Imd262 Individual Assignment

Universiti Teknologi MARA Sarawak
School of Information Science,

College of Computing, Informatics, and Mathematics
Diploma in Information Management

(CDIM110)
Introduction to Electronic Recordkeeping

(IMD262)
Summary of the Article:

Security and Privacy of Electronic Health Records: Concerns and Challenges &
Privacy in Electronic Health Records: A Systematic Mapping Study
Prepared by:
Jesswyna Anessa anak Joannes Wat
(2022856984)
Group:
CDIM1104D
Prepared for:
Ms. Suhaida Binti Halamy
Submission Date: April 2024

Summary of the Article:
Security and Privacy of Electronic Health Records: Concerns and Challenges
&
Privacy in Electronic Health Records: A Systematic Mapping Study
Prepared By
(2022856984)

College of Computing, Informatics, and Mathematics
Universiti Teknologi MARA Sarawak
Samarahan Campus
April 2024
IMD262 INDIVIDUAL ASSIGNMENT REPORT RUBRIC
Marks (M)
Marks Poor Unsatisfactory Satisfactory Good Excellent Mark Given Weighted Marks
Criteria
Allocated 1 2 3 4 5 (Rank From 1 - 5) Obtained
Includes essential information Covers topic completely and

Fails to includes essential with most sources properly in depth. Includes properly
Discuss little essential Discuss some essential information
Abstract 10% information and even one cited. Includes enough cited sources and complete 0
information and one or two facts with few citations and few facts
or two facts elaboration to give readers information. Encourages
an understanding of the topic readers to know more
The content was not The content was minimally The content was generally relevant The content was relevant to The content was very relevant
Introduction 15% 0
relevant to the given task relevant to the given task to the given task the given task to the given task
Student does not Student demonstrates

Student demonstrates some Student demonstrates moderate Student demonstrates sound
Objectives 20% demonstrates the subject sufficient level of the subject 0
grasp of the subject knowledge level of the subject knowledge subject knowledge
knowledge knowledge
Not able to discuss the Minimal ability to discuss the Some ability to discuss the given Able to discuss the given Able to discuss with good
Discussion 35% 0
given task given task task task illustration
Ideas are consistently

Ideas are maintained, but
Ideas are inconsistent or Ideas are maintained are maintained but argument
argument acknowledges and
Conclusion 10% Poor clarification of ideas indiscernible, alternative maintained, but alternative definitively acknowledges and 0
addresses differing or
viewpoints unacknowledged viewpoints unacknowledged addresses differing or
alternative viewpoints
alternative viewpoints
Provides reference &

Does not provide Provides references & appendix Provides reference & appendix but Provides complete references
Bibliography/References & Appendix 10% appendix but not enough / 0
references & appendix but does not cited wrongly cited & appendix
wrongly cited
Overall Assessment 100% 0
Allocated from overall assessment 20% 0

ACKNOWLEDGEMENTS
First of all, I am deeply grateful to my lecturer, Ms. Suhaida Binti Halamy, for her unwavering
guidance and support throughout this assignment. Her inspiration and assistance were
instrumental in achieving a successful outcome, and for that, I extend my sincere thanks to
her. Additionally, I wish to express my heartfelt appreciation to my parents, Mr. Joannes Wat
and Mrs. Nantai, for their constant encouragement and support during challenging times. I am
truly grateful for the sacrifices they have made for me. Moreover, I cannot overlook the
invaluable support of my sister, Jesslyn Alessa Anak Joannes Wat, who has been a consistent
source of support and care throughout my academic journey. Her presence has been a pillar
of strength for me. Lastly, I want to extend my warmest thanks to my friends who generously
shared their time and provided invaluable information to assist me in this endeavor. Your
collective support has been indispensable and deeply appreciated.
(2022856984)
College of Computing, Informatics and Mathematics,
Diploma in Information Management,
UiTM Sarawak, Samarahan Campus.
i
TABLE OF CONTENTS
No Contents Page Number

1. Abstract ………………………………………………...….1
2. Introduction …………………………………………………….2
3. Objectives ………………………………………………….….3
4. Discussions …………………………………………………….4
5. Conclusions ………………………………………………….….5
6. References ………………………………………………….….6
7. Appendix ………………………………………………….….7
ii
ABSTRACT
Understanding how Electronic Health Records (EHRs) work is crucial for keeping patient
information safe and secure. In "Security and Privacy of Electronic Health Records: Concerns
and Challenges" by Ismail Keshta and Ammar Odeh talks about the need to protect patient
data in EHRs. Meanwhile, "Privacy in Electronic Health Records: A Systematic Mapping
Study" by Rodrigo Tertulino Nuno Antunes, and Higor Morais explores new ideas like
blockchain to make EHRs more private. Both articles show we need to find a balance between
keeping information private and making it easy for doctors or medical professionals to use.
They remind us to follow the rules and think about ethics when handling patient data. Together,
these insights offer valuable guidance for improving EHR privacy and security practices.
Keyword: Electronic health record (EHR) , Health , Privacy , Security, Confidentiality
1
INTRODUCTION
After digging into "Security and Privacy of Electronic Health Records: Concerns and
Challenges" by Ismail Keshta and Ammar Odeh, I realized how crucial it is to keep patient info
safe in Electronic Health Records (EHRs). They talk about the need for strong security and
following the rules to protect patient privacy. Moving on, electronic health records faces some
challenges like getting enough funding, grappling with complex technology, and dealing with
organizational issues and resistance. Privacy concerns come up when we switch from paper
to digital, especially with potential security threats lurking. While electronic records offer
benefits in terms of accessibility and efficiency, they also raise questions about the security of
sensitive patient information. With the increasing majority of cyber threats, safeguarding
patient data from unauthorized access and breaches is a top priority.
Also, "Privacy in Electronic Health Records: A Systematic Mapping Study" by Rodrigo

Tertulino, Nuno Antunes, and Higor Morais looks into different ways to make EHRs more
private. Over the past few decades, we've seen remarkable advancements in Information and
Communication Technology (ICT) within healthcare. They suggest using cool new technology
like blockchain. Blockchain is basically a digital ledger that records transactions securely and
transparently. What makes it unique is that once information is recorded in a block, it's
extremely difficult to change. This makes it ideal for storing sensitive data, like health records,
because it ensures that the information remains safe and trustworthy. However, there are
privacy issues associated with the rapid growth of medical information, particularly about EHR
systems. Although there are many advantages to electronic records, such as lower costs and
easier access to records, there are also genuine concerns regarding patient privacy and data
security. Patients may naturally be hesitant to share their health information due to these
worries, which could have negative consequences.
From these two articles, it's clear that there's a significant shift towards digitizing healthcare
records, with a focus on Electronic Health Records (EHRs). In short, advances in technology
have transformed healthcare, allowing for easier access to information and improved quality
of care. However, the transition from paper records to Electronic Health Records (EHRs) has
raised concerns about privacy and security. Overall, these articles highlight the importance of
finding a balance between the advantages of transforming medical records and the need to
preserve patient privacy. In order to ensure that the benefits of electronic records can be
achieved without sacrificing privacy, healthcare organizations must prioritize trust among
patients and put strong security measures in place.
2
OBJECTIVES
The objectives of "Security and Privacy of Electronic Health Records: Concerns and
Challenges" by Ismail Keshta and Ammar Odeh appear focused on investigating the
vulnerabilities within Electronic Health Records (EHRs) systems and identifying solutions to
enhance their security and privacy. With the shift towards storing and sharing health records
electronically, there's a growing need to ensure that the data remains protected from cyber
threats and unauthorized access. They want to understand the risks involved in this digital
storage and transmission process, and how we can effectively safeguard our records. This
involves looking into the potential consequences of breaches and unauthorized access to our
personal medical history. In another perspective, the objective is to not only identify these
concerns and challenges but also to propose strategies and recommendations for enhancing
the security and privacy of EHR systems. It's about ensuring that our health information
remains safe and confidential, even in the digital age.
Meanwhile, in "Privacy in Electronic Health Records: A Systematic Mapping Study" by Rodrigo

Tertulino and his team, the main goal seems to be diving deep into how they keep Electronic
Health Records (EHRs) private. In today's digital age, where everything seems to be stored
and shared electronically, it's crucial to understand the privacy implications, especially when
it comes to sensitive information like our health records. So, what this study aims to do is to
take a comprehensive look at the landscape of privacy issues surrounding EHRs. This
involves categorizing and assessing many aspects of privacy concerns, like who can access
our health information, how to prevent illegal access, and what procedures are in place for
patient consent. And why is this important? Consequently, by getting a deeper understanding
of the privacy environment in EHRs, we can better guide future research and regulations
meant to ease these worries. It's about bringing focus on the areas that require improvement
and figuring out how to strengthen safeguards for privacy in electronic health record systems.
So, both of these articles dive deep into the issues surrounding Electronic Health Records
(EHRs) security and privacy, which is something I've been curious about. If I had to choose
the goals of these two articles are very similar since they both concentrate on exploring patient
medical record security and privacy in great detail. In short, the articles' main goal is to
thoroughly examine the risks associated with sharing and keeping medical records digitally,
with a special focus on protecting patient privacy and guaranteeing strong data security. Even
though the two articles use different approaches such as one uses systematic mapping, while
the other focuses on particular issues, they are nevertheless united in their dedication to fully
addressing the crucial security and privacy problems related to EHR systems.
3
DISCUSSIONS
In discussing "Security and Privacy of Electronic Health Records: Concerns and Challenges,"
it's clear that many folks, including myself, are worried about the safety of our health data.
Surveys show that a lot of people feel uncertain about how secure their information really is,
especially when it's being sent over the internet. Even though we have encryption and other
security measures, there are still gaps, especially when it comes to trust and privacy. Some
parts of our health records might be okay to share, but others we want to keep private, like
issues that affect our families. The more I learn about the complexities of protecting electronic
health records (EHRs) from the article, the more I realize how diverse security solutions are
because they exist in the administrative, technical, and physical sectors. Every topic is
essential to enhancing the safety of patient health records. From this article, it also highlighted
Radio Frequency Identification (RFID) techniques and technologies like Firefox and firewalls
are instrumental in safeguarding networks. In summary, strengthening EHR security and
protecting patient confidentiality requires a combination of technological innovations,
administrative, physical, and technical security measures, as well as regulatory compliance.
Moving on to the second article, So, this article dives into how electronic health records (EHRs)
are handled when it comes to privacy laws. It talks about how big organizations like the
Organisation for Economic Co-operation and Development (OECD) and the United Nations
General Assembly (UNGA) see privacy as super important for sharing personal info freely.
But, in today's digital world, what "privacy" means can vary a lot depending on where you are.
One big issue is figuring out who really owns the data which is it the patient or the hospital?
And how much say should patients have in how their info gets used? Plus, we've got to make
sure this data stays safe from people who shouldn't have it. Laws like The Health Insurance
Portability and Accountability Act (HIPAA) in the US protect health data, the General Data
Protection Regulation (GDPR) in the EU, and the General Personal Data Protection Law
(LGPD) in Brazil enhance data protection standards. This is to try to keep our health info safe,
but it's not always easy to understand all the rules especially for ordinary people.
When discussing both articles, it's clear that both articles point out the vital need for securing
electronic health records (EHRs) in today's life. The first article focuses on the issues of EHR
security, highlighting the significance of safeguards like RFID and firewalls. The following
article dives into the privacy laws governing EHRs, focusing on global efforts to protect patient
data. Both pieces highlight how crucial it is to strike a balance between regulatory compliance
and technology improvements to protect the privacy and security of health information.
4
CONCLUSION
In conclusion, it's clear that maintaining privacy and security in electronic health records is
crucial. Reflecting on the first article, from what I've read, it's clear that keeping our health
records safe is super important in electronic systems. While these systems make sharing
medical info easier, they also bring up worries about privacy. Different rules and standards try
to handle this, but they need to work together better. The articles suggest using strong
encryption and access controls like passwords to make sure only the right people can see our
records. It's a team effort, involving folks from different fields like tech and healthcare, to
manage these records well.
Moving forward, this article examined the privacy concerns that many people, including
myself, have about electronic health records (EHRs). Blockchain-based solutions have
potential, but there are drawbacks as well, particularly about traceability and the "right to be
forgotten." It is reassuring to note that the research revealed an increasing interest in privacy
within EHR studies. Nonetheless, several articles leave gaps in protection because they don't
address every legal necessity. The security and privacy of EHR systems might be greatly
improved by establishing clear regulations and certification procedures, giving patients and
healthcare professionals alike peace of mind.
Looking ahead, I hope to see continued advancements in technology and regulations that
prioritize data privacy while still enabling efficient healthcare delivery. Remembering what
we've learned about electronic records, like how they need to be kept confidential, intact, and
accessible, it's obvious we've got to keep working on this. Following rules like HIPAA, GDPR,
and LGPD, and beefing up security measures, will help build trust with patients and make sure
their data stays safe. By doing so, this will lead to better healthcare and stronger relationships
between patients and their healthcare peeps, making the whole system work better for
everyone.
5
REFERENCES
Ismail Keshta, & Odeh, A. (2020, August). Security and privacy of electronic health records:
Concerns and challenges. ResearchGate; Elsevier BV.
https://www.researchgate.net/publication/343422940_Security_and_privacy_of_electr
onic_health_records_Concerns_and_challenges
Tertulino, R., Antunes, N., & Morais, H. (2023, January 23). Privacy in electronic health
records: a systematic mapping study. ResearchGate; Springer Nature.
https://www.researchgate.net/publication/367358793_Privacy_in_electronic_health_re
cords_a_systematic_mapping_study
6
APPENDIX
7
See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/343422940
Security and privacy of electronic health records: Concerns and challenges
Article in Egyptian Informatics Journal · August 2020

DOI: 10.1016/j.eij.2020.07.003
CITATIONS READS
239 4,477
2 authors:
Ismail Keshta Ammar Odeh

AlMaarefa College for Science and Technology Princess Sumaya University for Technology
60 PUBLICATIONS 793 CITATIONS 83 PUBLICATIONS 923 CITATIONS
SEE PROFILE SEE PROFILE
All content following this page was uploaded by Ammar Odeh on 10 October 2020.
The user has requested enhancement of the downloaded file.

Egyptian Informatics Journal xxx (xxxx) xxx
Contents lists available at ScienceDirect
Egyptian Informatics Journal

journal homepage: www.sciencedirect.com
Review
Security and privacy of electronic health records: Concerns and

challenges
Ismail Keshta a,⇑, Ammar Odeh b
a
Computer Science and Information Systems Department, College of Applied Sciences, AlMaarefa University, Riyadh, Saudi Arabia
b
Computer Science Department, Princess Sumaya University for Technology, Amman, Jordan
a r t i c l e i n f o a b s t r a c t
Article history: Electronic Medical Records (EMRs) can provide many benefits to physicians, patients and healthcare ser-
Received 8 August 2019 vices if they are adopted by healthcare organizations. But concerns about privacy and security that relate
Revised 9 July 2020 to patient information can cause there to be relatively low EMR adoption by a number of health institu-
Accepted 24 July 2020
tions. Safeguarding a huge quantity of health data that is sensitive at separate locations in different forms
Available online xxxx
is one of the big challenges of EMR. A review is presented in this paper to identify the health organiza-
tions’ privacy and security concerns and to examine solutions that could address the various concerns
Keywords:
that have been identified. It shows the IT security incidents that have taken place in healthcare settings.
Electronic health records
Privacy
The review will enable researchers to understand these security and privacy concerns and solutions that
Confidentiality are available.
Security Ó 2020 Production and hosting by Elsevier B.V. on behalf of Faculty of Computers and Information, Cairo
University. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/
licenses/by-nc-nd/4.0/).
Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
2. Concerns on privacy and security of electronic health records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
3. Security and privacy features of current EHR systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
4. Information technology security incidents in health care settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
5. Conclusion and future work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
Declaration of Competing Interest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1. Introduction
An electronic health record is defined as an electronic version of

a medical history of the patient as kept by the health care provider
⇑ Corresponding author at: Computer Science and Information Systems Depart-
for some time period and it is inclusive of all the vital administra-
ment, AlMaarefa University, Riyadh, Saudi Arabia.
tive clinical data that are in line to the care given to an individual
E-mail addresses: imohamed@mcst.edu.sa (I. Keshta), a.odeh@psut.edu.jo (A.
Odeh). by a particular provider such as demographics, progress reports,
Peer review under responsibility of Faculty of Computers and Information, Cairo problems, medications, important signs, medical history, immu-
University. nization reports, laboratory data and radiology reports [15]. Use
of paper as a means of recording health data in most healthcare
facilities and organizations has led to an extensive paper trail
and most organizations have developed interests in shifting from
Production and hosting by Elsevier paper-based health records to electronic health records. Carey
https://doi.org/10.1016/j.eij.2020.07.003
1110-8665/Ó 2020 Production and hosting by Elsevier B.V. on behalf of Faculty of Computers and Information, Cairo University.
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
Please cite this article as: I. Keshta and A. Odeh, Security and privacy of electronic health records: Concerns and challenges, Egyptian Informatics Journal,
2 I. Keshta, A. Odeh / Egyptian Informatics Journal xxx (xxxx) xxx
et al. [14] explains that integrated health records are much effec- for a very long time, the health statistics has mainly been paper-
tive and have more benefits such as lowering costs, improving based records. However, there have been tremendous changes in
health care quality, promoting evidence-based medicine usage the last three decades with the increasing application of health
and helping in record keeping and ensures mobility of the records. information technology.
To remain effective, electronic health record system must satisfy Literature has talked about security issues that come from
some requirements such as achieving complete data, resilience to trends in information and technology for instance keeping health
failure, be highly available and be consistent to security policies records on distant serves operated by third-party cloud service
[4]. However, there are a number of factors that have hindered providers [1,23]. Health Information Technology refers to all the
the application of electronic health records. They include funding information technology systems used in storing, accessing, pro-
technology, some aspects of the organization and attitude. cessing, sharing and transmitting health information or support
A good number of governments have shown interest in using health care delivery and healthcare system management. The
integrated electronic health records due to the expected benefits; information that the Health Information Technology contains are
for instance the government of USA in 2004 made a decision that very sensitive and the information includes data related to
most Americans were to be connected to an electronic health patient’s tests, diagnoses, treatment together with information
records system by the year 2014 [31]. Later on, the American on the patients’ medical history [16,28,29]. It is therefore very
Recovery and Reinvestment Act of 2009 included setting aside a important that these information is secured so that it is not manip-
total of $19000 million to be used in digitalizing health care ulated enabling patients to continue sharing information pertain-
records in the United States [12]. Likewise the European Union ing to their health and work considering the moral and legal
countries had planned to ensure that they had a common health responsibilities. However, ensuring that the health records are
system by the year 2015 according to the High Level eHealth con- secure is negatively affected by the dynamic nature of the Health
ference that was held in 2010. The objective of the European Union Information Technology environment [57].
countries to perform sharing of patients electronic health records The common issues that needs to be addressed in electronic
data in realizing quality and efficient health services [12]. How- medical record system are privacy, security and confidentiality
ever, very little has been done in developing policies to address [2]. Although security and privacy are strongly related, they are
the privacy concerns that were raised by shifting from the use of in real sense different. Privacy refers to the right that someone
paper in storing health records to an electronic health record that has to determine for themselves when, how and the level at which
could also be integrated [55]. Moreover, the growth on Information accessing personal information is transferred or shared by others
and Communication Technologies has resulted into a scenario while on the other hand, security is defined as the level at which
whereby the health data of patients are affecting the security and accessing someone’s personal information is restricted and
privacy threats. Presently, there are a lot of concerns regarding pri- allowed for those authorized only [26,57]. Transferring or sharing
vacy and security of protected health data and these concerns are sensitive health data when not authority can lead to data breach.
the biggest barriers in implementing electronic health records; and Privacy can as well be breached in many situations through unpre-
hence the need for health organizations to find out strategies that ventable systemic identification that occurs in the entire electronic
can help them secure electronic health records [46]. health infrastructure and by central technologies and parties that
Electronic Health Records are also referred to as electronic med- look at the actions of healthcare workers and patients [57]. How-
ical record (EMR) and their use is gaining popularity under the ever, in some cases the government, employers, pharmaceutical
topic of e-health [1]. Electronic medical records contains patients’ companies, researchers and laboratories could have valid reasons
health-related data and is classified as a major factor in the appli- to access the health records of patients so that to get some data
cation of e-health. Electronic medical record is made up of legal and in the process, the health care provider could abuse the health
records that are composed at the hospital environments. These records access either accidentally or intentionally [17].
data are then used as the main source of data for electronic health Dehling and Sunyaev [21] also suggested that the three basic
record [1]. Even though hospitals use electronic medical records information technology security requirements are confidentiality,
system in their day to day services, the experience of the health- integrity and availability. Confidentiality can be defined as restrict-
care professionals makes them not fully trust the system. Albahri ing information to persons that are not authorized to access data
[3] explains that the terminology e-health featured in the early during either storage, transmitting or when they are being treated.
21st century and it involves utilizing modern methods of informa- Confidentiality can be achieved through technological means such
tion and communication to convey medical services in the health as data encryption or through controlling accessing the systems.
care sector. Effectively managing an Electronic-health requires Confidentiality is also achieved through working on moral disposi-
multidisciplinary team including telecommunication, instrumen- tions such as professional silence [13]. However, it was realized by
tation, computer science to enable exchange of medical data across [21] that although encryption is mostly used for health data that
wider geographic regions [39]. The use of e-health enables the are sent across exposed networks, it is less applied to data that is
users to have a wider thinking and allows health care providers stored in mobile devices and other storage media [21]. The need
to network effectively [35]. Improving the healthcare has benefits for confidentiality is a response to privacy concerns that are also
such as improving the efficiency of healthcare operations and very important in the health care sector due to the very sensitive
improves the quality of health care services offered to patients. data regarding patients and clients that they carry. Dehling and
‘Electronic medical record’ and ‘electronic health record’ are Sunyaev [21] mentioned that confidentiality ensures that the infor-
separate terms that contains patients’ health related information mation remains protected from unauthorized deletion or modifica-
and is the basis of e-health application [49]. These records are so tion and undesired modification by authorized users. On the other
useful to all health professionals [49]. Electronic health records hand, availability ensures that a system can be accessed and is fully
allows the medical information shared amongst stakeholders very operating at any moment that an authorized person is in need of
easily and the patient information be accessed and updated as a using them. Availability means a number of aspects from scalabil-
patient undergoes treatment. Alsalem et al. [5] explains that health ity to resilience and to recoverability of data in case the data is lost
information technology can greatly improve the efficiency, patient for any reason [21].
safety and healthcare outcomes while reducing the cost. EHRs Physicians are normally very concerned that an unauthorized
could benefits such as saving cost by digitizing the data system person could access the information of patients that are stored in
and having a central place for providing medical data [5]. However, the electronic medical records system and misuse the information
I. Keshta, A. Odeh / Egyptian Informatics Journal xxx (xxxx) xxx 3
hence leading to a legal complications following a breach in the the published scholarly literature are highlighted and analysed,
confidentiality of the patients’ records [49]. Wikina [62] suggested they could subsequently be applied as proxy for what might be
that physicians are very keen on the security and confidentiality the real EHR privacy and security proposals. This research could
concerns more than the patients themselves. The majority of doc- as well provide useful information for the stakeholders in the
tors who use electronic medical records prefer paper records more healthcare system as well as other agencies on the need to imple-
than electronic medical records because they believe that paper ment, select, develop and use some specific Electronic Health
records are much more secure and confidential. This is an indica- Records that enhance privacy and security of the patients involved.
tion that the issue of privacy and security on EMR is taken very The present paper is equally purposed for custodians who have the
seriously. If the patients are not assured privacy, they could decide responsibility of overseeing the security and privacy of information
to withhold the information to prevent inappropriate use [34]. systems within the healthcare sector. The paper can also be used
Many countries are therefore in the process of reforming their by other scholars as a reference point on how security and privacy
health care services through application of Information Technology of the patients can be enhanced in the electronic health record
[42]. The use of IT has helped individuals improve their care expe- systems.
rience, improve health of population, and reduces health care cost The rest of the paper will be organized as follows. Section 2
[56]. The present developments in Information Technology has highlights concerns on privacy and security of electronic health
resulted to a digitalized health records and therefore creating a records. Section 3 presents security and privacy features of current
new or improved ways to successfully do collection, processing, EHR Systems. Section 4 illustrates information technology security
storing, consulting, and sharing of health information. Digitized incidents in health care settings. Then, finally, Section 5 will dis-
health information are more portable and can be shared among cuss both the paper’s conclusion and any future research
health care organizations, are much more available to the public directions.
health administrators conducting health surveys making policies
and is also available to patients. So far, most literature have sug-
gested positive effects of a digitalized system on healthcare out- 2. Concerns on privacy and security of electronic health records
comes [42]. However, these digitalized health information expose
health records to security breaches related to information technol- Many surveys have reported many concerns regarding the pri-
ogy [43]. Potential users of health Information Technology are vacy of health information. Win [63] suggested that close to two
much concerned with the information technology related security thirds of clients paid attention to privacy of their personal health
and privacy which negatively affects the trust of electronic health records and only 39% of the respondents felt that their health data
records [43]. This reduction in trust from health care professionals were safe and secure. In some cases, the respondents the respon-
and patients may not fully welcome the use of electronic health dents neither worried about the security of their data nor had faith
records and therefore threatening information technology impor- that their data would be safe [45]. Perera et al. [52] carried out a
tance [43]. This can later lead to ineffective healthcare delivery study in which half the respondents explained that they were wor-
[41] as well as ineffective public health monitoring or health ried about the security of their data because it had to travel
research [59]. through the internet. Close to half of the research participants in
It has been suggested by Liu, Musen & Chou [47] that it is a study conducted by Ancker et al. [7] believed that exchanging
important that the methods of providing cyber-security that are their health information could worsen their health information pri-
associated with electronic health record needs to be well under- vacy. Meanwhile, a number of studies that were aimed at investi-
stood prior to their implementation. The information that is stored gating individual concerns for information privacy realized that
within the EHR is very sensitive and therefore so many security they were essential in the realization of successful electronic
features were initiated by the Health Information Technology for health records technologies.
Economic and Clinical Health Act and the Health Insurance Porta- Privacy and security challenges of the internet of things start
bility and Accountability (HIPAA) Act [24]. HIPAA outlines three from the given characteristic of the internet of things networks,
pillars that it uses in ensuring that the protected health informa- which make them unique in their own ways. Such characteristics
tion remains secure by applying administrative safeguards, physi- are heterogeneity, uncontrolled environment, constrained
cal safeguards, and technical safeguards [36]. The three pillars are resources, and the greater need for scalability. Even the smallest
also called the healthcare security safeguard themes and they processor platforms presently have a very nice crypto engine and
range from techniques protecting computers’ location to the appli- sufficient program memory for implementing relevant security
cation of firewall software in protecting health information. functions. Lafky & Horan [45] proposes that security requirements
It is important to note here that EHR is being increasingly used for the Internet of Things systems, depending on their unique fea-
in a number of developing nations as it not only improves health- tures, and group the requirements into the following settings;
care quality but is cost-effective as well. Technologies such as this identity management, network security, resilience and trust, and
can create hazards, therefore, it is a real challenge to safeguard the lastly privacy. The authors in this case specifically consider numer-
safety of the information that exists in the system. Security ous architectures that have widely been proposed for the internet
breaches have recently raised concerns about this system. of things within the research community and make an analysis of
Although it is becoming ever more useful and there is growing whether several architectures tend to meet the required security
enthusiasm for its adoption, little attention has been given to the measures. The critical analysis demonstrates that several security
security and privacy issues that could arise as a result. Therefore, needs are seriously considered though none of all the architectures
the authors have undertaken in-depth analysis of all the relevant covers all of the security needs [45].
issues associated with privacy and security features of EHR system The most uncovered are the trust and privacy requirements. As
as reported in the public scholarly literature using a comparative long as there exist computers, there exist a perfectly accepted
framework developed from ISO 27799 standard. Literature has model for the information technology security based on the most
identified that EHR solutions acquired from various vendors usu- desired security features, usually abbreviated as CIA, confidential-
ally comes with an already set of security and privacy capabilities ity (such as trying to prevent any form of unauthorized access to
and the present question could only be answered by analysing the the relevant data), integrity (trying to make sure that the data
specific real solutions that are used as EHRs. Moreover, the authors given is not altered in any way), and lastly, availability (making
strongly believe that if the privacy and security proposals found in sure that data can be accessed any time it is needed) [45].
These three properties have been deeply described in a form of 3. Security and privacy features of current EHR systems
a triangle within which properties are placed at the vertices.
Through the decades, the model has been modified with several The three security-safeguard themes namely physical, technical
possible main properties, though the very main properties, CIA, and administrative have been applied in the analysis of a number
have remained over time. Something which is yet to be fully high- of research. These themes consist of a number of security strategies
lighted is the fact that such three properties cannot be achieved used by healthcare administrations to provide more security to the
fully in a simultaneous manner, as they are considered to be mutu- secured health information that is in the electronic health records.
ally exclusive. For example, provided with the same amount of The theme of administrative safeguard is the first safeguard that
resources, it is not possible to increase the overall availability, comprise of relevant techniques like performing audits, employing
without compromising the accuracy, confidentiality or even both. an officer in charge of information security, and coming up with
For the general information-processing computer systems, tradi- contingency plans [62]. This theme have got safeguards that
tional security has mainly focused on the overall confidentiality focuses on having a compliant security procedures and policies.
of the said property, though for a number of the systems which The other theme is physical safeguards which includes techniques
are embedded as well as the IoT, one can make an argument that listed in organizational safeguards and in addition, it focuses on
the other two aspects are the most crucial ones, or even much protecting the health information physically so that their software
more essential that it is within the office information system or hardware are not accessed by unauthorized persons or those
[38]. The other important observation is that the variance in the who could misuse them [62]. Breaching of physical safeguards is
approach I most of the cases seriously impact on cooperation among the major contributor of security ruptures ranked second
which is there between the standard IT systems and administrators overall [47]. Examples of techniques under physical safeguards
of the control system. include having assigned security roles [46].
Whetstone & Goldsmith [61] confirmed that the confidence of Technical safeguards are the third category of themes and they
an individual regarding the privacy and security of their medical carry out protection of the whole information system found in the
records had a positive influence on their morale to establish an network of a health organization [47]. This theme is very essential
electronic health record. Bansal et al. [11] confirmed that con- in ensuring the security of the organization because most breaches
cerns regarding privacy negatively impacted the intentions to to security happen via the electronic media through the use of
share their health information online. Another research that computers and other transferrable electronic devices [47]. This
was conducted by Anderson & Agarwal [8] established that there theme have got security techniques such as the use of firewalls
existed a negative effect of health information privacy concerns and encryption, virus checking and measures used in authenticat-
on how willing the individuals would cooperate in providing ing information[46]. However, it was concluded by Lemke [46] that
access to personal health information. On the other hand, Dinev firewalls and cryptography were the most applied security tech-
et al. [22] found out the existence of a poor relationship between niques. Other notable security techniques that are also used
concerns of people’s health information privacy and their atti- included antivirus software, chief information security officers
tude towards electronic health records. Angst & Agarwal [9] also and cloud computing though their implementation are dependent
had the same conclusion regarding the acceptance of electronic on the budget [27].
health records. A study conducted by Ermakova et al. [25] From the research by Liu et al. [47], it was realized that there
showed that concerns on health information privacy reduced are physical safeguard such as physical access control that are used
the willingness of patients to allow health care providers share to prevent theft such as the use of locks on computers together
their medical data while using cloud computing technique. The with technical safeguards to prevent electronic breaches through
existence of privacy concerns makes trust to become more vital use of firewalls and encryption. Amer [6] carried out a study on
than the discounts when choosing a healthcare except for the informatics through ethical application of genomic information
case of secondary use. Kuo et al. [44] carried out a study whose and electronic health records. He realized that encryption could
results confirmed that there were existing concerns regarding provide technical safeguard while administrative safeguards used
health information privacy on the information privacy- a security technique of de-identifying samples collected or the
protective responses (IPPR) such as refusal of patients to give research. Technical safeguards can also be implemented through
their personal information to health care providers, fabricating firewalls; encryption and decryption while administrative safe-
personal information of patients to medical facilities, requesting guard was tackled through implementing comprehensive educa-
for the removal of personal information of patients, negative tion and security plans and employing a Chief Information
utterances to their friends, complaints issued directly to the Security Officer [37]. Wikina [62] mentioned that administrative
medical facilities, complaints issued in an indirect way to a safeguards involved a manager approving the release of paper data
third-party organization. containing information of patients and carrying out trainings on
Rohm and Milne [54] established that consumers’ concerns how to respond to missing records while physical safeguards
increases if an organization acquired a list containing individual involved installation of security cameras.
medical history as compared to a list containing general informa- There are more advancing in the modern technology, healthcare
tion. There was also a study by Zulman et al. [64] that reported that organizations are as well continuingly being targeted for breaching
preferences of individuals regarding sharing of their electronic security. It is very important for organizations to stick to new tech-
health information vary depending on the kind of information that nology and threats and have taken management of risk very seri-
is subject to undergo sharing. King et al. [40] also realized that ously, including the Clinical Engineering Information Technology
matters concerning privacy vary for specific items of health Community; the American College of Clinical Engineering; and
records. It was confirmed that items in the health facility that peo- the Healthcare Information and Management Systems Society
ple have more concern about include infertility issues, abortion, among other organizations [37]. The above listed steps of risk
sexually transmitted diseases among other issues that directly assessment and management together with the named organiza-
affected their families. People showed a relatively lower privacy tions ensures that the healthcare organization are advanced in for-
concerns for some of their information on the health records such tifying patients information within electronic health records.
as religion, date of birth, blood group, language, gender, status of Healthcare institutions recognizing the advantages of security
blood pressure and cancer status. and privacy as a result of applying RFID are growing. Some
examples of the RFID techniques include storage of data within Electronic health records become much more accessible and
RFID tags and creating restrictions for accessing RFID tags. These secure through safeguarding mobile agents for patients data that
techniques have improved privacy and security through restric- are transmitted from one facility to the other [46]. Use of user-
tions that allows only the few authorized individuals to access names is another form of cryptography. They can help in prevent-
the information [37]. Making good use of a Chief Information Secu- ing security breaches through integrating individual privacy on
rity Officer can help in managing and coordinating all the security passwords and advocating that the password users change these
methods and initiatives in electronic health records [37]. passwords frequently [46]. Names commonly used and dates must
Firefox use is one of the technologies that are used to provide pro- be avoided to prevent chances of a hacker speculating the set pass-
tection to the information technology systems of healthcare organi- word. Applying username and password security technique are
zations [18,19]. Firefox are very effective in securing the network of useful in the case of achieving controls. The role-based controls
an organization and ensuring that the health information is pro- to perform restriction on access of data to users through applying
tected on the existing network. Firefox is used both inside and out- usernames and passwords created by system administrators. This
side when protecting the business from threats that could interfere technique does not offer effective protection of information within
with its information network. They come in different forms [47]. electronic health records from internal threats [46]. Logging from
The use of level gateway is the third category of firewalls. They the system by employees must be done once they are through in
play a role of gatekeeping for the network of the organization when order to ensure that the dwindling health facts in a condition that
the IP web page is being scanned for any threats before passing the the unauthorized persons can see [46].
web page to the end users. The external network connections of Other commonly used security technique include installation
status inspection firewalls are accessible via the gateway so that of antivirus software, cloud computing, preliminary risk assess-
the entry of external networks into the organization’s intranet is ment sequencers, employment of a chief information security offi-
prevented [47]. Submission equal gateways have successfully cer and radio frequency identification (RFID) [43,50]. Remote
secured electronic health records because they block hackers from Patient Monitoring (RPM) is another new technology that is being
directly entering the system and reach the health information used to ensure there is privacy and security of the records in an
which is protected. This group of firewalls is not easy to be applied electronic health records. In this case, different types of sensors
by organizations because of their complexity and high costs are used to perform the monitoring of patients’ important signs
involved and it is therefore necessary that both external and inter- while at home. They use sensors that can be worn or implanted.
nal analysis of the entire organization be conducted to find out if These sensors sends information through wireless communication
the firewall is applicable and viable for every organization. Finally, to a local base station that is located within the patient’s resi-
we have a group of firewalls referred to as the network address dence. The station ensures that the information is evaluated and
translator. It helps by hiding the organization’s intranet IP signals a central monitoring station when there are differences
addresses so that they are not accessed by external users that could from the set normal limits. The healthcare provider is then able
have plans to create damages [47]. Network address translator to take necessary actions once alarmed in helping the patient.
establishes a barrier among an organization’s intranet as well as Some of the conditions that the Remote Patient Monitoring tech-
the local area networks. Although firewalls are very effective in nology is most suitable include dementia, diabetes and congestive
ensuring that the electronic health records are secure, it is still very heart failure. Implementing these new technologies can result
essential that all the four steps of its refuge strategies are applied. into many advancements in the healthcare sector, it can also
The order of the steps include service control, direction control, interfere with the privacy of individuals despite regulations such
user control, and behavior control [62]. Generally, it is important as the Health Insurance Portability and Accountability Act
that the organization does a complete needs assessment, bud- (HIPAA). The data of electronic heath records is communicated
getary assessment and threats assessment both external and inter- electronically via Internet or wireless connections and hence
nal to the organization prior to using any form of firewall. Failure threats such as eavesdropping, data theft and data misuse can
of an organization to do the above assessments or incompletion be experienced. Eventually, challenges such as severe social impli-
of the four security plans can negatively affect the security of cations, e.g. employers failing to hire or fire their employees
patients’ electronic health records or even the entire information because of their medical conditions and insurance firms refusing
system of the organization [18,19]. to offer insurance to patients.
Cryptography has been used as a way of securing or protecting The increasing use of technology has led to massive research
the electronic health records. The use of encryption has increased conducted on cloud computing for integration into the EHR sys-
the security of electronic health records during the process of tems. The infrastructure created by cloud computing enables one
exchanging health information. The process of exchanging health to perform electronic assignment and information sharing the
information has got specifications to be followed through criteria ‘‘renting” of storage, as well as computing power. This way, the
that normally require recording of the exchange procedure to be healthcare institutions are in a position to spend less on establish-
done by organizations when the encryptions are either enabled ing an EHR system via moving ownership avoiding the mainte-
or dsabled [60]. The Health Insurance Portability and Accountabil- nance cost, while at the same time incorporating cryptography
ity Act (HIPAA) designed ways by which cryptography could be procedures [43]. Even though cloud computing platform looks
used to secure health information [20]. HIPAA broadened its stan- promising, antivirus software is a more commonly applied security
dards on security in 2003 when the United States Department of measure. Achampong [1] also indicates that security issues that
Health and Human Services formed the Concluding Rule [58]. come from IT trends such as hosting health records on distant
The Concluding Rule enabled HIPAA to expand the organizations’ serves operated by third-party cloud service providers [33].
ways of making, receiving, keeping and sending of health informa- The HITECH Act emphasized on the need to always report data
tion that is protected (PHI) [58]. Decryption has been useful in breaches in 2009 and the specific protocol that should be used
ensuring that the electronic health records of patients are secure when reporting data breaches; for instance the Act require that
[62]. The use of digital signatures have solved the problem of the entity issues specific details in case of a data breach of more
breaching protected health records when patients check their per- than 500 people [62]. Through the HITECH Act, the Centers for
sonal information. Digital signatures have effectively been applied Medicare and Medicaid Services (CMS) beneficiaries were
to prevent security breaches. mandated to make use of EHRs not later than 2015 so as to get full
reimbursements. There were presents that were given to those who active role of understanding their health records and make choices
made use the EPR by 2015 and who failed to meet the deadline suf- and take part in decision making process [63]. This has increased
fered penalties. The Office of the National Coordinator (ONC) estab- the challenges of the level of freedom that should be granted to
lished the three ‘‘meaningful use” stages that were supposed to be issuers and data subjects. There are a number of solutions to some
implemented by healthcare bodies using EHRs. Meaningful use of the identified challenges by implementing privacy and security
evaluates the level at which an entity is making use of EHRs when together with accountability and key management in electronic
compared to the earlier documentation methods [47]. health record technology. In the recent past, the issue of security
Due to IT-related security concerns that have always been and privacy has resulted to a lot of concerns in implementation
raised over time, health care providers implementing HIT are of electronic health records.
required to establish an adequate security system. This system is
a set of security mechanisms that should be done in accordance
5. Conclusion and future work
with a security policy which normally contains legislations that
allow or deny possible actions, events, or anything that relates to
The present work has performed a literature review related to
security [10]. Generally, an Information Technology security policy
the security and the privacy of electronic health record systems.
ensures that the IT assets of an organization including data, people,
The paper has analysed different security and privacy and issues
hardware and software are confidential, have integrity, and are
that arise from the use of EHRs and looks at the potential solutions.
available to the required standards [53].
It is evident from the literature that Electronic Health Records
allows the structure medical data to be shared easily among the
authorized healthcare providers so as to improve the overall qual-
4. Information technology security incidents in health care
ity of the healthcare services delivered to the patients. The use of e-
settings
health enables the users to have a wider thinking and allows health
care providers to network effectively.
Infosec Institute reported that the remarkable growth in the
Electronic health records allow the medical information to be
adoption of electronic health records in the recent years has not
shared amongst stakeholders very easily and the patient informa-
been protected by establishment of a cyber-security measure, thus
tion be accessed and updated as a patient undergoes treatment. In
subjecting the health care industry to a lot of damages from cyber
such systems, however, security and privacy concerns are very
threats [51]. This report got a lot more support from other reports
much essential, based on the fact that the patient might face seri-
of Information Technology related incidents that were experienced
ous problems if sensitive information is disclosed to a third party.
in hospital settings. A finding from Information Security Media
From the articles reviewed and based on the security areas anal-
Group (2014), established that at least one security breach that
ysed, it is evident that different regulations and standards related
affects less than 500 individuals has been reported in 75% of sur-
to privacy and security are used in the electronic health records.
veyed health care organizations in the US, and at least one incident
However, there is need for such systems to be harmonized so as
affecting more than 500 individuals was reported by 21% of sur-
to resolve possible conflicts and inconsistencies among standards.
veyed health care providers [30]. The Healthcare Information and
Numerous encryption algorithms have been proposed by various
Management Systems Society (2015) realized that 68 percent of
articles.
surveyed health care organizations in the US submitted that they
It is highly recommended that efficient encryption scheme that
had recently experienced a significant security incident [32]. These
can easily be applied by both the healthcare professionals and the
reported security incidents were from both insider threats (53.7%)
patients be applied on the latest EHR records. The preferred access
and external threats (63.6% of health care organizations) [32].
control model in the electronic health record systems is RBAC
The IT related security breaches could be more than the
while the best authentication mechanisms are passwords/logins
reported cases considering that there are other incidences that go
and digital signature. Effectively managing an electronic-health
undetected or poorly assessed [30], together with the likelihood of
record requires multidisciplinary team including telecommunica-
organizations to underreport security incidents [48]. There are
tion, instrumentation and computer science to enable exchange
documentations showing that security breaches in healthcare can
of medical data across wider geographic regions.
be very costly; for instance, Absolute Software Corporation which
reported that cases of breaches in health care data costs hospitals
as high as US $250,000 to US $2.5 million in settlement payments. Declaration of Competing Interest
This represent but a fraction of the overall financial burden of the
incidents [30]. Concerns of security and privacy together with fear The authors declare that they have no known competing finan-
of related liabilities hinders healthcare providers from using infor- cial interests or personal relationships that could have appeared
mation and technology in improving their services. It is therefore to influence the work reported in this paper.
critical that organizations improve their HIT security and privacy
practices in the healthcare facilities as a measure to ensure that Acknowledgements
an effective health care is provided. Liu, Musen & Chou [47]
explained that the security and privacy concerns can be addressed The authors would like to acknowledge the support provided by
by organizations willing to apply information and technology in AlMaarefa University while conducting this research work.
improving their healthcare services by putting in place IT security
measures that are in line with their information and technology References
development plans. However, some studies have identified insider
threats very difficult to address when compared to external threats [1] Achampong E. Electronic health record (EHR) and cloud security: the current
issues. IJ- CLOSER 2014;2(6):417–20.
because internal threats are done by individuals who are autho-
[2] Alanazi HO et al. Meeting the security requirements of electronic medical
rized personnel and therefore identifying the criminal becomes records in the ERA of high-speed computing. JMed Syst 2015;39(1):165.
very difficult. [3] Albahri OS et al. Systematic review of real-time remote health monitoring
The Information and Communication Technologies (ICT) have system in triage and priority-based sensor technology: taxonomy, open
challenges motivation and recommendations. J Med Syst 2018;42(5):80.
assisted patients in transforming their roles from just being the [4] Allard T, Anciaux N, Bouganim L, Guo Y, Folgoc LL, Nguyen B, et al. Secure
traditional passive receivers of healthcare services into a more personal data servers: a vision paper. PVLDB 2010;3(1–2):25–35.
[5] Alsalem MA et al. Systematic review of an automated multiclass detection and [33] Hunter ES. Electronic health Records in an Occupational Health Setting-Part I.
classification system for acute leukaemia in terms of evaluation and A global overview. Workplace Health Safety 2013;61(2):57–60.
benchmarking, open challenges, issues and methodological aspects. J Med [34] Hussain M et al. A security framework for mHealth apps on Android platform.
Syst 2018;42(11):204. Comput Secur 2018;75:191–217.
[6] Amer K. Informatics: ethical use of genomic information and electronic [35] Hussain M et al. The landscape of research on smartphone medical apps:
medical records, J Am Nurses Assoc 2015;20(2). coherent taxonomy, motivations, open challenges and recommendations.
[7] Ancker J, Silver M, Miller M, Kaushal R. Consumer experience with and attitude Comput Methods Prog Biomed 2015;122(3):393–408.
toward health information technology: a nationwide survey. Am Medical [36] Ives TE. The New ’E-Clinician’ guide to compliance. Audiol. Today. 2014;26
Informatics Assoc 2012;1:152–6. (1):52–3. [Google Scholar]
[8] Anderson C, Agarwal R. The digitization of healthcare: boundary risks, [37] Jannetti MC. Safeguarding patient information in electronic health records.
emotion, and consumer willingness to disclose personal health information. AORN J 2014;100(3):C7–8. doi: https://doi.org/10.1016/S0001-2092(14)
Information Syst Res 2011;22(3):469–90. 00873-4.
[9] Angst C, Agarwal R, Downing J. An empirical examination of the importance of [38] Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D. Security of the Internet of Things:
defining PHR for research and for practice. Robert H. Smith School Research perspectives and challenges. Wireless Netw 2014;20(8):2481–501.
Paper No. RHS-06-011; 2006. [39] Kiah MLM et al. MIRASS: medical informatics research activity support system
[10] Bahtiyar S ß , Çağlayan MU. Trust assessment of security for e-health systems. using information mashup network. J Med Syst 2014;38(4):37.
Electron Commer Res Appl 2014;13(3):164–77. doi: https://doi.org/10.1016/j. [40] King T, Brankovic L, Gillard P. Perspectives of Australian adults about
elerap.2013.10.003. protecting the privacy of their health information in statistical databases. Int
[11] Bansal G, Zahedi F, Gefen D. The impact of personal dispositions on J Med Informatics 2011;81:279–89.
information sensitivity, privacy concern and trust in disclosing health [41] Kisekka V, Giboney J. The effectiveness of health care information
information online. Decis Support Syst 2010;49(2):138–50. technologies: evaluation of trust, security beliefs, and privacy as
[12] Benaloh J, Chase M, Horvitz E, Lauter K. Patient controlled encryption: determinants of health care outcomes. J Med Internet Res 2018;20(4):e107.
ensuring privacy of electronic medical records. In: Proc ACM workshop on [42] Kruse CS, Beane A. Health information technology continues to show positive
cloud computing security; 2009, p. 103–14. effect on medical outcomes: systematic review. J Med Internet Res 2018;20
[13] Brumen B, Heričko M, Sevčnikar A, Završnik J, Hölbl M. Outsourcing medical (2):e41.
data analyses: can technology overcome legal, privacy, and confidentiality [43] Kruse CS, Smith B, Vanderlinden H, Nealand A. Security techniques for the
issues? J Med Internet Res 2013 Dec 16;15(12):e283 [FREE Full text] [CrossRef] electronic health records. J Med Syst 2017;41(8):127.
[Medline]. [44] Kuo K-M, Ma C-C, Alexander J. How do patients respond to violation of their
[14] Carey DJ, Fetterolf SN, Davis FD, Faucett WA, Kirchner HL, Mirshahi U, et al. The information privacy. Health Information Manag J 2013;43(2):23–33.
Geisinger MyCode community health initiative: an electronic health record– [45] Lafky D, Horan T. Personal health records: consumer attitudes toward privacy
linked biobank for precision medicine research. Genet Med 2016;18(9):906. and security of their personal health information. Health Informatics J 2011;17
[15] Centers for Medicare & Medicaid Services. Electronic Health Records. URL: (1):63–71.
https://www.cms.gov/Medicare/E-health/EHealthRecords/index.html. [46] Lemke J. Storage and security of personal health information. OOHNA J
[16] Chen C-L, Huang P-T, Deng Y-Y, Chen H-C, Wang Y-C. A secure electronic 2013;32(1):25–6.
medical record authorization system for smart device application in cloud [47] Liu V, Musen MA, Chou T. Data breaches of protected health information in the
computing environments. Human-Centric Computing Information Sci. United States. J Am Med Assoc 2015;313(14):1471–3. doi: https://doi.org/
2020;10:1–31. 10.1001/jama.2015.2252 [PMC free article] [PubMed] [CrossRef] [Google
[17] Cifuentes M, Davis M, Fernald D, Gunn R, Dickinson P, Cohen DJ. Electronic Scholar].
health record challenges, workarounds, and solutions observed in practices [48] Ma Q, Schmidt MB, Pearson JM, Herberger GR. An integrated framework for
integrating behavioral health and primary care. J Am Board Fam Med 2015;28 information security management. Rev Bus 2009;30(1):58–69.
(Supplement 1):S63–72. [49] Miotto R, Li L, Kidd BA, Dudley JT. Deep patient: an unsupervised
[18] Collier R. New tools to improve safety of electronic health records. CMAJ 2014;186 representation to predict the future of patients from the electronic health
(4):251. doi: https://doi.org/10.1503/cmaj.109-4715. [PMC free article]. records. Sci Rep 2016;6:26094.
[19] Collier R. US health information breaches up 137%. Can Med Assoc J 2014;186 [50] Muhammad G, Alhamid MF, Alsulaiman M, Gupta B. Edge computing with
(6):412. doi: https://doi.org/10.1503/cmaj.109-4731. cloud for voice disorder assessment and treatment. IEEE Commun Mag
[20] Cooper T, Fuchs K. Technology risk assessment in healthcare facilities. Biomed 2018;56(4):60–5.
Instrum Technol 2013;47(3):202–7. doi: https://doi.org/10.2345/0899-8205- [51] Paganini P. Infosec Institute. 2014. Risks and cyber threats to the healthcare
47.3.202. industry URL: https://resources.infosecinstitute.com/risks-cyber-threats-
[21] Dehling T, Sunyaev A. Secure provision of patient-centered health information healthcare-industry/ [accessed 2018-06-01] [WebCite Cache]
technology services in public networks—leveraging security and privacy [52] Perera G, Holbrook A, Thabane L, Foster G, Willison DJ. Views on health
features provided by the German nationwide health information technology information sharing and privacy from primary care practices using electronic
infrastructure. Electron Markets 2014;24(2):89–99. medical records. Int J Med Informatics 2011;80(2):94–101.
[22] Dinev T, Albano V, Xu H, D’Atri A, Hart P. Individual’s attitudes towards [53] Pfleeger CP, Pfleeger SL, Margulies J. Security in computing. In: Security In
electronic health records – a privacy calculus perspective. Ann. Information Computing (5th Edition). Upper Saddle River, NJ: Prentice Hall; Feb 5,
Syst. 2012. 2015:944.
[23] Dorgham O, Al-Rahamneh B, Almomani A, Khatatneh KF. Enhancing the [54] Rohm A, Milne G Just. What the doctor ordered. The role of information
security of exchanging and storing DICOM medical images on the cloud. Int. J. sensitivity and trust in reducing medical privacy concern. J Business Res
Cloud Appl. Computing (IJCAC) 2018;8(1):154–72. 2004;57:1000–11.
[24] Edemekong PF, Haydel, MJ, 2018. Health Insurance Portability and [55] Rothstein MA. Health privacy in the electronic age. J Leg Med 2007;28
Accountability Act (HIPAA). (4):487–501.
[25] Ermakova T, Fabian B, Zarnekow R. Security and Privacy System Requirements [56] Sheikh A, Sood HS, Bates DW. Leveraging health information technology to
for Adopting Cloud Computing in Healthcare Data Sharing Scenarios. achieve the ‘‘triple aim” of healthcare reform. J Am Med Inform Assoc 2015;22
Proceedings of the 19th Americas Conference on Information Systems, 2013. (4):849–56.
[26] Gupta BB. Computer and Cyber Security: Principles, Algorithm, Applications, [57] Sittig DF, Singh H. A new socio-technical model for studying health
and Perspectives. In: Computer and Cyber Security: Principles, Algorithm, information technology in complex adaptive healthcare systems. In:
Applications, and Perspectives. CRC Press, Taylor & Francis; 2018, p. 666. Cognitive Informatics for Biomedicine. Cham: Springer; 2015. p. 59–80.
[27] Gupta BB, Agrawal DP, (Eds.). Handbook of Research on Cloud Computing and [58] Tejero A, de la Torre I. Advances and current state of the security and privacy in
Big Data Applications in IoT, IGI GlobalHershey; 2019. electronic health records: survey from a social perspective. J Med Syst 2012;36
[28] Haque Rafita, Hasan Sarwar, Rayhan Kabir S, Rokeya Forhat, Muhammad Jafar (5):3019–27. doi: https://doi.org/10.1007/s10916-011-9779-x.
Sadeq, Md Akhtaruzzaman, Nafisa Haque, Blockchain-Based Information [59] Verheij RA, Curcin V, Delaney BC, McGilchrist MM. Possible sources of bias in
Security of Electronic Medical Records (EMR) in a Healthcare primary care electronic health record data use and reuse. J Med Internet Res
Communication System, In: Intelligent Computing and Innovation on Data 2018;20(5):e185.
Science, Springer, Singapore, 2020, pp. 641–650. [60] Wang CJ, Huang DJ. The HIPAA conundrum in the era of mobile health and
[29] Häyrinen K, Saranto K, Nykänen P. Definition, structure, content, use and communications. JAMA 2013;310(11):1121–2. doi: https://doi.org/
impacts of electronic health records: a review of the research literature. Int J 10.1001/jama.2013.219869.
Med Inform 2008;77(5):291–304. [61] Whetstone M, Goldsmith R. Factors influencing intention to use personal
[30] Healthcare Information Security. Princeton, NJ: ISMG; 2014. The State of health records. Int J Pharmaceutical Healthcare Marketing 2009;3(1):8–25.
Healthcare Information Security Today. Update on HIPAA Omnibus [62] Wikina SB. What caused the breach? An examination of use of information
Compliance, Protecting Patient Data URL: https://www. technology and health data breaches. Perspect Health Inf Mana
healthcareinfosecurity.com/surveys/state-healthcare- information-security- 2014;2014:1–16.
today-s-23 [accessed 2019-02-04] [63] Win KT. A review of security of electronic health records. Health Information
[31] Hesse BW, Hansen D, Finholt T, Munson S, Kellogg W, Thomas JC. Social Manag. 2005;34(1):13–8.
participation in health 2.0. Computer 2010;43(11):45–52. [64] Zulman DM, Nazi KM, Turvey CL, Wagner TH, Woods SS, An LC. Patient interest
[32] HIMSS. Chicago, IL: HIMSS; 2015 Jun. 2015 HIMSS Cybersecurity Survey URL: in sharing personal health record information. Ann Intern Med 2011;155
https://www.himss.org/2015-cybersecurity-survey/full-report [accessed (12):805–11.
2019-02-04]
View publication stats
Journal of Public Health (2024) 32:435–454
https://doi.org/10.1007/s10389-022-01795-z
REVIEW ARTICLE
Privacy in electronic health records: a systematic mapping study

Rodrigo Tertulino1 · Nuno Antunes2 · Higor Morais1
Received: 20 October 2022 / Accepted: 5 December 2022 / Published online: 23 January 2023
© The Author(s) 2023
Abstract
Main Electronic health record (EHR) applications are digital versions of paper-based patient health information.
Traditionally, medical records are made on paper. However, nowadays, advances in information and communication
technology have made it possible to change medical records from paper to EHR. Therefore, preserving user data privacy is
extremely important in healthcare environments. The main challenges are providing ways to make EHR systems increasingly
capable of ensuring data privacy and at the same time not compromising the performance and interoperability of these
systems.
Subject and methods This systematic mapping study intends to investigate the current research on security and privacy
requirements in EHR systems and identify potential research gaps in the literature. The main challenges are providing
ways to make EHR systems increasingly capable of ensuring data privacy, and at the same time, not compromising the
performance and interoperability of these systems. Our research was carried out in the Scopus database, the largest database
of abstracts and citations in the literature with peer review.
Results We have collected 848 articles related to the area. After disambiguation and filtering, we selected 30 articles for
analysis. The result of such an analysis provides a comprehensive view of current research.
Conclusions We can highlight some relevant research possibilities. First, we noticed a growing interest in privacy in EHR
research in the last 6 years. Second, blockchain has been used in many EHR systems as a solution to achieve data privacy.
However, it is a challenge to maintain traceability by recording metadata that can be mapped to private data of the users
applying a particular mapping function that can be hosted outside the blockchain. Finally, the lack of a systematic approach
between EHR solutions and existing laws or policies leads to better strategies for developing a certification process for EHR
systems.
Keywords Electronic health record (EHR) · Health · Privacy · Security
Introduction countries, providing better access to information through the

healthcare system (Pai et al. 2021).
During the last decades, information and communication Healthcare institutions have been invested in healthcare
technology (ICT) has provided healthcare professionals information technology to improve care, quality, and reduce
with support in managing research and patient care operating costs (Berner et al. 2005). Thus, some studies
information. ICTs in the healthcare system have great indicate that the implementation of the Health Information
potential to improve care in developed and developing System (HIS) increases the quality of patient care and
safety by reducing medical errors, hence improving the
institution’s performance, reducing treatment costs, and,
Rodrigo Tertulino at the same time, saving resources of medical institutions
rodrigo.tertulino@ifrn.edu.br and health (Ahmadian and Khajouei 2012; Tan 2008). In
addition, these systems can raise the readability of recorded
1 Federal Institute of Education, Science, and Technology data, decrease medical errors, and ultimately lead to user
of Rio Grande do Norte (IFRN), Natal, Brazil satisfaction (Ahmadian et al. 2015).
2 Department of Informatics and Engineering of the University However, excellence in patient care depends directly
of Coimbra (UC), Coimbra, Portugal on the ability of healthcare systems to collect, store,
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

436 Journal of Public Health (2024) 32:435–454
access, analyze, and transmit information about patient used by patients, hospitals, doctors, and other health
health data electronically. ICTs have the potential to signif- professionals. EHR have several advantages, such as
icantly contribute to preventive care, improving healthcare reduced health costs and more efficient availability in
service delivery, disease control, health management, and relation to the processing of stored records. On the other
research (Balsari et al. 2018). hand, the use of EHRs raises concerns about the safety,
Thus, healthcare systems comprise various people who privacy, and integrity of patient records. These concerns
make up this system, such as pharmacists, laboratory affect patients’ interest in disclosing their health data and
technicians, physicians, nurses, radiologists, and patients. can have fatal consequences. For example, the United
Information collected in hospitals and physicians’ offices States Department of Health and Human Services (HHS)
during clinical meetings is typically managed, stored, and estimated that approximately 2 million Americans with
maintained by hospitals for a more extended period to mental illness did not seek treatment precisely because of
provide care and follow-up to the patient. Due to the large privacy concerns (Yüksel et al. 2017).
amount of data, hospitals sometimes find it challenging to In this context, the EHR system has grown as a solution
store and manage patient health data. for storing and managing users’ private health data (Keshta
The healthcare system is a term used to refer to all and Odeh 2020). Hence, much research has been done
systems that are part of the healthcare domain. Hence, to ensure the privacy of this information within the EHR
a large variety of devices are now available, including system (Smaradottir 2018).
health trackers, IoT devices, and smart watches (Wazid This article aims to examine the current research state
et al. 2018), which are being used by patients to monitor of the art about privacy in electronic health records.
daily activities and measure personal data, such as blood Furthermore, we will research the EHR system’s main
pressure, heart rate, electrocardiogram (ECG) and breath requirements proportionate to the users, based on existing
analysis. Currently available wearable devices (WDs) are legislation and policy. Thus, these requirements must be
delivered as wireless devices that are placed directly on the followed to provide privacy to users who use these systems.
patient’s body (Hathaliya et al. 2020). Thus, contemplating To achieve this goal, we adopted a systematic mapping
the systems that are part of this environment, we can thus process based on the work of Petersen (Petersen et al. 2015;
highlight the electronic health record (EHR) responsible Petersen et al. 2008). From systematic mapping, we can
for handling and storing the most sensitive information better understand what the main challenges of the academic
patient such, medications, progress reports, vital signs, community are and what the main solutions being proposed
medical history, immunization reports, laboratory data, and are. Mapping studies provide a good overview of a research
radiology reports (Keshta and Odeh 2020). subject and are helpful before starting deeper research
Electronic health records (EHR) are commonly used to works (Hakim and Sensuse 2018).
store patient data within healthcare providers. EHR systems Our analysis will show the growth of solutions to provide
provide storage and management of patient data inside and privacy in the EHR system. We will also present the main
between institutions (Hussienet al. 2019). challenges and what methods are being used to provide
It is estimated that clinical data will increase to 2314 privacy in the EHR system. At the same time, we research
exabytes by 2020, from 153 exabytes in 2013 each year, and based on legal and ethical questions (legislation and policy)
the growth rate is 48%. Hence, this number is increasing in the EHR system. Thus, the study aims to understand
exponentially. (Pramanik et al. 2019). However, there are the current state and future trends in the privacy of EHR
privacy concerns about the EHR systems (Yksel et al. 2017). systems. In addition, to achieve this goal, we carried out a
Traditionally, medical records have been recorded on systematic mapping. In Section “Methodology” we will see
paper. However, nowadays, advances in information and more details about our research methods.
communication technology have made it possible to change The rest of this paper is organized as follows.
medical records on paper to an electronic version of Section “Privacy in electronic health records” presents
the medical record (Nweke et al. 2020). Thus, like the some background about privacy in electronic health
traditional paper medical record, an electronic version of records. Section “Methodology” introduces the method-
the record is a set of information such as recording an ology adopted for map construction. Section “Results”
individual’s medical history. Unlike conventional paper presents the results in terms of the papers gathered from
medical records, the electronic version is stored in electronic the scientific databases. Section “Mapping” presents the
format. The electronic version of medical records is called maps collected. Section “Discussion” discusses the maps
electronic health records (EHR) (Nweke et al. 2020). and the main considerations. Finally, Section “Conclusions”
Electronic health records (EHR) are increasingly being concludes the study paper.

Journal of Public Health (2024) 32:435–454 437
Privacy in electronic health records to the right that somebody has to determine for themselves
when, how, and the level at which accessing private
The Organization for Economic Co-operation and Develop- information is transferred or shared by others (Sittig and
ment (OECD) has long recognized the vital role of privacy Singh 2010).
as a fundamental value and condition for the free flow of
personal data across borders. The main objective was to pro- Privacy laws and regulations for health
vide a set of guidelines in order to protect the privacy and,
at the same time, promote a free flow of information. Thus, Privacy policies have been duly legalized in several coun-
to achieve these goals, the guidelines establish set princi- tries to grant controller and protect patient records’ privacy.
ples for member countries to use as a basis for national laws The Health Insurance Portability and Accountability Act
worldwide. Thus, OECD Guidelines contribute significantly (HIPAA) protects information related to users’ health data
to the construction of laws such as GDPR (Horodyski 2015). stored or transmitted by the institution, by any means,
The United Nations General Assembly (UNGA) declared whether electronic, paper, or oral. The privacy rule is
that privacy is essential to the Declaration of Human Rights. also known as protected health information (PHI) (HIPAA
Nevertheless, in this digital age, the term privacy has 2013b). In recent years, the EU data protection directive
become subjective and defined by each state or country 95/46/EC, applied to EHRs data privacy, is replaced by Gen-
(Kayaalp 2018). Hence, the privacy of clinical data has been eral Data Protection Regulation (GDRP) (Shah and Khan
subject to many studies (Kho et al. 2015). 2020). The goals of the GDPR are to secure consistent
It has not been easy to settle how much the data data protection rules in Europe, propose reinforcement and
belongs to the patient and how much it can belong to redesign individuals according to their private data, and
health institutions, and whether the data owner’s consent is improve the process of data flows (Kanwal et al. 2020).
required if the data is used for study (Richter et al. 2019). GDPR’s jurisdiction spreads to all companies that own or
The data collected must be protected against unautho- process citizens’ personal data in EU countries, regardless
rized access to ensure the privacy of the information and, of the company’s location. Hence, it expands the scope of
at the same time, ensure the preservation of the informa- the law for organizations outside the EU that offer goods or
tion (Aslam et al. 2019). The use of this medical data should services, or monitor EU citizens’ behavior. Staggered penal-
be available only for the purposes for which the patient has ties are assessed based on the nature of the infringement
given consent (Jayabalan and O’Daniel 2017). In addition, and the organization’s revenue (Kloss et al. 2018). Based
data access must follow the rules and procedures to ensure on the European regulation (GDPR), in Brazil the (General
access to the patient’s medical data, either by authorized Personal Data Protection Law - LGPD) determines rules
persons or only by applications (Kadhim et al. 2020). for collecting, handling, storing, and sharing personal data
Health information technology refers to all information managed by organizations. In August 2018, the corporation
technology systems used to store, access, process, share, will have 18 months to adjust to the new rules with presi-
and transmit information or enable support for health care dential approval. Hence, this law came into force in August
provision and the health system’s management. Thus, the 2020. Among the actions toward the LGPD are collecting
information that health information technology contains is and using personal data without the consent of both the pri-
highly sensitive (Kadhim et al. 2020). The information vate sector and public authorities and the use of personal
includes data related to diseases, diagnoses, exams, and information for practicing unlawful or unfair discrimination.
treatments carried out, all together with information about The laws mentioned above were created to offer security
the patient’s medical history (Häyrinen et al. 2008). and privacy requirements for any system. HIPAA is more
Therefore, this information must be protected not to focused on personal health information (PHI) on systems in
be manipulated, allowing patients to continue sharing the healthcare domain. Meanwhile, GDPR and LGPD are
information about their health and work, considering the aimed at systems in general, without being specific to any
moral and legal responsibilities. Hence, ensuring that health system.
records are private is negatively impacted by the health We can notice that there is a mix-up among requirements,
information’s dynamic nature (Sittig and Singh 2010). standards, laws, rules, policy, and guides. Hence, it is not
The common issues that need to be approached in the straightforward to even distinguish them. In order to try
electronic health record EHR system are privacy, security, to establish a pattern, first we need to define the meaning
and confidentiality (Alanazi et al. 2015). Even though of each. Thus, the requirement indicates a condition or
privacy and security are deeply related, they are in a characteristic the system must conform to. In contrast, a
real sense, different. Security is defined as how accessing standard can be defined as a set of specifications that
someone’s personal information is restricted and allowed determine the compatibility of different products. The
for only those authorized. On the other hand, privacy refers laws correspond to what was regulated and established

by legislators and are part of the set of rules of law. On to be forgotten, access control, integrity, de-identification,
the other hand, a rule is a norm or order of behavior encryption, and so on.
dictated by a competent authority whose non-compliance Thus, as a way to improve understanding, adoption of
or ignorance results in applying a specific sanction. As privacy and security requirements were created with this
long as the guidelines are general suggestions, they are not purpose, such as the Health Information Technology for
mandatory or required. Unlike policies that are standardized Economic and Clinical Health Act (HITECH), Office of
requirements that apply to a specific area or task, they are the National Coordinator (ONC), and National Institute
mandatory and required. In comparison, the policy is a set of Standards and Technology (NIST). HITECH’s main
of ideas or a plan of what to do in certain situations that have objective is to provide an improvement in quality and
been approved to officially by a group of people, a company security for systems that process health data (Al-Issa et al.
institution, a government, or a political institution. 2019). It acts as law and was created by the U.S. Department
LGPD, GDPR, and HIPAA are conceptually laws, while of Health and Human Services (HHS) with the intent of
NIST and ONC can be classified as rules because they expanding the adoption of EHR use by healthcare providers,
are not mandatory as a law. However, we treat them all as also offering financial incentives for providers to adopt
requirements for analysis and study purposes because they these systems as soon as possible (Shah and Khan 2020).
are characteristics that systems must have, such as the right However, HITECH serves as a kind of addendum to HIPAA.
Fig. 1 Overview of the main security and privacy concepts mentioned in the standards

It states that all technology standards from HITECH must to obtain financial benefits. Hence, criminals sell the
comply with HIPAA’s Privacy and Security Rules. At the valuable data obtained from the EHR to the “dark web”
same time, the (ONC) for Health Information Technology and have obtained considerable economic benefits. Thus,
(HIT) provides a certification program that sets criteria for criminals, EHR data are more valuable than credit
toward the usability aspects of EHRs (Farhadi et al. 2019). cards because it contains various fixed identifiers and
Besides that, the (NIST) has also developed a guide for the essential financial information, further precious in the black
implementation of guidelines based on HIPAA, in which market (Shah and Khan 2020). We can also point out that
the guidelines are demonstrated, categorizing them into one of the biggest problems is the lack of trust and privacy
administrative safeguards, physical safeguards, technical requirements (Odeh et al. 2022).
safeguards, organizational requirements and policies and
procedures, and documentation requirements (Scholl et al. Identification of relevant studies
2008).
However, HIPAA, NIST, and ONC bring more specific Recent papers tackled such challenges. For example, in the
security and privacy requirements that systems like EHRs papers (Fernández-Alemán et al. 2013) and (Mehndiratta
must have. Hence, laws like GDPR and LGDP have et al. 2014), the authors present the difficulties of providing
more comprehensive requirements that do not just include security and privacy in EHR systems.
systems that are part of healthcare. Whereas (Edemacu et al. 2019) propose an overview
Thus, we can see in Fig. 1 the main concepts that are of ways to provide privacy in EHR based on access con-
mentioned and required of existing legislation and policy trol methods (encryption-based methods and independent
regarding the security and preservation of users’ privacy. encryption methods). Meanwhile, the authors (Shrestha
et al. 2016) propose a safe health system against attacks by
Privacy concerns in EHRs unauthorized users. Other articles have systematically ana-
lyzed regulation and enlisted their challenges for ensuring
Hence, it is not easy to balance privacy and usefulness; data privacy in this era where EHR usage (Shah and Khan
protecting EHR data is not a simple task. When patient 2020). The article cites the matter of EHR systems within
data are publicly available, they need to be protected against the healthcare environment. In addition, studies have been
many privacy threats, such as identifying the disclosure done on technological procedures to achieve privacy when
of confidential patient information. At the same time, sharing EHR, ranging from traditional to advanced crypto-
patient-specific information would be useful for subsequent graphic techniques encryption standard (AES) (Aldossary
analyzes (Gkoulalas-Divanis et al. 2014). and Allen 2016). In this article, the authors discuss the
Clinical data based on EHR offer several advantages standards that can be used to protect the anonymity and
when compared to manual medical records. Hence, it privacy of medical data (Aslam et al. 2019). Hence, tech-
substantially improves the overall quality of health. In niques have been proposed to preserve the privacy of a
addition, it becomes easily accessible through various patient’s data, such as authentication, encrypting the data,
means of communication (Amato et al. 2015). All of these data masking (K Anonymity, L Diversity, T Closeness),
advantages encourage healthcare providers and doctors to and access control (Rana and Jayabalan 2016). These meth-
adopt an EHR system (Guo et al. 2018). However, the ods provide sharing, storage, data collection, and privacy
adoption of EHR and its data processing presents several to EHRs through encryption. Meanwhile, research that uses
privacy problems, especially when these data are used, blockchain has been extensively explored, as we can see
shared, or even accessed by those who should not have in the articles (Sharma and Balamurugan 2020; Sun et al.
access (Shah and Khan 2020). 2018; Ismail and Materwala 2020).
Transferring or sharing confidential health information A systematic mapping looks at state of the art,
when not authorized, may lead to a data breach. Privacy emphasizing what the researcher needs to obtain from the
can also be violated in many other situations, for example, information. Consequently, checking who the authors are,
by identifying and registering patients’ access when using who are the authors who most publish on the researched
the system. However, in some cases, the government, topic, which are the institutions, the years of publication,
researchers, pharmaceutical companies, and laboratories the research methods, which conferences and journals
may have valid reasons for accessing patients’ health other researchers publish, which questionnaires are used,
records to obtain some data. In the process, the health and investigated variables (Hakim and Sensuse 2018). A
provider may abuse the accidental or intentional access to systematic review is a way to evaluate and understand
health records (Cifuentes et al. 2015). all the research essential to a research question, subject,
EHR data are the data most vulnerable to cyber threats. or phenomenon of particular interest (Kitchenham 2004).
The main reason why criminals target medical data is The systematic mapping has a focus on specific aspects

Fig. 2 Systematic mapping

process
of the researched subject, as well as a detailed analysis The main goal was to obtain significant research on these
of the articles. Thus, we can say that a systematic terms. Thus, the defined search string was:
mapping provides a quicker result compared to a systematic
– (“Privacy” AND “Healthcare” AND “Electronic Health
review.
Records”)
We did not include laws or policies as a search criterion
Methodology because we wanted to research whether the proposals to
provide privacy and security in these articles followed the
The systematic mapping process is based on the work of regulations set out in the laws and policies mentioned
Petersen et al. (2008, 2015). Figure 2 shows the steps and earlier.
results of the process described in the following sections. The first part of the research sequence is related to the
privacy aspects, specifically because our main intention is
Research questions to find out the main challenges toward privacy regarding
electronic records. In order to establish and limit the number
This systematic mapping study’s main objective is to of articles retrieved from using the search string, we used
provide an overview of recent research on privacy a search option with a refined or filtered search option into
mechanisms in electronic health records (EHR). Hence, database sources.
the study aims to understand the current state and future The second part of our research was related to the health
trends on EHR systems privacy. The steps of the systematic domain because we want to focus our research in a way that
mapping study method are documented in the following can bring results closer to our purpose.
research questions: In the third part of the search string, our target is
electronic health record systems. Other terms have been
– RQ1: What are the main privacy challenges related to
omitted, such as medical record systems or health records
EHR?
and personal health record systems because they have
– RQ2: What are the main requirements identified by the
different purposes from EHR systems inside the healthcare
laws that EHR systems should respect?
domain.
– RQ3: What are the main published techniques to
provide privacy in the EHR system?
Quality assessment
– RQ4: How well are the published techniques address-
ing the requirements?
Each selected study was evaluated according to the
following quality assessment (QA), Questions:
Search process
– QA1. Is the paper based on research (or is it merely a
Our research was carried out in the base Scopus (Elsevier), “lessons learned” report based on expert opinion)?
the largest database of abstracts and citations in the literature
with peer review: scientific journals, books, conference Table 1 Examples of sources indexed by Scopus (Elsevier)
proceedings, and industry publications which index the
main sources. We decided not to search in other databases Source Link
like Google Scholar because we only wanted publications
ACM Digital Library http://dl.acm.org
with peer review. Examples of sources indexed by Scopus
IEEExplorer http://ieeexplore.ieee.org
(Elsevier) are shown in Table 1.
Science Direct http://www.sciencedirect.com
To define the search string, we used terms related to the
Springer Link http://link.springer.com
healthcare domain, privacy, and electronic health records.

– QA2. Is there a clear statement of the aims of the

research?
– QA3. Is there an adequate description of the context in
which the research was carried out?
– QA4. Is the study of value for research or practice?
– QA5. Is there a clear statement of findings?
These criteria were based on (Dybå T and Dingsøyr T
2008), and on three circumstances that need to be addressed
regarding literature review studies:
– Rigor: A complete and appropriate approach was
applied to the research methods essential in the study?
– Credibility: Are the findings well presented and
significant?
– Relevance: How useful are the findings to the software
and the investigation community?
Screening of papers
We establish the inclusion and exclusion criteria to filter the

search results. Our goal is to select relevant EHR privacy
articles over the past 6 years. Thus, our article selection
process intends to cover peer-reviewed articles on the
subject. The research on privacy in EHR brought us many
sources; for this reason, we decided to limit our research
only to articles published in journals and conferences
indexed based on Scopus (ELSEVIER). Finally, we also
removed the review articles, as we intend to analyze the
articles’ individual contributions instead of a compilation
of articles. In order to get the appropriate papers in this
systematic literature review, we decide the criteria for
inclusion and exclusion. The filtering strategy adopted is
summarized below.
– Inclusion criteria This review included published
works limited to results from fonts written between
2015 and 2021. Written in English. We have limited
only articles published in journals or conference papers.
Articles focused on privacy, healthcare, and electronic
health records in their titles, abstracts, keywords, or
introductions were taken into account
– Exclusion criteria Articles that did not have an
electronic health record and where the researchers did
not have access, were excluded from the review, as
well as papers not written in the English language,
review, and surveys, books and gray literature, Informal
literature surveys.
The data extracted from each study were: authors
country, publication year, venue (journal of conference),
goal, privacy, electronic health records, healthcare, legal
ethical questions (laws), challenges, future work and
additional comments. Fig. 3 Paper selection process

Results was reduced to 30 references. This reduction was due to the

following aspects:
The search was made between October 16 and 14 of
– 5 articles were excluded because the studies are
November 2021 and resulted in 848 papers. The first
surveys;
step was to eliminate articles published before 2015 in an
– 7 articles were excluded because the studies are
automated way through Scopus’ own search engine filters.
systematic reviews;
Similarly, through filters, we eliminated articles that were
– 8 articles were excluded because the studies were not
not in the final stages. We also eliminated articles from
conducted in privacy;
different journals and conferences. Then, articles that had
– 12 articles were excluded because they did not present
no English language were eliminated. After further detailed
a proposal to deal with privacy in EHR systems.
reading of the article’s abstract, we deleted articles that did
not meet our research objective according to the quality In Fig. 4, we can highlight the countries of origin of
assessment. This final step involved obtaining, reading, the authors with more publications, thus as we can see
classifying, and analyzing, as illustrated in Fig. 3, and 62 EUA with 22%, followed Australia with 18% on the leader,
remaining articles were obtained in the full-text version. As after Egypt with 14%, China with 11%, and followed by
such, a full-text reading was performed in each study to the United Arab Emirates with 7%. Meanwhile, only one
verify that the article met all the study requirements. Once author was classified with others and this adds up to a total
the articles were read thoroughly and carefully, the final list of 21%.
Fig. 4 Countries by authors

Fig. 6 Classification of papers
the articles. Also, LGPD and ONC were not mentioned in

any of the selected articles.
Fig. 5 Venue types
Classification
We also investigated the frequency of articles according We summarize the requirements (Gardiyawasam Pusse-
to the type of publication forum. Figure 5 presents the walage and Oleshchuk 2016; Shah and Khan 2020; HIPAA
proportion of articles distributed in the two types of forums: 2013b); and (HITECH 2009) that must be met based on the
journals and conference articles. Thus, 17 represent 57% of legislation and policy Fig. 1 that are important when per-
papers found at conferences, and 13 represent 43% of papers forming the next-generation EHR systems to guarantee data
found in journals. Hence, this shows a balance between privacy. Our purpose is to analyze the main security require-
these two types of forums. Each article was classified as ments as a way of guaranteeing to preserve privacy. These
shown in Section “Methodology”. requirements provide a way to cover the most significant
aspects of each article regarding our research questions. Our
Rank venues of publication classification approach is transversal in all selected propos-
als, which means that an article can comprise more than one
In our study, our search focused on the Scopus database, requirement. Aspects of each requirement are discussed in
which indexes several other databases. Thus, we can see the following paragraphs.
that IEEE is the journal with the largest number of sources.
The other sources have only referred to an article, so we Access control
declare it as other forums. This shows that our research has
returned many journals and several conferences; this helps EHR systems must have means that allow access control
to guarantee and highlight the degree of reliability of the of data access to preserve patient privacy by employing
research method. rules and restrictions for private data access, hence being
Our classification was made based on the laws and policy considered compatible with the requirements demanded
highlighted previously. Hence, we can select the articles by HIPAA to access users’ health data (Gardiyawasam
and review the privacy requirements if they were met in the Pussewalage and Oleshchuk 2016).
articles. Figure 6 shows that HIPAA 36% holds the main
law mentioned in the articles, followed by GPDR with 7%, Emergency access
NIST 7%, and other with HITECH 4%. We can highlight
that the largest number of articles with 39% did not mention Systems should provide access to patients’ PHI information
any law or policy as a basis for building their solutions. We during an emergency. Access controls are necessary to make
can also see that other laws were cited, representing 7% of it possible in cases of emergency conditions, although they

may be very different from those used in normal operating agencies and research organizations (Jayabalan and Rana
circumstances (Farhadi et al. 2019). 2018). Healthcare users can terminate their consent at any
time, even before the consent has expired (Zhang et al.
De-identification 2016). Laws such as GDPR and LGPD pertain to the patient
being given the right to delete his data whenever he wishes.
De-identification allows PHI to be shared without breaking
patients ‘privacy or requiring users’ consent or prior autho- Encryption and decryption
rization from the patient. The information can be useful after
being de-identified for studies, medical research, or health Encryption mechanisms should be implemented as a
policy assessments (Grana and Jackwoski 2015). way to protect and safeguard information stored or
transmitted whenever possible (Gardiyawasam Pussewalage
Audit control and Oleshchuk 2016).
Auditing is a security measure that enables a healthcare Automatic Logoff

system to provide security for data. Auditing means keeping
a record of all users’ activities in a way that makes it EHR should provide a means to log users off automatically
possible to track any information accessed, modified, or after a specified period of inactivity as a way to avoid
deleted (Hussien et al. 2019). At the same time, systems improper access to user data, thus preserving the privacy of
like EHR should offer the option of traceability as a way of information (Farhadi et al. 2019).
providing privacy.
Integrity Mapping
PHI information that is improperly altered or destroyed can This section compares the privacy preservation mecha-
result in clinical quality problems for a provider, including nisms discussed earlier according to our classification in
patient safety issues. Thus, any tampering or modification Section “Methodology”. For comparison, we use secu-
of data is prohibited by laws. In addition, data shared rity and privacy requirements, which are: Access Control
between entities must originally represent information, that (AC), Emergency Access (EA), De-identification (DE),
is, without modifications (Gardiyawasam Pussewalage and Audit Control (AD), Integrity (IN), Secure Transmission
Oleshchuk 2016). Hence, other entities cannot access the (ST), Authentication (AU), Consent (CO), Cryptography
data without the user’s consent. Besides, the data must be and Decryption (ED), and Automatic Logoff (AL). In addi-
protected against modifications (Shah and Khan 2020). tion, the results of the comparison are tabulated in Table 2,
√
and we use ‘ ’ to denote satisfaction of a security and pri-
Secure transmission vacy requirement, while ‘◦’ is used to denote a lack this
requirement in the article. According to the comparison, it
A secure data transmission technique is intended to imple- is clearly evident that most schemes adhere to the security
ment technical measures to protect against unauthorized and privacy requirements considered to a greater extent, but
access to PHI transmitted over communication networks. not completely.
Table 2 presents a comparison of the main way for the
Authentication preservation of privacy and the main requirements. Next, we
show the individual researchers who have either defined or
Authentication aims to implement electronic mechanisms to researched each of the defined privacy requirements.
ensure that the patient’s PHI is protected and has not been
altered or destroyed without authorization. Once covered Access control
entities identify risks to the integrity of their data, they
must identify security measures that will mitigate the risks Access control is quite common not just in EHR systems.
(Farhadi et al. 2019). It is a common method of providing authorized access only
to those who must have the right access. Access control
Consent is considered a minimum requirement that any EHR must
have, so we can see that the vast majority of articles meet
The Health Insurance Portability Accountability Act the requirement to have access control. Attribute-based
(HIPAA) and the European Data Protection Act require access control (ABAC) is a method capable of managing
patient consent for your data to be shared with insurance user access, which depends on users, object attributes, and

Table 2 Comparison of privacy preservation requirements
Solution Mechanisms AC EA DE AD IN ST AU CO ED AL
√ √ √ √
Kho et al. (2015) DCIFIRHD ◦ ◦ ◦ ◦ ◦ ◦
√ √
Yang et al. (2015) Privacy policies ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
√
Amato et al. (2015) RBAC ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √
Rezaeibagha and Mu (2016) RBAC ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √ √ √
Ibrahim and Singhal (2016a) Cryptographic ◦ ◦ ◦ ◦
√ √ √
Ibrahim and Singhal (2016b) Cryptographic ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √
Lu and Sinnott (2016) XACML ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √
Zhang et al. (2016) CBAC ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √
Eom and Lee (2016) PC-ABE ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √ √
Mamun and Rana (2017) PCEHR ◦ ◦ ◦ ◦ ◦
√
Poulis et al. (2017) RT-datasets ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √
Tasatanattakool and Chian (2017) RBAC ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √
Jayabalan and O’Daniel (2017) RBAC ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √ √
Sun et al. (2018) Blockchain ◦ ◦ ◦ ◦ ◦
√ √ √
Vora et al. (2018) Blockchain ◦ ◦ ◦ ◦ ◦ ◦ ◦
√
Jayabalan and Rana (2018) PPDP ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
√
Abomhara et al. (2018) WBAC ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √ √
Guo et al. (2018) Blockchain ◦ ◦ ◦ ◦ ◦
√ √ √ √ √
Huang et al. (2019) Blockchain ◦ ◦ ◦ ◦ ◦
√ √ √
Nortey et al. (2019) Blockchain ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √
Shahnaz et al. (2019) Blockchain ◦ ◦ ◦ ◦ ◦ ◦
√ √ √
Xu et al. (2019) PR-CP-ABE ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √
Essa et al. (2019) Apache hadoop, IFHDS ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √ √
Nguyen et al. (2019) Blockchain ◦ ◦ ◦ ◦ ◦
√ √ √ √ √
Verdonck and Poels (2020) Blockchain ◦ ◦ ◦ ◦ ◦
√ √ √ √
Ismail and Materwala (2020) Blockchain ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √ √
Al Baqari and Barka (2020) Blockchain ◦ ◦ ◦ ◦ ◦
√ √ √
Sharma and Balamurugan (2020) Blockchain ◦ ◦ ◦ ◦ ◦ ◦ ◦
√ √ √ √
Zaabar et al. (2021) Blockchain ◦ ◦ ◦ ◦ ◦ ◦
√ √ √
Jagtap et al. (2021) Blockchain ◦ ◦ ◦ ◦ ◦ ◦ ◦
Legend: AC - Access Control, EA - Emergency Access, De-identification (DE), Audit Control (AD), Integrity (IN), Secure Transmission (ST),
Authentication (AU), Consent (CO), Encryption and Decryption (ED), and Automatic Logoff (AL)
a set of rules and policies that can define how access a patient’s health records. On the one hand, role-based
will be performed. However, ABAC is not yet formally access control is used to classify the authorized users
standardized (Gardiyawasam Pussewalage and Oleshchuk when it comes to using a patient’s health records. We
2016). NIST has standardization and a set of guidelines also studied the evolution of this model that started to use
to formalize and guide on how to implement ABAC (Hu other techniques to control access, such as (Jayabalan and
et al. 2014). Meanwhile, some methods present an approach O’Daniel 2017). This work presents a study on the access
making use of access controls through Role-Based Access control framework for EHR. Information access control
Control (RBAC), such as (Amato et al. 2015) proposes is essential for protecting patient privacy and security.
a hybrid framework toward permitted and supporting the Usually, access control is a blend of many elements,
definition of detailed access control policies running on such as authentication, authorization, and compliance
semi-structured EHRs through a customized RBAC model detection (audit trails), which form the information security
to improve access to parts of semi-structured EHRs. In ecosystem. The authors (Nguyen et al. 2019) propose a
this paper, (Tasatanattakool and Chian 2017) propose new architecture for sharing EHR based on a blockchain
using algorithms and RBAC to protect patients’ privacy in network. In this paper, the authors develop a reliable access
e-health systems. The proposed algorithms are to protect control mechanism based on a single, smart contract to

control user access to ensure efficient and secure EHR disclosing information that may violate users’ privacy who
sharing. For this, they developed a reliable mechanism using use these systems. The authors (Shahnaz et al. 2019) pro-
smart contracts. Smart contracts define all operations that pose a framework that can be used on EHR systems using
are allowed in access control. At the same time, users can blockchain technology. The main focus of the article is
interact with smart contracts at the contract address. Thus, the use of blockchain to provide security and privacy, as
the prevention of data privacy was possible through the well as providing storage of electronic records defined on
use of blockchain and smart contracts. Furthermore, it was access rules. Meanwhile, the authors (Zaabar et al. 2021)
possible to offer an access control scheme guaranteeing data develop the HealthBlock is a blockchain-based system for a
privacy and data ownership of individuals. decentralized health management system. The system uses
In this article (Nortey et al. 2019), a blockchain frame- blockchain technology integrated into healthcare to create
work is proposed for controlling EHR data over a dis- efficient and secure remote patient monitoring (RPM) and
tributed network to ensure users’ sensitive health data EHR management. The presented system’s architecture is
privacy, hence allowing the patients to control access to derived from exploring the concept of decentralized storage
their data stored in the EHS system. This article (Verdonck and an authorized blockchain network as an access control
and Poels 2020) aims to offer an alternative to manage mechanism to monitor patient vital signs data. A blockchain
EHRs with blockchain technology through smart contracts, is used to effectively implement the proposed architecture
thereby facilitating patient permissions on patients’ health- because it maintains access control only for specific partic-
care records. Requests are sent to patients who can decide ipants who will grant access to the data. In this work, (Lu
to grant or deny the patient’s medical record request. When and Sinnott 2016) propose a semantic methods XACML
a request is accepted, the data controller who stores the (eXtensible Access Control Markup Language) model pro-
respective record is notified by a smart contract to add vides access to personal information authorizing access to
read/write rights to the respective healthcare provider for confidential enforcement of privacy protection policies.
granted patient record. This article (Jagtap et al. 2021)
describes a strategy to protect health data. The proposed Emergency access
model’s key features are interoperability, secure storage, and
access to patient data. The authors presented an approach Laws state that access to private patient data must be
to medical records management using smart contracts to possible without express authorization from patients, since
provide audibility, interoperability, and usability. This sys- in emergencies or life-threatening situations, systems must
tem, intended to document flexibility and granularity, allows be able to allow such access on an emergency basis.
for data exchange and encourages the medical examination However, EHR systems must provide an option for
system. The authors (Rezaeibagha and Mu 2016) present medical personnel to access user data in an emergency,
an access control mechanism for an EHR system with a especially when the user cannot manually grant access
hybrid cloud structure, which allows dealing with many to the data. This technique is also known as Break-the-
users with different access privileges. The policy transfor- Glass (BTG) (Jayabalan and O’Daniel 2017). Thus, this
mation approach allows EHR data to be transferred from a paper (Eom and Lee 2016) proposes patient-controlled
private cloud to a public cloud with the corresponding trans- attribute-based encryption (PC-ABE), which allows the
formation in access control policy. Thus, for security and user to control access to their health data. This method
preservation of the shared data’s privacy, they use access allows the users to have total control over the data, and
control based on RBAC, with the use of Ciphertext-Policy whether they can authorize access to it. In emergencies,
Attributed-based Encryption (CP-ABE) in the process. In the victim is unconscious and cannot access their personal
this article (Yang et al. 2015), the authors have developed health information (PHI). An access key is created that
policies to preserve patient privacy, thus making it possi- will allow the emergency team to access the user’s private
ble to achieve interoperability of EHRs based on XDS.b data. However, it will only work for that patient. To avoid
and BPPC profiles. EHRs are classified according to the unauthorized data access after the service’s end, the key is
level of privacy based on their sensitivity. Each EHR cate- granted for a limited time.
gory uses privacy policies according to the user’s consent.
The exchange of information is done through XML, and the De-Identification
integration is done through the HL7 standard. The Access
Control Management Module represents the business rule of Unlike HIPAA, GDPR does not have specific methods
access control. Consequently, controlling the right of access for “de-identify” data. Instead, the regulation states that
to documents. This work (Abomhara et al. 2018) extends data can be “anonymized” or “pseudonymized” (Medicine
work-based access control (WBAC) in a risk assessment 2018). De-identification is a technique that allows certain
framework targeting EHRs. It mitigates the possibilities of information to be removed so that it is no longer possible to

identify the user. HIPAA requires 18 types of identification and organizational factors, such as current technical
to be removed (HIPAA 2013b). Thus, several techniques infrastructure, hardware, and software security features,
have been proposed for this purpose. The author (Sun et al. to determine reasonable and appropriate auditing, as well
2018) proposes a signature design based on a decentralized as controls for information systems that contain or use
attribute for healthcare blockchain. As a result, the PHI. HIPAA and ONC specify that auditors’ controls
DABE (Distributed Attribute-Based Encryption) scheme for are required for healthcare systems (Farhadi et al. 2019).
releasing attributes and private keys between organizations. Thus, (Ibrahim and Singhal 2016a) proposes an architecture
In this technique, they use attributes as a way of identifying for information exchange between physicians in different
the patients, thus hiding the user’s real identity, making the healthcare providers, hence, allowing them to exchange
data anonymous. The authors (Poulis et al. 2017) present information using cryptography ways to assure users’
the anonymity method, which permits third parties to security and preserve privacy. Besides that, the audit system
access patients’ information without disclosing the patient’s allows for proper maintenance of transactions and records
personal data. The methods that make use of anonymity all information that enters or leaves what has been requested
are increasingly present in the articles since they are ways by health providers.
to provide privacy to users, omitting their information,
especially where there is an exchange of information Integrity
between providers such as hospitals and other institutions
related to the health domain. Thus, we can cite (Jayabalan Integrity is defined as a security rule in order to protect
and Rana 2018). This article introduces technicians based data from unauthorized alteration or destruction. The reason
on the Publication of Privacy Preservation Data (PPPD) that for this standard is to establish and implement policies
can be applied to make anonymity before publishing patient and procedures to protect PHI from being compromised,
information in the insights. The main objective is to ensure regardless of the source. This will help prevent employees
that malicious users cannot extract information about any from making accidental or intentional changes and thereby
particular individual in the published dataset. Anonymity altering or destroying PHI. It can also help prevent changes
is a technique that irreversibly modifies data so that caused by errors or failures of electronic media. Integrity
user data are no longer directly or indirectly identifiable. can be achieved through encryption techniques; many
This is a technique applied to quasi-identifiers (identifiers articles present solutions to achieve this requirement, such
that, when combined, provide personally identifiable as (Sharma and Balamurugan 2020), who propose a system
information) to generalize, hide, and mask the relevant to make EHR more secure and at the same time provide a
information to be preserved. Hence, several methods level of privacy. For this, they used blockchain technology
can apply, such as generalization, suppression, bucketing, using their cryptographic techniques and decentralization.
slicing, and randomization. Anonymity is the usual address In this paper, we propose a biometric-based blockchain
in healthcare to preserve patient privacy. The process EHR system (BBEHR) blockchain-based framework for the
of de-identification and re-identification of data can storage and support of EHRs. Also, based on a blockchain
be accomplished through removal techniques and direct network, the patient is able to have exclusive control over
identifiers, such as name, phone numbers, e-mail addresses, his or her data. In addition, each patient has a unique
and other unique identifiers. Pseudonymization, where Ethereum (public blockchain platform considered to be
names and other information directly identify an individual, the most advanced to code and process smart contracts)
is replaced by symbols or other characters. Thus, the address and identifier using smart contracts, making it
de-identification of indirect identifiers where methods an arduous task for an unauthorized user to access.
include “Suppression,” “Generalization,” “Disturbance,” Moreover, several types of contracts were used to provide
“Swapping,” “Sub-Sampling,” and “Masking”. Besides, greater data protection, enabling the preservation of privacy
sensitive information can be suppressed with an asterisk, (Vora et al. 2018).
and some other information can be hidden.
Secure transmission
Audit
It is necessary to implement measures and techniques
Information systems must be able to provide a level of to protect against unauthorized access to the information
audit controls, such as access reports. These controls are transmitted over a data network. The health provider should
useful for recording and making it possible to consult implement technical security measures to protect against
the records in order to identify possible improper access unauthorized access. Health information must be protected
to patient data. As well, such records must be reviewed when it is being transmitted over a communications
frequently. An institution should consider its risk analysis network. Therefore, the institution must analyze these risks

and understand the current method used to transmit PHI. is given. The user must be clearly informed of how his
Once these methods are reviewed, the entity can determine data will be used. HIPAA enables the use or disclosure of
the best way to protect PHI. In this article (Ismail PHI with individual authorization, which must include a
and Materwala 2020), the authors propose a blockchain number of required elements. Thus, this article (Zhang et al.
framework aimed at EHR (BlockHR). The proposed 2016) presents a proposal for a framework for electronic
framework allows patients to transmit their health data health record systems permitting data (encrypted for privacy
through an external network, allowing doctors to support preservation). The proposal is an access control mechanism
patients by offering a better prognosis, diagnosis, and through consent to enable the exchange of information.
monitoring. The guarantee of privacy is offered by the Hence, the data requesters must ask users for permission to
blockchain network that makes use of cryptographic means access the data. To perform this task, they use a conditional
as a way to guarantee the privacy of the information proxy re-encryption algorithm, by which the data center re-
that is being transmitted. On the other hand,(Kho et al. encrypts the encrypted data without revealing its plain text.
2015) implemented a DCIFIRHD software application that Additionally, mutual authentication is achieved using the
creates a secure, seamless, and preserves the privacy of recipient’s public key in the encryption algorithm.
electronic health record (EHR) transmission data among
various locations in a large metropolitan area in the United Encryption and decryption
States for use in clinical research. The authors developed
an application that performs cleaning, pre-processing, and HIPAA specifies that it must implement a mechanism to
hashing of standardized patient identifier data to remove encrypt and decrypt electronically protected health informa-
all protected health information. The application creates tion. It implies using an algorithmic process to convert data
combinations of hash codes propagated from patient into a form in which there is a low probability of attribut-
identifiers using an SHA-512 algorithm compliant with the ing meaning without using a secret key or process (HIPAA
Health Insurance Portability Act (HIPAA). 2013b). This article (Guo et al. 2018) performs a study
on preserving patient privacy in an EHRs system on the
Authentication blockchain. Furthermore, it carried out access control based
on an attribute-based signature (MA-ABS) scheme with
Authentication refers to the methods that the user can many authorities. The authors propose a symmetric key gen-
access the EHR system, whether through passwords, PINs, eration method that simultaneously generates a symmetric
smart cards, tokens, or keys. This article (Al Baqari and session key at two distinct healthcare providers based on
Barka 2020) proposes a biometric blockchain EHR system existing patients’ credentials (Ibrahim and Singhal 2016b).
to guarantee the safety exchange and synchronization of In this article, (Huang et al. 2019) introduced MedBloc,
EHRs between healthcare providers. Besides, proposing a shared blockchain-based EHR system, through the use
safe access control for the restoration of EHRs is provided of smart contracts and cryptography techniques. It allows
to users. The authors propose a solution using biometrics patients and healthcare providers to access and, at the same
as forms of identification within a blockchain network time, share health records in a usable manner while pre-
based on EHRs. According to the HIPAA requirement, the serving privacy. This article (Xu et al. 2019) presents a new
proposed solution that maintaining the patient’s identity approach to ensure user privacy by preserving the revocable
ensures a single mapping between patients to their ciphertext policy attribute-based encryption (PR-CP-ABE)
respective EHRs, access control to the EHR while providing scheme, enabling users to revoke privileges and protect pri-
anonymization of patient data stored within EHR. Whereas, vacy immediately. This article (Essa et al. 2019) proposes
this article (Mamun and Rana 2017) proposes a framework a new approach to data security in IFDDS healthcare envi-
for authentication and a hybrid model for PCEHR access ronments using encryption algorithms distributed between
control to provide security and privacy of patients’ eHRs different platforms in the cloud. The main objective is to
using a cryptographic technique. For this, the proposed protect sensitive data stored in the cloud, with the least pos-
authentication model uses multichannel authentication and sible impact on latency and performance. IFHDS uses the
incorporates context restriction with conventional access concept of classification encryption to minimize processing
control models. The central framework employs encryption time and encrypt data based on the level of sensitivity. At
to update and store EHR data. the same time, IFHDS proposes splitting sensitive data into
different parts according to the sensitivity level. The divi-
Consent sion of this data based on the sensitivity level prevents the
cloud storage provider from breaking the data’s complete
The GDPR and LGPD allow the use of data related to record if it can decrypt part of the data. In addition, Apache
the patient’s health as long as the user’s explicit consent Hadoop and Spark allow IFHDS to encrypt and decrypt

data and use hardware resources using parallel processing. activity log can also reveal user behavior and identity due to
In addition, Spark masks sensitive data based on the GDPR the account’s fixed address. In addition, to resist malicious
requirements stored in the EHR. attacks (e.g., statistical attacks), healthcare systems have
to change the encryption keys periodically. Thus, this
Automatic logoff entails a cost of storage and management of these keys’
key holders, which will be necessary to decrypt in the
As a practice within institutions, EHR systems should be future (Guo et al. 2018). Meanwhile, recent advances in the
able to log off users who are accessing the system when exploration and storage of a large volume of data without
they are no longer using the system, thus preventing unau- compromising privacy have become a significant challenge
thorized people from accessing confidential patient infor- for researchers (Jayabalan and Rana 2018) and (Essa et al.
mation, thus exposing private patient information (HIPAA 2019).
2013a). Automatic logoff is an effective way to prevent The use of blockchain as a solution for security and
unauthorized users from accessing PHI on a workstation privacy has become increasingly common in solutions for
when left unattended for a period. However, in our research, EHR systems. As well, smart contracts have become a
the solutions found do not present information if the systems trend as a form of access control due to their decentralized
have automatic logoff capability, so we have not entered form that is characteristic of this technology associated with
any proposal that offers this type of security and privacy cryptography. The challenges associated with blockchain
requirement. are related to data storage on the blockchain network,
causing confidentiality and scalability problems. Thus,
data on a blockchain network is visible to everyone in
Discussion the blockchain chain. The data may contain private user
data, test results, history, or other reports. We can also
The important features included in the systematic mapping mention other defaults, such as a lack of social skills due
studies are summarized and discussed below. In this section, to the lack of understanding about blockchain technology
we will provide the answers to our questions from Section 2: is understandable only by a few people. We can also
mention the lack of a universal standard that defines the
Privacy challenges in EHR network patterns (Shahnaz et al. 2019). On the other hand,
sharing EHR information can lead to challenges for users
The advantages of healthcare systems have been considered in knowing who has access to their data. In a real scenario,
in recent decades. However, due to its many challenges, some healthcare providers may have access to the data and
the conventional use of the healthcare system is still at an use it illegally, leading to a privacy problem. This is also due
initial step. Perception security and privacy issues are the to the fact that the sharing of EHRs on the blockchain has
main concerns and challenges of the e-health system and, not been investigated in real-world scenarios (Nguyen et al.
consequently, EHR systems. The principle that regulates 2019).
the doctor–patient relationship is seen as privacy. Patients The human factor needs to be taken into account; training
are required to share the necessary information with their employees and at the same time enabling them to deal with
physicians. However, they may refuse to reveal important sensitive data is something fundamental, like investing in
information, as disclosing some information can result in technologies and computational means to assure the privacy
social disapproval and discrimination (Ghazvini and Shukur and security of information (Smaradottir 2018).
2013).
Nevertheless, it is essential to comprehend how well The main requirements identified in EHRs
electronic health records (EHR) are protected and the main
factors that can lead to a successful EHR. Over time, EHR EHRs, like any other system, need minimum requirements,
gathers personal information that is significant to a person’s such as access control and authentication mechanisms; these
life and social status. requirements are the most cited in the researched articles.
Encrypted methods are becoming increasingly common However, EHR is responsible for handling and storing sen-
as a way to preserve data and offer privacy. However, the sitive patient information, such as medications, progress
encryption method is not entirely secure. The computational reports, vital signs, medical histories, immunization reports,
cost of encryption can be high for EHR systems or low- laboratory data, and radiology reports. Thus, other pre-
capacity equipment such as health trackers, IoT devices, and cautions must be taken to avoid losing the privacy of the
smart watches, which are being used by patients to monitor information in these systems. In addition, ensuring data
daily activities and measure personal data, such as blood integrity is vital for these EHRs; for this reason, encryption
pressure, heart rate, and electrocardiograms (ECG). The techniques are cited continuously in almost all articles. We

Fig. 7 Wordcloud with the

selected main techniques to
provide privacy
can also highlight audit mechanisms that are essential for and security between healthcare providers and other intu-
tracking, thus making it possible to carry out periodic con- itions that need to receive this information. However, our
sultations on patient records, identifying whether the people most prominent highlight is the large number of articles that
who are accessing patient data are really who should access are unaware of the laws and standards that regulate how
it. to provide data privacy in EHR systems. Many articles do
Laws and policies constantly cite other means that not quote common laws or policy or even formalize their
guarantee the information’s privacy as techniques that allow techniques based on required requirements.
the de-identification of information. A common requirement Figure 7 presents a wordcloud with all the methods found
when analyzing laws such as GDPR and LGPD is that the in the searches cited in the researched articles on preserving
user has the possibility that their information will be deleted privacy. In this wordcloud, the method name’s font size
when the purpose of storing that information ends, as well varies according to the number of times that the technique
as authorizing the use of personal data and that the user has was cited in the analyzed articles (thus, names with large
full consent for how their information will be used. fonts represent the method that appears in more quantity).
Hence, this wordcloud is useful for highlighting the most
The main published techniques regarding prominent methods within our systematic mapping scope.
privacy in EHRs
The main published techniques that meet
We can highlight that there is a concern with the develop- the requirements
ment of techniques as a way of providing confidentiality
and data integrity (Ibrahim and Singhal 2016b), (Lu and We can see that the selected articles propose solutions
Sinnott 2016; Guo et al. 2018), and (Essa et al. 2019). for the security and preservation of data privacy in EHR
Simultaneously, it was realized that there are enough solu- systems. Hence, almost all of them are made up of one
tions concerned with anonymization (Sun et al. 2018) or more requirements, fewer requirements like automatic
and pseudonymization (Jayabalan and Rana 2018) of data logoff that were not mentioned. Some articles like (Ibrahim
as a way of preserving users’ privacy, as required by and Singhal 2016a; Guo et al. 2018; Sun et al. 2018) have
HIPAA (HIPAA 2013a) and GDPR (GDPR 2016). Mean- several requirements in their approaches. In addition, access
while, the use of access control techniques that make use of control, integrity, and encryption solutions are present in
cryptographic means have become a trend, and with the use almost everyone. The laws and policies specify that these
of smart contracts for this purpose, it has become increas- requirements are essential and vital to provide security
ingly common (Sun et al. 2018) and (Vora et al. 2018). and preserve users’ data privacy. However, some articles
Other requirements such as emergency access, required in focus more on a requirement, just like (Poulis et al. 2017)
EHR systems, are less implemented, as well as the use of and (Jayabalan and Rana 2018). Requirements such as user
consent to access users’ private data, whereas techniques consent as required by laws such as GDPR and LGPD have
such as secure transmission were also little explored since only been found in two articles, (Verdonck and Poels 2020),
there is a significant demand to ensure this data’s privacy and (Zhang et al. 2016).

Conclusions time, a set of rules that could certify these systems in terms
of privacy and security would be extremely important for
This work presented a systematic mapping of privacy in EHR systems.
electronic health record research. The research collected
848 papers between October 16 and 14 of November 2021 Author Contributions All authors contributed equally to this work.
and was carried out in the base Scopus (Elsevier). After
applying the inclusion and exclusion criteria, the analysis Funding Open access funding provided by FCT—FCCN (b-on). The
of the papers was carried out in 30 works resulting in the author(s) received no financial support for the research, authorship,
following conclusions. and/or publication of this article.
Preserving user data privacy is extremely important
in healthcare environments. The main privacy challenges Declarations
related to EHR systems consist of increasing data privacy
Competing interests The authors declare that they have no known
without compromising the performance and interoperability competing financial interests or personal relationships that could have
of these systems. Blockchain has been used in many EHR appeared to influence the work reported in this paper.
systems as a solution to achieve data privacy. However, it is
a challenge to maintain traceability by recording metadata Informed consent The authors declare that this research does not
that can be mapped to private data of the users applying contain any individual person’s data in any form (including any
a particular mapping function that can be hosted outside individual details, images or videos).
the blockchain. Therefore, the right to be forgotten must
be applied by eliminating the link between the blockchain Open Access This article is licensed under a Creative Commons
and private data in the mapping occupation. Besides, the Attribution 4.0 International License, which permits use, sharing,
adaptation, distribution and reproduction in any medium or format, as
analyzed works showed a growing interest in privacy in
long as you give appropriate credit to the original author(s) and the
electronic health record research in the last 6 years. source, provide a link to the Creative Commons licence, and indicate
The main law requirements that EHR systems must if changes were made. The images or other third party material in this
respect are encryption techniques, access control, integrity, article are included in the article’s Creative Commons licence, unless
indicated otherwise in a credit line to the material. If material is not
audit controls, followed by de-identification, emergency
included in the article’s Creative Commons licence and your intended
access, consent, secure transmission, authentication, and use is not permitted by statutory regulation or exceeds the permitted
automatic logoff. When considering systems that need to use, you will need to obtain permission directly from the copyright
provide privacy and security to user data, those concerns holder. To view a copy of this licence, visit http://creativecommons.
org/licenses/by/4.0/.
must be considered from the beginning and throughout the
system development life cycle.
Our research noticed that the majority of articles do
not bring all the requirements in their approach. Thus, References
most articles focus on just a few requirements such as
Abomhara M., Køien G. M., Oleshchuk V. A., Hamid M. (2018)
access control, data integrity, data security transmission,
Towards risk-aware access control framework for healthcare
data encryption, and decryption. The works are not entirely information sharing. In: Proceedings of the 4th International
based on personal health information protection laws and Conference on Information Systems Security and Privacy - 1,
policies such as data emergency access strategies, user ICISSP, INSTICC, SciTePress, pp. 312–321. https://doi.org/10.
consent, audit control, and automatic logoff. Furthermore, 5220/0006608103120321
Ahmadian L., Khajouei R. (2012) Impact of computerized order sets
the authors do not mention in detail or list their proposed on practitioner performance. Quality of Life through Quality of
solution on which system features comply with laws or Information, 1129–1131
policies. Thus, the lack of a systematic approach between Ahmadian L., Salehi Nejad S., Khajouei R. (2015) Evaluation methods
used on health information systems (hiss) in Iran and the effects
EHR solutions and existing laws or policies leads to better
of hiss on Iranian healthcare: A systematic review. International
strategies for developing a certification process for EHR Journal of Medical Informatics, 84. https://doi.org/10.1016/j.
systems. ijmedinf.2015.02.002
The lack of standardization for the development of EHR Al Baqari M., Barka E. (2020) Biometric-based blockchain EHR
system (BBEHR). In: 2020 International Wireless Commu-
systems has been seen as one of the main problems, and
nications and Mobile Computing (IWCMC), pp. 2228–2234,
developers do not have a reference guide to analyze the https://doi.org/10.1109/IWCMC48107.2020.9148357
privacy and security requirements that EHR systems must Al-Issa Y., Ottom M. A., Tamrawi A. (2019) eHealth cloud
meet. Therefore, a set of rules that could be used to guide security challenges: A survey. Journal of Healthcare Engineering
the developer on what privacy and security requirements 2019:7516035 https://doi.org/10.1155/2019/7516035
Alanazi H. O., Zaidan A. A., Zaidan B. B., Kiah M. L., Al-Bakri S. H.
EHR systems must meet would be vitally important to guide (2015) Meeting the security requirements of electronic medical
the development of more secure EHR systems. At the same records in the era of high-speed computing. J Med Syst 39(1):165

Aldossary S., Allen W. (2016) Data security, privacy, availability and 4th International Conference on Electrical Engineering and Infor-
integrity in cloud computing: Issues and current solutions. Int. matics, ICEEI 2013. https://doi.org/10.1016/j.protcy.2013.12.183
J. Adv. Comput. Sci. Appl. 7, https://doi.org/10.14569/IJACSA. Gkoulalas-Divanis A., Loukides G., Sun J. (2014) Publishing data
2016.070464 from electronic health records while preserving privacy: A survey
Amato F., De Pietro G., Esposito M., Mazzocca N. (2015) An of algorithms. J. Biomed. Inform. 50:4–19. https://doi.org/10.
integrated framework for securing semi-structured health records. 1016/j.jbi.2014.06.002, special Issue on Informatics Methods in
Knowl.-Based Syst. 79:99–117. https://doi.org/10.1016/j.knosys. Medical Privacy
2015.02.004 Grana M., Jackwoski K. (2015) Electronic health record: a review.
Aslam U., Sohail A., Aziz H. I. T., Vistro M. (2019) The importance In: 2015 IEEE International Conference on Bioinformatics and
of preserving the anonymity in healthcare data: a survey. Biomedicine (BIBM), IEEE Computer Society, Los Alamitos,
International Journal Of Scientific & Technology Research 8(11), CA, USA, pp. 1375–1382. https://doi.org/10.1109/BIBM.2015.
NOVEMBER 2019 7359879
Balsari S., Fortenko A., Blaya J. A., Gropper A., Jayaram M., Matthan Guo R., Shi H., Zhao Q., Zheng D. (2018) Secure attribute-based
R., Sahasranam R., Shankar M., Sarbadhikari S. N., Bierer B. E., signature scheme with multiple authorities for blockchain in
Mandl K. D., Mehendale S., Khanna T. (2018) Reimagining electronic health records systems. IEEE Access 6:11676–11686.
health data exchange: an application programming interface– https://doi.org/10.1109/ACCESS.2018.2801266
enabled roadmap for India. J Med Internet Res 20(7):e10725. Hakim S. A., Sensuse D. I. (2018) Knowledge mapping system
https://doi.org/10.2196/10725 implementation in knowledge management: A systematic lit-
Berner E. S., Detmer D. E., Simborg D. (2005) Will the wave finally erature review. In: 2018 International Conference on Informa-
break? A brief view of the adoption of electronic medical records tion Management and Technology (ICIMTech), pp. 131–136
in the United States. J. Am. Med. Inform. Assoc. 12(1):3–7. https://doi.org/10.1109/ICIMTech.2018.8528190
https://doi.org/10.1197/jamia.M1664 Hathaliya J. J., Tanwar S., Evans R. (2020) Securing electronic
Cifuentes M., Davis M., Fernald D., Gunn R., Dickinson P., healthcare records: a mobile-based biometric authentication
Cohen D. J. (2015) Electronic health record challenges, approach. Journal of Information Security and Applications
workarounds, and solutions observed in practices integrating 102528:53. https://doi.org/10.1016/j.jisa.2020.102528
behavioral health and primary care. The Journal of the Amer- HIPAA (2013a) HIPAA survival guide HITECH act summary -
ican Board of Family Medicine 28(Supplement 1):S63–S72. HIPAA Privacy Rule 164.506. http://www.hipaasurvivalguide.
https://doi.org/10.3122/jabfm.2015.S1.150133 com/hipaa-regulations/164-506 BAK 01202013.php
Dybå T, Dingsøyr T (2008) Empirical studies of agile software HIPAA (2013b) Summary of the HIPAA Privacy Rule. https://
development: A systematic review. Inf. Softw. Technol. 50:833– www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/
859. https://doi.org/10.1016/j.infsof.2008.01.006 summary/privacysummary.pdf
Edemacu K., Park H. K., Jang B., Kim J. W. (2019) Privacy provision HITECH (2009) Health information technology for economic and
in collaborative eHealth with attribute-based encryption: survey, clinical health (HITECH) act. http://www.hhs.gov/hipaa/for-
challenges and future directions. IEEE Access 7:89614–89636. professionals/specialtopics/HITECH-act-enforcement-interim-final-
https://doi.org/10.1109/ACCESS.2019.2925390 rule/, last Accessed 16 September 2020
Eom J., Lee K. (2016) Patient-controlled attribute-based encryption Horodyski D. (2015) 2013 OECD Guidelines on the protection of
for secure electronic health records system. J. Med. Syst. 40:253. privacy and transborder flows of personal data as an example
https://doi.org/10.1007/s10916-016-0621-3 of recent trends in personal data protection, ResearchGate,
Essa Y. M., Hemdan E. E. D., El-Mahalawy A., Attiya G., El-Sayed pp. 255–266, https://doi.org/10.13140/RG.2.1.1508.4405
A. (2019) IFHDS: Intelligent framework for securing health- Hu V., Ferraiolo D., Kuhn D., Schnitzer A., Sandlin K., Miller
care bigdata. J. Med. Syst. 43(5):124. https://doi.org/10.1007/ R., Scarfone K. (2014) Guide to attribute based access control
s10916-019-1250-4 (ABAC) definition and considerations. National Institute of
Farhadi M., Haddad H., Shahriar H. (2019) Compliance checking Standards and Technology Special Publication, 162–800
of open source EHR applications for HIPAA and ONC security Huang J., Qi Y. W., Asghar M. R., Meads A., Tu Y. (2019)
and privacy requirements. In: 2019 IEEE 43rd annual computer MedBloc: A blockchain-based secure EHR system for sharing
software and applications conference (COMPSAC) vol. 1, and accessing medical data. In: 2019 18th IEEE International
pp. 704–713. https://doi.org/10.1109/COMPSAC.2019.00106 Conference On Trust, Security And Privacy In Computing And
Fernández-Alemán J. L., Señor I. C., Ángel Oliver Lozoya P., Toval Communications/13th IEEE International Conference On Big
A. (2013) Security and privacy in electronic health records: a Data Science And Engineering (TrustCom/BigDataSE), pp. 594–
systematic literature review. J. Biomed. Inform. 46(3):541–562. 601, https://doi.org/10.1109/TrustCom/BigDataSE.2019.00085
https://doi.org/10.1016/j.jbi.2012.12.003 Hussien H. M., Yasin S. M., Udzir S. N. I., Zaidan A. A.,
Gardiyawasam Pussewalage H. S., Oleshchuk V. A. (2016) Privacy Zaidan B. B. (2019) A systematic review for enabling
preserving mechanisms for enforcing security and privacy of develop a blockchain technology in healthcare applica-
requirements in e-health solutions. Int. J. Inf. Manag. 36(6, Part tion: taxonomy, substantially analysis, motivations, challenges,
B):1161–1173. https://doi.org/10.1016/j.ijinfomgt.2016.07.006 recommendations and future direction. J. Med. Syst. 43(10):320.
GDPR (2016) Regulation (EU) 2016/679 of the European Parliament https://doi.org/10.1007/s10916-019-1445-8
and of the Council of 27 April 2016 on the protection of natural Häyrinen K., Saranto K., Nykänen P. (2008) Definition, structure,
persons with regard to the processing of personal data and on the content, use and impacts of electronic health records: a review
free movement of such data, and repealing Directive 95/46/ EC of the research literature. Int. J. Med. Informatics 77(5):291–304.
(General Data Protection Regulation). http://eur-lex.europa.eu/ https://doi.org/10.1016/j.ijmedinf.2007.09.001
legal-content/EN/TXT/?uri=uriserv:OJ.L .2016.119.01.0001.01. Ibrahim A., Singhal M. (2016a) An abstract architecture design for
ENG&toc=OJ:L:2016:119:TOC medical information exchange. In: 2016 International Conference
Ghazvini A., Shukur Z. (2013) Security challenges and success factors on Industrial Informatics and Computer Systems (CIICS), pp. 1–6
of electronic healthcare system. Procedia Technol. 11:212–219. https://doi.org/10.1109/ICCSII.2016.7462427

Ibrahim A., Singhal M. (2016b) A simultaneous key generation S., Bhalla S. (eds) Databases in Networked Information Systems,
technique for health information exchange (hie) based on existing Springer International Publishing, Cham, pp. 202?213
patients’ credentials Nguyen D. C., Pathirana P. N., Ding M., Seneviratne A. (2019)
Ismail L., Materwala H. (2020) BlockHR: A blockchain-based frame- Blockchain for secure EHRs sharing of mobile cloud based e-
work for health records management. In: Proceedings of the 12th health systems, vol 7
International Conference on Computer Modeling and Simulation, Nortey R. N., Yue L., Agdedanu PR, Adjeisah M (2019) Pri-
Association for Computing Machinery, New York, NY, USA, vacy module for distributed electronic health records (EHRs)
ICCMS ’20, p 164–168 https://doi.org/10.1145/3408066.3408106 using the blockchain. In: 2019 IEEE 4th International Con-
Jagtap S. T., Thakar C. M., El imraniO, Phasinam K., Garg S., ference on Big Data Analytics (ICBDA), pp. 369–374
Ventayen R. J. M. (2021) A framework for secure healthcare https://doi.org/10.1109/ICBDA.2019.8713188
system using blockchain and smart contracts. In: 2021 Second Nweke L., Yeng P., Wolthusen S., Yang B. (2020) Understand-
International Conference on Electronics and Sustainable Commu- ing attribute-based access control for modelling and analysing
nication Systems (ICESC), pp. 922–926 https://doi.org/10.1109/ healthcare professionals’ security practices. Int. J. Adv. Com-
ICESC51422.2021.9532644 put. Sci. Appl. 11:683–690. https://doi.org/10.14569/IJACSA.
Jayabalan M., O’Daniel T. (2017) Continuous and transparent 2020.0110286
access control framework for electronic health records: A Odeh A., Keshta I., Aboshgifa A., Abdelfattah E. (2022) Privacy
preliminary study. In: 2017 2nd International conferences on and security in mobile health technologies: Challenges and con-
Information Technology, Information Systems and Electrical cerns. In: 2022 IEEE 12th Annual Computing and Commu-
Engineering (ICITISEE), pp. 165–170 https://doi.org/10.1109/ nication Workshop and Conference (CCWC), pp. 0065–0071
ICITISEE.2017.8285487 https://doi.org/10.1109/CCWC54503.2022.9720863
Jayabalan M., Rana M. E. (2018) Anonymizing healthcare records: A Pai M. M. M., Ganiga R., Pai R. M., Sinha R. K. (2021) Standard
study of privacy preserving data publishing techniques. Adv. Sci. electronic health record (EHR) framework for Indian healthcare
Lett. 24:1694–1697. https://doi.org/10.1166/asl.2018.11139 system. Health Serv. Outcomes Res. Method. 21(3):339–362.
Kadhim K. T., Alsahlany A. M., Wadi S. M., Kadhum H. T. (2020) https://doi.org/10.1007/s10742-020-00238-0
An overview of patient’s health status monitoring system based on Petersen K., Feldt R., Mujtaba S., Mattsson M. (2008) Systematic
Internet of Things (IoT). Wireless Pers. Commun. 114(3):2235– mapping studies in software engineering. In: EASE
2262. https://doi.org/10.1007/s11277-020-07474-0 Petersen K., Vakkalanka S., Kuzniarz L. (2015) Guidelines for
Kanwal T., Anjum A., Khan A. (2020) Privacy preservation in e- conducting systematic mapping studies in software engineering:
health cloud: taxonomy, privacy requirements, feasibility analysis, An update. Inf. Softw. Technol. 64:1–18. https://doi.org/10.1016/
and opportunities. Cluster Computing https://doi.org/10.1007/ j.infsof.2015.03.007
s10586-020-03106-1 Poulis G., Loukides G., Skiadopoulos S., Gkoulalas-Divanis A. (2017)
Kayaalp M. (2018) Patient privacy in the era of big data. Balkan Med. Anonymizing datasets with demographics and diagnosis codes in
J. 35(1):8–17. https://doi.org/10.4274/balkanmedj.2017.0966 the presence of utility constraints. J. Biomed. Inform. 65:76–96.
28903886[pmid] https://doi.org/10.1016/j.jbi.2016.11.001
Keshta I., Odeh A. (2020) Security and privacy of electronic health Pramanik P. K. D., Pal S., Mukhopadhyay M. (2019) Healthcare Big
records. Concerns and challenges. Egyptian Informatics Journal. Data: A Comprehensive Overview, IGI Global, Hershey, PA, USA,
https://doi.org/10.1016/j.eij.2020.07.003 pp. 72–100. Intelligent Systems for Healthcare Management and
Kho A. N., Cashy J. P., Jackson K. L., Pah A. R., Goel S., Boehnke Delivery https://doi.org/10.4018/978-1-5225-7071-4.ch004
J., Humphries J. E., Kominers S. D., Hota B. N., Sims S. A., Rana M. E., Jayabalan M. (2016) Privacy preserving anonymization
Malin B. A., French D. D., Walunas T. L., Meltzer D. O., techniques for patient data: An overview. In: Conference:
Kaleba E. O., Jones R. C., Galanter W. L. (2015) Design and 3rd International Conference on Knowledge, Information and
implementation of a privacy preserving electronic health record Software Engineering (ICKIS2016)
linkage tool in Chicago. J. Am. Med. Inform. Assoc. 22(5):1072– Rezaeibagha F., Mu Y. (2016) Distributed clinical data sharing via
1080. https://doi.org/10.1093/jamia/ocv038 dynamic access-control policy transformation. Int. J. Med. Infor-
Kitchenham B. (2004) Procedures for performing systematic reviews. matics 89:25–31. https://doi.org/10.1016/j.ijmedinf.2016.02.002
Keele, UK, Keele Univ, 33 Richter G., Borzikowsky C., Lieb W., Schreiber S., Krawczak
Kloss L. L., Brodnik M. S., Rinehart-Thompson L. A. (2018) Access M., Buyx A. (2019) Patient views on research use of clin-
And disclosure of personal health information: A challenging ical data without consent: legal, but also acceptable? Euro-
privacy landscape in 2016-2018. Yearb Med Inform 060(01):060– pean Journal of Human Genetics : EJHG 27(6):841–847.
066 https://doi.org/10.1038/s41431-019-0340-6 30683927 [pmid]
Lu Y., Sinnott R. O. (2016) Semantic-based privacy protection of Scholl M. A., Stine K. M., Hash J., Bowen P., Johnson L. A.,
electronic health records for collaborative research. In: 2016 IEEE Smith C. D., Steinberg D. I. (2008) SP 800-66 Rev. 1. an
Trustcom/BigDataSE/ISPA, pp. 519–526, https://doi.org/10.1109/ introductory resource guide for implementing the health insurance
TrustCom.2016.0105 portability and accountability act (HIPAA) security rule, national
Mamun Q., Rana M. (2017) A robust authentication model using institute of standards & technology, Gaithersburg, MD, USA,
multi-channel communication for eHealth systems to enhance chap, 1
privacy and security. In: 2017 8th IEEE Annual Information Shah S. M., Khan R. A. (2020) Secondary use of electronic health
Technology, Electronics and Mobile Communication Conference record: Opportunities and challenges. IEEE Access 8:136947–
(IEMCON), pp. 255–260 https://doi.org/10.1109/IEMCON.2017. 136965. https://doi.org/10.1109/ACCESS.2020.3011099
8117210 Shahnaz A., Qamar U., Khalid A. (2019) Using blockchain
Medicine J. H. (2018) Preparing for the EU GDPR In research for electronic health records. IEEE Access 7:147782–147795.
settings guidance. https://www.jhsph.edu/offices-and-services/ https://doi.org/10.1109/ACCESS.2019.2946373
institutional-review-board/ Sharma Y., Balamurugan B. (2020) Preserving the privacy of elec-
Mehndiratta P., Sachdeva S., Kulshrestha S. (2014) A model of privacy tronic health records using blockchain. Procedia Computer Sci-
and security for electronic health records. In: Madaan A., Kikuchi ence 173:171–180. https://doi.org/10.1016/j.procs.2020.06.021,

international Conference on Smart Sustainable Intelligent Com- framework for securing electronic health records. In:
puting and Applications under ICITETM2020 2018 IEEE Globecom Workshops (GC Wkshps), pp. 1–6
Shrestha N. M., Alsadoon A., Prasad P. W. C., Hourany L., Elchouemi https://doi.org/10.1109/GLOCOMW.2018.8644088
A. (2016) Enhanced e-health framework for security and privacy Wazid M., Das A. K., Kumar N., Conti M., Vasilakos A. V., Wazid
in healthcare system. In: 2016 Sixth International Conference on M., Das A. K., Kumar N., Conti M., Vasilakos A. V. (2018) A
Digital Information Processing and Communications (ICDIPC), Novel Authentication and Key Agreement Scheme for Implantable
pp. 75–79 https://doi.org/10.1109/ICDIPC.2016.7470795 Medical Devices Deployment. IEEE J Biomed Health Inform
Sittig D., Singh H. (2010) A new sociotechnical model for studying 22(4):1299–1309
health information technology in complex adaptive healthcare Xu R., Joshi J., Krishnamurthy P. (2019) An integrated privacy
systems. Quality & Safety in Health Care 19 Suppl 3:i68–74. preserving attribute based access control framework support-
https://doi.org/10.1136/qshc.2010.042085 ing secure deduplication. IEEE Transactions on Dependable
Smaradottir B. F. (2018) Security management in electronic health and Secure Computing, 1–1. https://doi.org/10.1109/TDSC.2019.
records: Attitudes and experiences among health care profes- 2946073
sionals. In: 2018 International Conference on Computational Yang C., Liu C., Tseng T. (2015) Design and implementation of a
Science and Computational Intelligence (CSCI), pp. 715–719 privacy aware framework for sharing electronic health records.
https://doi.org/10.1109/CSCI46756.2018.00143 In: 2015 International Conference on Healthcare Informatics, pp.
Sun Y., Zhang R., Wang X., Gao K., Liu L. (2018) A decen- 504–508 https://doi.org/10.1109/ICHI.2015.92
tralizing attribute-based signature for healthcare blockchain. In: Yüksel B., Küpçü A., Öznur Ö. (2017) Research issues for privacy and
2018 27th International Conference on Computer Communica- security of electronic health services. Futur. Gener. Comput. Syst.
tion and Networks (ICCCN), pp. 1–9 https://doi.org/10.1109/ 68:1–13. https://doi.org/10.1016/j.future.2016.08.011
ICCCN.2018.8487349 Zaabar B., Cheikhrouhou O., Jamil F., Ammi M., Abid M. (2021)
Tan J. (2008) Healthcare information systems and informatics: Healthblock: A secure blockchain-based healthcare data manage-
Research and Practices: Research and Practices. IGI Global ment system. Comput. Netw. 200:108500. https://doi.org/10.1016/
Tasatanattakool P., Chian T. (2017) User authentication algorithm j.comnet.2021.108500
with role-based access control for electronic health systems to Zhang A., Bacchus A., Lin X. (2016) Consent-based access
prevent abuse of patient privacy. In: 2017 3rd IEEE International control for secure and privacy-preserving health information
Conference on Computer and Communications (ICCC), pp. 1019– exchange. Security and Communication Networks 9(16):3496–
1024 https://doi.org/10.1109/CompComm.2017.8322697 3508. https://doi.org/10.1002/sec.1556
Verdonck M., Poels G. (2020) Architecture and value analysis
of a blockchain-based electronic health record permission
management system (short paper). In: VMBO
Vora J., Nayyar A., Tanwar S., Tyagi S., Kumar N., Obaidat Publisher’s note Springer Nature remains neutral with regard to
M. S., Rodrigues J. J. P. C. (2018) Bheem: A blockchain-based jurisdictional claims in published maps and institutional affiliations.

Terms and Conditions
Springer Nature journal content, brought to you courtesy of Springer Nature Customer Service Center GmbH (“Springer Nature”).
Springer Nature supports a reasonable amount of sharing of research papers by authors, subscribers and authorised users (“Users”), for small-
scale personal, non-commercial use provided that all copyright, trade and service marks and other proprietary notices are maintained. By
accessing, sharing, receiving or otherwise using the Springer Nature journal content you agree to these terms of use (“Terms”). For these
purposes, Springer Nature considers academic use (by researchers and students) to be non-commercial.
These Terms are supplementary and will apply in addition to any applicable website terms and conditions, a relevant site licence or a personal
subscription. These Terms will prevail over any conflict or ambiguity with regards to the relevant terms, a site licence or a personal subscription
(to the extent of the conflict or ambiguity only). For Creative Commons-licensed articles, the terms of the Creative Commons license used will
apply.
We collect and use personal data to provide access to the Springer Nature journal content. We may also use these personal data internally within
ResearchGate and Springer Nature and as agreed share it, in an anonymised way, for purposes of tracking, analysis and reporting. We will not
otherwise disclose your personal data outside the ResearchGate or the Springer Nature group of companies unless we have your permission as
detailed in the Privacy Policy.
While Users may use the Springer Nature journal content for small scale, personal non-commercial use, it is important to note that Users may
not:
1. use such content for the purpose of providing other users with access on a regular or large scale basis or as a means to circumvent access
control;
2. use such content where to do so would be considered a criminal or statutory offence in any jurisdiction, or gives rise to civil liability, or is
otherwise unlawful;
3. falsely or misleadingly imply or suggest endorsement, approval , sponsorship, or association unless explicitly agreed to by Springer Nature in
writing;
4. use bots or other automated methods to access the content or redirect messages
5. override any security feature or exclusionary protocol; or
6. share the content in order to create substitute for Springer Nature products or services or a systematic database of Springer Nature journal
content.
In line with the restriction against commercial use, Springer Nature does not permit the creation of a product or service that creates revenue,
royalties, rent or income from our content or its inclusion as part of a paid for service or for other commercial gain. Springer Nature journal
content cannot be used for inter-library loans and librarians may not upload Springer Nature journal content on a large scale into their, or any
other, institutional repository.
These terms of use are reviewed regularly and may be amended at any time. Springer Nature is not obligated to publish any information or
content on this website and may remove it or features or functionality at our sole discretion, at any time with or without notice. Springer Nature
may revoke this licence to you at any time and remove access to any copies of the Springer Nature journal content which have been saved.
To the fullest extent permitted by law, Springer Nature makes no warranties, representations or guarantees to Users, either express or implied
with respect to the Springer nature journal content and all parties disclaim and waive any implied warranties or warranties imposed by law,
including merchantability or fitness for any particular purpose.
Please note that these rights do not automatically extend to content, data or other material published by Springer Nature that may be licensed
from third parties.
If you would like to use or distribute our Springer Nature journal content to a wider audience or on a regular basis or in any other manner not
expressly permitted by these Terms, please contact Springer Nature at
onlineservice@springernature.com

Imd262 Individual Assignment

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Imd262 Individual Assignment

Uploaded by

Copyright:

Available Formats

Universiti Teknologi MARA Sarawak

School of Information Science,

Diploma in Information Management

Introduction to Electronic Recordkeeping

Summary of the Article:

Submission Date: April 2024

School of Information Science,

Includes essential information Covers topic completely and

Student does not Student demonstrates

Ideas are consistently

Provides reference &

Overall Assessment 100% 0

Allocated from overall assessment 20% 0

Jesswyna Anessa anak Joannes Wat

School of Information Science,

College of Computing, Informatics and Mathematics,

Diploma in Information Management,

UiTM Sarawak, Samarahan Campus.

No Contents Page Number

Keyword: Electronic health record (EHR) , Health , Privacy , Security, Confidentiality

Also, "Privacy in Electronic Health Records: A Systematic Mapping Study" by Rodrigo

Meanwhile, in "Privacy in Electronic Health Records: A Systematic Mapping Study" by Rodrigo

Concerns and challenges. ResearchGate; Elsevier BV.

records: a systematic mapping study. ResearchGate; Springer Nature.

Security and privacy of electronic health records: Concerns and challenges

Article in Egyptian Informatics Journal · August 2020

Ismail Keshta Ammar Odeh

SEE PROFILE SEE PROFILE

The user has requested enhancement of the downloaded file.

Contents lists available at ScienceDirect

Egyptian Informatics Journal

Security and privacy of electronic health records: Concerns and

An electronic health record is defined as an electronic version of

Privacy in electronic health records: a systematic mapping study

Keywords Electronic health record (EHR) · Health · Privacy · Security

Introduction countries, providing better access to information through the

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Fig. 2 Systematic mapping

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

– QA2. Is there a clear statement of the aims of the

We establish the inclusion and exclusion criteria to filter the

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Results was reduced to 30 references. This reduction was due to the

Fig. 4 Countries by authors

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Fig. 6 Classification of papers

the articles. Also, LGPD and ONC were not mentioned in

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Auditing is a security measure that enables a healthcare Automatic Logoﬀ

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Table 2 Comparison of privacy preservation requirements

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Fig. 7 Wordcloud with the

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Content courtesy of Springer Nature, terms of use apply. Rights reserved.