Information Assurance in E-Healthcare

2011 ◽  
pp. 600-607
Author(s):  
Sherrie D. Cannoy ◽  
A. F. Salam
Keyword(s):  
Patient Care ◽  
Patient Information ◽  
Medical Records ◽  
Medical Information ◽  
Information Assurance ◽  
Security And Privacy ◽  
Sensitive Information ◽  
Healthcare Industry ◽  
Privacy Policies ◽  
The Government

There is growing concern that the healthcare industry has not adopted IT systems as widely and effectively as other industries. Healthcare technological advances generally emerge from the clinical and medical areas rather than clerical and administrative. The healthcare industry is perceived to be 10 to 15 years behind other industries in its use of information technology (Raghupathi & Tan, 1997). Incorporating new technology into the healthcare organization’s processes is risky because of the potential for patient information being disclosed. The purpose of this study is to investigate the information assurance factors involved with security regulations and electronic medical record initiatives—a first necessary step in making the healthcare industry more efficient. Noncompliance of a healthcare organization’s employees with security and privacy policies (i.e., information assurance) can result in legal and financial difficulties, as well as irreparable damage to an organization’s reputation. To implement electronic medical initiatives, it is vital that an organization has compliance with security and privacy policies. E-health technology is a relatively current phenomenon. There are two types of distance-related healthcare that are technology driven. Telehealth is known for involving telemedicine—medicine practiced over a distance, with the impetus of control being in the physician’s hands (Maheu, 2000). E-health involves the patient or physician actively searching for information or a service, usually via the Internet (Maheu). Electronic medical records fall into the e-health category because the physician, healthcare partners, and patient would be able to access the information through an Internet connection. Security and information assurance are critical factors in implementing e-health technologies. There is a lack of a well-developed theoretical framework in which to understand information assurance factors in e-healthcare. The theory of reasoned action (TRA) and technology acceptance model (TAM) enable a conceptual model of information assurance and compliance to be formed in the context of healthcare security and privacy policy. The relationship between behavior and intentions, attitudes, beliefs, and external factors has been supported in previous research and will provide a framework for ensuring compliance to security and privacy policies in healthcare organizations so that HIPAA (Health Insurance Portability and Accountability Act) regulations are enforced and electronic medical records (EMRs) can be securely implemented. Traditionally, records in the healthcare industry have been paper based, enabling strict accessibility to records. This allowed for confidentiality of information to be practically ensured. The uniqueness of healthcare records and the sensitive information they contain is specific to the industry. Over the many years that medical records have been kept, those involved in the field have undertaken a self-imposed rule of stringently protecting the patient information while providing quality care. The patient’s expectation for confidentiality of personally identifiable medical records is also critical. According to Rindfleisch (1997, pp. 95-96), in his study of healthcare IT privacy, the threats to patient information confidentiality are inside the patient-care institution; from within secondary user settings which may exploit data; or from outsider intrusion into medical information. Rindfleisch (1997) examined specific disclosures which could release sensitive information such as emotional problems, fertility and abortions, sexually transmitted diseases, substance abuse, genetic predispositions to disease—all of which could cause embarrassment and could affect insurability, child custody cases, and employment. The process of healthcare treatment includes not only the patient and physician but also nurses, office staff who send out bills and insurance claims, the insurance company, billing clearinghouses, pharmacies, and any other companies to which these processes can be outsourced. There is an estimate that states as many as 400 people may have access to your personal medical information throughout the typical care process (Mercuri, 2004). The government is also a partner in national health concerns, and also maintains databases containing information on contagious diseases, cancer registries, organ donations, and other healthcare information of national interest. (See http://www.fedstats.gov/programs/health.html for a listing of the databases.) With the advent of government mandates such as EMRs and HIPAA regulations, the increased accessibility of sensitive records requires intense effort to create policies that limit access for those who are authorized. Although there is an area of information economics which views information as an asset that can be numerically valued for its benefit, the same perspective has not been adopted in healthcare. Especially in the United States, clinical information and patient care are considered proprietary (Hagland, 2004). There is no specific associated cost with one’s medical information—what damage is done when one’s medical information has been utilized improperly? Even though damages are ill-defined, there are regulations and standards for emerging technology in healthcare. The two most current important security and privacy issues involve HIPAA regulation and the government mandate for EMRs.

Information Assurance in E-Healthcare

2011 ◽  
pp. 1703-1713
Author(s):  
Sherrie D. Cannoy
Keyword(s):  
New Technology ◽  
Information Assurance ◽  
Security And Privacy ◽  
Healthcare Industry ◽  
Privacy Policies ◽  
Internet Connection ◽  
Financial Difficulties ◽  
It Systems ◽  
Technological Advances ◽  
Security Regulations

There is growing concern that the healthcare industry has not adopted IT systems as widely and effectively as other industries. Healthcare technological advances generally emerge from the clinical and medical areas rather than clerical and administrative. The healthcare industry is perceived to be 10 to 15 years behind other industries in its use of information technology (Raghupathi & Tan, 1997). Incorporating new technology into the healthcare organization’s processes is risky because of the potential for patient information being disclosed. The purpose of this study is to investigate the information assurance factors involved with security regulations and electronic medical record initiatives—a first necessary step in making the healthcare industry more efficient. Noncompliance of a healthcare organization’s employees with security and privacy policies (i.e., information assurance) can result in legal and financial difficulties, as well as irreparable damage to an organization’s reputation. To implement electronic medical initiatives, it is vital that an organization has compliance with security and privacy policies. E-health technology is a relatively current phenomenon. There are two types of distance-related healthcare that are technology driven. Telehealth is known for involving telemedicine—medicine practiced over a distance, with the impetus of control being in the physician’s hands (Maheu, 2000). E-health involves the patient or physician actively searching for information or a service, usually via the Internet (Maheu). Electronic medical records fall into the e-health category because the physician, healthcare partners, and patient would be able to access the information through an Internet connection.

scholarly journals Patient Privacy Protection Using Anonymous Access Control Techniques

2008 ◽  
Vol 47 (03) ◽  
pp. 235-240 ◽  
Author(s):  
D. Weerasinghe ◽  
K. Elmufti ◽  
V. Rakocevic ◽  
M. Rajarajan
Keyword(s):  
Medical Record ◽  
Medical Records ◽  
Healthcare Service ◽  
Medical Information ◽  
Distributed Databases ◽  
Healthcare Services ◽  
Security And Privacy ◽  
Sensitive Information ◽  
Patient Privacy ◽  
Patient Identification

Summary Objective: The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. Methods: In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. Results: The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. Conclusion: The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records.

scholarly journals A Secure E-Health System

2020 ◽  
pp. 1008-1010
Author(s):  
Harshali Kulwal ◽  
Pallavi Badhe ◽  
Sneha Ingole ◽  
Monika Madhure ◽  
Archana. K
Keyword(s):  
Electronic Medical Records ◽  
Medical Records ◽  
Medical Information ◽  
Health Management ◽  
Cost Effective ◽  
Internet Security ◽  
Security And Privacy ◽  
Main Function ◽  
Security Issues ◽  
System Input

Existing Health Management Systems are faced with various security and privacy issues such as unauthorized Access to Patient Records, internet security issues, etc. The proposed system mainly focuses on the security of Electronic Medical Records . The purpose of the project entitled “A SECURE eHealth SYSTEM” is to develop software which is user-friendly, fast, and cost-effective. It deals with the collection of patient’s information, Doctor details, Medical information. Traditionally, it was done manually. The main function of the system is to register and store patient details, add symptom and doctor details and retrieve these details as and when required, and also to manipulate these details meaningfully. System input contains patient details, doctor details while system output is to appoint a doctor for the patient, display these details on the screen, securely generated electronic medical records, forward prescriptions to the medical store. The eHealth system can be entered using a unique ID generated during registration and password. It is accessible either by a doctor, patient, pharmacist. Only registered members add data into a database. The data can be retrieved easily. The data is well protected and the data processing becomes very fast.

scholarly journals Study of Sharing Patient Information by Nurses Between Inpatient and Outpatient Wards in Japan

2021 ◽  
Author(s):  
Natsuko Nishida ◽  
Tomoko Hikita ◽  
Megumi Iida ◽  
Goshiro Yamamoto ◽  
Tomohiro Kuroda
Keyword(s):  
Patient Care ◽  
Information Sharing ◽  
Patient Information ◽  
Medical Records ◽  
Communication Tool ◽  
Nursing Diagnosis ◽  
Quality Of Patient Care ◽  
Hospital Stays ◽  
Communication Needs

Shortening hospital stays increases communication needs between nurses in inpatient and outpatient wards. Smooth information sharing is required to reduce the workload of nurses and improve the quality of patient care. However, electronic medical records (EMR) system does not have sufficient functions to support information sharing between wards, because EMR has been developed mainly for recording. This study led to three improvements; unified communication tool, common patient list linked to EMR, and outpatient nursing diagnosis.

Linking Patient Information Systems to Bibliographic Resources

1996 ◽  
Vol 35 (02) ◽  
pp. 122-126 ◽  
Author(s):  
J. J. Cimino
Keyword(s):  
Information Systems ◽  
Patient Care ◽  
Medical Informatics ◽  
Patient Information ◽  
Medical Information ◽  
Information Resources ◽  
Retrieval Strategy ◽  
Experimental Systems ◽  
Care Systems ◽  
On Line

AbstractMedical informatics researchers have explored a number of ways to integrate medical information resources into patient care systems. Particular attention has been given to the integration of on-line bibliographic resources. This paper presents an information model which breaks down the integration task into three components, each of which answers a question: what is the user’s question?, where can the answer be found?, and how is the retrieval strategy composed? Twelve experimental systems are reviewed and their methods for addressing one or more of these questions are described.

More on Transfer of Medical Information

PEDIATRICS ◽  
1969 ◽  
Vol 43 (4) ◽  
pp. 639-639
Author(s):  
Nicholas Cunningham
Keyword(s):  
Patient Information ◽  
Medical Records ◽  
Medical Information

Dr. Auld's gripe (Pediatrics, 42:1014, 1968) about how hard it is to get useful patient information from colleagues is probably shared by many of us. But, since pediatricians are among the busiest (and least well remunerated) specialists, more than griping and pleading for better rapport will be needed to get results. Two avenues suggest themselves. The first is to automate both the recording and reproduction of medical records. If all our notes were dictated, using standardized nomenclature and units of mensuration, and then transcribed for standardized forms, our records would become both more accessible for ourselves and more easily reproducible for our colleagues.

scholarly journals HealthyBlock: Blockchain-Based IT Architecture for Electronic Medical Records Resilient to Connectivity Failures

2020 ◽  
Vol 17 (19) ◽  
pp. 7132
Author(s):  
Omar Gutiérrez ◽  
Giordy Romero ◽  
Luis Pérez ◽  
Augusto Salazar ◽  
Marina Charris ◽  
...  
Keyword(s):  
Medical Record ◽  
Electronic Medical Record ◽  
Electronic Medical Records ◽  
Medical Records ◽  
Medical Information ◽  
High Efficiency ◽  
Electronic Medical Record System ◽  
Security And Privacy ◽  
Record System ◽  
Treatment And Prevention

The current information systems for the registration and control of electronic medical records (EMR) present a series of problems in terms of the fragmentation, security, and privacy of medical information, since each health institution, laboratory, doctor, etc. has its own database and manages its own information, without the intervention of patients. This situation does not favor effective treatment and prevention of diseases for the population, due to potential information loss, misinformation, or data leaks related to a patient, which in turn may imply a direct risk for the individual and high public health costs for governments. One of the proposed solutions to this problem has been the creation of electronic medical record (EMR) systems using blockchain networks; however, most of them do not take into account the occurrence of connectivity failures, such as those found in various developing countries, which can lead to failures in the integrity of the system data. To address these problems, HealthyBlock is presented in this paper as an architecture based on blockchain networks, which proposes a unified electronic medical record system that considers different clinical providers, with resilience in data integrity during connectivity failure and with usability, security, and privacy characteristics. On the basis of the HealthyBlock architecture, a prototype was implemented for the care of patients in a network of hospitals. The results of the evaluation showed high efficiency in keeping the EMRs of patients unified, updated, and secure, regardless of the network clinical provider they consult.

scholarly journals Towards a Blockchain Assisted Patient Owned System for Electronic Health Records

Electronics ◽  
2021 ◽  
Vol 10 (5) ◽  
pp. 580
Author(s):  
Tomilayo Fatokun ◽  
Avishek Nag ◽  
Sachin Sharma
Keyword(s):  
Electronic Health Records ◽  
Medical Records ◽  
Data Exchange ◽  
Healthcare Providers ◽  
Third Party ◽  
Security And Privacy ◽  
Healthcare Industry ◽  
Health Records ◽  
Electronic Health ◽  
Patient Centric

Security and privacy of patients’ data is a major concern in the healthcare industry. In this paper, we propose a system that activates robust security and privacy of patients’ medical records as well as enables interoperability and data exchange between the different healthcare providers. The work proposes the shift from patient’s electronic health records being managed and controlled by the healthcare industry to a patient-centric application where patients are in control of their data. The aim of this research is to build an Electronic Healthcare Record (EHR) system that is layered on the Ethereum blockchain platform and smart contract in order to eliminate the need for third-party systems. With this system, the healthcare provider can search for patient’s data and request the patients’ consent to access it. Patients manage their data which enables an expedited data exchange across EHR systems. Each patient’s data are stored on the peer-to-peer node ledger. The proposed patient-centric EHR platform is cross-platform compliant, as it can be accessed via personal computers and mobile devices and facilitates interoperability across healthcare providers as patients’ medical records are gathered from different healthcare providers and stored in a unified format. The proposed framework is tested on a private Ethereum network using Ganache. The results show the effectiveness of the system with respect to security, privacy, performance and interoperability.

Ailing Apps: An Analysis of Protected Health Information Leakage in Medical Smartphone Applications (Preprint)

2020 ◽  
Author(s):  
George Grispos ◽  
Talon Flynn ◽  
William Bradley Glisson
Keyword(s):  
Medical Device ◽  
Medical Devices ◽  
Patient Information ◽  
Medical Information ◽  
The United States ◽  
Controlled Experiment ◽  
Security And Privacy ◽  
Patient Specific ◽  
Smartphone Applications ◽  
Test Environment

BACKGROUND An emerging trend is the development of smartphone applications, which act as an interface to medical devices connected to the Internet. Many of these devices, along with their smartphone applications, have been approved by the United States Food and Drug Administration (FDA) for use in medical settings. Furthermore, device manufacturers are expected to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. As a result, manufacturers are required to implement safeguards to protect a patient’s personal and medical information. OBJECTIVE Previous research has shown that smartphone applications produce residual data, which can have security and privacy implications. Hence, there is the potential that the residual data generated by smartphone applications that interact with medical devices is potentially putting patient information at risk. This study investigates residual data recovered from a smartphone application, which interacts with a medical device, from the perspective of Security and Privacy violations within HIPAA. METHODS This study includes a controlled experiment to investigate the residual data generated by Android and iOS smartphone applications that accompany seven FDA-approved medical devices. The devices and their smartphone applications were used for five days in a test environment. The smartphone applications were then processed using industry-accepted mobile forensic toolkits to retrieve resident residual artifacts. Once the processing was complete, the data extractions were analyzed for patient information as well as medical device interactions. RESULTS The analysis of the Android and iOS smartphone applications revealed that data related to the test patient, and their use of the medical device could be retrieved from three out of the four applications. These three applications store patient and device data in plaintext, including passwords. However, analysis of the fourth application evaluated in this experiment has shown that while the iOS version stores information in plaintext, the Android version appears to encrypt artifacts containing patient and therapy details. CONCLUSIONS While all the medical devices included in the controlled experiment are cleared by the FDA, and all the manufacturers claim to be HIPPA compliant; the devices and applications used in this study demonstrate that it is possible to recover plaintext patient-specific and device information from the smartphone applications that interface with these devices.

Medical Records Management with Decentralized Framework

2021 ◽  
Vol 9 (VII) ◽  
pp. 193-200
Author(s):  
Harshal Jorwekar
Keyword(s):  
Private Information ◽  
Medical Records ◽  
Data Privacy ◽  
Medical Information ◽  
Information Storage ◽  
Records Management ◽  
Sensitive Information ◽  
Secure Information ◽  
Care Information ◽  
The Cost

The mystery between the emotional improvement of medical information protection interest and long periods of administrative guideline has eased back advancement for electronic medical records (EMRs). In this paper, we propose a efficient, secure and decentralized Blockchain system for data privacy preserving and sharing. This manages confidentiality, authentication, data preserving and data sharing when handling sensitive information. We exploit consortium Blockchain and smart contracts to accomplish secure information storage and sharing, which forestalls information sharing without consent. The patient’s historical data, medical record, patient’s private information is very critical and needs to be stored and maintained securely. The proposed framework builds information security and eliminates the cost, time, and assets needed to deal with the medical care information records.

Sign in / Sign up

Export Citation Format

Share Document