Security and Privacy in the Era of Electronic Health Records (EHRs)
Abstract
Traditional paper-based repositories of medical records are now largely phased out and replaced by advanced Electronic Health Record (EHR) systems. Digitization of medical records and the ease of data access, however, also present the risk of the healthcare data breach and misuse of personally identifiable information. Given the crucial data kept in EHR, specific regulations are made in the European Union (EU), which specify the amount and type of clinical data collected. In various countries in the EU, however, the amount and the nature of the EHR information are different. Some EU countries allow the collection of minimal demographic and clinical information. In contrast, others allow more specific information on the profession, criminal offense, organ donation, psychological disorders, family details, or other socio-economic variables. Security of individual data has been identified as a fundamental right in Article 8 of the EU Charter of Fundamental Rights, and the EU General Data Protection Regulation (GDPR) dictates that organizations can analyse individual information only if a minimum of a sixth lawful grounds for personal information processing has complied. These requirements become even more stringent in medical data. One of the main issues for EHRs is how patient’s privacy will be kept confidential through technology. Another primary concern is network communication; thus storing personal health data online can be a source of crucial information leakage to unauthorized entities. In detail, this study seeks to analyse and address the following issues: Firstly, an overview of security and privacy concerns in EHR will be looked into details. Secondly, an analysis of the existing legislative and regulatory framework to protect the treatment or processing – including collection, recording, organisation, structuring, storage, and other uses – of personal data linked to health will be provided, taking the European Union as a case study. The paper will conclude by discussing that with the recent advances in data storage and data processing and the emergence of artificial intelligence and big-data projects, EHR applications are expected to grow further. The need is to strengthen further and homogenize the regulatory framework for the security of data stored in EHR and the standardized analysis of information for legitimate clinical research and other essential applications.
Published
Issue
Section
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish with this journal agree to the following terms: RAIS Journal of Social Sciences is given by the author the right of the first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal. Authors retain copyright. If the author cites from his own article published in RAIS Journal of Social Sciences, then he is encouraged to cite the name of the RAIS Journal of Social Sciences, volume, and page. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access). This journal provides immediate open access to its content, in this way, we make research freely available to the public and support a greater global exchange of knowledge.
PRIVACY STATEMENT
The names and email addresses entered in this journal site will be used exclusively for the stated purposes of this journal and will not be made available for any other purpose or to any other party.
