Analysis of privacy and security requirements in electronic health records

Authors

  • Rodrigo Tertulino Instituto Federal de Educação, Ciência e Tecnologia do Rio Grande do Norte
  • Naghmeh Ivaki Universidade de Coimbra

DOI:

https://doi.org/10.59681/2175-4411.v16.iEspecial.2024.1281

Keywords:

Electronic Patient Record, Information security, Privacy Protection

Abstract

Objective: The study analyzes the privacy and security requirements in electronic medical records, emphasizing the crucial relevance of security and privacy in healthcare systems. Method: A descriptive-exploratory case study was carried out using the citizen's electronic medical record system used in primary health care. Results: The results of the study indicate that the system only partially meets security and privacy requirements, such as integrity, emergency access, and anonymization, which need to be improved to comply with legislation and security policies. Conclusion: The research aims to improve the security and privacy of patient data in electronic health records, highlighting the importance of implementing appropriate measures to ensure compliance with legal standards and promote patient confidence in using these health technologies.

Author Biographies

Rodrigo Tertulino, Instituto Federal de Educação, Ciência e Tecnologia do Rio Grande do Norte

Professor Adjunto em Redes de Computadores, Laboratório de Pesquisa em Engenharia de Software e Automação (LaPEA), Instituto Federal de Educação, Ciência e Tecnologia do Rio Grande do Norte, Natal (RN), Brasil.

Naghmeh Ivaki, Universidade de Coimbra

Professora Assistente em Engenharia Informática, Centro de Informática e Sistemas da Universidade de Coimbra (CISUC), Departamento de Engenharia Informática, Universidade de Coimbra, Coimbra, Portugal.

References

N. Menachemi and T.H. Collum, Benefits and drawbacks of electronic health records systems, Risk Management and Healthcare Policy 4 (2011) 47-55. https://doi: 10.2147/RMHP.S12985. DOI: https://doi.org/10.2147/RMHP.S12985

Jigna J. Hathaliya and Sudeep Tanwar. An exhaustive survey on security and privacy issues in healthcare 4.0. Computer Communications, 153:311 – 335, 2020. ISSN 0140-3664. https://doi.org/https://doi.org/10. 1016/j.comcom.2020.02.018. DOI: https://doi.org/10.1016/j.comcom.2020.02.018

Arash Ghazvini and Zarina Shukur. Security challenges and success factors of electronic healthcare system. Procedia Technology, 11:212 – 219, 2013. ISSN 2212-0173. http://www.sciencedirect.com/science/article/pii/S221201731300337X. DOI: https://doi.org/10.1016/j.protcy.2013.12.183

M. Wazid et al. A Novel Authentication and Key Agreement Scheme for Implantable Medical Devices Deployment. IEEE J Biomed Health Inform, 22(4):1299–1309, 07 2018. DOI: https://doi.org/10.1109/JBHI.2017.2721545

H. M. Hussien et al. A systematic review for enabling of develop a blockchain tech- nology in healthcare application: Taxonomy, substantially analysis, motivations, challenges, recommendations and future direction. Journal of Medical Systems. https: //doi.org/10.1007/s10916-019-1445-8.

B. F. Smaradottir. Security management in electronic health records: Attitudes and experiences among health care professionals. In 2018 International Conference on Computational Science and Computational Intelligence (CSCI), pages 715–719, 2018. https://doi.org/10.1109/CSCI46756.2018.00143. DOI: https://doi.org/10.1109/CSCI46756.2018.00143

Buket Yüksel, Alptekin Küpçü, and Öznur Özkasap. Research issues for privacy and security of electronic health services. Future Generation Com- puter Systems. https://doi.org/10.1016/j.future.2016.08.011. DOI: https://doi.org/10.1016/j.future.2016.08.011

Omar El-Gayar and Ahmed Elnoshokaty. Factors and design features influencing the continued use of wearable devices. Journal of Healthcare Informatics Research, 7(3):359–385, Sep 2023. ISSN 2509-498X. https://doi.org/10.1007/s41666-023-00135-4. DOI: https://doi.org/10.1007/s41666-023-00135-4

Araujo, J. R. De; araujo filho, d. C. De; machado, l. D. S.; martins, r. M. G; cruz, R. de S. B. L. C. Sistema e-SUS AB: percepções dos enfermeiros da Estratégia Saúde da Família. 2019. Disponível em: https://scielosp.org/pdf/sdeb/2019. Acesso em: 16 set. 2020.

Marin, H. F. Sistemas de informação em saúde: considerações gerais. Journal of Health Informatics, [s. l.], v. 1, n. 2, p. 20-24, jan./mar., 2010.

Postal L, Celuppi IC, Lima G dos S, Felisberto M, Lacerda TC, Wazlawick RS, et al.. Sistema de agendamento online: uma ferramenta do PEC e-SUS APS para facilitar o acesso à Atenção Primária no Brasil. Ciência saúde coletiva [Internet]. 2021Jun;26(6):2023–34. Disponível em: https://doi.org/10.1590/1413-81232021266.38072020 DOI: https://doi.org/10.1590/1413-81232021266.38072020

Bredariol Junior JB, et al. Grau de maturidade da segurança da informação na visão dos gestores da rede pública de hospitais federais do Brasil. Revista Ibérica de Sistemas e Tecnologias de Informação, 2021;E41: 232-243.

Alves JC. Breves considerações à Lei Geral de Proteção de Dados (LGPD) e sua consonância com o direito fundamental à saúde em tempos de pandemia do novo coronavírus. Revista de Direito e Atualidades. 2021;1(1). DOI: https://doi.org/10.58941/26760452/v1.n1.25

Thaísa Cardoso Lacerda, Jades Fernando Hammes, Miliane Fantonelli, Eduardo Monguilhott Dalmarco, and Raul Sidnei Wazlawick. e-sus aps strategy: Case of success on primary care informatization in brazil. Journal of Health Informatics, 12(4), nov. 2020. URL https://jhi.sbis.org.br/index.php/jhi-sbis/article/view/754.

Ministério da Saúde. Prontuário eletrônico do cidadão v5.0 - instalação do

sistema. Disponível em: https://saps-ms.github.io/Manual-eSUS-APS/

docs/PEC/PEC-02-instalacao/. accessed: 12.06.2023, 2023.

Mamta Madan, Meenu Dave, and Anisha Tandon. Importance of RTM for

testing a web-based project. In 2018 7th International Conference on Re-

liability, Infocom Technologies and Optimization (Trends and Future Di-

rections) (ICRITO), pages 816–818, 2018. https://doi.org/10.1109/

ICRITO.2018.8748299.

Orlena CZ Gotel and CW Finkelstein. An analysis of the requirements

traceability problem. In Proceedings of ieee international conference on

requirements engineering, pages 94–101. IEEE, 1994.

Poyraz et al Software requirement traceability analysis using text

mining methods. In 2017 25th Signal Processing and Communications Ap-

plications Conference (SIU), pages 1–4, 2017. https://doi.org/10.1109/

SIU.2017.7960424.

Serin Jeong, Heetae Cho, and Seonah Lee. Agile requirement traceability

matrix. In Proceedings of the 40th International Conference on Software En-

gineering: Companion Proceeedings, ICSE ’18, page 187–188, New York, NY,

USA, 2018. Association for Computing Machinery. ISBN 9781450356633.

https://doi.org/10.1145/3183440.3195089. DOI: https://doi.org/10.1145/3183440.3195089

Bangchao Wang, Rong Peng, Yuanbang Li, Han Lai, and Zhuo Wang. Re-

quirements traceability technologies and technology transfer decision sup-

port: A systematic review. Journal of Systems and Software, 146:59–79,

ISSN 0164-1212. https://doi.org/https://doi.org/10.1016/

j.jss.2018.09.001.

Rodrigo Tertulino, Nuno Antunes, and Higor Morais. Privacy in electronic health records: a systematic mapping study. Journal of Public Health, Jan 2023. ISSN 1613-2238. https://doi.org/10.1007/s10389-022-01795-z. DOI: https://doi.org/10.1007/s10389-022-01795-z

ISO. Health informatics — requirements for an electronic health record architecture, 2011. URL https://www.iso.org/standard/52823.html.

Orlena CZ Gotel and CW Finkelstein. An analysis of the requirements

traceability problem. In Proceedings of ieee international conference on

requirements engineering, pages 94–101. IEEE, 1994.

HIPAA (2013b) Summary of the HIPAA Privacy Rule. https:// www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/ summary/privacysummary.pdf Acessado em 22/09/2022.

GDPR (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC (General Data Protection Regulation). http://eurlex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L .2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC

Shah S. M., Khan R. A. (2020) Secondary use of electronic health record: Opportunities and challenges. IEEE Access 8:136947– 136965. https://doi.org/10.1109/ACCESS.2020.3011099 DOI: https://doi.org/10.1109/ACCESS.2020.3011099

Poulis G., Loukides G., Skiadopoulos S., Gkoulalas-Divanis A. (2017) Anonymizing datasets with demographics and diagnosis codes in the presence of utility constraints. J. Biomed. Inform. 65:76–96. https://doi.org/10.1016/j.jbi.2016.11.001. DOI: https://doi.org/10.1016/j.jbi.2016.11.001

Kho A. N., Cashy J. P., Jackson K. L., Pah A. R., Goel S., Boehnke J., Humphries J. E., Kominers S. D., Hota B. N., Sims S. A., Malin B. A., French D. D., Walunas T. L., Meltzer D. O., Kaleba E. O., Jones R. C., Galanter W. L. (2015) Design and implementation of a privacy preserving electronic health record linkage tool in Chicago. J. Am. Med. Inform. Assoc. 22(5):1072– 1080. https://doi.org/10.1093/jamia/ocv038 DOI: https://doi.org/10.1093/jamia/ocv038

Mamun Q., Rana M. (2017) A robust authentication model using multi-channel communication for eHealth systems to enhance privacy and security. In: 2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 255–260 https://doi.org/10.1109/IEMCON.2017. 8117210 DOI: https://doi.org/10.1109/IEMCON.2017.8117210

Sun Y., Zhang R., Wang X., Gao K., Liu L. (2018) A decen- tralizing attribute-based signature for healthcare blockchain. In: 2018 27th International Conference on Computer Communica- tion and Networks (ICCCN), pp. 1–9 https://doi.org/10.1109/ ICCCN.2018.8487349 DOI: https://doi.org/10.1109/ICCCN.2018.8487349

Essa Y. M., Hemdan E. E. D., El-Mahalawy A., Attiya G., El-Sayed A. (2019) IFHDS: Intelligent framework for securing healthcare bigdata. J. Med. Syst. 43(5):124. https://doi.org/10.1007/ s10916-019-1250-4 DOI: https://doi.org/10.1007/s10916-019-1250-4

Bhoomi, Gupta., Deepika, Bansal. Electronic Health Record Systems for Enhanced Medical Care: A Survey. (2023).257-262. doi: 10.1109/ICISCoIS56541.2023.10100356 DOI: https://doi.org/10.1109/ICISCoIS56541.2023.10100356

Díaz-Palacios, José R., Víctor J. Romo-Aledo, and Amir H. Chinaei. "Biometric access control for e-health records in pre-hospital care." Proceedings of the joint EDBT/ICDT 2013 workshops. 2013. DOI: https://doi.org/10.1145/2457317.2457345

Alghazo JM. Intelligent Security and Privacy of Electronic Health Records Using Biometric Images. Curr Med Imaging Rev. 2019;15(4):386-394. doi: 10.2174/1573405615666181228121535. PMID: 31989908. DOI: https://doi.org/10.2174/1573405615666181228121535

Published

2024-11-19

How to Cite

Tertulino, R., & Ivaki, N. (2024). Analysis of privacy and security requirements in electronic health records. Journal of Health Informatics, 16(Especial). https://doi.org/10.59681/2175-4411.v16.iEspecial.2024.1281

Similar Articles

<< < 5 6 7 8 9 10 11 12 13 14 > >> 

You may also start an advanced similarity search for this article.