Analysis of privacy and security requirements in electronic health records
DOI:
https://doi.org/10.59681/2175-4411.v16.iEspecial.2024.1281Keywords:
Electronic Patient Record, Information security, Privacy ProtectionAbstract
Objective: The study analyzes the privacy and security requirements in electronic medical records, emphasizing the crucial relevance of security and privacy in healthcare systems. Method: A descriptive-exploratory case study was carried out using the citizen's electronic medical record system used in primary health care. Results: The results of the study indicate that the system only partially meets security and privacy requirements, such as integrity, emergency access, and anonymization, which need to be improved to comply with legislation and security policies. Conclusion: The research aims to improve the security and privacy of patient data in electronic health records, highlighting the importance of implementing appropriate measures to ensure compliance with legal standards and promote patient confidence in using these health technologies.
References
N. Menachemi and T.H. Collum, Benefits and drawbacks of electronic health records systems, Risk Management and Healthcare Policy 4 (2011) 47-55. https://doi: 10.2147/RMHP.S12985. DOI: https://doi.org/10.2147/RMHP.S12985
Jigna J. Hathaliya and Sudeep Tanwar. An exhaustive survey on security and privacy issues in healthcare 4.0. Computer Communications, 153:311 – 335, 2020. ISSN 0140-3664. https://doi.org/https://doi.org/10. 1016/j.comcom.2020.02.018. DOI: https://doi.org/10.1016/j.comcom.2020.02.018
Arash Ghazvini and Zarina Shukur. Security challenges and success factors of electronic healthcare system. Procedia Technology, 11:212 – 219, 2013. ISSN 2212-0173. http://www.sciencedirect.com/science/article/pii/S221201731300337X. DOI: https://doi.org/10.1016/j.protcy.2013.12.183
M. Wazid et al. A Novel Authentication and Key Agreement Scheme for Implantable Medical Devices Deployment. IEEE J Biomed Health Inform, 22(4):1299–1309, 07 2018. DOI: https://doi.org/10.1109/JBHI.2017.2721545
H. M. Hussien et al. A systematic review for enabling of develop a blockchain tech- nology in healthcare application: Taxonomy, substantially analysis, motivations, challenges, recommendations and future direction. Journal of Medical Systems. https: //doi.org/10.1007/s10916-019-1445-8.
B. F. Smaradottir. Security management in electronic health records: Attitudes and experiences among health care professionals. In 2018 International Conference on Computational Science and Computational Intelligence (CSCI), pages 715–719, 2018. https://doi.org/10.1109/CSCI46756.2018.00143. DOI: https://doi.org/10.1109/CSCI46756.2018.00143
Buket Yüksel, Alptekin Küpçü, and Öznur Özkasap. Research issues for privacy and security of electronic health services. Future Generation Com- puter Systems. https://doi.org/10.1016/j.future.2016.08.011. DOI: https://doi.org/10.1016/j.future.2016.08.011
Omar El-Gayar and Ahmed Elnoshokaty. Factors and design features influencing the continued use of wearable devices. Journal of Healthcare Informatics Research, 7(3):359–385, Sep 2023. ISSN 2509-498X. https://doi.org/10.1007/s41666-023-00135-4. DOI: https://doi.org/10.1007/s41666-023-00135-4
Araujo, J. R. De; araujo filho, d. C. De; machado, l. D. S.; martins, r. M. G; cruz, R. de S. B. L. C. Sistema e-SUS AB: percepções dos enfermeiros da Estratégia Saúde da Família. 2019. Disponível em: https://scielosp.org/pdf/sdeb/2019. Acesso em: 16 set. 2020.
Marin, H. F. Sistemas de informação em saúde: considerações gerais. Journal of Health Informatics, [s. l.], v. 1, n. 2, p. 20-24, jan./mar., 2010.
Postal L, Celuppi IC, Lima G dos S, Felisberto M, Lacerda TC, Wazlawick RS, et al.. Sistema de agendamento online: uma ferramenta do PEC e-SUS APS para facilitar o acesso à Atenção Primária no Brasil. Ciência saúde coletiva [Internet]. 2021Jun;26(6):2023–34. Disponível em: https://doi.org/10.1590/1413-81232021266.38072020 DOI: https://doi.org/10.1590/1413-81232021266.38072020
Bredariol Junior JB, et al. Grau de maturidade da segurança da informação na visão dos gestores da rede pública de hospitais federais do Brasil. Revista Ibérica de Sistemas e Tecnologias de Informação, 2021;E41: 232-243.
Alves JC. Breves considerações à Lei Geral de Proteção de Dados (LGPD) e sua consonância com o direito fundamental à saúde em tempos de pandemia do novo coronavírus. Revista de Direito e Atualidades. 2021;1(1). DOI: https://doi.org/10.58941/26760452/v1.n1.25
Thaísa Cardoso Lacerda, Jades Fernando Hammes, Miliane Fantonelli, Eduardo Monguilhott Dalmarco, and Raul Sidnei Wazlawick. e-sus aps strategy: Case of success on primary care informatization in brazil. Journal of Health Informatics, 12(4), nov. 2020. URL https://jhi.sbis.org.br/index.php/jhi-sbis/article/view/754.
Ministério da Saúde. Prontuário eletrônico do cidadão v5.0 - instalação do
sistema. Disponível em: https://saps-ms.github.io/Manual-eSUS-APS/
docs/PEC/PEC-02-instalacao/. accessed: 12.06.2023, 2023.
Mamta Madan, Meenu Dave, and Anisha Tandon. Importance of RTM for
testing a web-based project. In 2018 7th International Conference on Re-
liability, Infocom Technologies and Optimization (Trends and Future Di-
rections) (ICRITO), pages 816–818, 2018. https://doi.org/10.1109/
ICRITO.2018.8748299.
Orlena CZ Gotel and CW Finkelstein. An analysis of the requirements
traceability problem. In Proceedings of ieee international conference on
requirements engineering, pages 94–101. IEEE, 1994.
Poyraz et al Software requirement traceability analysis using text
mining methods. In 2017 25th Signal Processing and Communications Ap-
plications Conference (SIU), pages 1–4, 2017. https://doi.org/10.1109/
SIU.2017.7960424.
Serin Jeong, Heetae Cho, and Seonah Lee. Agile requirement traceability
matrix. In Proceedings of the 40th International Conference on Software En-
gineering: Companion Proceeedings, ICSE ’18, page 187–188, New York, NY,
USA, 2018. Association for Computing Machinery. ISBN 9781450356633.
https://doi.org/10.1145/3183440.3195089. DOI: https://doi.org/10.1145/3183440.3195089
Bangchao Wang, Rong Peng, Yuanbang Li, Han Lai, and Zhuo Wang. Re-
quirements traceability technologies and technology transfer decision sup-
port: A systematic review. Journal of Systems and Software, 146:59–79,
ISSN 0164-1212. https://doi.org/https://doi.org/10.1016/
j.jss.2018.09.001.
Rodrigo Tertulino, Nuno Antunes, and Higor Morais. Privacy in electronic health records: a systematic mapping study. Journal of Public Health, Jan 2023. ISSN 1613-2238. https://doi.org/10.1007/s10389-022-01795-z. DOI: https://doi.org/10.1007/s10389-022-01795-z
ISO. Health informatics — requirements for an electronic health record architecture, 2011. URL https://www.iso.org/standard/52823.html.
Orlena CZ Gotel and CW Finkelstein. An analysis of the requirements
traceability problem. In Proceedings of ieee international conference on
requirements engineering, pages 94–101. IEEE, 1994.
HIPAA (2013b) Summary of the HIPAA Privacy Rule. https:// www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/ summary/privacysummary.pdf Acessado em 22/09/2022.
GDPR (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC (General Data Protection Regulation). http://eurlex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L .2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC
Shah S. M., Khan R. A. (2020) Secondary use of electronic health record: Opportunities and challenges. IEEE Access 8:136947– 136965. https://doi.org/10.1109/ACCESS.2020.3011099 DOI: https://doi.org/10.1109/ACCESS.2020.3011099
Poulis G., Loukides G., Skiadopoulos S., Gkoulalas-Divanis A. (2017) Anonymizing datasets with demographics and diagnosis codes in the presence of utility constraints. J. Biomed. Inform. 65:76–96. https://doi.org/10.1016/j.jbi.2016.11.001. DOI: https://doi.org/10.1016/j.jbi.2016.11.001
Kho A. N., Cashy J. P., Jackson K. L., Pah A. R., Goel S., Boehnke J., Humphries J. E., Kominers S. D., Hota B. N., Sims S. A., Malin B. A., French D. D., Walunas T. L., Meltzer D. O., Kaleba E. O., Jones R. C., Galanter W. L. (2015) Design and implementation of a privacy preserving electronic health record linkage tool in Chicago. J. Am. Med. Inform. Assoc. 22(5):1072– 1080. https://doi.org/10.1093/jamia/ocv038 DOI: https://doi.org/10.1093/jamia/ocv038
Mamun Q., Rana M. (2017) A robust authentication model using multi-channel communication for eHealth systems to enhance privacy and security. In: 2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 255–260 https://doi.org/10.1109/IEMCON.2017. 8117210 DOI: https://doi.org/10.1109/IEMCON.2017.8117210
Sun Y., Zhang R., Wang X., Gao K., Liu L. (2018) A decen- tralizing attribute-based signature for healthcare blockchain. In: 2018 27th International Conference on Computer Communica- tion and Networks (ICCCN), pp. 1–9 https://doi.org/10.1109/ ICCCN.2018.8487349 DOI: https://doi.org/10.1109/ICCCN.2018.8487349
Essa Y. M., Hemdan E. E. D., El-Mahalawy A., Attiya G., El-Sayed A. (2019) IFHDS: Intelligent framework for securing healthcare bigdata. J. Med. Syst. 43(5):124. https://doi.org/10.1007/ s10916-019-1250-4 DOI: https://doi.org/10.1007/s10916-019-1250-4
Bhoomi, Gupta., Deepika, Bansal. Electronic Health Record Systems for Enhanced Medical Care: A Survey. (2023).257-262. doi: 10.1109/ICISCoIS56541.2023.10100356 DOI: https://doi.org/10.1109/ICISCoIS56541.2023.10100356
Díaz-Palacios, José R., Víctor J. Romo-Aledo, and Amir H. Chinaei. "Biometric access control for e-health records in pre-hospital care." Proceedings of the joint EDBT/ICDT 2013 workshops. 2013. DOI: https://doi.org/10.1145/2457317.2457345
Alghazo JM. Intelligent Security and Privacy of Electronic Health Records Using Biometric Images. Curr Med Imaging Rev. 2019;15(4):386-394. doi: 10.2174/1573405615666181228121535. PMID: 31989908. DOI: https://doi.org/10.2174/1573405615666181228121535
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Submission of a paper to Journal of Health Informatics is understood to imply that it is not being considered for publication elsewhere and that the author(s) permission to publish his/her (their) article(s) in this Journal implies the exclusive authorization of the publishers to deal with all issues concerning the copyright therein. Upon the submission of an article, authors will be asked to sign a Copyright Notice. Acceptance of the agreement will ensure the widest possible dissemination of information. An e-mail will be sent to the corresponding author confirming receipt of the manuscript and acceptance of the agreement.
