Security Control Model for Electronic Health Records

  • Lucy Kemboi Moi University, P.O. Box 3900-30100, Eldoret Kenya
  • Lamek Ronoh Rongo University, P.O. BOX 103 -40404, Rongo, Kenya
Keywords: Electronic Health Records, Security Control Model, Information Security

Abstract

Secure Electronic Health Records (EHR) is essential in provision of reliable information to support delivery of healthcare services. There is need of a security control model due to the increasing collection of Electronic health records. This study developed a model that will ensure the Electronic Health Records is secure from any threat that will compromise the safety of patient’s information at the Moi Teaching and Referral Hospital. This model ensures a proper organized structure for enforcing information security and vital approaches, techniques, procedures and necessary policies and technologies to ensure confidentiality, integrity and availability to ensure a secure EHR.

References

. A.Appari and M. Johnson, "Information security and privacy in healthcare: current state of research", International Journal of Internet and Enterprise Management, vol. 6, no. 4, p. 279, 2010. Available: 10.1504/ijiem.2010.035624.

. C.Kruse, B. Smith, H. Vanderlinden and A. Nealand, "Security Techniques for the Electronic Health Records", Journal of Medical Systems, vol. 41, no. 8, 2017. Available: 10.1007/s10916-017-0778-4.

. E. Mehraeen, H. Ayatollahi and M. Ahmadi, "Health Information Security in Hospitals: the Application of Security Safeguards", Acta Informatica Medica, vol. 24, no. 1, p. 47, 2016. Available: 10.5455/aim.2016.24.47-50.

. E. Söderström, R. Åhlfeldt and N. Eriksson, "Standards for information security and processes in healthcare", Journal of Systems and Information Technology, vol. 11, no. 3, pp. 295-308, 2009. Available: 10.1108/13287260910983650.

. H.Ayatollahi and G. Shagerdi, "Information Security Risk Assessment in Hospitals", The Open Medical Informatics Journal, vol. 11, no. 1, pp. 37-43, 2017. Available: 10.2174/1874431101711010037.

. J. Winterton, "Review: Business Research Methods ALAN BRYMAN and EMMA BELL. Oxford: Oxford University Press, 2007. xxxii + 786 pp. £34.99 (pbk). ISBN 9780199284986", Management Learning, vol. 39, no. 5, pp. 628-632, 2008. Available: 10.1177/13505076080390050804.

. J. Zarei and F. Sadoughi, "Information security risk management for computerized health information systems in hospitals: a case study of Iran", Risk Management and Healthcare Policy, p. 75, 2016. Available: 10.2147/rmhp.s99908.

. J.Fernández-Alemán, I. Señor, P. Lozoya and A. Toval, "Security and privacy in electronic health records: A systematic literature review", Journal of Biomedical Informatics, vol. 46, no. 3, pp. 541-562, 2013. Available: 10.1016/j.jbi.2012.12.003.

. J.Kwon and M. Johnson, "Security practices and regulatory compliance in the healthcare industry", Journal of the American Medical Informatics Association, vol. 20, no. 1, pp. 44-51, 2012. Available: 10.1136/amiajnl-2012-000906. .

. M. Samadbeik, Z. Gorzin, M. Khoshkam and M. Roudbari, "Managing the Security of Nursing Data in the Electronic Health Record", Acta Informatica Medica, vol. 23, no. 1, p. 39, 2015. Available: 10.5455/aim.2015.23.39-43.

. M.Bakhshi, H. Monem, O. Barati, R. Sharifian and M. Nematollahi, "Structural investigation of websites of selected educational hospitals of Shiraz University of Medical Sciences from Patient Relationship Management (PRM) perspective", Electronic Physician, vol. 9, no. 7, pp. 4786-4790, 2017. Available: 10.19082/4786.

. N. Muinga et al., "Implementing an Open Source Electronic Health Record System in Kenyan Health Care Facilities: Case Study", JMIR Medical Informatics, vol. 6, no. 2, p. e22, 2018. Available: 10.2196/medinform.8403.

. Reaching for the Cloud(s): Privacy Issues related to Cloud Computing - March 2010 - Office of the Privacy Commissioner of Canada", Priv.gc.ca, 2021. [Online]. Available: https://priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2010/cc_201003/. [Accessed: 09- Nov- 2021].

. S.Chukkapalli et al., "Ontologies and Artificial Intelligence Systems for the Cooperative Smart Farming Ecosystem", IEEE Access, vol. 8, pp. 164045-164064, 2020. Available: 10.1109/access.2020.3022763.

. Strategic information systems: concepts, methodologies, tools, and applications", Choice Reviews Online, vol. 47, no. 08, pp. 47-4186-47-4186, 2010. Available: 10.5860/choice.47-4186.

. Who.int,2021.[Online].Available:https://www.who.int/healthinfo/systems/WHO_MBHSS_2010_section1_web.pdf. [Accessed:09- Nov- 2021].

. Y. Alotaibi and F. Federico, "The impact of health information technology on patient safety", Saudi Medical Journal, vol. 38, no. 12, pp. 1173-1180, 2017. Available: 10.15537/smj.2017.12.20631.

. Y.Al-Issa, M. Ottom and A. Tamrawi, "eHealth Cloud Security Challenges: A Survey", Journal of Healthcare Engineering, vol. 2019, pp. 1-15, 2019. Available: 10.1155/2019/7516035.

. A.Appari and M. Johnson, "Information security and privacy in healthcare: current state of research", International Journal of Internet and Enterprise Management, vol. 6, no. 4, p. 279, 2010. Available: 10.1504/ijiem.2010.035624.

. C.Kruse, B. Smith, H. Vanderlinden and A. Nealand, "Security Techniques for the Electronic Health Records", Journal of Medical Systems, vol. 41, no. 8, 2017. Available: 10.1007/s10916-017-0778-4.

. E. Mehraeen, H. Ayatollahi and M. Ahmadi, "Health Information Security in Hospitals: the Application of Security Safeguards", Acta Informatica Medica, vol. 24, no. 1, p. 47, 2016. Available: 10.5455/aim.2016.24.47-50.

. E. Söderström, R. Åhlfeldt and N. Eriksson, "Standards for information security and processes in healthcare", Journal of Systems and Information Technology, vol. 11, no. 3, pp. 295-308, 2009. Available: 10.1108/13287260910983650.

. H.Ayatollahi and G. Shagerdi, "Information Security Risk Assessment in Hospitals", The Open Medical Informatics Journal, vol. 11, no. 1, pp. 37-43, 2017. Available: 10.2174/1874431101711010037.

. J. Winterton, "Review: Business Research Methods ALAN BRYMAN and EMMA BELL. Oxford: Oxford University Press, 2007. xxxii + 786 pp. £34.99 (pbk). ISBN 9780199284986", Management Learning, vol. 39, no. 5, pp. 628-632, 2008. Available: 10.1177/13505076080390050804.

. J. Zarei and F. Sadoughi, "Information security risk management for computerized health information systems in hospitals: a case study of Iran", Risk Management and Healthcare Policy, p. 75, 2016. Available: 10.2147/rmhp.s99908.

. J.Fernández-Alemán, I. Señor, P. Lozoya and A. Toval, "Security and privacy in electronic health records: A systematic literature review", Journal of Biomedical Informatics, vol. 46, no. 3, pp. 541-562, 2013. Available: 10.1016/j.jbi.2012.12.003.

. J.Kwon and M. Johnson, "Security practices and regulatory compliance in the healthcare industry", Journal of the American Medical Informatics Association, vol. 20, no. 1, pp. 44-51, 2012. Available: 10.1136/amiajnl-2012-000906. .

. M. Samadbeik, Z. Gorzin, M. Khoshkam and M. Roudbari, "Managing the Security of Nursing Data in the Electronic Health Record", Acta Informatica Medica, vol. 23, no. 1, p. 39, 2015. Available: 10.5455/aim.2015.23.39-43.

. M.Bakhshi, H. Monem, O. Barati, R. Sharifian and M. Nematollahi, "Structural investigation of websites of selected educational hospitals of Shiraz University of Medical Sciences from Patient Relationship Management (PRM) perspective", Electronic Physician, vol. 9, no. 7, pp. 4786-4790, 2017. Available: 10.19082/4786.

. N. Muinga et al., "Implementing an Open Source Electronic Health Record System in Kenyan Health Care Facilities: Case Study", JMIR Medical Informatics, vol. 6, no. 2, p. e22, 2018. Available: 10.2196/medinform.8403.

. Reaching for the Cloud(s): Privacy Issues related to Cloud Computing - March 2010 - Office of the Privacy Commissioner of Canada", Priv.gc.ca, 2021. [Online]. Available: https://priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2010/cc_201003/. [Accessed: 09- Nov- 2021].

. S.Chukkapalli et al., "Ontologies and Artificial Intelligence Systems for the Cooperative Smart Farming Ecosystem", IEEE Access, vol. 8, pp. 164045-164064, 2020. Available: 10.1109/access.2020.3022763.

. Strategic information systems: concepts, methodologies, tools, and applications", Choice Reviews Online, vol. 47, no. 08, pp. 47-4186-47-4186, 2010. Available: 10.5860/choice.47-4186.

. Who.int,2021.[Online].Available:https://www.who.int/healthinfo/systems/WHO_MBHSS_2010_section1_web.pdf. [Accessed:09- Nov- 2021].

. Y. Alotaibi and F. Federico, "The impact of health information technology on patient safety", Saudi Medical Journal, vol. 38, no. 12, pp. 1173-1180, 2017. Available: 10.15537/smj.2017.12.20631.

. Y.Al-Issa, M. Ottom and A. Tamrawi, "eHealth Cloud Security Challenges: A Survey", Journal of Healthcare Engineering, vol. 2019, pp. 1-15, 2019. Available: 10.1155/2019/7516035.

. A.Appari and M. Johnson, "Information security and privacy in healthcare: current state of research", International Journal of Internet and Enterprise Management, vol. 6, no. 4, p. 279, 2010. Available: 10.1504/ijiem.2010.035624.

. C.Kruse, B. Smith, H. Vanderlinden and A. Nealand, "Security Techniques for the Electronic Health Records", Journal of Medical Systems, vol. 41, no. 8, 2017. Available: 10.1007/s10916-017-0778-4.

. E. Mehraeen, H. Ayatollahi and M. Ahmadi, "Health Information Security in Hospitals: the Application of Security Safeguards", Acta Informatica Medica, vol. 24, no. 1, p. 47, 2016. Available: 10.5455/aim.2016.24.47-50.

. E. Söderström, R. Åhlfeldt and N. Eriksson, "Standards for information security and processes in healthcare", Journal of Systems and Information Technology, vol. 11, no. 3, pp. 295-308, 2009. Available: 10.1108/13287260910983650.

. H.Ayatollahi and G. Shagerdi, "Information Security Risk Assessment in Hospitals", The Open Medical Informatics Journal, vol. 11, no. 1, pp. 37-43, 2017. Available: 10.2174/1874431101711010037.

. J. Winterton, "Review: Business Research Methods ALAN BRYMAN and EMMA BELL. Oxford: Oxford University Press, 2007. xxxii + 786 pp. £34.99 (pbk). ISBN 9780199284986", Management Learning, vol. 39, no. 5, pp. 628-632, 2008. Available: 10.1177/13505076080390050804.

. J. Zarei and F. Sadoughi, "Information security risk management for computerized health information systems in hospitals: a case study of Iran", Risk Management and Healthcare Policy, p. 75, 2016. Available: 10.2147/rmhp.s99908.

. J.Fernández-Alemán, I. Señor, P. Lozoya and A. Toval, "Security and privacy in electronic health records: A systematic literature review", Journal of Biomedical Informatics, vol. 46, no. 3, pp. 541-562, 2013. Available: 10.1016/j.jbi.2012.12.003.

. J.Kwon and M. Johnson, "Security practices and regulatory compliance in the healthcare industry", Journal of the American Medical Informatics Association, vol. 20, no. 1, pp. 44-51, 2012. Available: 10.1136/amiajnl-2012-000906. .

. M. Samadbeik, Z. Gorzin, M. Khoshkam and M. Roudbari, "Managing the Security of Nursing Data in the Electronic Health Record", Acta Informatica Medica, vol. 23, no. 1, p. 39, 2015. Available: 10.5455/aim.2015.23.39-43.

. M.Bakhshi, H. Monem, O. Barati, R. Sharifian and M. Nematollahi, "Structural investigation of websites of selected educational hospitals of Shiraz University of Medical Sciences from Patient Relationship Management (PRM) perspective", Electronic Physician, vol. 9, no. 7, pp. 4786-4790, 2017. Available: 10.19082/4786.

. N. Muinga et al., "Implementing an Open Source Electronic Health Record System in Kenyan Health Care Facilities: Case Study", JMIR Medical Informatics, vol. 6, no. 2, p. e22, 2018. Available: 10.2196/medinform.8403.

. Reaching for the Cloud(s): Privacy Issues related to Cloud Computing - March 2010 - Office of the Privacy Commissioner of Canada", Priv.gc.ca, 2021. [Online]. Available: https://priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2010/cc_201003/. [Accessed: 09- Nov- 2021].

. S.Chukkapalli et al., "Ontologies and Artificial Intelligence Systems for the Cooperative Smart Farming Ecosystem", IEEE Access, vol. 8, pp. 164045-164064, 2020. Available: 10.1109/access.2020.3022763.

. Strategic information systems: concepts, methodologies, tools, and applications", Choice Reviews Online, vol. 47, no. 08, pp. 47-4186-47-4186, 2010. Available: 10.5860/choice.47-4186.

. Who.int,2021.[Online].Available:https://www.who.int/healthinfo/systems/WHO_MBHSS_2010_section1_web.pdf. [Accessed:09- Nov- 2021].

. Y. Alotaibi and F. Federico, "The impact of health information technology on patient safety", Saudi Medical Journal, vol. 38, no. 12, pp. 1173-1180, 2017. Available: 10.15537/smj.2017.12.20631.

. Y.Al-Issa, M. Ottom and A. Tamrawi, "eHealth Cloud Security Challenges: A Survey", Journal of Healthcare Engineering, vol. 2019, pp. 1-15, 2019. Available: 10.1155/2019/7516035.

Published
2021-11-18
How to Cite
Kemboi, L., & Ronoh, L. (2021). Security Control Model for Electronic Health Records. International Journal of Applied Sciences: Current and Future Research Trends , 12(1), 43-52. Retrieved from https://ijascfrtjournal.isrra.org/index.php/Applied_Sciences_Journal/article/view/1166
Section
Articles