UNIVERSITY OF GONDAR

COLLEGE OF MEDECINE AND HEALTH

SCIENCE
INSTITUTE OF PUBLIC HEALTH
DEPARTMENT OF HEALTH INFORMATICS

eHealth Assignment
Group 1
Title: Privacy, confidentiality and security issues of data in
Electronic Health Record (EHR)

Date: 5 - 21 – 2021

Submitted to: Mr. Mekuanint

GROUP MEMBERS
1 ABDURAHAMAN NASIR
2 ABEBE ENDALAMAW
3 ABEBE CHEKOL
4 ABRHAM ADDISU
5 ABRIHAM SEWALEM
6 ABYALEW YESHITLA
7 ADANE ASCHALE
8 ADDISU BERIE
9 ADDISU ADANE
10 ALEMSHET ASHAGERE
11 AMARE GOLLA
Contents
Introduction.................................................................................................................................................1
Privacy, confidentiality and security issues of data in Electronic Health Record (EHR).............................2
Reference.....................................................................................................................................................7
Introduction
An electronic health record is defined as an electronic version of a medical history of the patient
as kept by the health care provider for some time period and it is inclusive of all the vital
administrative clinical data that are in line to the care given to an individual by a particular
provider such as demographics, progress reports, problems, medications, important signs,
medical history, immunization reports, laboratory data and radiology reports. Use of paper as a
means of recording health data in most healthcare facilities and organizations has led to an
extensive paper trail and most organizations have developed interests in shifting from paper-
based health records to electronic health records.
The integrated health records are much effective and have more benefits such as lowering costs,
improving health care quality, promoting evidence-based medicine usage and helping in record
keeping and ensures mobility of the records. To remain effective, electronic health record system
must satisfy some requirements such as achieving complete data, resilience to failure, be highly
available and be consistent to security policies. However, there are a number of factors that have
hindered the application of electronic health records. They include funding technology, some
aspects of the organization and attitude.

1|Page
 Privacy, confidentiality and security issues of data in Electronic
Health Record (EHR)

Electronic Medical Records (EMRs) can provide many benefits to physicians, patients and
healthcare services if they are adopted by healthcare organizations. But concerns about privacy
and security that relate to patient information can cause there to be relatively low EMR adoption
by a number of health institutions. Safeguarding a huge quantity of health data that is sensitive at
separate locations in different forms is one of the big challenges of EMR.

A review is presented in this paper to identify the health organizations’ privacy and security
concerns and to examine solutions that could address the various concerns that have been
identified. It shows the IT security incidents that have taken place in healthcare settings. The
review will enable researchers to understand these security and privacy concerns and solutions
that are available.

The growth on Information and Communication Technologies has resulted into a scenario
whereby the health data of patients are affecting the security and privacy threats. Presently, there
are a lot of concerns regarding privacy and security of protected health data and these concerns
are the biggest barriers in implementing electronic health records; and hence the need for health
organizations to find out strategies that can help them secure electronic health records.

Electronic Health Records are also referred to as electronic medical record (EMR) and their use
is gaining popularity under the topic of e-health. Electronic medical records contain patients’
health-related data and is classified as a major factor in the application of e-health. Electronic
medical record is made up of legal records that are composed at the hospital environments. These
data are then used as the main source of data for electronic health record. Even though hospitals
use electronic medical records system in their day to day services, the experience of the
healthcare professionals makes them not fully trust the system.

Effectively managing an Electronic-health requires multidisciplinary team including

telecommunication, instrumentation, computer science to enable exchange of medical data across
wider geographic regions. The use of e-health enables the users to have a wider thinking and
allows health care providers to network effectively.

2|Page
Improving the healthcare has benefits such as improving the efficiency of healthcare operations
and improves the quality of health care services offered to patients. Literature has talked about
security issues that come from trends in information and technology for instance keeping health
records on distant serves operated by third-party cloud service providers. Health Information
Technology refers to all the information technology systems used in storing, accessing,
processing, sharing and transmitting health information or support health care delivery and
healthcare system management.

The information that the Health Information Technology contains are very sensitive and the
information includes data related to patient’s tests, diagnoses, treatment together with
information on the patients’ medical history. It is therefore very important that these information
is secured so that it is not manipulated enabling patients to continue sharing information
pertaining to their health and work considering the moral and legal responsibilities. However,
ensuring that the health records are secure is negatively affected by the dynamic nature of the
Health Information Technology environment.

The common issues that needs to be addressed in electronic medical record system are privacy,
security and confidentiality. Although security and privacy are strongly related, they are in real
sense different. Privacy refers to the right that someone has to determine for themselves when,
how and the level at which accessing personal information is transferred or shared by others
while on the other hand, security is defined as the level at which accessing someone’s personal
information is restricted and allowed for those authorized only.

Transferring or sharing sensitive health data when not authority can lead to data breach. Privacy
can as well be breached in many situations through unpreventable systemic identification that
occurs in the entire electronic health infrastructure and by central technologies and parties that
look at the actions of healthcare workers and patients. However, in some cases the government,
employers, pharmaceutical companies, researchers and laboratories could have valid reasons to
access the health records of patients so that to get some data and in the process, the health care
provider could abuse the health records access either accidentally or intentionally.

There are three basic information technology security requirements, those are confidentiality,
integrity and availability. Confidentiality can be defined as restricting information to persons that

3|Page
are not authorized to access data during either storage, transmitting or when they are being
treated. Confidentiality can be achieved through technological means such as data encryption or
through controlling accessing the systems. Confidentiality is also achieved through working on
moral dispositions such as professional silence. However, it was realized by that although
encryption is mostly used for health data that are sent across exposed networks, it is less applied
to data that is stored in mobile devices and other storage media.

The need for confidentiality is a response to privacy concerns that are also very important in the
health care sector due to the very sensitive data regarding patients and clients that they carry.
Confidentiality ensures that the information remains protected from unauthorized deletion or
modification and undesired modification by authorized users. On the other hand, availability
ensures that a system can be accessed and is fully operating at any moment that an authorized
person is in need of using them.

Physicians are normally very concerned that an unauthorized person could access the
information of patients that are stored in the electronic medical records system and misuse the
information hence leading to a legal complications following a breach in the confidentiality of
the patients’ records. Suggestion implies physicians are very keen on the security and
confidentiality concerns more than the patients themselves. The majority of doctors who use
electronic medical records prefer paper records more than electronic medical records because
they believe that paper records are much more secure and confidential. This is an indication that
the issue of privacy and security on EMR is taken very seriously. If the patients are not assured
privacy, they could decide to withhold the information to prevent inappropriate use.

Many countries are therefore in the process of reforming their health care services through
application of Information Technology. The use of IT has helped individuals improve their care
experience, improve health of population, and reduces health care cost. The present
developments in Information Technology has resulted to a digitalized health records and
therefore creating a new or improved ways to successfully do collection, processing, storing,
consulting, and sharing of health information.

Digitized health information is more portable and can be shared among health care organizations,
are much more available to the public health administrators conducting health surveys making

4|Page
policies and is also available to patients. So far, most literature have suggested positive effects of
a digitalized system on healthcare outcomes. However, these digitalized health information
expose health records to security breaches related to information technology. Potential users of
health Information Technology are much concerned with the information technology related
security and privacy which negatively affects the trust of electronic health records. This
reduction in trust from health care professionals and patients may not fully welcome the use of
electronic health records and therefore threatening information technology importance. This can
later lead to ineffective healthcare delivery as well as ineffective public health monitoring or
health research.

It has been suggested that it is important that the methods of providing cyber-security that are
associated with electronic health record needs to be well understood prior to their
implementation. The information that is stored within the EHR is very sensitive and therefore so
many security features were initiated by the Health Information Technology for Economic and
Clinical Health Act and the Health Insurance Portability and Accountability (HIPAA) Act.
HIPAA outlines three pillars that it uses in ensuring that the protected health information remains
secure by applying administrative safeguards, physical safeguards, and technical safeguards. The
three pillars are also called the healthcare security safeguard themes and they range from
techniques protecting computers’ location to the application of firewall software in protecting
health information.

It is important to note here that EHR is being increasingly used in a number of developing
nations as it not only improves healthcare quality but is cost-effective as well. Technologies such
as this can create hazards, therefore, it is a real challenge to safeguard the safety of the
information that exists in the system. Security breaches have recently raised concerns about this
system. Although it is becoming ever more useful and there is growing enthusiasm for its
adoption, little attention has been given to the security and privacy issues that could arise as a
result. Therefore, the authors have undertaken in-depth analysis of all the relevant issues
associated with privacy and security features of EHR system as reported in the public scholarly
literature using a comparative framework developed from ISO 27799 standard.

5|Page
Literature has identified that EHR solutions acquired from various vendors usually comes with
an already set of security and privacy capabilities and the present question could only be
answered by analyzing the specific real solutions that are used as EHRs. Moreover, the authors
strongly believe that if the privacy and security proposals found in the published scholarly
literature are highlighted and analyzed, they could subsequently be applied as proxy for what
might be the real EHR privacy and security proposals.

Reference

1. A Primer on the Privacy, Security, and Confidentiality of Electronic Health Records

February 2016 (PDF)

6|Page
2. Security and privacy of electronic health records: Concerns and challenges – Egyptian
informatics journal

3. Lecture transcript privacy, confidentiality, and security: basic concepts, William Hersh, m.d.

7|Page