As a consequence of the huge advancement of the Electronic Health Record (EHR) in healthcare settings, the My Health Record (MHR) is introduced in Australia. However security and privacy of the MHR system have been encumbering the development of the system. Even though the MHR system is claimed as patient-cenred and patient-controlled, there are several instances where healthcare providers (other than the usual provider) and system operators who maintain the system can easily access the system and these unauthorised accesses can lead to a breach of the privacy of the patients. This is one of the main concerns of the consumers that affect the uptake of the system. In this paper, we propose a patient centred MHR framework which requests authorisation from the patient to access their sensitive health information. The proposed model increases the involvement and satisfaction of the patients in their healthcare and also suggests mobile security system to give an online permission to access the MHR system.
Patient centred care is the practice of caring for patients (and their families) in ways that are meaningful and valuable to the individual patient. It includes listening to, informing and involving patients in their care. The American Institute of Medicine (IOM) defines patient-centred care as: "Providing care that is respectful of, and responsive to, individual patient preferences, needs and values, and ensuring that patient values guide all clinical decisions" [8]. Picker Institute and Harvard Medical School has defined the Patient-Centred care through eight principles [9] which are explained in Figure 1.
In the Picker’s patient-centred principles, more than one principle directly linked with patients’ privacy and security (e.g. Respect for patients’ preferences, information and education and involvement of family and friends). The researchers also found that there are certain practices conducive to a positive patient experience and their findings form Picker’s Eight Principles of Patient-Centred Care. Patient-centred care is a quality of personal, professional and organisational relationships. Thus, efforts to promote patient-centred care should consider patient-centredness of patients (and their families), clinicians and health systems [10,11].
We review the previous works in Section 2. In Section 3, we propose our new method to preserve privacy and security for the MHR system in Australia. The implementation of the proposed model including computer program, sequence diagram and the communication method are discussed in Section 4. Section 5 analyses possible concerns and solutions for those concerns of the proposed model. The paper concludes and leaves future development suggestions in Section 6.
Several resolutions have been proposed to overcome the privacy and security related issues with EHR. Most of the resolutions relate to access control and/or cryptographic approaches.
Cyptography methods are also considered as the safest way approach to preserve the privacy and security of cloud based systems including EHR. To transmit the data safely in cloud computing, cryptography solutions are suitable enough by practicing the public key structure (27,39,41). The aim of the cryptography is to encrypt the confidential private information including clinical related details before sending and storing in the cloud. However, in the practical world, this is not the case all the time. The system operator has more power and the patients’ ability is very limited in these settings. Understanding these limitations, there were some techniques proposed. Benaloh Chase et al., Jin Ahn et al. and Li et al. recommend models that patients encrypt their health information before sending and storing in the cloud to overcome the potential risks around the privacy exposure with system operators [28,29,30,37].
Van der Haak et al. use digital signatures and PKI (public key infrastructure) authentications to satisfy legal requirements for the exchange of the EMR [31]. Pseudonymation techniques used to preserve patients anonymity by Ateniese at al. [32]. A health communication monitoring method to observer the health information exchange is also proposed by Layouni et al. [33]. Even though using the cryptography approaches is safe while storing the sensitive health information, accessing that critical information when it is required seems a difficult task. For that reason, the technique decays the whole idea and purpose of the cryptography approaches in EHR settings as accessing the right health information in the right time at the right place is the key of the EHR systems [34,43,44.45].
In the proposed model, healthcare provider normal requests will require patients’ permission to access their EHR. The requests from healthcare providers can be categorised into two main groups; special request and normal request. Life threatening circumstances are special request and daily routine activities such as follow ups and recalls and reminders all fallen into normal request. The normal requests to access patients’ EHR for these non-life threatening or non-emergency situations required the patients’ permission.
The patients’ permission system really works like an online consent method and includes authentication and authorisation processes. (i) Authentication Server: The authentication server uses to authenticate the credentials, usually usernames and passwords of the EHR users. When a user submits a valid set of credentials, it receives a cryptographic ticket that it can subsequently use to access various services.
(ii) Access Control List (ACL) Server: This server verifies the users when they provide their credentials; usernames and passwords. ACL is basically a table that tells the system which access rights each user has to a particular object, such as a patient record. Each object has a security attribute that identifies its ACL and specifies how a user can access a patient’s EHR and perform actions. For example a radiology tech
This content is AI-processed based on open access ArXiv data.
