Security and Privacy of Electronic Healthcare Records: Concepts, paradigms and solutions
2: Department of Electronics and Communication Engineering, Thapar Institute of Engineering and Technology, Patiala, India
3: Department of Computer Science and Engineering, Thapar Institute of Engineering and Technology, Patiala, India
Hospitals, medical practices and healthcare organizations are implementing new technologies at breakneck speed. Yet privacy and security considerations are often an afterthought, putting healthcare organizations at risk of data security and privacy issues, fines, damage to their reputations, with serious potential consequences for the patients. Electronic Health Record systems (EHRs) consist of clinical notes, patient listings, lab results, imaging results and screening tests. EHRs are growing in complexity over time and requiring increasing amounts of data storage. With the development of the IoT, the Cloud and Smart Cities frameworks, new privacy and security methods are being pursued to secure healthcare-based systems and platforms. Presenting a detailed framework as well as comparative case studies for security protection, data integrity, privacy preservation, scalability, and healthcare legislation, this edited volume covers state of the art research and addresses privacy and security methods and technologies for EHRs.
Inspec keywords: Internet of Things; data protection; electronic health records; distributed databases; security of data
Other keywords: data protection; data privacy; data security; access management policies; electronic healthcare records; data authentication; identity policies; blockchain; sustainable IoT services
Subjects: Mobile, ubiquitous and pervasive computing; Distributed databases; Medical administration; General and management topics; Data security
- Book DOI: 10.1049/PBHE020E
- Chapter DOI: 10.1049/PBHE020E
- ISBN: 9781785618987
- e-ISBN: 9781785618994
- Page count: 433
- Format: PDF
-
Front Matter
- + Show details - Hide details
-
p.
(1)
-
Part I. Technological developments in healthcare
1 Introduction
- + Show details - Hide details
-
p.
3
–15
(13)
Security and privacy are the foremost concern for growing individual trust and data integration. The health information of patients/individuals should be secure and private. Patients hesitate to disclose their health information if they don't have trust in the electronic health records (EHR) system. Hence, security and privacy of health records play a crucial role because leaking of patient health data could have life threating consequences. Security and privacy are required between patients and physicians/doctors. Once data is generated, it is stored in local databases and then stored in a remote system using a remote gateway. As soon as we collect data and store it and further share it, there is the possibility of attacks and privacy issues. To mitigate this, various privacy preservation techniques need to be applied. Some examples of privacy techniques are shown such as grant access, access control model, and pseudonymity. Further, some attack mitigation techniques are mentioned such as authorization and authentication.
2 Introduction to healthcare information privacy and security concerns
- + Show details - Hide details
-
p.
17
–42
(26)
A systematic collection of electronic health information of individuals (Electronic Health Record or EHR) in general has been picking up lately. We are gradually leaving behind the extensive paper trail along with the illegible handwriting of many physicians and a headache to compile the patient history from the pile of papers. EHR presented itself with several benefits including cost reduction, easy data maintenance and interpretation, use of one's medical history as a reference for similar cases, data sharing, fmding trends or correlations in medical histories to detect an anomaly or maybe a cure. To offer these benefits, an EHR system should have properties like high availability, failure resilient, data completeness, secure and privy among others. While numerous benefits are being offered by EHR, given the insecurities in the digital world, it is easily threatened by hackers, worms, viruses and similar attackers. These issues may arise during storage of data, communication of data and use of data. Though several standards and policies like ISO 13606 and ISO/TR 20514 exist citing various guidelines associated with EHR, but individual implementers may choose to put them aside or may not be even aware of them. We would outline such different security and privacy issues while using electronic health records in this paper.
3 Fundamentals of health-care system and general rules for security and privacy
- + Show details - Hide details
-
p.
43
–60
(18)
In today's world, there is rapid growth in health-care industry on the conversion of patients' records into electronic form. Electronic health record (EHR) is used to create and manage health records of patients in a digital format. The security and privacy are major concerns for increasing patient's trust and information integration. The health information of persons should be secure and private within individuals and providers for getting healthier results as well as healthier persons. Privacy means the right of persons who keep information within themselves, without disclosing to others.The information that is shared as consequences of medical relationship should be protected because it is considered confidential.This paper also describes about the Health Insurance Portability and Accountability Act (HIPAA) rules which gives assurances to tolerant wellbeing data held by Covered Entities (CEs) and Business Associates (BAs) and give patients various privileges for that data. A breach is, by and large, an impermissible use or disclosure under the privacy rule that bargains the security or protection of Protected Health Information (PHI). The model comprises numerous modules, every one of which is accountable for taking an alternate sort of errand. This measured plan goes for basic and productive access control choice relying upon the patient's circumstance and the requester's relegated jobs.
4 Identity and access management systems
- + Show details - Hide details
-
p.
61
–92
(32)
This chapter discusses concepts and various research-oriented IAM techniques for growing connected healthcare system. Identity and access management (IAM) in a computer system includes a security framework, tools, and technologies to control access to critical information resources to legitimate users in the right context. IAM is even more challenging for healthcare organization as they are responsible for the protection of users identities and valuable medical records. Health care organizations are more prone to attacks than financial institutions. Data breaches in e-healthcare can lead to identifying theft, billing, and insurance frauds. To prevent such breaches IAM for health care must be even more secure and scalable to meet current challenges. IAM cannot be explained without learning the concept of identification.
5 Application design for privacy and security in healthcare
- + Show details - Hide details
-
p.
93
–130
(38)
Electronic health records (EHRs) were seen as a panacea for managing all medical related data about the patient. The goal was to identify the siloed data fragmented across various healthcare providers and combine it in a uniform way in order to provide the best possible diagnostics and make it easy for the practitioners to gather and study patient's medical data. However, despite decades into development, such record systems are still long ways off in terms of practical implementation. They have been dogged by various shortcomings and above all concerns regarding potential loopholes in the privacy and security of patient data. Given the poor track record of the industry when it comes to preventing illicit access and sharing of data, there is an ever-growing impetus to stanch the consistent violation of the privacy of an individual's personal information by illegitimate parties. In this chapter, we aim to develop an understanding of an EHR system, identify associated shortcomings, and the requirements that it is supposed to fulfil. We also present various proposed implementations that show promise in the development of a safe, secure, and unified EHR system. In the last section, we discuss the potential of blockchains and how they have the goods to deliver a perfect EHR system.
6 Sustainable future IoT services with touch-enabled handheld devices
- + Show details - Hide details
-
p.
131
–152
(22)
In this chapter, the integration of handheld devices with IoT is described in detail and also gives a clear vision regarding the challenges and opportunities regarding the implementation in the real-world applications.
-
Part II. Healthcare models, solutions, and security standards
7 Existing enabling technologies and solutions to maintain privacy and security in healthcare records
- + Show details - Hide details
-
p.
155
–182
(28)
Electronic health record (EHR) is a repository of a patient medical record stored in digital format. MR is accessible by different healthcare professionals, administrative staffs, patients, and their relatives. The key highlight of EHR is that it is possible to exchange health information of patients between different healthcare providers. This MR property supports patients with efficient and high -quality healthcare delivery. MR has several advantages in improving efficiency, lowering costs, and medical errors. Usually, MR is outsourced to the third party such as cloud or fog. These third party service providers facilitate unlimited resources for storage and computing. This information technology infrastructure enables the medical record of a person to be stored in one place is accessed from any part of the world. Despite EBR's numerous advantages, it poses many security issues because EHR is exposed to third -party service providers and users of different kinds. Infringement of data privacy, data integrity, and user privacy are the main security issues. Researchers have come up with many ideas since 1982 to improve EHR's security. Then they concluded that these breaches of security might be confined by encrypting EHR before being out sourced to the third party. Researchers have used different encryption techniques to encrypt EHR, such as symmetric key encryption, public key encryption, and identity based encryption. All of the above techniques of encryption fall with their common disadvantages. Currently, researchers apply attribute -based encryption (ABE) in EHR because it provides additional security requirement of fl exibility and control unauthorized access. The ABE scheme allows the MR owner to choose authorized users to access various parts of the MR, and the MR owner can enforce write access control and read user access control policies. Multiauthority ABE is developed to provide efficient key management and to avoid key escrow. Authentication of users can also maintain EHR's privacy and security. We discuss existing encryption techniques and authentication techniques in this chapter to maintain the privacy and security of EHR being outsourced to the third party. In addition, the advantage of enabling blockchain technology is also discussed in securing EHR
8 Healthcare models and algorithms for privacy and security in healthcare records
- + Show details - Hide details
-
p.
183
–221
(39)
The objective of this paper is to discuss three major approaches, namely Data Storage, Data Access, and Data Authentication with regard to electronic healthcare records so that patient's records are kept safe and follow Confidentiality, Integrity, and Availability principle. The chapter also focuses on the various algorithms that are connected to above three approaches with regard to maintaining security and privacy in healthcare IT.
9 Information security and privacy in healthcare records: threat analysis, classification, and solutions
- + Show details - Hide details
-
p.
223
–247
(25)
Information security and privacy in healthcare information system is a very critical matter. The increasing acceptance of information systems by various healthcare institutions and increasing security and privacy concerns among patients, all point to the need for proper frameworks of information security and privacy in place. In this paper, we have analyzed numerous categories of threats to a health information system and have identified threats that are unique to a health information system. Later, we have explored various models and algorithms that may be utilized to alleviate these threats. Finally, we have proposed future directions that may encourage further research into this field.
10 Safety measures for EHR systems
- + Show details - Hide details
-
p.
249
–266
(18)
Learning of how to create, execute, and ceaselessly enhance (electronic health record)EHR for patient wellbeing is as of now constrained and not open to most human services associations. Social insurance associations, EHR merchants and assessors, medicinal services informaticians, security engineers, human components engineers, and different partners must sort out and spread what is right now known and make a revealing framework that will propel comprehension of EHR-related wellbeing blemishes. They should cooperate to progress EHR wellbeing learning and practices with the goal that no patient is hurt by an EHR
11 Protection framework and safety standards related to electronic health records
- + Show details - Hide details
-
p.
267
–281
(15)
The traditional clinical history corresponds to the medical record about the treatment received by the patient during the period of his/her illness. The clinical records are legal documents under the principle of confidentiality between doctor and patient. This paper corresponds to a practical application of a secure electronic health record (EHR) system in the cloud at the Vega Baja Hospital in San Bartolome in Orihuela (Alicante, Spain) taking in account a series of European Directives, recommendations of the European Council of the protection medical data, safety standards in EHRs, and rules of security for healthcare communication. Here, the case study presents an application implemented completely in the cloud.
12 Security and privacy issues in UK healthcare
- + Show details - Hide details
-
p.
283
–301
(19)
The healthcare must be a most concern issue for any developed countries in terms of security and wellness of its citizens. In 2015-16, the UK spent £185 billion on healthcare as shown in [1] that provides free medical care to all UK residents, treating 1 million patients every 36 hours as discussed in [2-5]. There must be a governing system which guaranteed the safety, security, and privacy of such data. As such data are vulnerable to cyberattacks and hold the millions of confidential data. This chapter discusses and analyses the various security and privacy issues in the UK healthcare infrastructure and several challenges to be resolved for different attacks.
-
Part III. The role of blockchain to maintain security and privacy in healthcare
13 Blockchain-based health information privacy protection
- + Show details - Hide details
-
p.
305
–320
(16)
The contribution of this paper lies in, by exploring blockchain technology facing health information privacy and fmding a detailed framework and practical examples, the optimal design of blockchain is proposed to address the privacy of patients' health information and data from the following aspects, such as technological frameworks, theoretical model, technical approaches, and performance evaluation metrics.
14 The importance of healthcare information privacy through blockchain
- + Show details - Hide details
-
p.
321
–344
(24)
This chapter outlines the role of blockchain in fastening the healthcare research and empowering patients to control the privacy of their health data in addition to avail a secured regular health monitoring tool. The chapter also deals with fundamental challenges, issues of blockchain, and research outset of blockchain in the field of the healthcare information security.
15 Enhancement of health-care services using blockchain with data authentication and protection
- + Show details - Hide details
-
p.
345
–367
(23)
Historical details of a patient leave a very critical challenge for treatment in health-care industry. As the population is exponentially growing across the world, people may need to consult multiple places for their treatment or consultation with different health-care professionals. A secure platform is required on which patient's data can be shared among the authorised people with necessary details only. In this context, blockchain is one of the upcoming technologies that ensure the requirement of secure data sharing.
16 Blockchain-powered healthcare insurance system
- + Show details - Hide details
-
p.
369
–387
(19)
Security and privacy concerns of health records are challenging issues in modern healthcare systems. Typically, in a healthcare system, doctor requires to confirm the legitimacy of patient's health records prescribed by pathological laboratories; insurance company needs to check the validity of medical/diagnosis reports submitted for the insurance claim; and patient requires to ensure his/her health records privacy protection while consulting with different parties (e.g., doctor, nurses, and laboratory staff) involved in healthcare system. Furthermore, health records should not be perceivable to unauthorized parties with malicious intentions on patient's health. Therefore, confidentiality, integrity, and privacy of health records should be preserved while transmitting health records over communication channel and/or while storing data on a third-party server. In recent times, blockchain technology shows potential for publicly verifiable and immutable transactions while managing records in a decentralized system. In this chapter, we discuss about the applicability of blockchain technology for protecting health records with respect to tamperproofing, accountability, ownership, and data privacy. We present a healthcare system powered by protocols using blockchain technology that ensures accountability and transparency of services availed by different entities involved in healthcare system. The proposed protocols address the issue of ill-formed medical report for availing/denial of health insurance, which is a practical problem that needs effective solution from both claimant and service provider. The proposed system addresses this important issue, where the patient can avail deserving service from the insurance company and the insurance company can confirm the legitimacy of the medical report.
17 Conclusion
- + Show details - Hide details
-
p.
389
–390
(2)
This book addressed one of the most overlooked practical, methodological, and moral problems of any nation, that of maintaining privacy and security in the healthcare sector. For example, the following questions need to be addressed in this domain. Who can access information in an electronic health record (EHR) and how can users see information in their record to ensure its correctness? How is it protected from loss, theft, and hacking? What should users do if they think their information is compromised? In this book, we discussed a detailed framework to maintain security and privacy in electronic healthcare records, and comparative case studies using various performance evaluation metrics, such as privacy preservation, scalability, and healthcare legislation.
-
Back Matter
- + Show details - Hide details
-
p.
(1)