions so that medical records should not be compromised by the authorized user's components of E-healthcare systems. To achieve secure medical data storage, sharing, and accessing in Cloud Service Provider (CSP), various cryptography algorithms have been designed so far. But these traditional resolutions disappointed to manage the trade-off among the provisions of EHR safety in terms of computational competence, user-side verification, service-side verification, security, and without the trusted third party. Blockchain-based security techniques achieved notable recognition due to the strength to give strong security provisions for medical records storage and sharing with the least computation forces. The blockchain made focused on bitcoin technology among the researchers. Employing the blockchain in healthcare systems has been of current interest. This paper aims to present a systematic study of different blockchain-based solutions for the smart healthcare 4.0 system. The recent blockchain-based security solutions have been reviewed first and, then we presented a research gap considering the various parameters. The outcome of this paper discusses the current research gaps, the challenges of implementing the blockchain-based secure healthcare system, and the future roadmap or solutions.

telecommunications

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Amit Kumar Jakhar,Mrityunjay Singh,Rohit Sharma,Wattana Viriyasitavat,Gaurav Dhiman,Shubham Goel

DOI: https://doi.org/10.1007/s11042-024-18827-3

IF: 2.577

2024-03-20

Multimedia Tools and Applications

Abstract:Healthcare data is crucial and sensitive, as it contains absolute information about a patient's medical history, treatments, and actions; this information gets shared among the stakeholders on a routine basis. Patients' information is vital and should be kept accurate, up-to-date, and secret; it should be available only to authorized users. Most of the existing systems are centralized and may breach data privacy. This study mainly focuses on protecting the privacy and security of sensitive healthcare data while sharing with multiple stakeholders. This work presents a privacy-preserving and access-control blockchain-based framework that uses consensus-driven decentralized data management on top of peer-to-peer distributed computing platforms to ensure the privacy, security, accessibility, and integrity of healthcare data. Blockchain technology helps to protect transactions from manipulation due to its features of irreversibility and immutability. Additionally, we thoroughly examine the security requirements afforded by blockchain-enabled systems by incorporating stakeholders like patients, doctors, chemists, and pathology labs as system entities; they can only share information through a proper channel. The proposed framework has been implemented and evaluated using Hyperledger Fabric. We observe that the proposed framework reveals promising benefits in security, regulation compliance, reliability, flexibility, and accuracy.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering