In recent years, demographic change and increasing treatment costs in North American and European countries demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. The EHR integrates all relevant medical information of a person and represents a lifelong documentation of the medical history. Considering implementations of EHRs, one of the most critical factors of success is the protection of the patient’s privacy, which is clearly reflected in surveys concerning such systems. This chapter will provide a security analysis of EHR systems, discuss basic and enhanced security methods and finally introduce levels of security to classify EHR systems.
TopIntroduction
An electronic health record (EHR) is the integration of relevant medical information of a person and represents a lifelong documentation of the medical history of this person. EHRs improve the availability of medical data and consequently help to improve the quality and efficiency of medical treatment processes. One interesting aspect of EHRs is the moderation of health data. This can either be realized by authorized medical staff and/or the patients. The second group is especially of high importance in context of Personal Health Records (PHRs). Moderation comprises not only the management of medical data but also the task of granting access to medical data to other parties. Moreover, it is also possible to nominate trustworthy delegates for the moderation of the medical data, e.g. a general practitioner or a relative.
The focus of this chapter is a discussion of security issues regarding EHR systems, where we assume that these systems provide a time and location independent access via the Internet. This is, of course, a central aspect in most of the currently available and deployed systems.
As mentioned above, one important aspect of EHR systems is the management of highly sensitive medical data. It must be emphasized that medical data are much more sensitive than data from the banking or telecommunication sectors. Consequently, a high level of security and especially the protection of the patient’s privacy are essential for EHR systems. Hence, we claim that this is a critical success factor for the public acceptance of these systems.
The two main issues that will be discussed in this chapter are the security analysis of EHR systems and security concepts that can be applied to encounter the identified threats and thus to achieve a very high level of security.
The security analysis firstly classifies potential attackers, namely external adversaries, internal adversaries and so called curious persons. Secondly, we are focusing on components of an EHR system that can be attacked, i.e. the EHR system itself, the communication channel and the user’s client. Thirdly, we will identify data that are vulnerable to attacks and consequences which result from attacks against these data. We want to point out, that the analysis primarily focuses on aspects regarding the patients in order to enhance their privacy.
After this analysis we will introduce methods to realize a security concept for EHR systems. These methods are divided into basic and enhanced ones, whereas the enhanced methods can be used to significantly improve the patient’s privacy. Furthermore, we define five security levels which consist of subsets of the above mentioned methods. These levels can be applied for the implementation of security concepts for EHR systems to prevent security threats discussed in the security analysis. Moreover, we will give some characteristic real-world examples as well as some virtual scenarios of attacks against medical data that are in our opinion highly realistic and analyze them with respect to the security levels.
Before we start with the security analysis we will give some background information on electronic health records, health data, legal requirements and cryptography.