A systematic literature review of Security, Privacy and Confidentiality of patient information in Electronic Health Information Systems

Introduction The evolution of medicine during the past few decades has resulted in electronic transformation of patient records which experienced multiple problems such as security, privacy and confidentiality of patient’s information. Security, privacy and confidentiality are potentially major problems in electronic health records and no system currently available in the world is 100% secure. The objectives of this study were to describe the major issues related to security, privacy and confidentiality of electronic health information systems and computer based patient record systems and to describe methods currently used to overcome those issues by reviewing published articles. Method These articles were identified by searching the PubMed online electronic bibliographic database [www.ncbi.nih.gov/pubmed] for articles published between January 2000 and January 2013 using the keywords security, privacy, confidentiality, electronic health information systems, and computer based patient record systems. 25 articles were selected for this review after a screening process from among 236 articles identified after the PubMed search. Results All 25 articles (100%) had identified that security, privacy, and confidentiality were major problems with Electronic Health Records. None of them were 100% secure and only two (8%) were Health Insurance Portability and Accountability Act (HIPAA) compliant. Conclusion Safeguarding the security, privacy and confidentiality is a major problem in electronic health records and a major challenge for governments. However, studies on the security, privacy and confidentiality issues were not conclusive. Alternative approaches considering social, cultural and governmental factors may be needed to be taken into account to deal with the security, privacy and confidentiality issues.


Introduction
Electronic Health Records and digitalisation of patient records are emerging new trends in health services all over the world because digitising health information has helped to improve the quality of health care services. This has resulted in multifarious issues related to security, privacy and confidentiality of patient information (1) . The term 'privacy' has been defined as an individual's desire to limit the disclosure of personal information. The term confidentiality refers to a process in which information should be released in a controlled manner. The term security refers to the measures that an organisation develops for protection of information (1) . Several Electronic Health Record Systems have been developed but all have functional weaknesses (3) . Security, privacy and confidentiality are potentially major issues in electronic health records. There is no system in the world currently available which is 100% secure and uncrackable (2,3,4,5) . Medical administrators should pay attention to implementing proper control measures and at the same time installing electronic health information systems in a manner protecting the system from unauthorised access (3) .
The objectives of this study were to describe the major issues related to security, privacy and confidentiality of electronic health information systems and computer based patient record systems and to describe methods currently used to overcome those issues by reviewing published articles.

Methods
These articles were identified by searching the PubMed online electronic bibliographic database [www.ncbi.nih.gov/pubmed] for articles published between January 2000 and January 2013 using the keywords security, privacy, confidentiality, electronic health information systems, and computer based patient record systems.

Results
A total of 236 articles were identified at the end of this process. After careful analysis of the 236 articles, 211 (89.41%) of them were excluded because in 7 (2.97%) the abstract was not available, in 43 (18.22%) the full text article was not available, in 115 (48.73%) the article did not deal with security, privacy or confidentiality issues, and in 46 (19.49%) the articles were published before the year 2000. The remaining 25 (10.59%) articles were used for this analysis.
All 25 articles (100%) had identified that security and confidentiality were major issues with electronic health records. None of them described 100% secure systems (4,5) . Electronic health information systems are potentially vulnerable to authorised or unauthorised access and to misuse of sensitive information. Authorised users may access information with their legitimate authority but with no valid reason for the access, often it may be due to personal interest regarding a relative or a friend or to divulge sensitive information to outsiders who cannot access such information.
They have more opportunities than outsiders to disclose sensitive information inappropriately. This is an unethical practice which is difficult to stop. Unauthorised attackers may access the systems to delete, misuse, destroy, change or steal sensitive data preventing authorised users legitimate access (1,5,6) .
One study was designed to highlight health service consumers' (i.e. Patients/Public) attitudes and concerns about the security and privacy issues of electronic health records (EHRs) (4) . Health service providers' (clinicians) view on data protection issues was discussed in one study (9) . The major privacy and security issues highlighted were unauthorised access to EHRs, unauthorised disclosure of sensitive data, potential misuse of these data for fraud and the alteration of data without the owner's permission (4,6,9) . One study (4) reported that the majority of patients were very concerned about the privacy and security of their EHRs, but many believed that the benefits of EHRs outweigh privacy and security concerns. Thus majority wanted to limit access to their EHRs among non medical personal but not the physicians who were involved with their treatment (4,9) .
Three articles (5,6,16) described effective ways of protecting electronic health information, data deidentification and anonymisation. But in this process there will be a re-identification risk for medical reports and there will be missing data and in some instances where alteration of data may occur. Two papers have discussed about re-identification attacks on health data associated with data de-identification methods (6,17) . One article introduced a privacy protection method with a solution for re-identification risk viz. Hiatus Tailor system where it identifies high risk data in the database for better information management with much lower information loss (6) . Two (8%) articles (7,8) described systems that were compliant with the Health Insurance Portability and Accountability Act (HIPAA). Both of them have assessed security and privacy characteristics according to the HIPAA standards. One (7) showed a number of differences in the analysed characteristics of Personal Health Records (PHR) and HIPAA standards while the other (8) highlighted that state law have more protective elements of confidentiality than that of HIPAA.
Some articles have discussed about access control managements to increase patient empowerment for their personal information protection (10,13,19) . A systematic literature review (10) had discussed about EHR systems that have access control management methods. It revealed that most of the systems with access control methods have consumer access control mechanisms as well as health professional access control mechanisms thus ensuring the patients' privacy right to control their personal information.
One article (13) described a system that had introduced a data protection technical solution based on web security standards. USA, Australia and many other countries have made provisions for expanded health information privacy protection in their constitutions and they have also amended legal coverage by introducing new acts that strengthen security and privacy standards in health information (20,21,22,23) .
Two articles (15,20) have highlighted the need for transparency of data and the need for a national framework addressing access and control of secondary use of data (15) . Some articles (22,23,24) have identified that EHRs pose a greater risk of losing privacy in health data and authors state the importance of formulating a new policy on recording health data in order to protect privacy concerns.

Privacy and confidentiality concerns in special occasions in EHRs
Mental health information which contains highly sensitive information has to be specially considered when taking protecting privacy and security of databases, because if privacy is breached then patients' trust will be affected. There were instances where privacy of mental health databases have been breached (8,9) . One (4%) paper (25) discussed the protection and security of genetic/genomic test information and it highlighted that genetic/genomic test information should be treated differently from other medical data as they contain more personalised information and these information should be protected to secure the trust of patients.

Summary
In all papers reviewed security, privacy and confidentiality concerns were highlighted and they had resulted in greater caution on acceptance of storing personal information in EHRs. Future developers of software for electronic health record databases should be very cautious about protecting health service consumers' privacy and confidentiality. The success of the implementing EHR systems will depend on the ability to protect security, privacy and confidentiality of information in these systems.

Conclusion
It is hoped that this review, based on 25 articles published between 2000 to 2013 would contributed to a better understanding of the relationship between security, privacy and confidentiality of patient information and electronic health records. Safeguarding the security, privacy and confidentiality is a major problem in electronic health records and a major challenge for governments. It is clear that these should be addressed in health policy development for electronic health information systems. There should be legal cover on patients' privacy protection, security of patients' health records and confidentiality of electronic health records. However, studies on the security, privacy and confidentiality issues are not conclusive. Alternative approaches, taking into account social, cultural and governmental factors, may have to be developed to deal with security, privacy and confidentiality issues.