Article | Scandinavian Conference on Health Informatics; August 22; 2014; Grimstad; Norway | Access Control for Electronic Health Records. A Delphi study of current challenges and highlighting of potential improvements
Göm menyn

Title:
Access Control for Electronic Health Records. A Delphi study of current challenges and highlighting of potential improvements
Author:
Rune Hystad: Department of Health and Nursing Science, University of Agder, Norway Rune Fensli: Center for eHealth and Health Care Technology, Department of ICT, University of Agder, Norway
Download:
Full text (pdf)
Year:
2014
Conference:
Scandinavian Conference on Health Informatics; August 22; 2014; Grimstad; Norway
Issue:
102
Article no.:
006
Pages:
37-44
No. of pages:
8
Publication type:
Abstract and Fulltext
Published:
2014-08-20
ISBN:
978-91-7519-241-3
Series:
Linköping Electronic Conference Proceedings
ISSN (print):
1650-3686
ISSN (online):
1650-3740
Publisher:
Linköping University Electronic Press; Linköpings universitet


Export in BibTex, RIS or text

Access control is an essential function in electronic health records (EHR) to maintain the duality between patient safety and patient privacy by ensuring that authorized personnel are allowed access to health records. In the Norwegian secondary care; access control in EHR must be given on the basis of decisions about health care; so called decision based access. There is however no empirical data on experiences with the use and setup of decision based access. A Delphi survey was therefore undertaken to identify what end users and system administrators consider to be important challenges; and ways to improve the access control. The survey shows that challenges identified in previous studies are still present. Access control is not sufficiently tailored to treatment processes; and there is extensive use of exception mechanisms; which creates long event records that are not followed up systematically and therefore may go at the expense of patient privacy. Possible improvements include more education; standardization of access control; easier use of exception mechanisms and a more process oriented access control.

Keywords: Access control; Electronic health records; Security measures; Patient safety; Delphi Technique

Scandinavian Conference on Health Informatics; August 22; 2014; Grimstad; Norway

Author:
Rune Hystad, Rune Fensli
Title:
Access Control for Electronic Health Records. A Delphi study of current challenges and highlighting of potential improvements
References:

[1] R√łstad L. Access Control in Healthcare Information Systems. PhD thesis. Norwegian University of Science and Technology; 2009.


[2] Ferreira A; Cruz-Correia R; Antunes L; Chadwick D. Access control: how can it improve patients’ healthcare? Stud Health Technol Inform 2007;127: 65-76.


[3] Nystadnes T. EPJ Standard del 2: Tilgangsstyring; retting og sletting Vol. 6/05; 2007.


[4] Helsedirektoratet. Norm for informasjonssikkerhet. http://helsedirektoratet.no/lover-regler/norm-forinformasjonssikkerhet/Sider/default.aspx (accessed 4 Jan 2014).


[5] Schmidt R. Managing Delphi surveys using nonparametric statistical techniques. Decision Sciences 1997;28(3): 763-774.


[6] Okoli C; Pawlowski SD. The Delphi Method as a research tool: an example; design considerations and applications. Information & Management 2004;42(1): 15-29.


[7] Hsieh HF; Shannon SE. Three Approaches to Qualitative Content Analysis. Qualitative Health Research 2005;15(9): 1277-1288.


[8] √Öhlfeldt RM. Information Security in Distributed Healthcare. PhD Thesis. Stockholm University; 2008.


[9] Skulmoski; G.J; Hartman; F.T; Krahn; J. The Delphi method for graduate research. Journal of Information Technology Education 2007;6: 1‚Äď21.


[10] Andresen H. Tilgang til og videreformidling av helseopplysninger. PhD Thesis. University of Oslo; 2010.


[11] Faxvaag A; Johansen TS; Heimly; V; Melby L. Grimsmo A. Healthcare Professionals’ Experiences With EHRSystem Access Control Mechanisms. Studies in Health Technology and Informatics 2011;169: 601-605.


[12] Innomed. M√łnstergjenkjenning som metode for √• oppdage taushetspliktbrudd ved bruk av pasientjournal. http://www.innomed.no/media/media/prosjekter/rapporter/56_-_Monstergjenkjenning.pdf (accessed 8 Feb 2014).


[13] Andresen H & Aasland OG. Helsepersonells h√•ndtering av pasientopplysninger. Tidsskrift for den Norske legeforening 2008;128(24): 2823 ‚Äď 7.


[14] √ėkland S. Haumann K.. & Christiansen RS. Urettmessig tilegnelse av taushetsbelagte opplysninger fra kliniske ITsystemer. Msc thesis. University of Agder: 2011.


[15] DIPS. Forenklet brukeradministrasjon. http://dips.mediabok.no/113/index.html#14/z (accessed 10 Mar 2014).


[16] Andresen √ė. Moglegheiter for kvalitetsregister gjennom ny IKT. http://www.helsebergen.no/fagfolk/forskning/Documents/kvalitetsregisterkonferansen%202013-%20postere%20foredrag/Registerkonferanse2013%20%C3%98rjan%20Andersen.pdf (accessed 21 Feb 2014).


[17] Finborud IM. Prosjekter gjennom tidene ‚Äď hva har vi l√¶rt http://www.nasjonalikt.no/filestore/Arrangementer/Prosjektledersamling_ 2014/IngerM.Finborud_ProsjektarbeidiHelseSrst.pdf (accessed 18 Mar 2014).

Scandinavian Conference on Health Informatics; August 22; 2014; Grimstad; Norway

Author:
Rune Hystad, Rune Fensli
Title:
Access Control for Electronic Health Records. A Delphi study of current challenges and highlighting of potential improvements
Note: the following are taken directly from CrossRef
Citations:
No citations available at the moment


Responsible for this page: Peter Berkesand
Last updated: 2017-02-21