Securing e-Healthcare Information

  • Charles A. Shoniregun
  • Kudakwashe Dube
  • Fredrick Mtenzi
Part of the Advances in Information Security book series (ADIS, volume 53)


Securing personal e-Healthcare information aims mainly at protecting the privacy and confidentiality of the individual who receives healthcare services that are delivered through e-Health. Advances in security technologies have so far not eliminated the challenge posed by the need to secure e-Healthcare information. The rate of privacy and confidentiality breaches continue to increase unabated. These breaches pose challenges to all domains that converge on the task of securing information and building trust in e-Healthcare information management. Only a holistic approach that positions itself at the point of convergence of the domains of law, organisational policy, professional ethics and IT security could offer the promise to mitigate, if not eliminate, the major challenges to securing e-Healthcare information.


Electronic Health Record Privacy Protection Healthcare Information Electronic Health Record System Capability Maturity Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Vinod Aggarwal. The application of the unified modeling language in objectoriented analysis of healthcare information systems. Journal of Medical Systems, 26(5):383–397, October 2002. doi: 10.1023/A:1016449031753. URL CrossRefGoogle Scholar
  2. Rakesh Agrawal and Christopher Johnson. Securing electronic health records without impeding the flow of information. International Journal of Medical Informatics, 76:471–479, June 2007. doi: 10.1016/j.ijmedinf.2006.09.015. URL CrossRefGoogle Scholar
  3. Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu. Hippocratic databases. In VLDB 2002, Proceedings of 28th International Conference on Very Large Data Bases, August 20-23, 2002, Hong Kong, China, pages 143–154. Morgan Kaufmann, 2002.Google Scholar
  4. Rakesh Agrawal, Alexandre Evfimievski, and Ramakrishnan Srikant. Information sharing across private databases. In SIGMOD ’03: Proceedings of the 2003 ACM SIGMOD international conference on Management of data, pages 86–97, New York, NY, USA, 2003. ACM. ISBN 1-58113-634-X. doi: URL CrossRefGoogle Scholar
  5. C. Lindsay Anderson and Judith B. Cardell. Reducing the variability of wind power generation for participation in day ahead electricity markets. hicss, 0:178, 2008. ISSN 1530-1605. doi: Google Scholar
  6. M G Arellano and G I Weber. Issues in identification and linkage of patient records across an integrated delivery system. Journal of Healthcare Information Management: JHIM, 12(3):43–52, 1998. ISSN 1099-811X. doi: 10338786. URL PMID: 10338786.Google Scholar
  7. Jane Armitage, Robert Souhami, Lawrence Friedman, Lutz Hilbrich, Jack Holland, LawrenceHMuhlbaier, Jane Shannon, and Alison VanNie. The impact of privacy and confidentiality laws on the conduct of clinical trials. Clinical Trials (London, England), 5(1):70–4, 2008. ISSN 1740-7745. doi: 5/1/70. PMID: 18283083.Google Scholar
  8. Vilhjalmur Arnason. Coding and consent: moral challenges of the database project in iceland. Bioethics, 18(1):27–49, 2004. ISSN 0269-9702. doi: 15168697. PMID: 15168697.CrossRefGoogle Scholar
  9. R. Baker, A. G. Mainous, D. P. Gray, and M. M. Love. Exploration of the relationship between continuity, trust in regular doctors and patient satisfaction with consultations with family doctors. Scandinavian Journal of Primary Health Care, 21(1):27–32, 2003.CrossRefGoogle Scholar
  10. Roberto J Bayardo and Ramakrishnan Srikant. Technological solutions for protecting privacy. IEEE Computer, pages 115 – 118, September 2003. URL .
  11. BBC. Uk’s families put on fraud alert. BBC News (Online), Tuesday, 20 November 2007, 2007. URL
  12. T. Beale. Archetypes: Constraint-based domainmodels for future-proof information systems. OOPSLA 2002 workshop on behavioural semantics, 2002.Google Scholar
  13. T. Beale and S. Heard. openEHR Architecture: Architecture overview. openEHR Foundation. Retrieved, 2006.Google Scholar
  14. T. Beale, A. Goodchild, and S. Heard. EHR Design Principles. openEHR Foundation (Asia-Pacific) V2.2. Feb 2002.Google Scholar
  15. T. Beale, S. Heard, D. Kalra, and D. Lloyd. The openEHR Data Structures Information Model. Revision, 2005.Google Scholar
  16. S Benkner, G Berti, G Engelbrecht, J Fingberg, G Kohring, S E Middleton, and R Schmidt. Gemss: grid-infrastructure for medical service provision. Methods of Information in Medicine, 44(2):177–81, 2005. ISSN 0026-1270. doi: 05020177. PMID: 15924170.Google Scholar
  17. Jules J Berman. Zero-check: a zero-knowledge protocol for reconciling patient identities across institutions. Archives of Pathology & Laboratory Medicine, 128(3):344–6, March 2004. ISSN 1543-2165. doi: 14987147. URL PMID: 14987147.. PMID: 14987147.Google Scholar
  18. B Blobel, P Pharow, V Spiegel, K Engel, and R Engelbrecht. Securing interoperability between chip card based medical information systems and health networks. International Journal of Medical Informatics, 64(2-3):401–15, December 2001. ISSN 1386-5056. doi: 11734401. URL PMID: 11734401.CrossRefGoogle Scholar
  19. Bernd Blobel and Peter Pharow. Mda-based ehr application security services. Studies in Health Technology and Informatics, 103:387–93, 2004. ISSN 0926-9630. doi: 15747945. PMID: 15747945.Google Scholar
  20. Bernd Blobel and Peter Pharow. Formal policies for flexible ehr security. Studies in Health Technology and Informatics, 121:307–16, 2006. ISSN 0926-9630. doi: 17095829. PMID: 17095829.Google Scholar
  21. Mike Boniface and Paul Wilken. Artemis: towards a secure interoperability infrastructure for healthcare information systems. Studies in Health Technology and Informatics, 112:181–9, 2005. ISSN 0926-9630. doi: 15923727. PMID: 15923727.Google Scholar
  22. Bill Brubaker. Kaiser permanente medical e-mails go astray, the washingtonpost, 10 aug 2000. The WashingtonPost, August 2000. URL Scholar
  23. M.W. Calnan and E. Sanford. Public trust in health care: the system or the doctor?. Quality & Safety in Health Care, 13(2):92, 2004.CrossRefGoogle Scholar
  24. Yu-Cheng Chiang, Tsan sheng Hsu, Sun Kuo, Churn-Jung Liau, and Da-WeiWang. Preserving confidentiality when sharing medical database with the cellsecu system. International Journal of Medical Informatics, 71(1):17–23, August 2003. ISSN 1386-5056. doi: 12909154. PMID: 12909154.CrossRefGoogle Scholar
  25. B Claerhout and G J E De Moor. Privacy protection for healthgrid applications. Methods of Information in Medicine, 44(2):140–3, 2005. ISSN 0026-1270. doi: 05020140. PMID: 15924163.Google Scholar
  26. Jeff Collmann and Ted Cooper. Breaching the security of the kaiser permanente internet patient portal: the organizational foundations of information security. Journal of the American Medical Informatics Association : JAMIA, 14(2):239243, April 2007. doi: 10.1197/jamia.M2195. URL PMC2213471.CrossRefGoogle Scholar
  27. A Conti. The recent italian consolidation act on privacy: new measures for data protection. Medicine and Law, 25(1):127–38, March 2006. ISSN 0723-1393. doi: 16681118. PMID: 16681118.Google Scholar
  28. Robert M. Cook. Rx data mining: Improving health care or invading privacy? Fosters Daily Democrat Sunday Citizen, Sep 30, 2007. URL
  29. Andrew Dalley, Ken Lynch, Peter Feltham, and John Fulcher. The use of smart tokens to permit the secure, remote access of electronic health records. International Journal of Electronic Healthcare, 2(1):1–11, 2006. ISSN 1741-8453. doi: 8EG4WJG1KJ64B902. PMID: 18048231.CrossRefGoogle Scholar
  30. Jr. Daniel Geer, Kevin Soo Hoo, and Andrew Jaquith. Information security: Why the future belongs to the quants. IEEE Security and Privacy, 01(4):24–32, 2003. ISSN 1540-7993. doi: Scholar
  31. H. T. Davies and J. Lampel. Trust in performance indicators? British Medical Journal, 7(3):159, 1998.Google Scholar
  32. Simon de Lusignan and Chris van Weel. The use of routinely collected computer data for research in primary care: opportunities and challenges. Family Practice, 23(2):253–63, April 2006. ISSN 0263-2136. doi: cmi106. PMID: 16368704.CrossRefGoogle Scholar
  33. Schulte In den Bumen T. Human genetic data from a data protection law perspective, [article in german]. Bundesgesundheitsblatt Gesundheitsforschung Gesundheitsschutz., 50(2):200–8, Feb 2007. URL Scholar
  34. W. Ebner, J. M. Leimeister, and H. Krcmar. Trust in virtual healthcare communities: Design and implementation of trust-enabling functionalities. Proceedings of the Hawaii International Conference on System Sciences (HICSS 37), 2004.Google Scholar
  35. EPTA. Ict and privacy in europe: Experiences from technology assessment of ict and privacy in seven different european countries, final report,, accessed: 2008.07.17, european parliamentary technology assessment network (epta). Online, October 2006. URL
  36. G Freriks. Identification in healthcare. is there a place for unique patient identifiers? is there a place for the master patient index? Studies in Health Technology and Informatics, 77:595–9, 2000. ISSN 0926-9630. doi: 11187622. URL PMID: 11187622.
  37. Hovenga EJS Heard S Garde S, Knaup P. Towards semantic interoperability for electronic health records: Domain knowledge governance for openehr archetypes. Methods of Information in Medicine, 46(3):332343, 2007. doi: Scholar
  38. Jill Gemmill. Network basics for telemedicine. Journal of Telemedicine and Telecare, 11(2):71–6, 2005. ISSN 1357-633X. doi: 10.1258/1357633053499822. PMID: 15829050.CrossRefGoogle Scholar
  39. S. D. Goold and G. Klipp. Managed care members talk about trust. Social Science & Medicine, 54(6):879–888, 2002.CrossRefGoogle Scholar
  40. Jane Grimson. Delivering the electronic healthcare record for the 21st century. International Journal ofMedical Informatics 64 (2001) 111127, 64:111–127, 2001.CrossRefGoogle Scholar
  41. Jane Grimson, William Grimson, and Wilhelm Hasselbring. The si challenge in health care. Commun. ACM , 43(6):48–55, 2000. ISSN 0001-0782. doi: URL Scholar
  42. Stefanos Gritzalis. Enhancing privacy and data protection in electronic medical environments. Journal of Medical Systems, 28(6):535–47, December 2004. ISSN 0148-5598. doi: 15615282. PMID: 15615282.CrossRefGoogle Scholar
  43. Ma Hall, E. Dugan, B. Zheng, and Ak Mishra. Trust in physicians and medical institutions: What is it, can it be measured, and does it matter?. Milbank Quarterly, 79(4):613, 2001.CrossRefGoogle Scholar
  44. D. Henrici, J. Gotze, and P. Muller. A hash-based pseudonymization infrastructure for rfid systems. Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on, pages 6 pp.–, June 2006. doi: 10.1109/SECPERU.2006.2. URL
  45. Debra S Herrmann. Complete Guide to Security and Privacy Metrics: Measuring RegulatoryCompliance, Operational Resilience and ROI. Auerbach Publications, NY, 2007.CrossRefGoogle Scholar
  46. B. W. Hesse, D. E. Nelson, G. L. Kreps, R. T. Croyle, N. K. Arora, B. K. Rimer, and K. Viswanath. Trust and Sources of Health Information The Impact of the Internet and Its Implications for Health Care Providers: Findings From the First Health Information National Trends Survey, volume 165. Am Med Assoc, 2005.Google Scholar
  47. C. Derrick Huang, Qing Hu, and Ravi S. Behara. An economic analysis of the optimal information security investment in the case of a riskaverse firm. International Journal of Production Economics, 114(2):793 – 804, 2008. ISSN 0925-5273. doi: DOI:10.1016/j.ijpe.2008.04.002. URL Special Section on Logistics Management in Fashion Retail Supply Chains.CrossRefGoogle Scholar
  48. Luigi Lo Iacono. Multi-centric universal pseudonymisation for secondary use of the ehr. In Geneva 2007, 2007. URL Scholar
  49. Livia Iacovino. Trustworthy shared electronic health records: recordkeeping requirements and healthconnect. Journal of Law and Medicine, 12(1):40–59, August 2004. ISSN 1320-159X. doi: 15359549. PMID: 15359549.Google Scholar
  50. Andrew Jaquith. Security Metrics: Replacing Fear,Uncertainty and Doubt. Addison-Wesley, 2007.Google Scholar
  51. D Kalra, P Singleton, J Milan, J Mackay, D Detmer, A Rector, and D Ingram. Security and confidentiality approach for the clinical e-science framework (clef). Methods of Information in Medicine, 44(2):193–7, 2005. ISSN 0026-1270. doi: 05020193. PMID: 15924174.Google Scholar
  52. N. L. Keating, D. C. Green, A. C. Kao, J. A. Gazmararian, V. Y. Wu, and P. D. Cleary. How are patients’ specific ambulatory care experiences related to trust, satisfaction, and considering changing physicians? J Gen Intern Med, 17(1):29–39, 2002.CrossRefGoogle Scholar
  53. K Lampe, P Doupi, and M Jeroen van den Hoven. Internet health resources: from quality to trust. Methods of information in medicine, 42(2):134–42, 2003. ISSN 00261270. PMID: 12743649.Google Scholar
  54. A.A.; Asfour S.S Leonard, D.D.C.; Pons. Realization of a universal patient identifier for electronic medical records through biometric technology. Information Technology in Biomedicine, IEEE Transactions on, PP(99):1, 2008. doi: 10.1109/TITB.2008.926438.Google Scholar
  55. Bernard Lo and Ann Alpers. Uses and abuses of prescription drug information in pharmacy benefits management programs. JAMA, 283(6):801–806, February 2000. doi: 10.1001/jama.283.6.801. URL Scholar
  56. J. J. Longstaff, M. A. Lockyer, and M. G. Thick. A model of accountability, confidentiality and override for healthcare and other applications. In Proceedings of the fifth ACM workshop on Role-based access control, pages 71–76, Berlin, Germany, 2000. ACM. ISBN 1-58113-259-X. doi: 10.1145/344287.344304. URL Scholar
  57. Cara T Mai, David J Law, Craig A Mason, Bradley D McDowell, Robert E Meyer, and Debra Musa. Collection, use, and protection of population-based birth defects surveillance data in the united states. Birth Defects Research. Part A, Clinical and Molecular Teratology, 79(12):811–4, December 2007. ISSN 1542-0760. doi: 10.1002/bdra.20420. PMID: 18064713.CrossRefGoogle Scholar
  58. BradleyMalin and Latanya Sweeney. How(not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems. Journal of Biomedical Informatics, 37(3):179–92, June 2004. ISSN 1532-0464. doi: 15196482. PMID: 15196482.CrossRefGoogle Scholar
  59. Julie Myers, Thomas R Frieden, Kamal M Bherwani, and Kelly J Henning. Ethics in public health research: privacy and public health at risk: public health confidentiality in the digital age. American Journal of Public Health, 98(5):793–801, May 2008. ISSN 1541-0048. doi: AJPH.2006.107706. PMID: 18382010CrossRefGoogle Scholar
  60. Thomas Neubauer and Bernhard Riedl. Improving Patients Privacy with Pseudonymization, pages 691–696. IOS Press, 2008. URL∼ska/MIE2008/ParalleSessions/PapersForDownloads/09.PS/SHTI136-0691.pdf. Google Scholar
  61. Rita Noumeir, Alain Lemay, and Jean-Marc Lina. Pseudonymization of radiology data for research purposes. Journal of Digital Imaging: The Official Journal of the Society for Computer Applications in Radiology, 20(3):284–95, September 2007. ISSN 0897-1889. doi: 10.1007/s10278-006-1051-4. PMID: 17191099.Google Scholar
  62. OMG. Object management group security,,accessed 16 august. online, August 2008. URL
  63. Michael O’Regan. Ahern to raise laptop theft with data agency. The Irish Times, Thu, Feb 21, 2008. URL
  64. Anna O Orlova, Mark Dunnagan, Terese Finitzo, Michael Higgins, Todd Watkins, Allen Tien, and Steven Beales. Electronic health record - public health (ehr-ph) system prototype for interoperability in 21st century healthcare systems. AMIA … Annual Symposium Proceedings / AMIA Symposium. AMIA Symposium, pages 575–9, 2005. ISSN 1559-4076. doi: 58762. PMID: 16779105.Google Scholar
  65. PITAC. (presidents information technology advisory committee), report to the president - revolutionizing health care through information technology,. Technical report, Executive Office of the President, USA, June 2004.Google Scholar
  66. SSE-CMM Project. Systems security engineering capability maturity model (ssecmm) model description document, version 3.0, june 15, 2003, carnegie mellon university. Standard Release, June 2003.Google Scholar
  67. Catherine Quantin, Franois-Andr Allaert, Paul Avillach, Benot Riandey, Marius Fieschi, Maniane Fassa, and Olivier Cohen. Proposal of a french health identification number interoperable at the european level. Medinfo. MEDINFO, 12(Pt 1):503–7, 2007. doi: 17911768. PMID: 17911768.Google Scholar
  68. Bernhard Riedl, Veronika Grascher, Stefan Fenz, and Thomas Neubauer. Pseudonymization for improving the privacy in e-health applications. In 41st Hawaii International International Conference on Systems Science (HICSS-41 2008), Proceedings, 7-10 January 2008, Waikoloa, Big Island, HI, USA, page 255. IEEE Computer Society, 2008.Google Scholar
  69. Nola M Ries and Geoff Moysa. Legal protections of electronic health records: issues of consent and security. Health Law Review, 14(1):18–25, 2005. ISSN 1188-8725. doi: 16538772. PMID: 16538772.Google Scholar
  70. Thomas C. Rindfleisch. Privacy, information technology, and health care. Commun. ACM, 40(8):92–100, August 1997. ISSN 0001-0782. doi: CrossRefGoogle Scholar
  71. Jim Ryan, Barbara Doster, Sandra Daily, and Marty Heslin. Soft innovation as datadriven process improvement exploited via integrated hospital information systems. hicss, 0:246, 2008. ISSN 1530-1605. doi: Google Scholar
  72. S. A. Shoniregun, A. Omoegun, D. Brown-West, and O. Logvynovskiy. Can ecrm and trust improve ec customer base? e-Commerce Technology, 2004. CEC 2004. Proceedings. IEEE International Conference on, pages 303–310, 2004.Google Scholar
  73. Erik Torres, Carlos de Alfonso, Ignacio Blanquer, and Vicente Hernndez. Privacy protection in healthgrid: distributing encryption management over the vo. Studies in Health Technology and Informatics, 120:131–41, 2006. ISSN 0926-9630. doi: 16823130. PMID: 16823130.Google Scholar
  74. James M. Walker, Pascale Carayon, Nancy Leveson, Ronald A. Paulus, John Tooker, Homer Chin, Albert Bothe Jr., and Walter F. Stewart. Ehr safety: The way forward to safe and effective systems. Journal of the American Medical Informatics Association, 15:272–277, June 2008. doi: 10.1197/jamia.M2618. URL CrossRefGoogle Scholar
  75. Liang Xiao, Paul Lewis, and Alex Gibb. Developing a security protocol for a distributed decision support system in a healthcare environment. In Proceedings of the 30th international conference on Software engineering, pages 673–682, Leipzig, Germany, 2008. ACM. ISBN 978-1-60558-079-1. doi: 10.1145/1368088.1368184. URL CrossRefGoogle Scholar
  76. Che-Ming Yang, Herng-Ching Lin, Polun Chang, and Wen-Shan Jian. Taiwan’s perspective on electronic medical records’ security and privacy protection: lessons learned from hipaa. Computer Methods and Programs in Biomedicine, 82(3):277–82, June 2006. ISSN 0169-2607. doi: S0169-2607(06)00073-3. PMID: 16730852.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Charles A. Shoniregun
    • 1
  • Kudakwashe Dube
    • 2
  • Fredrick Mtenzi
    • 3
  1. 1.Infonomics SocietyUnited Kingdom and Ireland
  2. 2.Computer Science and Information Technology School of Engineering & Advanced Technology (SEAT)Massey UniversityNew Zealand
  3. 3.Dublin Institute of TechnologyIreland

Personalised recommendations