Issues and Challenges in Securing eHealth Systems

Introduction

Electronic health, commonly known as eHealth delivers and enhances health services and information through the Internet and related technologies [http://en.wikipedia.org/wiki/EHealth]. Examples of eHealth informatics include Consumer Health Informatics, Health Knowledge Management, and Medical Research using eHealth Grids. All these technologies facilitate the provision of general medical information to different users, such as patients, physicians, specialists, care team, pharmacy, and medical researchers. Examples of eHealth services include Electronic Health Records (EHR), Telemedicine, and mHealth:

• 1.

  EHR is a collection of electronic health information about individual patients or populations. It includes demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, and billing information. With EHR, health records are available electronically. For healthcare professionals, accessing electronic record is more convenient and flexible than accessing traditional paper-based health records. Moreover, EHR saves cost and space by avoiding multiple copies of a patient’s record at each of his/her doctors’ offices [http://en.wikipedia.org/wiki/Electronic_health_record];

• 2.

  Telemedicine provides clinical health care remotely that do not require a patient to travel to a specialist [http://en.wikipedia.org/wiki/Telemedicine];

• 3.

  mHealth refers to collect and aggregate patient-level health data, provide healthcare information to practitioners, researchers, and patients, monitor patient vitals, and provide health care service, all using mobile devices. As mobile devices become popular, mHealth will significantly improve the quality of health care [http://en.wikipedia.org/wiki/EHealth].

In summary, eHealth technology improves healthcare quality and significantly reduces the healthcare cost. It gives patients and healthcare professional electronic access to patient records and to health related databases. Medical care could be given remotely to a patient in their home or to a patient in another country. These exciting functions of eHealth do have some issues that need to be further investigated before a more widespread use takes effect. One of the most important issues that must be addressed is security. Specifically, eHealth information system faces a high degree of confidentiality, integrity and availability due to the mass demand of the healthcare services that require an extensive amount of critical, sensitive, and confidential information to be exchanged (Hung, 2007). As explained by Hung et al. (Hung, 2007):

• 1.

  Confidentiality can be defined as assurance of non-disclosure of sensitive data. It must be maintained to protect the patients’ privacy;

• 2.

  Integrity can be defined as preventing unauthorized data modification. Integrity must be conserved to ensure that personal health information must not be altered without authorization. Unauthorized change or even loss of personal health information is significantly detrimental because patients’ medical records lead to doctors’ diagnosis and treatment decisions of a patient;

• 3.

  Availability means that service or data would always be available when it is needed. The availability of eHealth systems is also of great importance because denial of medical service may jeopardize a patient’s personal life.