Table 1.
Requirements for maintaining the security and privacy of an electronic health record.
| Requirements | Description |
| Authorized access | In order to deploy an authorized-control system, it is essential to deploy an identification system for both patients and health care providers. This identification must be portable between the different entities that have access to the patients’ data. This system might be achieved by the ID identifier of each patient. Regarding the authentication, a centralized system based on a public key is viable. A RBAC (Role-Based Access Control) should be deployed in order to allow authorized personnel access to specific data based on their role. |
| Confidentiality | To guarantee the confidentiality of the communication process, encryption algorithms are used. However, the confidentiality problem in a distributed system arises because it is not possible for the information transmitter system to verify that confidentiality has not been exposed on the receiving end. |
| Patient’s consent | According to the legislation, patients must allow or deny access to their clinical information, except in emergency situations. This consent could be implicit or explicit. Another fact to consider is the need to get access to the EHR-hosted entity from another external one. This process should have the consent of the patient, but in case of emergency, a security mechanism must be provided to avoid this restriction without the patient’s consent. |
| Relevance | All the medical personnel who take part in the diagnostic and treatment process have access to the EHR. Administrative personnel will be able to access the clinical information if their function is relevant to the medical process. Therefore, only the relevant personnel will get access to the patient information. To guarantee that only this level of personnel has been able to access the data, an access control system must be deployed. Given the difficulty of establishing information relevance, it is preferable to have a default permission access and, if necessary, study possible abuses. |
| Information ownership | The ownership of the EHR is not clearly established. The medical personnel are responsible for this information. However, the patients themselves have the right to access their clinical information. |
| Information consistency | In an interoperability outline, a correction notification mechanism must be created in order to show changes to the information. This system must allow access to the previous versions of the EHRs, if necessary. |
| Audits | An audit register should include all accesses to the information and all the changes that have taken place to the EHRs. This system allows the monitoring of access and is a powerful tool to guarantee a secure system. This audit system should fulfill the interoperability requirements. |
| Archiving | Medical records should be archived for a set period of time, according to the legislation of the respective country. After this period of time, the medical data may be deleted. However, this is not recommended when it comes to EHR management and practice, where the aim is to keep the complete medical information about the patient for his or her lifetime. However, from a logistical standpoint, this would have massive long-term storage requirements. |