Journal of Medical Systems

, Volume 36, Issue 5, pp 3019–3027 | Cite as

Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective

  • Antonio Tejero
  • Isabel de la TorreEmail author


E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.


E-health EHR Privacy Security 


  1. 1.
    Häyrinen, K., Saranto, K., and Nykänen, P., Definition, structure, content, use and impacts of electronic health records: A review of the research literature. Int. J. Med. Inform. 77:291–304, 2008.CrossRefGoogle Scholar
  2. 2.
    Slamanig, D., and Stingl, C., Electronic health records: An enhanced security paradigm to preserve patient’s privacy. Communications in Computer and Information Science 52:369–380, 2010.CrossRefGoogle Scholar
  3. 3.
    Sadan, B., Patient data confidentiality and patient rights. Int. J. Med. Inform. 62:41–49, 2001.CrossRefGoogle Scholar
  4. 4.
    Huang, L., Chu, H., Lien, C., Hsiao, C., and Kao, T., Privacy preservation and information security protection for patients’ portable electronic health records. Comput. Biol. Med. 39(9):743–750, 2009.CrossRefGoogle Scholar
  5. 5.
    Sucurovic, S., and Simic, D., An approach to access control in electronic health record. J. Med. Syst. 34:659–666, 2010.CrossRefGoogle Scholar
  6. 6.
    Jin, J., Ahn, G., Hu, H., Covington, M. J., and Zhang, X., Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30:116–127, 2011.CrossRefGoogle Scholar
  7. 7.
    Steele, R., and Min, K. Role-based access to portable personal health records. Management and Service Science, pp. 1–4, 2009.Google Scholar
  8. 8.
    Guo, X., and Zhuang, T., A region-based lossless watermarking scheme for enhancing security of medical data. J. Digit. Imaging 22(1):53–64, 2009.CrossRefGoogle Scholar
  9. 9.
    Alanazi, H. O., Jalab, H. A., Alam, G. M., Zaidan, B. B., and Zaidan, A. A., Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res. 4(19):2059–2074, 2010.Google Scholar
  10. 10.
    Van der Lindena, H., Kalrab, D., Hasmanc, A., and Talmon, J., Inter-organizational future proof EHR systems: A review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.CrossRefGoogle Scholar
  11. 11.
    Dorr, D., Bonner, L. M., Cohen, A. N., Shoai, R. S., Perrin, R., Chaney, E., and Young, A. S., Informatics systems to promote improved care for chronic illness: A literature review. J. Am. Med. Inform. Assoc. 14:156–163, 2007.CrossRefGoogle Scholar
  12. 12.
    Law 41/2002 of November 14, basic regulator of the patient’s autonomy and rights and obligations of clinical information and documentation matters. BOE 274, sec. 1, pp. 40126–40132.Google Scholar
  13. 13.
    Law 15/1999 of December 13, of the Protection of Personal Data. BOE 298, sec. 1, pp. 43088–43099.Google Scholar
  14. 14.
    U.S. Department of Health & Human Services, HIPAA Administrative Simplification Statute and Rules,, last visit March 6 2011.
  15. 15.
    Nahra, K. J., HIPAA security enforcement is here. IEEE Secur. Priv. 6:70–72, 2008.CrossRefGoogle Scholar
  16. 16.
    McGuire, A. L., Fisher, R., Cusenza, P., Hudson, K., Rothstein, M. A., McGraw, D., Matteson, S., Glaser, J., and Henley, D. E., Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: Points to consider. Genet. Med. 10(7):495–499, 2008.CrossRefGoogle Scholar
  17. 17.
    Massey, A. K., Otto, P. N., Hayward, L. J., and Antón, A. I., Evaluating existing security and privacy requirements for legal compliance. Secur. Requir. Eng. 15:119–137, 2010.CrossRefGoogle Scholar
  18. 18.
    Riedl, B., and Grascher, V. Assuring integrity and confidentiality for pseudonymized health data. Proceedings of ECTI-CON 2010, pp. 502–506, 2010.Google Scholar
  19. 19.
    Riedl, B., Grascher, V., Fenz, S., and Neubauer, T. Pseudonymization for improving the Privacy in e-Health Applications. Hawaii International Conference on System Sciences, pp. 255–255, 2008.Google Scholar
  20. 20.
    Neubauer, T., and Heurix, J., A methodology for the pseudonymization of medical data. Int. J. Med. Inform. 80(3):190–204, 2011.CrossRefGoogle Scholar
  21. 21.
    Daglish, D., and Archer, N. Electronic personal health record systems: A brief review of privacy, security, and architectural issues. Privacy, Security and Trust and the Management of e-Business, pp. 110–120, 2009.Google Scholar
  22. 22.
    Hiller, J., McMullen, M. S,, Chumney, W. M., and Baumer, D. L. Privacy and security in the implementation of health information technology (Electronic Health Records): U.S. and EU Compared. J. Sci. Technol. 1: 2011.Google Scholar
  23. 23.
    Jha, A. K., Bates, D. W., Jenter, C., Orav, E. J., Zheng, J., Cleary, P., and Simon, S. R., Electronic health records: Use, barriers and satisfaction among physicians who care for black and Hispanic patients. J. Eval. Clin. Pract. 15:158–163, 2009.CrossRefGoogle Scholar
  24. 24.
    Srinivasan, U., Datta, G., Hons, M. S., Hons, B. E. Personal Health Record (PHR) in a Talisman. International Conference on e-Health Networking, Application and Services, pp. 277–279, 2007.Google Scholar
  25. 25.
    Cheong, H. J., Shin, N. Y., and Joeng, Y. B. Improving Korean service delivery system in health care: Focusing on national E-health system. International Conference on eHealth, Telemedicine, and Social Medicine, pp. 263–268, 2009.Google Scholar
  26. 26.
    Farzandipour, M., Sadoughi, F., Ahmadi, M., and Karimi, I., Security requirements and solutions in electronic health records: Lessons learned from a comparative study. J. Med. Syst. 34:629–642, 2010.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Department of Signal Theory and CommunicationsUniversity of ValladolidValladolidSpain

Personalised recommendations