Security of Electronic Medical Records
Ana Ferreira (University of Kent, UK & University of Porto, Portugal), Ricardo Cruz-Correia (CINTESIS, Portugal & University of Porto, Portugal), Luís Antunes (LIACC, University of Porto, Portugal) and David Chadwick (University of Kent, UK)
Copyright: © 2009
This chapter reports the authors’ experiences regarding security of the electronic medical record (EMR). Although the EMR objectives are to support shared care and healthcare professionals’ workflow, there are some barriers that prevent its successful use. These barriers comprise not only costs, regarding resources and time, but also patient / health professional relations, ICT (information and communication technologies) education as well as security issues. It is very difficult to evaluate EMR systems; however some studies already made show problems regarding usability and proper healthcare workflow modeling. Legislation to guide the protection of health information systems is also very difficult to implement in practice. This chapter shows that access control, as a part of an EMR, can be a key to minimize some of its barriers, if the means to design, develop and evaluate access control are closer to users’ needs and workflow complexity.
Key Terms in this Chapter
EMR: Electronic medical record (EMR) is a medical record in digital format. A Medical record is a systematic documentation of a patient’s medical history and care. The term ‘Medical record’ is used both for the physical folder for each individual patient and for the body of information which comprises the total of each patient’s health history. Although medical records are traditionally compiled and stored by health care providers, personal health records maintained by individual patients have become more popular in recent years.
Access Control: Set of security features that control how users and systems communicate and interact with other systems and resources. They protect systems and resources from unauthorized access and can be a component that participates in defining the level of authorisation after an authentication is successful. Access control is extremely important because is one of the 1st lines of defence used to fight against unauthorized access to systems and network resources. Shon Harris, CISSP. All in one CISSP Certification. MCGrawHill, Osbourne, 2003.
Information Security: Is the process of protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption. This means protecting the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.
Medical Informatics: The rapidly developing scientific field that deals with biomedical information, data, and knowledge - their storage, retrieval, and optimal use for problem solving and decision making. The emergence of this new discipline has been attributed to “advances in computing and communications technology, to an increasing awareness that the knowledge base of medicine is essentially unmanageable by traditional paper-based methods, and to a growing conviction that the process of informed decision making is as important to modern biomedicine as is the collection of facts on which clinical decisions or research plans are made.” Edward Shortliffe, M.D., Ph.D. What is medical informatics? Stanford University, 1995.
IS: An information system (IS) is a system, automated or manual, that comprises people, machines, and/or methods organized to collect, process, transmit and disseminate data that represent user information.