Fine-grained Database Field Search Using Attribute-Based Encryption for E-Healthcare Clouds

An effectively designed e-healthcare system can significantly enhance the quality of access and experience of healthcare users, including facilitating medical and healthcare providers in ensuring a smooth delivery of services. Ensuring the security of patients’ electronic health records (EHRs) in the e-healthcare system is an active research area. EHRs may be outsourced to a third-party, such as a community healthcare cloud service provider for storage due to cost-saving measures. Generally, encrypting the EHRs when they are stored in the system (i.e. data-at-rest) or prior to outsourcing the data is used to ensure data confidentiality. Searchable encryption (SE) scheme is a promising technique that can ensure the protection of private information without compromising on performance. In this paper, we propose a novel framework for controlling access to EHRs stored in semi-trusted cloud servers (e.g. a private cloud or a community cloud). To achieve fine-grained access control for EHRs, we leverage the ciphertext-policy attribute-based encryption (CP-ABE) technique to encrypt tables published by hospitals, including patients’ EHRs, and the table is stored in the database with the primary key being the patient’s unique identity. Our framework can enable different users with different privileges to search on different database fields. Differ from previous attempts to secure outsourcing of data, we emphasize the control of the searches of the fields within the database. We demonstrate the utility of the scheme by evaluating the scheme using datasets from the University of California, Irvine.     

Dignity of women patients in health clinics

This essay draws attention to violations of privacy and confidentiality in healthcare. It argues that such violations are experienced not only by rural women and beneficiaries of government health services but also by better-off women in private clinics in urban areas. It is possible that the occasional reports of such violations represent a fraction of the actual number of such incidents. There is an urgent need to recognise the problem and take corrective measures.     

Too Much or Too Little? How Much Control Should Patients Have Over EHR Data?

Electronic health records (EHRs) have been promoted as a mechanism to overcome the fragmented healthcare system in the United States. The challenge that is being discussed is the rights of the patient to control the access to their EHRs’ data and the needs of healthcare professionals to know health data to make the best treatment decisions for their patients. The Federal Trade Commission has asked those who store consumer information to comply with the Fair Information Practice Principles. In the EHR context, these principles give the rights to the patient to control who can see their health data and what components of the data are restricted from view. Control is not limited to patients, as it also includes parents of adolescent children. We suggest that the ongoing policy discussion include consideration of the precise questions patients will be asked when a need for data sharing arises. Further, patients should understand the relative risks that they face, and the degree to which their decisions will (or will not) significantly reduce the risk of a data breach. As various approaches are considered, it is important to address the relative resource requirements and the associated costs of each option.     

Organizational complements to electronic health records in ambulatory physician performance: the role of support staff

In industries outside healthcare, highly skilled employees enable substantial gains in productivity after adoption of information technologies. The authors explore whether the presence of highly skilled, autonomous clinical support staff is associated with higher performance among physicians with electronic health records (EHRs). Using data from a survey of general internists, the authors assessed whether physicians with EHRs were more likely to be top performers on cost and quality if they worked with nurse practitioners or physician assistants. It was found that, among physicians with EHRs, those with highly skilled, autonomous staff were far more likely to be top performing than those without such staff (OR 7.0, 95% CI 1.7 to 34.8, p=0.02). This relationship did not hold among physicians without EHRs (OR 1.0). As we begin a national push towards greater EHR adoption, it is critical to understand why some physicians gain from EHR use and others do not.     

A systematic literature review of Native American and Pacific Islanders’ perspectives on health data privacy in the United States

BackgroundPrivacy-related concerns can prevent equitable participation in health research by US Indigenous communities. However, studies focused on these communities'' views regarding health data privacy, including systematic reviews, are lacking.MethodsWe conducted a systematic literature review analyzing empirical, US-based studies involving American Indian/Alaska Native (AI/AN) and Native Hawaiian or other Pacific Islander (NHPI) perspectives on health data privacy, which we define as the practice of maintaining the security and confidentiality of an individual’s personal health records and/or biological samples (including data derived from biological specimens, such as personal genetic information), as well as the secure and approved use of those data.ResultsTwenty-one studies involving 3234 AI/AN and NHPI participants were eligible for review. The results of this review suggest that concerns about the privacy of health data are both prevalent and complex in AI/AN and NHPI communities. Many respondents raised concerns about the potential for misuse of their health data, including discrimination or stigma, confidentiality breaches, and undesirable or unknown uses of biological specimens.ConclusionsParticipants cited a variety of individual and community-level concerns about the privacy of their health data, and indicated that these deter their willingness to participate in health research. Future investigations should explore in more depth which health data privacy concerns are most salient to specific AI/AN and NHPI communities, and identify the practices that will make the collection and use of health data more trustworthy and transparent for participants.     

Are physicians' perceptions of healthcare quality and practice satisfaction affected by errors associated with electronic health record use?

Background

Electronic health record (EHR) adoption is a national priority in the USA, and well-designed EHRs have the potential to improve quality and safety. However, physicians are reluctant to implement EHRs due to financial constraints, usability concerns, and apprehension about unintended consequences, including the introduction of medical errors related to EHR use. The goal of this study was to characterize and describe physicians'' attitudes towards three consequences of EHR implementation: (1) the potential for EHRs to introduce new errors; (2) improvements in healthcare quality; and (3) changes in overall physician satisfaction.

Methods

Using data from a 2007 statewide survey of Massachusetts physicians, we conducted multivariate regression analysis to examine relationships between practice characteristics, perceptions of EHR-related errors, perceptions of healthcare quality, and overall physician satisfaction.

Results

30% of physicians agreed that EHRs create new opportunities for error, but only 2% believed their EHR has created more errors than it prevented. With respect to perceptions of quality, there was no significant association between perceptions of EHR-associated errors and perceptions of EHR-associated changes in healthcare quality. Finally, physicians who believed that EHRs created new opportunities for error were less likely be satisfied with their practice situation (adjusted OR 0.49, p=0.001).

Conclusions

Almost one third of physicians perceived that EHRs create new opportunities for error. This perception was associated with lower levels of physician satisfaction.     

A Secure EHR System Based on Hybrid Clouds

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.     

电子健康档案实施效果及影响因素的循证分析

目的:循证分析电子健康档案的实施效果及其影响因素.方法:制定文献的纳入与排除标准,全面检索中、英文数据库.筛选符合纳入标准的文献,提取重要信息,从不同层面对纳入研究进行分析与整合.结果:纳入62篇文献,多来自发达国家.电子健康档案实现健康信息的有效交流和共享,提高卫生保健服务的质量,其实施过程受信息因素、用户因素、经济...     

Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle

This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual’s Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today’s technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.     

Using EHRs to integrate research with patient care: promises and challenges

Clinical research is the foundation for advancing the practice of medicine. However, the lack of seamless integration between clinical research and patient care workflow impedes recruitment efficiency, escalates research costs, and hence threatens the entire clinical research enterprise. Increased use of electronic health records (EHRs) holds promise for facilitating this integration but must surmount regulatory obstacles. Among the unintended consequences of current research oversight are barriers to accessing patient information for prescreening and recruitment, coordinating scheduling of clinical and research visits, and reconciling information about clinical and research drugs. We conclude that the EHR alone cannot overcome barriers in conducting clinical trials and comparative effectiveness research. Patient privacy and human subject protection policies should be clarified at the local level to exploit optimally the full potential of EHRs, while continuing to ensure participant safety. Increased alignment of policies that regulate the clinical and research use of EHRs could help fulfill the vision of more efficiently obtaining clinical research evidence to improve human health.     

Healthcare information technology's relativity problems: a typology of how patients’ physical reality,clinicians’ mental models,and healthcare information technology differ

Objective

To model inconsistencies or distortions among three realities: patients'' physical reality; clinicians'' mental models of patients'' conditions, laboratories, etc; representation of that reality in electronic health records (EHR). To serve as a potential tool for quality improvement of EHRs.

Methods

Using observations, literature, information technology (IT) logs, vendor and US Food and Drug Administration reports, we constructed scenarios/models of how patients'' realities, clinicians'' mental models, and EHRs can misalign to produce distortions in comprehension and treatment. We then categorized them according to an emergent typology derived from the cases themselves and refined the categories based on insights gained from the literature of interactive sociotechnical systems analysis, decision support science, and human computer interaction. Typical of grounded theory methods, the categories underwent repeated modifications.

Results

We constructed 45 scenarios of misalignment between patients'' physical realities, clinicians'' mental models, and EHRs. We then identified five general types of misrepresentation in these cases: IT data too narrowly focused; IT data too broadly focused; EHRs miss critical reality; data multiplicities–perhaps contradictory or confusing; distortions from data reflected back and forth across users, sensors, and others. The 45 scenarios are presented, organized by the five types.

Conclusions

With humans, there is a physical reality and actors'' mental models of that reality. In healthcare, there is another player: the EHR/healthcare IT, which implicitly and explicitly reflects many mental models, facets of reality, and measures thereof that vary in reliability and consistency. EHRs are both microcosms and shapers of medical care. Our typology and scenarios are intended to be useful to healthcare IT designers and implementers in improving EHR systems and reducing the unintended negative consequences of their use.     

Comparison of consumers’ views on electronic data sharing for healthcare and research

New models of healthcare delivery such as accountable care organizations and patient-centered medical homes seek to improve quality, access, and cost. They rely on a robust, secure technology infrastructure provided by health information exchanges (HIEs) and distributed research networks and the willingness of patients to share their data. There are few large, in-depth studies of US consumers’ views on privacy, security, and consent in electronic data sharing for healthcare and research together.Objective This paper addresses this gap, reporting on a survey which asks about California consumers’ views of data sharing for healthcare and research together.Materials and Methods The survey conducted was a representative, random-digit dial telephone survey of 800 Californians, performed in Spanish and English.Results There is a great deal of concern that HIEs will worsen privacy (40.3%) and security (42.5%). Consumers are in favor of electronic data sharing but elements of transparency are important: individual control, who has access, and the purpose for use of data. Respondents were more likely to agree to share deidentified information for research than to share identified information for healthcare (76.2% vs 57.3%, p < .001).Discussion While consumers show willingness to share health information electronically, they value individual control and privacy. Responsiveness to these needs, rather than mere reliance on Health Insurance Portability and Accountability Act (HIPAA), may improve support of data networks.Conclusion Responsiveness to the public’s concerns regarding their health information is a pre-requisite for patient-centeredness. This is one of the first in-depth studies of attitudes about electronic data sharing that compares attitudes of the same individual towards healthcare and research.     

Electronic health records and clinician burnout: A story of three eras

ObjectiveThe study sought to provide physicians, informaticians, and institutional policymakers with an introductory tutorial about the history of medical documentation, sources of clinician burnout, and opportunities to improve electronic health records (EHRs). We now have unprecedented opportunities in health care, with the promise of new cures, improved equity, greater sensitivity to social and behavioral determinants of health, and data-driven precision medicine all on the horizon. EHRs have succeeded in making many aspects of care safer and more reliable. Unfortunately, current limitations in EHR usability and problems with clinician burnout distract from these successes. A complex interplay of technology, policy, and healthcare delivery has contributed to our current frustrations with EHRs. Fortunately, there are opportunities to improve the EHR and health system. A stronger emphasis on improving the clinician’s experience through close collaboration by informaticians, clinicians, and vendors can combine with specific policy changes to address the causes of burnout.Target audienceThis tutorial is intended for clinicians, informaticians, policymakers, and regulators, who are essential participants in discussions focused on improving clinician burnout. Learners in biomedicine, regardless of clinical discipline, also may benefit from this primer and review.ScopeWe include (1) an overview of medical documentation from a historical perspective; (2) a summary of the forces converging over the past 20 years to develop and disseminate the modern EHR; and (3) future opportunities to improve EHR structure, function, user base, and time required to collect and extract information.     

Privacy, confidentiality and abortion statistics: a question of public interest?

The precise nature and scope of healthcare confidentiality has long been the subject of debate. While the obligation of confidentiality is integral to professional ethical codes and is also safeguarded under English law through the equitable remedy of breach of confidence, underpinned by the right to privacy enshrined in Article 8 of the Human Rights Act 1998, it has never been regarded as absolute. But when can and should personal information be made available for statistical and research purposes and what if the information in question is highly sensitive information, such as that relating to the termination of pregnancy after 24 weeks? This article explores the case of In the Matter of an Appeal to the Information Tribunal under section 57 of the Freedom of Information Act 2000, concerning the decision of the Department of Health to withhold some statistical data from the publication of its annual abortion statistics. The specific data being withheld concerned the termination for serious fetal handicap under section 1(1)d of the Abortion Act 1967. The paper explores the implications of this case, which relate both to the nature and scope of personal privacy. It suggests that lessons can be drawn from this case about public interest and use of statistical information and also about general policy issues concerning the legal regulation of confidentiality and privacy in the future.     

加强病案保密制度与保护患者隐私权的探讨

病案是医院重要的信息资源,在病案中包含了公民大量的个人隐私。本文强调加强病案保密管理、保护患者隐私的重要性和必要性,列举了医疗机构存在的泄露患者隐私的表现,提出了加强病案保密管理的制度建设、完善病案管理立法、加强病案管理人员专业和法律知识培训、教育医务人员恪守职业道和法律责任;完善政府对公民隐私权立法等五方面加强病案保密管理、保护患者隐私权的对策建议。     

The use of information technology in medicine: defining its role and limitations

Information Technology (IT) has transformed the ways modern healthcare systems acquire, store, access and communicate medical information. These developments offer significant benefits to patients and healthcare providers, but they give rise to ethical and legal challenges in the protection of patient privacy and confidentiality. The traditional and humanistic concept of doctor-patient relationship is also under threat as IT is used to bypass the need for personal consultations. One effective approach to continue the use of IT in medicine while minimising its potential hazards is through legal reforms and setting public standards for accessibility and expression of patient autonomy. Ultimately, the role and limitations of IT as a tool to pursue the goals of medicine has to be carefully deliberated, clearly defined and judiciously delineated to ensure its effectiveness and safety.     

Biometrics for Electronic Health Records

Securing electronic health records, in scenarios in which the provision of care services is share among multiple actors, could become a complex and costly activity. Correct identification of patients and physician, protection of privacy and confidentiality, assignment of access permissions for healthcare providers and resolutions of conflicts rise as main points of concern in the development of interconnected health information networks. Biometric technologies have been proposed as a possible technological solution for these issues due to its ability to provide a mechanism for unique verification of an individual identity. This paper presents an analysis of the benefit as well as disadvantages offered by biometric technology. A comparison between this technology and more traditional identification methods is used to determine the key benefits and flaws of the use biometric in health information systems. The comparison as been made considering the viability of the technologies for medical environments, global security needs, the contemplation of a share care environment and the costs involved in the implementation and maintenance of such technologies. This paper also discusses alternative uses for biometrics technologies in health care environments. The outcome of this analysis lays in the fact that even when biometric technologies offer several advantages over traditional method of identification, they are still in the early stages of providing a suitable solution for a health care environment.     

Privacy, confidentiality and automated health information systems.

Professor Vuori's paper, first presented at the fourth Medico-legal Conference in Prague in the spring of this year, deals with the problem of the maintenance of confidentiality in computerized health records. Although more and more information is required, the hardware of the computer systems is so sophisticated that it would be very expensive indeed to 'break in' and steal from a modern data bank. Those concerned with programming computers are becoming more aware of their responsibilities concerning confidentiality and privacy, to the extent that a legal code of ethics for programmers is being formulated. They are also aware that the most sensitive of all relationships--the doctor-patient relationship--could be in danger if they failed to maintain high standards of integrity. An area of danger is where administrative boundaries between systems must be crossed--say between those of health and employment. Protection of privacy must be ensured by releasing full information about the type of data being stored, and by maintaining democratic control over the establishment of information systems.     

Australian standards for privacy and confidentiality of health records in research: implications of the Commonwealth Privacy Act

The current Australian legal, administrative and professional standards for individual rights to confidentiality and privacy of health records are examined and guidance is offered for the use of personal information in research. The implications of recently introduced privacy legislation for the conduct of research in Australia are discussed. Acquired immunodeficiency syndrome (AIDS) is cited as an example of the complex issues which face researchers and administrative bodies in balancing the privacy rights of individuals and the broader public interest.