Security and privacy in electronic health records: a systematic literature review
- PMID: 23305810
- DOI: 10.1016/j.jbi.2012.12.003
Security and privacy in electronic health records: a systematic literature review
Abstract
Objective: To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems.
Data sources: Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database.
Study selection: Only those articles dealing with the security and privacy of EHR systems.
Data extraction: The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth.
Results: A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy.
Conclusions: Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems.
Copyright © 2013 Elsevier Inc. All rights reserved.
Similar articles
-
[Access control management in electronic health records: a systematic literature review].Gac Sanit. 2012 Sep-Oct;26(5):463-8. doi: 10.1016/j.gaceta.2011.11.019. Epub 2012 Mar 15. Gac Sanit. 2012. PMID: 22424969 Spanish.
-
Are personal health records safe? A review of free web-accessible personal health record privacy policies.J Med Internet Res. 2012 Aug 23;14(4):e114. doi: 10.2196/jmir.1904. J Med Internet Res. 2012. PMID: 22917868 Free PMC article.
-
Home treatment for mental health problems: a systematic review.Health Technol Assess. 2001;5(15):1-139. doi: 10.3310/hta5150. Health Technol Assess. 2001. PMID: 11532236
-
Regional cerebral blood flow single photon emission computed tomography for detection of Frontotemporal dementia in people with suspected dementia.Cochrane Database Syst Rev. 2015 Jun 23;2015(6):CD010896. doi: 10.1002/14651858.CD010896.pub2. Cochrane Database Syst Rev. 2015. PMID: 26102272 Free PMC article.
-
Electric fans for reducing adverse health impacts in heatwaves.Cochrane Database Syst Rev. 2012 Jul 11;2012(7):CD009888. doi: 10.1002/14651858.CD009888.pub2. Cochrane Database Syst Rev. 2012. PMID: 22786530 Free PMC article.
Cited by
-
Electronic Health Records in Specialized Pediatric Palliative Care: A Qualitative Needs Assessment among Professionals Experienced and Inexperienced in Electronic Documentation.Children (Basel). 2021 Mar 23;8(3):249. doi: 10.3390/children8030249. Children (Basel). 2021. PMID: 33806842 Free PMC article.
-
Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization.J Multidiscip Healthc. 2019 Jan 9;12:73-81. doi: 10.2147/JMDH.S183275. eCollection 2019. J Multidiscip Healthc. 2019. PMID: 30666123 Free PMC article.
-
PAX: Using Pseudonymization and Anonymization to Protect Patients' Identities and Data in the Healthcare System.Int J Environ Res Public Health. 2019 Apr 27;16(9):1490. doi: 10.3390/ijerph16091490. Int J Environ Res Public Health. 2019. PMID: 31035551 Free PMC article.
-
Health Information Technologies-Academic and Commercial Evaluation (HIT-ACE) methodology: description and application to clinical feedback systems.Implement Sci. 2016 Sep 22;11(1):128. doi: 10.1186/s13012-016-0495-2. Implement Sci. 2016. PMID: 27659426 Free PMC article.
-
Measuring Quality in Primary Healthcare - Opportunities and Weaknesses.Zdr Varst. 2019 Jun 26;58(3):101-103. doi: 10.2478/sjph-2019-0013. eCollection 2019 Sep. Zdr Varst. 2019. PMID: 31275436 Free PMC article.
Publication types
MeSH terms
LinkOut - more resources
Full Text Sources
Other Literature Sources
