Security Challenges in EHR Systems

The information stored in EHRs main comprises of observations, laboratory tests, treatments, prescriptions, allergies, therapies, diagnostic imaging report and a patient’s medical history in overall. EHRs enable healthcare practitioners to manage healthcare data using advance technology in a manner that paper technique cannot deliver (Ghazvini & Shukur, 2013). In principle, EHR systems are characterized by increased patient safety, reduced cost, improved productivity as well as security and fraud detection abilities. Regarding increased patient safety, EHRs offer universal accessibility of healthcare services by providing information on a patient’s family, medical and career history (Onuiri, Idowu & Komolafe, 2015). Therefore, in the case of critical conditions or emergencies, quick treatment can be provided. Among the parties who have been tasked with the responsibility of ensuring the security of EHRs is private individuals.

Patients themselves have been trained on how to ensure the security of their medical records through the use of better methods such as biometrics which enables them to apply physiological and behavioral traits to access their data (Onuiri, Idowu & Komolafe, 2015). Unlike passwords and pins, the use of biometrics is the most effective because it could be used even when a patient is too weak to enter information. However, when these individuals are inadequately trained, it open’s room for a security vulnerability. Another party with a major interest in EHRs is the government. Healthcare information has emerged to be more valuable than other forms of data. For instance, according to Coventry and Branley (2018), a complete set of medical credentials could be approximately $1000.

All these encounters have been possible through security breaches in healthcare data. Towards this end, this research paper aims to explore the security challenges that arise from implementations of EHR systems in the healthcare industry. EHR systems have been influential in sustaining patients’ safety and care while enabling better efficiency in the exchange of information; however, as technology continues to advance, increasing concerns regarding the safety of healthcare data and devices have continued to affect the implementation of these systems in healthcare. However, according to their research on developing economies particularly in Sub-Sahara Africa, most hospitals in this region appear reluctant to implement this technological aspect of healthcare management system due to the security challenges perceived. Digital cyberspace has significantly influenced the manner in which people interact in today’s world and with the emergence of the internet Onuiri, Idown and Komolafe (2015) note that individuals and organizations activities on the cyberspace have increased resulting into a serious effect on the risk involved in security, management, and accessibility of data.

Thus, the cyberspace has created room for criminal, hostile activities and potential security threats to holders of information processed and stored in it. Through the adoption of EHR systems, healthcare organizations have fallen victims of these security challenges and patients’ medical records become vulnerable to security threats following increased hacking activities via the internet. In their article, Onuiri, Idown, and Komolafe (2015) investigate the cyberspace threats that contribute to security challenges of EHR system application in healthcare organizations by examining the methods of information storage, exchange and access in the system. Since 2015, this threat has emerged to be the foremost cause of health data breaches. The lax security in EHR systems has created room for hackers to steal patient’s medical records, deny users access to healthcare services or possibly cause deliberate harm that could extend to loss of life.

Over the years, the health industry has recorded increasing accounts of data security breaches which have resulted into huge financial losses, reduced patients’ safety and loss of reputation for the affected healthcare institutions (Ghazvini & Shukur, 2013). The dark web has been the main site for the commission of unlawful access and unauthorized distribution of medical records. For instance, in Australia, the medical number in the patients’ cards are often displayed for sale. As a result, the affected healthcare institutions encountered system-wide shut down, delays in care delivery and loss of function to connected medical equipment such as blood storage refrigerators and Magnetic Resonance Imagery scanners. The damage of this WannaCry attack was far-reaching in hospitals, yet it was not initially meant for healthcare organizations.

However, this does not mean that direct malware attack has not been directed to the healthcare sector. In 2015 and 2016, United Kingdom’s National Health System trusts were attacked by a certain type of ransomware. This unspecified attack lead to the shutdown of its IT systems and withdrawal of all outpatient appointments and scheduled operations for four consecutive days. (a) Human factors Human-related factors have emerged to be the leading cause of challenging the effective implementation of EHR systems. According to a research in Sweden performed by students from KTH University, it was discovered that approximately 76 percent of the physicians regarded human factors as the main challenge affecting the adoption of EHR systems (Rana, Kubbo & Jayabalan, 2017). However, nearly 53 percent of the physicians reported having no or little interest in Health Information Technology.

Based on this research outcome, it implies that EHR systems could be successfully adopted if the users are trained on how to use it before its implementation in the healthcare facilities. Human factor also forms an important aspect of information security and privacy. • Integrity According to Fernández-Alemán et al. , (2013), integrity in EHR is the act of protecting the original representation of data even in the event of any modifications. In EHR systems, it is crucial to maintaining the integrity of data because it is the only means of ensuring data accuracy and the occurrence of minimal errors which help in improving patients’ safety. However, if users are insufficiently trained on the use of some of the features such as ‘copy and paste’ it is likely that substantial inaccuracies of data will occur (Rana, Kubbo & Jayabalan, 2017).

Also, data inaccuracies in EHR systems have been reported to emerge from other features such as the drop-down menu. As technology continues to advance, requirements for high standards of security are also increasing. To ensure all sort of information is highly secured, the science of cryptography has been adopted as one of the most significant security measures in EHR systems. Also, the access control mechanism has also been used as a security measure for cloud-based EHR systems that ensures data security and leverages privacy. However, there are existing gaps in the use of these measures that have created room for the security challenges healthcare organizations are experiencing with the implementation of the EHR system. (a) Cryptography and its Challenges Cryptography primarily involves the method of translating ordinary plain text into an incomprehensible text and vice-versa.

However, since bio-cryptography are connected only through one bit, it remains prone to security vulnerabilities. Therefore, unless, strong protection keys are developed, bio-cryptography will present security challenges or even increase the possible insider threats in the EHR system. (b) Cloud-based access control models and their Challenges Cloud computing in healthcare organizations has emerged as a cost-effective method adopted by small healthcare providers that have driven the transfer of EHR systems into the cloud and effectively managed (Gavrilov & Trajkovik, 2012). Like all other internet systems, the cloud is also exposed to security vulnerabilities, and thus when EHR systems are moved into the cloud, vendors are expected to provide complete visibility of EHR users through practical security controls. Since the highest percentage of security breaches is through unauthorized access, the adoption of access control mechanism in the cloud has emerged to be the most convenient means of securing data and guaranteeing the privacy of patients’ health records.

However, in an attempt to limit occurrences of the various security breaches, it is crucial to include cybersecurity in the risk management process with the healthcare institutions. Also, healthcare institutions should practice cyber resilience. This practice is an all-inclusive approach to cyber risk which examines the processes, culture, people, and technology. Ideally, some measures could be adopted to help mitigate the security challenges experienced in the implementation of EHR systems. (a) Maintenance of Cyber-hygiene Healthcare organizations should adopt practices that ensure cyber-hygiene. Conclusion EHR systems have been influential in sustaining patients’ safety and care while enabling better efficiency in the exchange of information; however, as technology continues to advance, increasing concerns regarding the safety of healthcare data and devices have continued to affect the implementation of these systems in healthcare.

Such security challenges have included threats from the data collection, transmission, and storage level with contributing factors being mainly human-related. Human error and laxity in adopting efficient security measures have resulted into damaging effects including huge financial losses, reduced patients’ care and loss of reputation. Hacking and use of malware have been the leading security threats to EHR systems. Also, gaps in the various security measures used in EHR systems particularly cryptography and use of access control models have exposed EHR systems to security vulnerabilities. C. , Lozoya, P. O. , & Toval, A. Security and privacy in electronic health records: A systematic literature review. & Wambugu, S. A primer on the security, privacy, and confidentiality of electronic health records. Chapel Hill, NC: MEASURE Evaluation, University of North Carolina.