Improving the information security of personal electronic health records to protect a patient's health information

Abstract

The electronic collection of patient information is a common practice across healthcare organisations in South Africa. Patients are encouraged to manage and control their own health data and information through the use of personal electronic health records (PEHRs). However, as this is a new type of electronic health record, there are concerns that must be addressed before patients make use of the technology. One of these concerns relate to using mobile devices to manage PEHRs, as patients fear that their health data may be breached due to the mobility and security concerns of these devices. The purpose of this paper is to investigate the information security controls that health care providers must put in place to protect PEHRs accessed from a mobile device. An inductive research approach was used which included an extensive literature review, while a thematic analysis of the data was used in identifying, analysing and reporting patterns within the data. The conceptual m-Health privacy framework was used to identify the 10 privacy principles for the mobile health platform and compared with the three distinct information security threats for the mobile platform. The study found that the data in transit was not as well protected by the framework, while the individual and database of the health care organisation was better regulated. The recommendation of the study is to improve the framework through the inclusion of specific information security controls to protect a patient's privacy whilst in transit when using PEHRs.