Abstract
Information and communication technology has created excellent development in over the past few years in the field of medicine and healthcare. Healthcare is constantly undergoing changes, with new medical technologies, business models and research findings. The requirements for security and privacy are also very critical and very difficult to satisfy in case of Electronic Health Records (EHRs) data especially as compared to any other data. This is due to the conflicting needs of clinicians (who demand open and easy access to databases) and the patients (who prefer closed and private access to information stored in databases). The potential and capabilities of IT and its influence on the Indian healthcare is of utmost importance. Thus, this study examines the current status of security and privacy of various healthcare services/solutions implemented for electronic health records in India. This topic has not been sufficiently addressed by the existing healthcare solutions based on standards. The authors aim to bridge this gap by proposing a model to protect the security and privacy for Standardized Electronic Health Records EHRs database systems. A simulative analysis for the implementation of the proposed model has been presented. This will help in large scale deployment of secured Electronic Health Record systems that will benefit hospitals and their users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
State of the Union. Address of William J. Clinton USA (January 19, 1999)
ISO/TS 13606, http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=50121
HIPAA Health Privacy Rule Act, http://www.hhs.gov/ocr/privacy/
Top 10 Data Security Breaches in 2012, http://www.healthcarefinancenews.com/news/top-10-data-security-breaches-in-2012
E-Sushrut, http://www.cdacnoida.in/healthcare.asp
DIGHT: Distributed Infrastructure for Global eHr Technology, http://dight.sics.se/?q=node/3
Sweeney, L.: k-Anonymity: A model for protecting privacy. International Journal on Uncertainty,Fuzziness and Knowledge Based Systems (2002)
Machanavajjhala, A., Gehrke, J., Kifer, D.: L-diversity: Privacy beyond k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering, Atlanta, GA, USA, April 3-8 (2006)
Addas, R., Zhang, N.: Support Access to Distributed EHR’s with Three levels of Identity Privacy Preservation. In: Proceedings of Sixth International Conference on Availability, Relaibility and Security, Vienna, Austria, August 22-26 (2011)
Huda, M.N., Yamada, S., Sonehara, N.: Privacy-aware access to patient-controlled Personal Health Records in emergency situations. In: Proceedings of Third International Conference on Pervaisve Health, London, UK, April 1-3 (2009)
Donelan, K., Miralles, P.D.: supra note 17, at 66 (2006)
Law 41/2002 of November 14, basic regulator of the patient autonomy and rights and obligations of clinical information and documentation matters. BOE 274, sec. 1, pp. 40126-40132 (November 14, 2002)
Law 15/1999 of December 13, of the Protection of Personal Data BOE 298, sec. 1, pp. 43088-43099 ( December 13, 1999)
Eichelberg, M., Aden, T., Riesmeier, J., Dogac, A., Laleci, G.: A survey and analysis of Electronic Healthcare Record standards. ACM Comput. Surv. 37(4), 277–315 (2005)
The openEHR Foundation, http://www.openehr.org
Wong, E., Stonebraker, M.: Access control in a relational data base management system by query modification. ACM SIGMOD (1975)
Biskup, J., Bonatti, P.A.: Controlled Query Evaluation for Known Policies by Combining Lying and Refusal. Annals of Mathematics and Artificial Intelligence 40(1-2), 37–62 (2004)
Health Information Systems Programmme, http://hispindia.org/
Electronic Health Record Standards For India, http://blog.digmed.in/2013/09/22/e-h-r-standards-for-india-goi-report/
Adams, J., Bakalar, R., Boroch, M., Knecht, K., Mounib, E.L., Stuart, N.: Healthcare 2015 and Care Delivery”, IBM (white paper) (2013), http://www-03.ibm.com/industries/ca/en/healthcare/files/hc2015_full_report_ver2.pdf
Personal Health Records Need a Comprehensive and consistent Privacy and Security Framework, CTR. FOR DEMOCRACY AND TECHNOLOGY (June 9, 2009), http://www.cdt.org/policy/personal-health-records-need-comprehensive-and-consistent-privacy-and-security-framework .
Tejero, A.: Advances and current state of the security and privacy in Electronic Health Records: Survey from a social prospective. Journal of Medical Systems 36, 3019–3027 (2012)
For the Record: Protecting Electronic Health Information, Committee on on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructures, National Research Council (1997)
Power, D., Slaymaker, M., Politou, E., Simpson, A.: Protecting sensitive patient data via query modification. In: SAC 2005. ACM (March 2005)
Carter, M.: Intergarted electronic health records and patients privacy: possible benefits and real dangers. Medical Journal of Australia 172, 28–30 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Mehndiratta, P., Sachdeva, S., Kulshrestha, S. (2014). A Model of Privacy and Security for Electronic Health Records. In: Madaan, A., Kikuchi, S., Bhalla, S. (eds) Databases in Networked Information Systems. DNIS 2014. Lecture Notes in Computer Science, vol 8381. Springer, Cham. https://doi.org/10.1007/978-3-319-05693-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-05693-7_13
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05692-0
Online ISBN: 978-3-319-05693-7
eBook Packages: Computer ScienceComputer Science (R0)