A Criticism of the Current Security, Privacy and Accountability Issues in Electronic Health Records
Addresses security and privacy issues in EHR systems for healthcare providers and patients, but is incremental as it primarily reviews existing approaches.
This paper reviews recent approaches to security, privacy, and accountability in electronic health records (EHR), identifying gaps such as ineffective cryptographic key management and insufficient user monitoring that impede system trust and acceptability.
Cryptography has been widely accepted for security and partly for privacy control as discovered from past works. However, many of these works did not provide a way to manage cryptographic keys effectively especially in EHR applications, as this is the Achilles heel of cryptographic techniques currently proposed. The issue of accountability for legitimate users also has not been so popular and only a few considered it in EHR. Unless a different approach is used, the reliant on cryptography and password or escrow based system for key management will impede trust of the system and hence its acceptability. Also users with right access should also be monitored without affecting the clinician workflow. This paper presents a detailed review of some selected recent approaches to ensuring security, privacy and accountability in EHR and gaps for future research were also identified.