Article Preview
Top1. Introduction
At the moment, events are often covered in the public media, yet there is a lack of care regarding sensitive data. People, on the other hand, tend to feel more concerned when their personal healthcare-related data is at risk, owing to the ease with which they can envision reasons for abuse and comprehend the consequences of such misuse. Another apparent example is that almost everyone is presented with loan and insurance applications at some time in their lives. We can no longer dispute that privacy protection has a direct influence on both personal well-being and society as a whole. In fact, privacy is regarded as a basic human right. There are currently no particular entities in India that pay close attention to the necessity of getting informed consent from subjects. As a result, most hospitals and clinics are overly cautious when it comes to analyzing their material since they are aware that the implications of the information included are quite complicated; hence, there is a genuine risk that informed consent is really ill-informed consent. Research ethics and security rules compel research units to devote increasing money and effort to privacy and identity protection, yet restrictive regulations controlling the transfer of medical information may discourage research needlessly. Therefore, a patient-controlled mechanism is required.
EHR systems are extremely craved for the structured unification of all pertinent medical data of an individual and to exhibit the lifelong medical record. Various confidentiality threats of healthcare data are crucial which may be either from within the institution or outside by some intruder. Each healthcare unit, hospitals and clinic have their own information system for maintaining the patient’s data. Therefore, standards for data exchange are required and electronic health records and data needs to be standardized, including semantic interoperability (standards for exchange of patient’s data among EHR systems.
Most of the solutions don’t provide full control to the patients (Al-Hamdani, 2010). Smart card healthcare systems developed in European countries are not strongly privacy preserving as anyone can access a patient's information from a health card without her/his consent. Indivo is the first patient-controlled web-based healthcare system which provide options to own a secure complete medical record, integrating EHRs of different health centers. In Serbia, the architecture of the healthcare system is a hybrid smart card-based solution (Vučetić et al., 2011).
The whole patient’s experience of medical care is private. Hence providing confidentiality of medicine prescriptions is important one (Ateniese & de Medeiros, 2002). In smart-card based e-prescriptions system both patient and doctor have security concern with this e-prescription data as other parties are involved and some parties may use for their benefits like marketing etc. (Yang et al., 2004).
Access control mechanisms and applications related to e-prescription systems and other consumer related healthcare services requires a secure mechanism (Rai & Solanki, 2021). In the future, Blockchain technology seems to be more appealing in the field of healthcare(Mayer et al., 2020). We need to handle the following security issues in a proper way while accessing EHR (Rai & Srivastava, 2014).
- 1.
User Authentication: Only approved users will have the option to get access to the health record.
- 2.
Confidentiality and Integrity: It is associated with the protection of medical data from unauthorized access and reliability of healthcare information systems.
- 3.
Data Ownership: It is additionally a significant issue associated with ability to access of medical data. Obligations of information possession ought to be handled straightforwardly.
- 4.
Access Control: The objectives of the access control are protecting any Information system from unauthorized access and the same time making available to authorized users. Electronic Health Record recommend that information systems need to develop a strong mechanism for protecting the unauthorized access of the data (Byers et al., 2002).