European hospitals' transition toward fully electronic-based systems: do information technology security and privacy practices follow?

Background: Traditionally, health information has been mainly kept in paper-based records. This has deeply changed throughout approximately the last three decades with the widespread use of multiple health information technologies. The digitization of health care systems contributes to improving health care delivery. However, it also exposes health records to security and privacy breaches inherently related to information technology (IT). Thus, health care organizations willing to leverage IT for improved health care delivery need to put in place IT security and privacy measures consistent with their use of IT resources. Objective: In this study, 2 main objectives are pursued: (1) to assess the state of the implementation of IT security and privacy practices in European hospitals and (2) to assess to what extent these hospitals enhance their IT security and privacy practices as they move from paper-based systems toward fully electronic-based systems. Methods: Drawing on data from the European Commission electronic health survey, we performed a cluster analysis based on IT security and privacy practices implemented in 1723 European hospitals. We also developed an IT security index, a compounded measure of implemented IT security and privacy practices, and compared it with the hospitals' level in their transition from a paper-based system toward a fully electronic-based system. Results: A total of 3 clearly distinct patterns of health IT-related security and privacy practices were unveiled. These patterns, as well as the IT security index, indicate that most of the sampled hospitals (70.2%) failed to implement basic security and privacy measures consistent with their digitization level. Conclusions: Even though, on average, the most electronically advanced hospitals display a higher IT security index than hospitals where the paper system still dominates, surprisingly, it appears that the enhancement of IT security and privacy practices as the health information digitization advances in European hospitals is neither systematic nor strong enough regarding the IT-security requirements. This study will contribute to raising awareness among hospitals' managers as to the importance of enhancing their IT security and privacy measures so that they can keep up with the security threats inherently related to the digitization of health care organizations. © 2019 Journal of Medical Internet Research. All rights reserved

Ensuring the security and privacy of information in mobile health-care communication systems

The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient’s data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hospital. With the implementation of electronic patient records and the Internet and Intranets, medical information sharing amongst relevant health-care providers was made possible. But the vital issue in this method of information sharing is security: the patient’s privacy, as well as the confidentiality and integrity of the health-care information system, should not be compromised. We examine various ways of ensuring the security and privacy of a patient’s electronic medical information in order to ensure the integrity and confidentiality of the information

Integrated, reliable and cloud-based personal health record: a scoping review.

Personal Health Records (PHR) emerge as an alternative to integrate patient’s health information to give a global view of patients' status. However, integration is not a trivial feature when dealing with a variety electronic health systems from healthcare centers. Access to PHR sensitive information must comply with privacy policies defined by the patient. Architecture PHR design should be in accordance to these, and take advantage of nowadays technology. Cloud computing is a current technology that provides scalability, ubiquity, and elasticity features. This paper presents a scoping review related to PHR systems that achieve three characteristics: integrated, reliable and cloud-based. We found 101 articles that addressed thosecharacteristics. We identified four main research topics: proposal/developed systems, PHR recommendations for development, system integration and standards, and security and privacy. Integration is tackled with HL7 CDA standard. Information reliability is based in ABE security-privacy mechanism. Cloud-based technology access is achieved via SOA.CONACYT - Consejo Nacional de Ciencia y TecnologíaPROCIENCI

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

An Exploration of Trends in Patient Health Data Safety Concerns: Does Heterogeneity Matter?

There have been ongoing discussions on threats to patients' electronic health information/records (EHR). This study aims to examine the 1) trend in electronic data safeguard concerns and 2) factors associated with such perceptions. Using the Health Information National Trends Survey (HINTS) data from 2014, 2017, and 2018, the study analyzed 7527 patients (representing approximately, 175 million US adult subjects) for their perceptions on information safeguard and withholding information from providers due to privacy/security. About 24%, 24%, and 15% respondents reported not confident about data safeguard in 2014, 2017, and 2018, respectively. A large population is not firmly confident about data safety and many would withhold information. Although there is a significant trend in improvement of safeguard concerns, there is patient characteristics-related heterogeneity and there are communication quality effects on adverse outcomes of privacy/security concerns. The results will be useful for improving patient utilization of EHRs benefiting patients or healthcare systems

Managing the security of nursing data in the electronic health record

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95 and 80, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. © 2015 Mahnaz Samadbeik, Zahra Gorzin, Masomeh Khoshkam, Masoud Roudbari

A systematic literature review on security and privacy of electronic health record systems: technical perspectives

Abstract Background: Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. Objective: This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Method: Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Results: Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. Conclusion: This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements

Do Individuals in Developing Countries Care about Personal Health Information Privacy? An Empirical Investigation

As developing countries migrate to electronic healthcare (e-health) systems, emerging case studies suggest concerns are being raised about the privacy and security of personal health information (PHI) (e.g., Bedeley & Palvia, 2014; Willyard, 2010). However, there is lack of consideration of PHI privacy in the development of e-health systems in these countries as developers and policy makers assume that individuals are in greater need of healthcare and may not care about issues such as privacy (Policy Engagement Network [PEN], 2010). To better understand these assumptions and concerns individuals may have about the digitization of their PHI, this study examined individuals’ privacy concerns regarding the use of electronic health record (EHR) systems by hospitals for storing and managing PHI. A survey was conducted on a sample of 276 individuals in Ghana, a Sub-Saharan African country. We analysed the dataset using t-test and analysis of variance (ANOVA). Contradicting the assumption underlying e-health systems development, the results demonstrated that whilst individuals are less concerned about the collection of their PHI by hospitals, they are highly concerned about unauthorised secondary use, errors, and unauthorize access regarding their PHI stored in EHR systems. These concerns are especially greater for individuals with high computer experience and those who are extremely concerned about their health. Furthermore, compared with women and older individuals (35 years or older), men and younger individuals (aged 18-24) are more concerned about the collection of their PHI by hospitals. Implications for research and practice are discussed

Future of healthcare vis-a-vis building trust in major stakeholders through Information Security Management

The Healthcare sector is growing leaps and bound, so is its data and information. Security and privacy of this Information has become a crucial issue for this proliferating healthcare industry. In this fast moving global scenario, patients need not carry their medical records in a big bag on move, as in this digital world ,all that patients have to do is to get admitted in a hospital for the treatment , rest all is in hands of Information Assets Infrastructure of these mushrooming hospitals. But due to the increased use of patient’s information sharing among doctors, vis hospitals ;patients and their families raise an issue for security of their medical data and records. Hence improving the Information Security Management Systems (ISMS) has become the necessity to keep secure digital patient records for success of hospitals and their brands or at large name and fame of Healthcare Industry. Patients are required to share information with doctors for correct diagnosis and treatment. Security concerns arise, in transmitting and processing electronic medical records, personal healthcare records, patients’ billing records as well as public health alerts across many parties with varying security, privacy and trust levels. Not all hospitals adopt all the essential security measures. In the present paper, we are studying eight International Hospitals to review their Information Security Management Systems (ISMS) standards , concluding their stands on the basis of proposed five principles and also proposing the future scope of implementation of IS in the hospital. We contemplate an Information Security model based on the proposed five principles of Information Security