The Australian PCEHR system: Ensuring Privacy and Security through an Improved Access Control Mechanism
This addresses privacy and security concerns for patients and healthcare providers in Australia's electronic health system, but appears incremental as it builds on existing access control mechanisms.
The paper tackles the problem of unauthorized access hindering adoption of Australia's Personally Controlled Electronic Health Record (PCEHR) system, proposing an improved access control model to resolve this issue.
An Electronic Health Record (EHR) is designed to store diverse data accurately from a range of health care providers and to capture the status of a patient by a range of health care providers across time. Realising the numerous benefits of the system, EHR adoption is growing globally and many countries invest heavily in electronic health systems. In Australia, the Government invested $467 million to build key components of the Personally Controlled Electronic Health Record (PCEHR) system in July 2012. However, in the last three years, the uptake from individuals and health care providers has not been satisfactory. Unauthorised access of the PCEHR was one of the major barriers. We propose an improved access control model for the PCEHR system to resolve the unauthorised access issue. We discuss the unauthorised access issue with real examples and present a potential solution to overcome the issue to make the PCEHR system a success in Australia.