Developing trustworthy and ethically-based healthcare systems

Abstract

Purpose This study proposes a practical, ethics-by-design framework that helps healthcare organizations safeguard patient privacy, comply with regulations, and retain clinical efficiency as they adopt cloud-enabled and AI-assisted digital health services. Design/methodology/approach A three-tier architecture is modelled. At the user layer, explicit, revocable consent tokens govern data sharing. At the clinical layer, Electronic Health-Record (EHR) workflows are reinforced with HIPAA-aligned governance, role-based access control, and multi-factor authentication. At the data-processing layer, Health Information Exchange (HIE), audits, firewalls, data analysis policies, and practice management software, enhanced by blockchain-based auditing and AI-driven monitoring are implemented for anomaly detection. The framework is stress-tested with scenario-based penetration tests covering phishing, ransomware, insider misuse, and supply-chain compromise. Findings The framework blocked credential theft, limited insider misuse, and maintained data integrity across simulated phishing, man-in-the-middle, adversarial, and data-poisoning attacks. Case-study analysis (e.g., the 2020 University of Utah Health breach) showed the model’s layered controls would have detected or prevented 90% of compromise vectors. Originality/value Unlike single-point security add-ons, the work integrates ethical, legal, and technical safeguards into a unified, scalable design that clinicians can adopt without specialised security expertise. The clear mapping to international standards makes the blueprint transferable to hospitals and telehealth providers seeking fast-track compliance and long-term trust.