Article Preview
TopIntroduction
Currently, events are often covered in the public media, yet there is a lack of care regarding sensitive data. On the other hand, people tend to feel more concerned when their healthcare-related data is at risk, owing to the ease of envisioning reasons for abuse and comprehending the consequences of such misuse. Another obvious example is that almost everyone is presented with loan and insurance applications at some time in their lives. We can no longer dispute that privacy protection directly influences both personal well-being and society as a whole. Privacy is regarded as a fundamental human right.
There are currently no particular entities in India that pay close attention to the necessity of getting informed consent from subjects. As a result, most hospitals and clinics are overly cautious when analyzing their material since they are aware that the implications of the information included are pretty complicated; hence, there is a genuine risk that informed consent is ill-informed consent. Research ethics and security rules compel research units to devote increasing money and effort to privacy and identity protection. Yet, restrictive regulations controlling the transfer of medical information may discourage research needlessly. Therefore, a patient-controlled mechanism is required.
EHR systems are extremely craved for the structured unification of all pertinent medical data of an individual and to exhibit the lifelong medical record. Various confidentiality threats of healthcare data are crucial, either from within the institution or outside by some intruder. Each healthcare unit, hospitals and clinic have an information system for maintaining the patient's data. Therefore, standards for data exchange are required, and electronic health records and data needs to be standardized, including semantic interoperability (standards for the exchange of patient's data among EHR systems). Several solutions are available to create EHR standards, such as openEHR, ANSI, Google Health and Microsoft's HealthVault, HL7. Most of these services don't provide complete control to the patients (Al-Hamdani, 2010). Innovative card healthcare systems developed in European countries are not strong privacy-preserving as anyone can access a patient's information from a health card without their consent. Indivo is the first patient-controlled web-based healthcare system that provides options to own a secure complete medical record, integrating EHRs of different health centers. In Serbia, the architecture of the healthcare system is a hybrid intelligent card-based solution (Vučetić et al., 2011).
The whole patient's experience of medical care is private. Hence providing confidentiality of medicine prescriptions is an important one (Ateniese & de Medeiros, 2002). In a smart-card-based e-prescriptions system, both patients and doctors have security concerns with this e-prescription data. Other parties are involved, and some parties may use it for their benefits like marketing, etc. (Yang et al., 2004).
Access control mechanisms and applications related to e-prescription systems and other consumer-related healthcare services require a secure mechanism (Rai & Solanki, 2021). Blockchain technology seems to be more appealing in healthcare(Mayer et al., 2020).
The objectives of the paper can be summarized as follows:
- •
How pseudonymization technique can solve privacy and security issues in the healthcare industry today.
- •
A patient-controlled architecture is proposed, which will be most suitable for health care information systems.
- •
An efficient system model of separate storage of patient personal data and pseudonymized health data.
- •
Furthermore, we show the performance analysis of the proposed scheme with existing solutions.
TopSecurity Challenges In Healthcare
We need to handle the following security issues properly while accessing EHR (Rai & Srivastava, 2014):