Secure transmission of shared electronic health records

Paper-based health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient\u27s consent, to electronically share pertinent health information with a specialist, providing timely information transfer and reducing the need for replicated testing. Australia is in the process of adopting a national approach to an integrated health records solution. The Australian National Ehealth Transition Authority (NEHTA) has released their lnteroperability Framework together with specifications and standards for secure messaging in E-health. This is expected to promote an environment in which vendors competing for market share will develop medical applications that are interoperable. With an aging population and the baby boomers preparing for retirement, it is anticipated that these initiatives may Indirectly help to reduce the anticipated strain on the health care budget. Anticipated secondary benefits include the collection of de-identified information for public health research and the development of health management strategies. This paper discusses NEHTA\u27s secure transmission initiatives and the resultant security issues related to the transfer of shared EHRs

Secure transmission of shared electronic health records: A review

Paperbased health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient’s consent, to electronically share pertinent health information with a specialist, providing timely information transfer and reducing the need for replicated testing. Australia is in the process of adopting a national approach to an integrated health records solution. The Australian National Ehealth Transition Authority (NEHTA) has released their Interoperability Framework together with specifications and standards for secure messaging in Ehealth. This is expected to promote an environment in which vendors competing for market share will develop medical applications that are interoperable. With an aging population and the baby boomers preparing for retirement, it is anticipated that these initiatives may indirectly help to reduce the anticipated strain on the health care budget. Anticipated secondary benefits include the collection of deidentified information for public health research and the development of health management strategies. This paper discusses NEHTA’s secure transmission initiatives and the resultant security issues related to the transfer of shared EHRs

Security of electronic personal health information in a public hospital in South Africa

The adoption of digital health technologies has dramatically changed the healthcare sector landscape and thus generates new opportunities to collect, capture, store, access and retrieve electronic personal health information (ePHI). With the introduction of digital health technologies and the digitisation of health data, an increasing number of hospitals and peripheral health facilities across the globe are transitioning from a paper-based environment to an electronic or paper-light environment. However, the growing use of digital health technologies within healthcare facilities has caused ePHI to be exposed to a variety of threats such as cyber security threats, human-related threats, technological threats and environmental threats. These threats have the potential to cause harm to hospital systems and severely compromise the integrity and confidentiality of ePHI. Because of the growing number of security threats, many hospitals, both private and public, are struggling to secure ePHI due to a lack of robust data security plans, systems and security control measures. The purpose of this study was to explore the security of electronic personal health information in a public hospital in South Africa. The study was underpinned by the interpretivism paradigm with qualitative data collected through semi-structured interviews with purposively selected IT technicians, network controllers’, administrative clerks and records management clerks, and triangulated with document and system analysis. Audio-recorded interviews were transcribed verbatim. Data was coded and analysed using ATLAS.ti, version 8 software, to generate themes and codes within the data, from which findings were derived. The key results revealed that the public hospital is witnessing a deluge of sophisticated cyber threats such as worm viruses, Trojan horses and shortcut viruses. This is compounded by technological threats such as power and system failure, network connection failure, obsolete computers and operating systems, and outdated hospital systems. However, defensive security measures such as data encryption, windows firewall, antivirus software and security audit log system exist in the public hospital for securing and protecting ePHI against threats and breaches. The study recommended the need to implement Intrusion Protection System (IPS), and constantly update the Windows firewall and antivirus program to protect hospital computers and networks against newly released viruses and other malicious codes. In addition to the use of password and username to control access to ePHI in the public hospital, the study recommends that the hospital should put in place authentication mechanisms such as biometric system and Radio Frequency Identification (RFID) system restrict access to ePHI, as well as to upgrade hospital computers and the Patient Administration and Billing (PAAB) System. In the absence of security policy, there is a need for the hospital to put in place a clear written security policy aimed at protecting ePHI. The study concluded that healthcare organisations should upgrade the security of their information systems to protect ePHI stored in databases against unauthorised access, malicious codes and other cyber-attacks.Information ScienceM. Inf. (Information Security