Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

Agnes Gawlik, Lennart Köster, Hiva Mahmoodi, Marcel Winandy

Amsterdam Privacy Conference (APC 2012), Workshop on Engineering EHR Solutions (WEES), 2012, Available at SSRN:


Electronic Health Records (EHR) are becoming a growing trend in the healthcare industry. Especially when applied across healthcare organizations, EHRs provide benefits such as financial incentives and a more complete view of a patient's history. However, they also face security issues regarding the confidentiality and privacy of the patients' data, especially when the EHRs are stored at third-party providers or in the cloud. In general, confidentiality can be ensured by using cryptographic mechanisms or access control. Unfortunately, both techniques diminish the usability of the EHR if they are applied straightforwardly. Privacy and confidentiality have to be ensured in a way that does not restrict usability as it reduces the benefits of the EHR. This paper presents experiences from a requirements analysis we made during ongoing projects. We summarize the requirements for integrating end-to-end confidentiality into large-scale EHR systems in a usable fashion. In particular, we show (i) which data granularity is useful to be encrypted without interfering with access control, (ii) requirements for an authorization mechanism to access encrypted data, (iii) a privacy classification of typical metadata in EHRs, and (iv) interoperability issues that must be solved to allow for secure and usable EHR implementations.

[online] [PDF]

tags: E-Health, Requirements, security