Determination of user requirements for the secure communication of electronic medical record information

https://doi.org/10.1016/S1386-5056(98)00021-5Get rights and content

Abstract

Health professionals need to have accurate patient data in order to make the right diagnosis and to give an optimal treatment. In many cases, the ‘medical’ record, whether in electronic form or paper form is distributed over several health care providers and health care enterprises. Technically, there are several ways to provide access to remote record information or parts thereof. Legislation however puts restrictions on the communication of personal information in order to protect the privacy of the patient. This paper gives an overview of requirements and constraints when communicating electronic medical record information and summarises the findings of the SEMRIC project in determining requirements from a number of practical cases.

Section snippets

Privacy of patient data

Several national and international bodies address privacy problems and provide legal instruments in terms of guidelines and recommendations. Few of these have legal enforcing capacity. The European Union Directive 95/46/EC [1]‘on the protection of individuals with regard to the processing of personal data and on the free movement of such data’, has however, legal enforcing capacity for the European member states and is therefore an important reference with regard to the privacy of electronic

Trustworthiness

Health care telematics systems are based on hardware and software components whose goal is to manipulate the content, appearance, flow and availability of electronic documents in a controlled way. The trust in a technical solution depends on:

  • Design of the system: both of the intrinsic quality of the components and of the overall system. This also includes the interface with the user. Not only the core functionality of a system should be considered but also other elements such as the management

The SEMRIC project

The objective of the SEMRIC project is to design a methodology for secure communication of health care record information as a pre-standardisation activity [5]. The SEMRIC project is community funded in the context of the Information Society initiatives for standardisation of DGIII. (Council decision 87/95/EEC of 1986-12-22). The project analyses the core security requirements for the communication of health care record information through messages.

The use of scenarios in determining security requirements

In determining the user requirements for the

Conclusions

Secure electronic health care record communication can be split in clearly distinguishable sub-processes. The user requirements have to take into account both the legal requirements (privacy and accountability) and the technical feasibility. Building blocks are available for constructing most of the sub-processes (encryption, signature and timestamping), though interoperability suffers from a lack of international standards.

The most challenging security aspect of electronic health care record

References (5)

  • European Union Directive 95/46/EC: On the protection of individuals with regard to the processing of personal data and...
  • Trusthealth I project (DGXIII project # HC1051), deliverable D6.2: Overview of legal issues, Trusthealth consortium,...
There are more references available in the full text version of this article.
View full text