Security and Privacy in the Era of Electronic Health Records (EHRs)


  • Mohamed CHAWKI Ph.D., FRSA, Chairman, International Association of Cybercrime Prevention (AILCC), Paris, France


Traditional paper-based repositories of medical records are now largely phased out and replaced by advanced Electronic Health Record (EHR) systems. Digitization of medical records and the ease of data access, however, also present the risk of the healthcare data breach and misuse of personally identifiable information. Given the crucial data kept in EHR, specific regulations are made in the European Union (EU), which specify the amount and type of clinical data collected. In various countries in the EU, however, the amount and the nature of the EHR information are different. Some EU countries allow the collection of minimal demographic and clinical information. In contrast, others allow more specific information on the profession, criminal offense, organ donation, psychological disorders, family details, or other socio-economic variables. Security of individual data has been identified as a fundamental right in Article 8 of the EU Charter of Fundamental Rights, and the EU General Data Protection Regulation (GDPR) dictates that organizations can analyse individual information only if a minimum of a sixth lawful grounds for personal information processing has complied. These requirements become even more stringent in medical data. One of the main issues for EHRs is how patient’s privacy will be kept confidential through technology. Another primary concern is network communication; thus storing personal health data online can be a source of crucial information leakage to unauthorized entities. In detail, this study seeks to analyse and address the following issues: Firstly, an overview of security and privacy concerns in EHR will be looked into details. Secondly, an analysis of the existing legislative and regulatory framework to protect the treatment or processing – including collection, recording, organisation, structuring, storage, and other uses – of personal data linked to health will be provided, taking the European Union as a case study. The paper will conclude by discussing that with the recent advances in data storage and data processing and the emergence of artificial intelligence and big-data projects, EHR applications are expected to grow further. The need is to strengthen further and homogenize the regulatory framework for the security of data stored in EHR and the standardized analysis of information for legitimate clinical research and other essential applications.