Article Preview
Top1. Introduction
The inclusion of electronic media in healthcare domain resulted in transformation of paper-based health records into Electronic Health Records (EHRs). These records are accessed from medical to non-medical users at the same time across multiple hospitals and other related organizations. These records possess a high level of sensitivity where the patient demands utmost care allowing only relevant and authorized access of the records. Rules and policies are defined with respect to the roles and responsibilities of health providers. It may differ from hospital to hospital. With the heterogeneity involved in the organizational structure and access policies, sharing EHR increases the chance of confidentiality leakages and security breaches. Organizations, hospitals in this context, experience various challenges and security issues (Bhartiya & Mehrotra, 2014; Bai et al., 2014) in making the data available to the intended users.
In spite of similar roles of the users, the two hospitals may exhibit dissimilarity in their organizational hierarchies. Hence, to enable cross- organizational sharing of data, well-defined standards or mechanisms should be developed. The objective is to logically identify similarities between user’s roles and authorities and make two disparate organizations interoperable. For ex. comparing two doctors, one in government hospital and the other in private hospital, their work distribution may not be the same and hence, the set of access rules must differ in both cases. A possibility exists where an access to the resource should be permitted to one and denied to other. The case reflects a huge challenge in determining and setting their access rights and privileges for secured sharing of sensitive EHR in-spite of wide gap in their services.
Basically, sharing of EHR is dependent on how best the two systems can achieve interoperability. HL7 has been addressing interoperability problems in sharing or exchanging EHRs for over two decades now. It (HL7 Standards, 2015; HL7 Evolution, 2010) provides a framework for exchange and sharing of EHRs for seamless integration between disparate healthcare organizations. The Standard is broadly divided into two categories – Version 2 (V2) and Version 3 (V3). Fast Healthcare Interoperability Resources Specification (FHIR), Release 1 (HL7 FHIR, 2015) combines the best features of HL7’s V2, V3 and CDA product lines. It is a standard for exchanging healthcare data electronically. It simplifies implementation without compromising information integrity. Integrity is complemented with confidentiality and availability of data.
Interoperable sharing of EHRs exhibits another challenge -maintaining the confidentiality and privacy of sensitive health information without compromising its availability to the health providers. NIST (NIST 800-53, 2013) in collaboration with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DoD), and the Committee on National Security Systems (CNSS) is establishing a unified information security framework for the federal government. This framework is said to provide a strong base for mutual acceptance of authorization decisions and facilitate information sharing between disparate organizations.