Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

12 Pages Posted: 19 Jun 2014

See all articles by Agnes Gawlik

Agnes Gawlik

Ruhr Universität Bochum

Lennart Köster

Ruhr Universität Bochum

Hiva Mahmoodi

Ruhr Universität Bochum

Marcel Winandy

Ruhr Universität Bochum

Date Written: June 23, 2014

Abstract

Electronic Health Records (EHR) are becoming a growing trend in the healthcare industry. Especially when applied across healthcare organizations, EHRs provide benefits such as financial incentives and a more complete view of a patient’s history. However, they also face security issues regarding the confidentiality and privacy of the patients’ data, especially when the EHRs are stored at third-party providers or in the cloud. In general,confidentiality can be ensured by using cryptographic mechanisms or access control. Unfortunately, both techniques diminish the usability of the EHR if they are applied straightforwardly. Privacy and confidentiality have to be ensured in a way that does not restrict usability as it reduces the benefits of the EHR. This paper presents experiences from a requirements analysis we made during ongoing projects. We summarize the requirements for integrating end-to-end confidentiality into large-scale EHR systems in a usable fashion. In particular, show(i)which data granularity is useful to been crypted without interfering with access control, (ii) requirements for an authorization mechanism to access encrypted data, (iii) a privacy classification of typical metadata in EHRs, and (iv) interoperability issues that must be solved to allow for secure and usable EHR implementations.

Suggested Citation

Gawlik, Agnes and Köster, Lennart and Mahmoodi, Hiva and Winandy, Marcel, Requirements for Integrating End-to-End Security into Large-Scale EHR Systems (June 23, 2014). University of Amsterdam, Amsterdam Privacy Conference 2012 (APC 2012). Available at SSRN: https://ssrn.com/abstract=2457987 or http://dx.doi.org/10.2139/ssrn.2457987

Agnes Gawlik (Contact Author)

Ruhr Universität Bochum ( email )

Universitätsstraße 150
Bochum, NRW 44780
Germany

Lennart Köster

Ruhr Universität Bochum ( email )

Universitätsstraße 150
Bochum, NRW 44780
Germany

Hiva Mahmoodi

Ruhr Universität Bochum ( email )

Universitätsstraße 150
Bochum, NRW 44780
Germany

Marcel Winandy

Ruhr Universität Bochum ( email )

Universitätsstraße 150
Bochum, NRW 44780
Germany

Register to save articles to
your library

Register

Paper statistics

Downloads
38
Abstract Views
633
PlumX Metrics