Privacy-Friendly Management of Electronic Health Records in the eHealth Context

Privacy-Friendly Management of Electronic Health Records in the eHealth Context

Milica Milutinovic (KU Leuven, Belgium) and Bart De Decker (KU Leuven, Belgium)
DOI: 10.4018/978-1-4666-7266-6.ch014
OnDemand PDF Download:


Electronic Health Records (EHRs) are becoming the ubiquitous technology for managing patients' records in many countries. They allow for easier transfer and analysis of patient data on a large scale. However, privacy concerns linked to this technology are emerging. Namely, patients rarely fully understand how EHRs are managed. Additionally, the records are not necessarily stored within the organization where the patient is receiving her healthcare. This service may be delegated to a remote provider, and it is not always clear which health-provisioning entities have access to this data. Therefore, in this chapter the authors propose an alternative where users can keep and manage their records in their existing eHealth systems. The approach is user-centric and enables the patients to have better control over their data while still allowing for special measures to be taken in case of emergency situations with the goal of providing the required care to the patient.
Chapter Preview


Electronic health records (EHRs) are becoming the core part of the official healthcare reforms in many western countries. They represent collections of health-related information of patients that are stored in an electronic form. The driving force for their implementation is cost savings. They alleviate the problem of redundancy and the related increase in expenses, as tests and procedures do not need to be repeated, since the information can be accessible to multiple healthcare providers. Compared to the traditional approach of storing the patients’ data, the benefits of EHRs are also easier transfer and analysis of health data on a large scale. Additionally, they allow for merging the data across different healthcare domains. This reform in health-related information management is therefore expected to ensure better care provisioning and reductions in healthcare costs. However, the EHR are also raising certain concerns of the patients. Due to the electronic nature and non-transparent handling of EHR records, the patients are increasingly worried about the privacy of their data. Consequentially, one of the main obstacles to EHR adoption are the privacy and security concerns of the users (Hiller, McMullen, Chumney, & Baumer, 2011).

In the current system design, the users are not in control over their medical records. In most systems, the retrieval of the electronic records from a central database does not need to be authorised by the user at the time of retrieval and for each medical person accessing it. Moreover, the access can also be carried out without the user’s knowledge. While the facilitation of the exchange of health information about a patient between various sources is considered to be a major benefit of the EHR systems, this inter-domain exchange of data is yet another reason why patients are distrustful about the offered privacy protection.

In order to address the aforementioned issues, this work provides a novel system model that grants the users augmented control over their data. To the best of our knowledge, this is the first approach that considers integration of EHRs into the eHealth assistance systems. The resulting system implements the preferences of users with regards to their data management, while ensuring appropriate care in emergency situations.

Key Terms in this Chapter

Pseudonym: A name that is created to be used in a certain context, typically utilised to hide the identity of an individual.

Misuser: A party which attempts to misuse a system.

Break-the-Glass: This procedure allows for quick access to some resources in case of emergency situations. In case of healthcare, this means that the patients’ health information required for appropriate care provisioning can be accessed without regular permits.

Pseudonymous Relationship: Relationship between parties where one or more parties are known solely by their pseudonym.

Credential Pseudonym: The pseudonym that is created from information recorded in an anonymous credential, which allows only the credential holder to authenticate under that pseudonym.

Anonymisation: Extracting all information from a set of data liked to one user that would allow identifying the data owner.

Anonymous Credential: This credential technology allows the holder of the credential to disclose a chosen part of the certified data and still prove that it has been signed by the trusted issuer. This selective disclosure is useful for ensuring privacy in systems where authentications and accountability is also required.

Network of Caregivers: The set of caregiver of a patient that is taking part and provides care to the patient through the eHealth system.

Electronic Health Records: These records represent a collection of health information about a patient, recorded in an electronic form. Due to the digital nature of these records, the sharing is eased and analysis of patient data is enabled on a large scale.

Digital Signature: A scheme for demonstrating the authenticity of a digital message.

Complete Chapter List

Search this Book: