Security of Health Information

  • Gordon Gibby
  • Keith J. Ruskin
Part of the Health Informatics book series (HI)

Electronic generation, transmission, and storage of health data have transformed patient care by making it easy to acquire, search, manipulate, and distribute large amounts of information. An electronic workflow facilitates direct patient care and can be used for purposes such as quality assurance and submission of health insurance claims. Information in the health record is also used for purposes not directly related to patient care, including insurance qualification, law enforcement, and litigation. Health information can, subject to specific safeguards, also be used for clinical research and for projects that improve public health. Systematic collection and storage of EMRs imposes the responsibility of protecting health information from unauthorized use, and patients and providers have legitimate concerns regarding the protection of their information.

The organization, delivery, and financing of modern healthcare require the aggregation and storage of personal health information. Privacy and security of health information are therefore crucial to the widespread adoption of electronic health records. The EMR contains intimate details about a person’s physical and mental health. Unauthorized access to this information can have devastating consequences for both healthcare providers and their patients. Unintentional release of information about disease processes, medication use, or visits to healthcare providers can result in stigmatization, difficulty in obtaining credit or employment, or disruption of friendships or family relationships. Most importantly, unintended release of information can result in a breach of trust between patient and physician. In response to these concerns, the European Union, United States, Australia, and Japan have all enacted stringent regulations that address the sharing and protection of health information. Compliance with these laws requires sophisticated information-management technologies. Information security encompasses physical protection of hardware, access control, data authentication, and encryption of sensitive information. This chapter discusses the privacy and security of the EMR and proposes strategies for protecting this valuable repository of information.


Health Information Hash Function Smart Card Certification Authority Protected Health Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Electronic Privacy Information Center. Medical Privacy Public Opinion Polls. November 15, 2007
  2. 2.
    The new threat to your medical privacy. Consum Rep 2006; 71(3):39–42Google Scholar
  3. 3.
    Agrawal R, Johnson C. Securing electronic health records without impeding the flow of information. Int J Med Inform 2007; 76(5–6):471–9PubMedCrossRefGoogle Scholar
  4. 4.
    Sokol DK Car J. Patient confidentiality and telephone consultations: Time for a password. J Med Ethics 2006; 32(12):688–9CrossRefGoogle Scholar
  5. 5.
    Gostin LO. National health information privacy: Regulations under the Health Insurance Portability and Accountability Act. JAMA 2001; 285(23):3015–21PubMedCrossRefGoogle Scholar
  6. 6.
    Gostin LO. Public health law in a new century. Part III. Public health regulation: A systematic evaluation. JAMA 2000; 283(23):3118–22PubMedCrossRefGoogle Scholar
  7. 7.
    Protection of Human Subjects, 56 Federal Register 28003 (1991) 45 CFR § 46Google Scholar
  8. 8.
    Samarati P, Sweeney L. Generalizing data to provide anonymity when disclosing information. In: Proceedings of the 17th ACM SIGMOD—SIGACT—SIGART Symposium on the Principles of Database Systems. New York: Association for Advanced Computing Machinery, 1988:188Google Scholar
  9. 9.
    Brooks RG, Menachemi N. Physicians' use of email with patients: Factors influencing electronic communication and adherence to best practices. J Med Internet Res 2006; 8(1):e2PubMedCrossRefGoogle Scholar
  10. 10.
    Eysenbach G, Diepgen TL. Responses to unsolicited patient e-mail requests for medical advice on the World Wide Web. JAMA 1998; 280(15):1333–5PubMedCrossRefGoogle Scholar
  11. 11.
    Kane B, Sands DZ. Guidelines for the clinical use of electronic mail with patients. The AMIA Internet Working Group, Task Force on Guidelines for the Use of Clinic-Patient Electronic Mail. J Am Med Inform Assoc 1998; 5(1):104–11PubMedGoogle Scholar
  12. 12.
    Kelly G, McKenzie B. Security, privacy, and confidentiality issues on the Internet. J Med Internet Res 2002; 4(2):E12PubMedCrossRefGoogle Scholar
  13. 13.
    Schütze B, Kämmerer M, Klos G, et al. The public-key infrastructure of the Radiological Society of Germany. Eur J Radiol 2006; 57(3):323–8PubMedCrossRefGoogle Scholar
  14. 14.
    Schneier B. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. Hoboken, NJ: Wiley, 1995:784Google Scholar
  15. 15.
    Pharow P, Blobel B. Electronic signatures for long-lasting storage purposes in electronic archives. Int J Med Inform 2005; 74(2–4):279–87PubMedCrossRefGoogle Scholar
  16. 16.
    16. Lekkas D, Gritzalis D. Long-term verifiability of the electronic healthcare records’ authenticity. Int J Med Inform 2007; 76(5–6):442–8PubMedCrossRefGoogle Scholar
  17. 17.
    Pharow P, Blobel B. Time stamp services for trustworthy health communications. Stud Health Technol Inform 2002; 90:118–22PubMedGoogle Scholar
  18. 18.
    Hartung F, Kutter M. Multimedia watermarking techniques. Proc IEEE 2006; 87(7):1079–107CrossRefGoogle Scholar
  19. 19.
    Giakoumaki A, Pavlopoulos S, et al. Multiple image watermarking applied to health information management. IEEE Trans Inf Technol Biomed 2006; 10(4):722–32PubMedCrossRefGoogle Scholar
  20. 20.
    Liu CT, Yang PT, Yeh YT, Wang BL. The impacts of smart cards on hospital information systems—An investigation of the first phase of the national health insurance smart card project in Taiwan. Int J Med Inform 2006; 75(2):173–81PubMedCrossRefGoogle Scholar
  21. 21.
    21. Sokol DK, Car J. Protecting patient confidentiality in telephone consultations in general practice. Br J Gen Pract 2006; 56:384–5PubMedGoogle Scholar
  22. 22.
    Yen H. IDs of active military personnel on stolen laptop. Associated Press, June 4, 2006. Accessed December 20, 2007

Copyright information

© Springer-Verlag London Limited 2008

Authors and Affiliations

  • Gordon Gibby
    • 1
  • Keith J. Ruskin
    • 2
  1. 1.University of FloridaGainesvilleUSA
  2. 2.Yale University School of MedicineNew HavenUSA

Personalised recommendations