Challenges and solutions in medical record keeping and data security

Salman Eid Fadhi Alhejaili; Abdullah Raja Alhejaili; Abeer Ali Alyehya; Fayez Suliman Alharbi; Mohammed Monawer H Almotairi; Muneer Shudayyid Muneer Almutairi; Nawaf Sakr Almutairi; Sultan Abdulaziz Muhanna‏ Al Ahmadi; Abdulaziz Salman Almughathawi; Abdlraheem Salem Alraddadii; Fahad Ghali Alsuhaymi; Mohammed Maqbul Mohammed Hazazi; Mohammad Mamdouh Mohammed Alanazi

doi:10.53730/ijhs.v7nS1.15326

Authors

Salman Eid Fadhi Alhejaili KSA, National Guard Health Affairs
Abdullah Raja Alhejaili KSA, National Guard Health Affairs
Abeer Ali Alyehya KSA, National Guard Health Affairs
Fayez Suliman Alharbi Qassim Armed Forces Hospital
Mohammed Monawer H. Almotairi Qassim Armed Forces Hospital
Muneer Shudayyid Muneer Almutairi Qassim Armed Forces Hospital
Nawaf Sakr Almutairi National Guard Hospital
Sultan Abdulaziz Muhanna‏ Al Ahmadi KSA, National Guard Health Affairs
Abdulaziz Salman Almughathawi KSA, National Guard Health Affairs
Abdlraheem Salem Alraddadii KSA, National Guard Health Affairs
Fahad Ghali Alsuhaymi KSA, National Guard Health Affairs
Mohammed Maqbul Mohammed Hazazi Prince Sultan Air Base, Al-Kharj
Mohammad Mamdouh Mohammed Alanazi Prince Sultan Air Base, Al-Kharj

Keywords:

Internet of Things (IoT), cybersecurity, data privacy, EHR security, healthcare informatics

Abstract

This literature review analyzes the challenges and solutions associated with the security and privacy of electronic health records (EHR). The extensive implementation of electronic health records (EHRs) provides advantages, including cost savings and enhanced quality of care, yet it also presents considerable vulnerabilities. Patient concerns regarding data protection are significant, driven by fears of unauthorized access and data breaches. This review examines the security risks associated with EHR systems, emphasizing three primary categories of safeguards: administrative, physical, and technical. This study examines the challenges presented by the Internet of Things (IoT) in relation to Electronic Health Records (EHRs), emphasizing the necessity for strong security protocols to manage heterogeneity, uncontrolled environments, and scalability requirements. This paper examines diverse security solutions, such as encryption and access control mechanisms, including Role-Based Access Control (RBAC), while emphasizing the significance of a multidisciplinary approach in the management of Electronic Health Record (EHR) systems. The rising frequency of cyberattacks on healthcare organizations highlights the necessity for proactive risk management strategies, which should encompass regular security audits, staff training, and the establishment of robust physical and technical safeguards.

Downloads

Download data is not yet available.

References

Kim SH, Kwon J. How do EHRs and a meaningful use initiative affect breaches of patient information? Information Systems Research. 2019;30(4):1184-202. DOI: https://doi.org/10.1287/isre.2019.0858

Carey DJ, Fetterolf SN, Davis FD, Faucett WA, Kirchner HL, Mirshahi U, et al. The Geisinger MyCode community health initiative: an electronic health record–linked biobank for precision medicine research. Genetics in medicine. 2016;18(9):906-13. DOI: https://doi.org/10.1038/gim.2015.187

Keshta I, Odeh A. Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal. 2021;22(2):177-83. DOI: https://doi.org/10.1016/j.eij.2020.07.003

Ahmad KAB, Khujamatov H, Akhmedov N, Bajuri MY, Ahmad MN, Ahmadian A. Emerging trends and evolutions for smart city healthcare systems. Sustainable Cities and Society. 2022;80:103695. DOI: https://doi.org/10.1016/j.scs.2022.103695

Walid R, Joshi KP, Choi SG, Kim D-y, editors. Cloud-based encrypted ehr system with semantically rich access control and searchable encryption. 2020 IEEE international conference on big data (Big Data); 2020: IEEE. DOI: https://doi.org/10.1109/BigData50022.2020.9378002

Acquisti A, Brandimarte L, Loewenstein G. Secrets and likes: The drive for privacy and the difficulty of achieving it in the digital age. Journal of Consumer Psychology. 2020;30(4):736-58. DOI: https://doi.org/10.1002/jcpy.1191

Lemke J. Storage and security of personal health information. OOHNA J. 2013;32(1):25-6.

Achampong EK. Electronic health record (EHR) and cloud security: the current issues. International Journal of Cloud Computing and Services Science. 2013;2(6):417. DOI: https://doi.org/10.11591/closer.v2i6.5343

Albahri OS, Albahri AS, Mohammed K, Zaidan A, Zaidan B, Hashim M, et al. Systematic review of real-time remote health monitoring system in triage and priority-based sensor technology: Taxonomy, open challenges, motivation and recommendations. Journal of medical systems. 2018;42:1-27. DOI: https://doi.org/10.1007/s10916-018-0943-4

Kiah MLM, Zaidan B, Zaidan A, Nabi M, Ibraheem R. MIRASS: Medical informatics research activity support system using information mashup network. Journal of medical systems. 2014;38:1-15. DOI: https://doi.org/10.1007/s10916-014-0037-x

Miotto R, Li L, Kidd BA, Dudley JT. Deep patient: an unsupervised representation to predict the future of patients from the electronic health records. Scientific reports. 2016;6(1):1-10. DOI: https://doi.org/10.1038/srep26094

Alsalem M, Zaidan A, Zaidan B, Hashim M, Albahri OS, Albahri AS, et al. Systematic review of an automated multiclass detection and classification system for acute Leukaemia in terms of evaluation and benchmarking, open challenges, issues and methodological aspects. Journal of medical systems. 2018;42:1-36. DOI: https://doi.org/10.1007/s10916-018-1064-9

Wikina SB. What caused the breach? An examination of use of information technology and health data breaches. Perspectives in health information management. 2014;11(Fall).

Hussain M, Al-Haiqi A, Zaidan AA, Zaidan BB, Kiah M, Iqbal S, et al. A security framework for mHealth apps on Android platform. Computers & Security. 2018;75:191-217. DOI: https://doi.org/10.1016/j.cose.2018.02.003

Shi S, He D, Li L, Kumar N, Khan MK, Choo K-KR. Applications of blockchain in ensuring the security and privacy of electronic health record systems: A survey. Computers & security. 2020;97:101966. DOI: https://doi.org/10.1016/j.cose.2020.101966

Lafky DB, Horan TA. Personal health records: Consumer attitudes toward privacy and security of their personal health information. Health Informatics Journal. 2011;17(1):63-71. DOI: https://doi.org/10.1177/1460458211399403

Akhlaq A, McKinstry B, Muhammad KB, Sheikh A. Barriers and facilitators to health information exchange in low-and middle-income country settings: a systematic review. Health policy and planning. 2016;31(9):1310-25. DOI: https://doi.org/10.1093/heapol/czw056

Ancker JS, Silver M, Miller MC, Kaushal R. Consumer experience with and attitudes toward health information technology: a nationwide survey. Journal of the American Medical Informatics Association. 2013;20(1):152-6. DOI: https://doi.org/10.1136/amiajnl-2012-001062

Razmak J, Bélanger C. Using the technology acceptance model to predict patient attitude toward personal health records in regional communities. Information Technology & People. 2018;31(2):306-26. DOI: https://doi.org/10.1108/ITP-07-2016-0160

Liu V, Musen MA, Chou T. Data breaches of protected health information in the United States. Jama. 2015;313(14):1471-3.

Els F, Cilliers L, editors. Improving the information security of personal electronic health records to protect a patient's health information. 2017 Conference on Information Communication Technology and Society (ICTAS); 2017: IEEE. DOI: https://doi.org/10.1109/ICTAS.2017.7920658

Gupta B, Agrawal DP. Handbook of research on cloud computing and big data applications in IoT: IGI global; 2019. DOI: https://doi.org/10.4018/978-1-5225-8407-0

Amer K. Informatics: Ethical Use of Genomic Information and Electronic Medical Records. Online Journal of Issues in Nursing. 2015;20(2). DOI: https://doi.org/10.3912/OJIN.Vol20No02InfoCol01

Paganini P. Risks and cyber threats to the healthcare industry. Infosec Institute. 2014.

Uwizeyemungu S, Poba-Nzaou P, Cantinotti M. European hospitals’ transition toward fully electronic-based systems: do information technology security and privacy practices follow?. JMIR medical informatics. 2019 Mar 25;7(1):e11211. DOI: https://doi.org/10.2196/11211

Healthcare Information Security. Princeton, NJ: ISMG; 2014. The State of Healthcare Information Security Today. Update on HIPAA Omnibus Compliance, Protecting Patient Data URL: https://www.healthcareinfosecurity.com/surveys/state-healthcare- information-security-today-s-23 [accessed 2019-02-04]

HIMSS. Chicago, IL: HIMSS; 2015 Jun. 2015 HIMSS Cybersecurity Survey URL: https://www.himss.org/2015-cybersecurity-survey/full-report [accessed 2019-02-04]

Theodos K, Sittig S. Health information privacy laws in the digital age: HIPAA doesn't apply. Perspectives in health information management. 2020 Dec 7;18(Winter):1l.

Ahmad A, Desouza KC, Maynard SB, Naseer H, Baskerville RL. How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology. 2020 Aug;71(8):939-53. DOI: https://doi.org/10.1002/asi.24311

Liu V, Musen MA, Chou T. Data breaches of protected health information in the United States. Jama. 2015 Apr 14;313(14):1471-3. DOI: https://doi.org/10.1001/jama.2015.2252

Donnelly R, Johns J. Recontextualising remote working and its HRM in the digital economy: An integrated framework for theory and practice. The International Journal of Human Resource Management. 2021 Jan 2;32(1):84-105. DOI: https://doi.org/10.1080/09585192.2020.1737834

Ganiga R, Pai RM, Sinha RK. Security framework for cloud based electronic health record (EHR) system. International Journal of Electrical and Computer Engineering. 2020 Feb 1;10(1):455. DOI: https://doi.org/10.11591/ijece.v10i1.pp455-466

Shamshad S, Mahmood K, Kumari S, Chen CM. A secure blockchain-based e-health records storage and sharing scheme. Journal of Information Security and Applications. 2020 Dec 1;55:102590. DOI: https://doi.org/10.1016/j.jisa.2020.102590

Mayer AH, da Costa CA, Righi RD. Electronic health records in a Blockchain: A systematic review. Health informatics journal. 2020 Jun;26(2):1273-88. DOI: https://doi.org/10.1177/1460458219866350

Fennelly O, Cunningham C, Grogan L, Cronin H, O’Shea C, Roche M, Lawlor F, O’Hare N. Successfully implementing a national electronic health record: a rapid umbrella review. International Journal of Medical Informatics. 2020 Dec 1;144:104281. DOI: https://doi.org/10.1016/j.ijmedinf.2020.104281

Dubovitskaya A, Baig F, Xu Z, Shukla R, Zambani PS, Swaminathan A, Jahangir MM, Chowdhry K, Lachhani R, Idnani N, Schumacher M. ACTION-EHR: Patient-centric blockchain-based electronic health record data management for cancer care. Journal of medical Internet research. 2020 Aug 21;22(8):e13598. DOI: https://doi.org/10.2196/13598