Privacy, Security and Trust Issues with E-Health Systems - Literature review Example

Privacy, Security and Trust Issues with E-Health Systems Name Institution Course Professor Date Abstract Healthcare is increasingly using modern information technology for improving and enhancing medical services. The privacy, security and trust of information stored in the e-health system are increasingly becoming an issue that is gaining growing concern. Medical information is sensitive in nature and mechanisms for securing it in the electronic systems are paramount in gaining trust of patients and in securing their privacy. E-health systems are being adopted widely albeit at slower pace because of privacy, security and trust concerns. This essay points out various challenges pertaining to privacy, security and trust issues in e-health systems. It critically assesses concerns of privacy, trust and security in the e-health systems. Introduction The healthcare sector is faced with numerous challenges in their pursuit of improving quality and cost of services provided as well as its efficiency and effectiveness. E-health systems are increasingly being adopted in mitigating some of the challenges in the health sector. Globally, many countries are involved in the development, designing and adoption of national e-health systems. Due to the inherent complex nature of the healthcare industry, large presence of personal information and necessity of interconnecting several players in the healthcare, e-health systems face more complex, privacy, security and trust issues. Thus, many challenges exists requiring careful development, designing and structuring of e-health systems in the information system. This essay discusses various challenges of e-health systems by focusing on privacy, security and trust issues. It starts by conducting a literature review, then it discuss various privacy, security and trust issues in the e-health system and finally concludes by providing recommendations on how these challenges can be addressed. Literature Review There are many challenges concerning e-health systems as well as proposals that have been put forward in achievement of privacy and security in e-health systems contained in the literature. Privacy and security issues pertaining to e-health systems in information system have been covered extensively. Privacy protection mechanisms in the e-health systems must be retrofitted into the existing systems (Mills, Yao and Chan 2003, p. 04). Medical information is sensitive and protecting them becomes absolute necessity in development and use of e-health systems. (Smith and Manna 2004, p.07) identified logical, physical, environmental and security policies as some of the data security issues with e-health solutions in information system. There are many potential challenges of privacy and security brought by adoption of e-health systems. Miron-Shatz and Elwyn (2011, p. 407) propose increase of patient involvement in maintenance of their private data. Generally, it is requirement of public law that consumers should be informed of their privacy. In this case, patients should know how their privacy will be implemented in the technological healthcare system. Dong, Jonker and Pang (2012, p.01) identified privacy as fundamental e-health systems requirement. Moreover, they also explain enforced privacy and privacy where there is presence of others as key privacy challenges to be enforced in the e-health system. The security of data and privacy of individual in e-health systems is of great importance when designing of e-health information systems is carried out (Tejero and Torre 2012, p. 3022). Even when this is done, privacy of information and security of the system still remain an issue of concern to patients. Ghazvini and Shukur (2013) explores and analyses the present state of privacy and security of patient records in the e-health systems. It focuses on the security intended to protect electronic records of patient. Discussion In the recent decades, e-health system advantages have been identified and considered. However, due to numerous challenges, the widespread use of e-health systems is still at an infant stage. Ghazvini and Shukur (2013, p. 212) pointed out that the important challenges of e-health system are security and privacy issues. In particular, the public awareness of privacy issues has grown in a steady manner over the past decade. This is owed largely to increased use of internet which enables permitting of data in a large scale never possible before. The advent of internet has necessitated development of privacy protection guidelines for medical information and the advice that is given through the internet (Smith and Manna 2004, p. 06). Personal health information is increasingly becoming sensitive and diverse and as such, privacy concerns in the e-systems need thorough consideration. Fernandez-Aleman et al., (2013, p. 542) asserted that health information is regarded by many people as among the most confidential of all types of personal information. In this case, protecting this confidentiality in e-health systems is essential for maintenance of privacy. E-health systems bring a lot of benefits but this cannot overshadow some of its numerous challenges. Its benefits explain why it is increasingly being adopted in many developed countries including Australia, Canada and United States. In fact, there is a widespread promotion of electronic health records usage in United States which renders accessibility of sensitive health information possible. This has a potential of jeopardizing privacy of patient (Miron-Shatz & Elwyn 2011, p. 405). As large amount of personal data is being aggregated and stored through online databases, use and location of this information may surpasses the control of administrators and owners hence rendering privacy breaches more possible and legitimate. In this case, electronic storage of patient information offer a greater chance of a magnified damage to breaches of privacy as there exist more recorded information of an individual (Miron-Shatz & Elwyn 2011, p. 405). A large amount of individual details can therefore be accessed. Privacy and security in e-health information systems is seriously threatened by viruses, worms, hackers and malicious codes. The computer viruses have been proliferated in the recent past and controls of e-health system logical security needs to be addressed through encryption, authorisation and encryption of medical records. Insiders also cause many security and privacy breaches in the e-health information systems (Mills, Yao and Chan 2003, p.2). Employees who are unscrupulous can gain unauthorised access to patients’ health records in cases where they are not permitted to do so. In recent years, there have been reports in the media of theft and accidental loss of sensitive clinical information. Therefore, securing of data and privacy in e-health system continues to concern many healthcare stakeholders in several countries. Knowledge of privacy and security features in the e-health information system could be critical if risks and measures in protecting data in e-health system are to be confronted and adopted (Fernandez-Aleman et al., 2013, p. 542). The main aims of e-health systems are in provision of effective support in securing sharing of information across different healthcare environments. Dong, Jonker and Pang (2012, p. 01) explains that e-health systems services are intended to be more effective, efficient, timely, secure and patient-centred. However, the important advantages and solutions that e-health systems brings entails numerous scientific, privacy, security and trust issues. Sensitivity of health data means that maintenance of patient privacy in the e-health system is a challenge that needs proper design and mechanisms in place before any such system is in used in storage of sensitive information. The challenge by hospitals in maintaining patient privacy is further challenged by the fact that government data warehouses are growing exponentially hence becoming more linked with criminal, educational, socio-economical, and health records among others (Miron-Shatz & Elwyn 2011, p. 406). On the other hand, Sethi and Laurie (2013, p. 169) assert that linkage of health records together with other data for purposes of research has the greatest potential of bringing considerable improvement to populations health and well-being. Although this may be case, security challenges of e-Healthcare information still persist and breaches of security is still reported. Shoniregun, Dube and Mtenzi (2010, p. 117) stressed that e-health security challenges lie in human factors and computer systems where identity plays an important role in authorisation and authentication - the weak points of security for e-health information. In addition, human error in handling information in the e-health system is an issue that threatens privacy and security of personal information. The physical theft of information held in e-health system continues to be an issue of concern. The health management organisations are still yet to fully investigate security challenges associated with consent of patient. For example, in United Kingdom, National Health Service (NHS) have undertaken steps by introducing new models of patient consent in an effort of appeasing concerns of privacy by the public in its e-healthcare information system (Shoniregun, Dube, & Mtenzi 2010, p. 117). Due to multiple players that require access of e-health information systems, the aspect of confidentiality of personal identifiable e-health information security continues to be security breaches minefield. E-health systems face the challenge of assuring trust, privacy and security in its architectural design, communication protocols and access control among others in order to guarantee safety of private information stored on those systems (Shoniregun, Dube and Mtenzi 2010, p. 117). Furthermore, there are difficulties in preventing electronic interception of patient information by malicious individuals. The situation is further aggravated by administrators of e-health systems who may accidentally disclose and disseminate private information to parties not entitled to possess such information. There have been great strides that have been made in developing electronic records and information systems within the health industry which has largely consider information needs of the users that will use it. Health care is a sector characterised by complexities and information-intensive processes whereby data that concerns patients’ medical and health conditions are stored and used for purposes of management and clinical care (Bath 2008, p. 501). In addition, aggregated data are used for disease monitoring and surveillance, and planning delivery of health services at all levels of governance. Health care organisations are collecting, storing, analysing, transferring and accessing large volumes of data on every single day. They are then stored in e-health systems which pose serious privacy questions in the manner in which those information will be used and disseminated. In essence, the contentious issue that arise here is how privacy of individual health information collected, used and disclosed is ensured (Mills, Yao, & Chan 2003, p. 03). Moreover, keeping this information secure once it is entered into e-health system is also an issue. These issues are compounded further as design of e-health network calls for striking of a balance between compliance of legal privacy restrictions and expectations of users regarding the system functionality, which at times can be so difficult. A person medical record has sizeable amount of information that includes sexual preferences, living arrangements and life-style choices. In this case, some individuals may not be comfortable when their personal information is put in computer storage systems hence jeopardising the rate of adoption of e-health system. In fact, Ghazvini and Shukur (2013, p. 212) contends that the widespread use of e-system is at the infant stage because of the several challenges it poses. Issues of trust, privacy and security in e-health system should be understood as they are the key challenges in this system. In particular, security of data issues is a key concern to all stakeholders in fields of communication data. Mills, Yao, and Chan (2003, p. 04) explains that the advocates of privacy assert that people may shun life saving and enhancing treatments if they believe that their personal information are not safe from corrupt individuals. This is because they feel embarrassed to suffer from diseases characterised by social stigmas as well as other negative attributions. In fact, leakage of personal information in the e-health system could lead to professional and social problems (Mills, Yao, & Chan 2003, p. 04). For example, when a community knows that certain individuals have contracted sexually transmitted diseases, interpersonal relationship between them and the rest of the community members may become complicated depending on the community set-up. The traditional use of paper system at the health-care facilities is inefficient and at times may prevent effective and timely delivery of important services. This inefficiency and advent of new technologies presents e-Health with the greatest opportunity to grow and be utilised as a mainstay of delivering healthcare services. However, issues of privacy, trust and security in these systems are also presenting the greatest challenges to its adoption in an equal measure. Fundamentally, the general public recognise that privacy in e-Health system is among the important requirements necessary for its adoption (Meingast, Roosta, & Sastry 2006, p. 5456). Given this, e-health systems should be properly equipped to successfully handle privacy concerns of all the stakeholders. Moreover, it must be able to assure privacy and address various privacy issues inherent in architectural design, communications protocols and access controls (Dong, Jonker, & Pang 2012, p. 02). Even when data on health-care are well protected, secured and there is perfect installation of access controls, communications protocols which are improperly designed for interoperability purposes causes information leakages hence breaching privacy of users. Advancement in technology has brought many benefits to many sectors of the economy in this globalisation era. Healthcare is among the relatively latest sectors to have been affected by evolution of new information and communication technologies. Despite the benefits of e-health system in provision of healthcare, security and privacy breaches continued to be reported in e-Healthcare. Even introduction of international driven privacy protection laws relating to healthcare information has not resulted in privacy and security breaches abatement (Shonerigun, Dube, & Mtenzi 2010, p. 123). In addition, the numerous standards that have emerged have not led e-Health systems to successfully secure electronic health information and protect privacy of patient. Lohr, Sadeghi and Winandy (2010, p. 04) contends that the storage of private sensitive information and data in centralised data centres brings the risk of leaking information to unauthorised entities. It is also to be noted that the current environment is increasingly being networked wirelessly. Furthermore, there is escalation of pervasive computing devices. These provide ample and conducive infrastructural environment for privacy and security breach attacks to be undertaken in e-health systems (Shonerigun, Dube, & Mtenzi 2010, p. 123). Breach and theft of information are some of the issues e-health system brings in the information system. Privacy governs patient and physician relationship needed for effective delivery of healthcare services. However, this privacy is threatened by the increased adoption of e-health solutions in information systems (Tejero and Torre 2012, p. 3021). The increased use of internet has also brought concerns of privacy and security of personal data to be thorny issue that underlies adoption of e-health systems. The security and privacy of information is becoming an important issue in healthcare. Increased adoption for digitally stored patients records and needs for sharing of information between healthcare providers, payers and patients requires better security of information. Medical personnel require patients to provide them information for purposes of facilitating correct diagnosis and in determining treatment, especially in avoidance of adverse drug interactions. Nevertheless, patients may decline to provide crucial information in case of medical and health problems such as HIV and psychiatric behaviour because disclosing them may result to discrimination and social stigma (Appari & Johnson 2008, p. 03). As time elapses, patient medical records that is stored in the e-health system accumulates large amount of personal information that include his or her identity, medication history, genetic information, treatment information among others. In light of this, security of the system used should be top notch as successful hacking it means that sizeable information about patient privacy is taken by individuals not required to access it. This jeopardises health information privacy and information security. Health information is private and sensitive as well as being personal in nature. Preserving privacy of patient is imperative to patient treatment as it builds trust of patient using healthcare system. Adopting and successfully implementing e-health systems require users to highly accept and trust it. If concerns of trust of e-health systems are high in comparison with its perceived benefits, then accepting it as a healthcare assistive technology may not materialised. This could therefore hamper efficient development as well as successful rolling out of e-Health technologies (Wilkowska & Ziefle 2012, p. 192). It is therefore important to explore various strategies that would counter the mistrust of the healthcare technological systems in enhancing monitoring of medical information. Patients’ needs to feel that the information they provide to medical practitioners are secured and confidentially controls are in place to counter any leakage of such personal information in the system. Recommendations The challenges faced in the e-health system can be addressed. Numerous challenges pertaining to security, privacy and trust in e-health system is attributed as one of the reasons for its slow pace of adoption. Nonetheless, these challenges can be addressed through various strategies. For purposes of improving trust of patients in the e-health system, patients should be given some access to view their personal records and have control of who gets access to it (Miron-Shatz & Elwyn 2011, p. 407). This will improve their trust of the system as they control it rather than giving them notification when breach of the system security has already occurred. It may be a step forward to consider e-health systems that lets patients have the required trust, reassurance and transparency that their records, information and data are safe. It may seem impossible, but a process and system that allow patients to undertake monitoring of their data and when needs occurs, alert healthcare providers and security agencies to existing problem can mitigate some of the challenges. The policy of healthcare institutions should be further enhanced for purposes of protecting electronic health records from exposure to unauthorised persons. Lafky and Horan (2011, p. 69) contends that there is no privacy when security practices do not exist. It is therefore prudent and beneficial to periodically conduct security checks and practices in e-health systems for determination of any threats, pitfalls and weaknesses of the system that may leak private information. Healthcare facilities should clearly define who can gain access to patients’ information in e-health system and to what extent in prevention of unauthorised access by some employees. Additionally, new recruits by healthcare authorities and all employees in general should be given training in e-health system information security policy. Conclusion Evolution of e-health systems has raised many issues concerning its trust, privacy and security. This essay has considered various issues of privacy, security and trust challenges that e-health systems faces. As e-health is increasingly being adopted all over the world albeit at a slower pace, health care stakeholders want to control information about them and at the same time shares it with other trusted parties. E-health systems face the challenge of assuring trust, privacy and security in its architectural design, communication protocols and access control among others in order to guarantee safety of private information stored on those systems. The challenges discussed in this essay should be critically addressed and suitable strategies of mitigating various trust, privacy and security issues in the e-health system for it to be widely accepted by all stakeholders. Some of the recommendations presented here can have significant impacts in dealing with these issues. References Appari, A & Johnson, M. E 2010, ‘Information security and privacy in healthcare: current state of research’, International journal of Internet and enterprise management, vol. 6, no. 4, pp. 279-314. Bath, P. A 2008, ‘Health Informatics: current issues and challenges’, Journal of Information Science, vol. 34, no. 4, pp. 501-518. Dong, N, Jonker, H & Pang, J 2012, ‘Challenges in ehealth: From enabling to enforcing privacy’, In Z, Liu & A, Wassyng (eds), Foundations of Health Informatics Engineering and Systems. Springer, Berlin, pp. 195-206. Fernández-Alemán J.L, Senor, I.C, Lozoya, P.A.O & Toval, A 2013, ‘Security and privacy in electronic health records: A systematic literature review’ Journal of biomedical informatics, vol. 46, no.3, pp. 541-562. Ghazvini, A, & Shukur, Z 2013, ‘Security Challenges and Success Factors of Electronic Healthcare System’, Procedia Technology, vol.11, pp. 212-219. Lafky, D. B & Horan, T. A 2011, ‘Personal health records Consumer attitudes toward privacy and security of their personal health information’, Health Informatics Journal, vol. 17, no. 1, pp. 63-71. Löhr, H., Sadeghi, A. R., & Winandy, M. 2010 (November), ‘Securing the e-health cloud’, In Proceedings of the 1st ACM International Health Informatics Symposium, pp. 220-229. Association for Computing Machinery, New York. Meingast, M, Roosta, T & Sastry, S 2006 (August), ‘Security and privacy issues with health care information technology.’ In Engineering in Medicine and Biology Society, 2006. EMBS'06. 28th Annual International Conference of the IEEE , pp. 5453-5458. Institute of Electrical and Electronic Engineers, New York. Mills S. K, Yao, R.S & Chan, Y.E 2003, ‘Privacy in Canadian Health Networks: challenges and opportunities’, Leadership in Health Services, vol.16, no. 1, pp. 1-10. Miron-Shatz, T & Elwyn, G 2011, ‘To serve and protect? Electronic health records pose challenges for privacy, autonomy and person-centered medicine’, The International Journal of Person Centered Medicine, vol. 1, no. 2, pp. 405-409. Sethi, N & Laurie, G. T 2013, ‘Delivering proportionate governance in the era of eHealth: Making Linkage and privacy work together’, Medical Law International, vol. 13, no. 2-3, pp. 168-204. Shoniregun, C. A, Dube, K & Mtenzi, F 2010, Electronic Healthcare Information Security. Springer, New York. Smith, A.D & Manna, D.R 2004, ‘Exploring the trust factor in e-medicine’, Online Information Review, vol. 28, no. 5, pp. 346-355. Tejero, A, & Torre, I 2012, ‘Advances and current state of the security and privacy in electronic health records: survey from a social perspective’, Journal of medical systems, vol. 36, no. 5, pp. 3019-3027. Wilkowska, W & Ziefle, M 2012, ‘Privacy and data security in E-health: Requirements from the user’s perspective, Health informatics journal, vol. 18, no. 3, pp. 191-201. Read More