Methodological Review Security and privacy in electronic health records: A systematic literature review

Report the results of systematic literature review on security and privacy of electronic health record (EHR) system

English original articles in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science @ Direct, MetaPress, ERIC, CINAHL, and Trip databases

Extract 775 articles using predefined search strings. The results were reviewed by three authors and reviewed by the fourth author

A total of 49 articles were selected, 26 of which used the EHR data privacy and security standards or regulations. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Act 95/46 / EC. In the EHR system, 23 articles using symmetric key methods and / or asymmetric key methods and 13 articles using pseudo anonymous technology were found. A total of 11 articles suggest using the PKI (Public Key Infrastructure) -based digital signature scheme, and 13 articles propose login / password (7 of which is combined with digital certificate or PIN) for authentication To do. The preferred access control model seems to be role-based access control (RBAC) because it is used in 27 studies. Ten studies discussed who should define the role of the EHR system. Eleven studies discussed who should provide access to EHR data: a patient or health association. 16 of the articles reviewed point out that it is necessary to cover the access policy defined at emergency. A system audit log was created in 25 articles. Only four studies said that system users and / or medical staff should be trained in security and privacy.

In recent years, it has witnessed issuance of standards and safety and privacy directives in the EHR system. However, in order to adopt these regulations and develop a secure EHR system, more work is required.

Through a systematic review of academic journals, this manuscript will discuss the most prominent security techniques identified for medical institutions seeking to adopt an electronic health record (EHR) system. In the past few years, the frequency of data breach in medical care has contributed to this research. Reviewers want to know which security measures are used in the literature. The goal is to use what is most commonly used as an opportunity for industry-wide efforts to ensure patient data safety.

The purpose of this review is to identify problems reported by patients using electronic medical records and possible solutions. This research explains the privacy and security issues of sensitive patient information included in electronic medical records. The main purpose of creating medical records is to allow doctors to provide ongoing medical care to patients. - The Health Insurance Portability and Accountability Act (HIPAA) in 1996 affects all aspects of health care from patient privacy to compensation for insurance. Federal legislation was first passed in 1996, but the first major rule was not enforced until 2003, protecting the patient's privacy. HIPAA will eventually become effective due to patient privacy, security, coverage issues.

With the growing popularity of EMR and EHR systems concerns about electronic patient record privacy and security are rising. In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which defines domestic standards for the safety of medical records. HIPAA's laws and regulations impose restrictions on the use and access of medical records and establish a series of EMR privacy protection. The American Medical Association (AMA) also provides some guidelines to ensure the safety of EMR. Doctors and hospitals need to ensure EMR and take measures to comply with HIPAA standards. The most effective of these is data encryption. Encryption technology protects EMR when sending EMR and only target recipients can view them. In addition, all hospitals and medical institutions need to install a firewall in the computer network.