Securing electronic medical record and electronic health record systems through an improved access control

Abstract

During the last two decades, modern technology is increasingly being used in the healthcare sector in order to enhance the quality and the cost efficiency of the healthcare services. In this process, Electronic Medical Record (EMR) has been introduced to collect, store and communicate patient’s medical information. The EMR systems enable efficient collection of meaningful, accurate and complete data to assist improved clinical administration through the development, implementation and optimisation of clinical pathways. While its cost and time savings are encouraging for transition, it does not come without inherent challenges. Inadequate policy development in the areas of data security and privacy of health information appear to be the major weakness. In this paper, we present a secure access control model for the EMR and Electronic Health Record (EHR) to provide acceptable protection for health sensitive data retained at healthcare organisations. We systematically analyse four existing access control mechanisms that have been proposed in the past, and present a combined more secure model for the EMR and EHR for healthcare provider organisations in Australia.