Top

BMC Medical Informatics and Decision Making

Published in:

Open Access 01-12-2023 | Research

Integrated personal health record (PHR) security: requirements and mechanisms

Authors: Azamossadat Hosseini, Hassan Emami, Yousef Sadat, Somayeh Paydar

Published in: BMC Medical Informatics and Decision Making | Issue 1/2023

Abstract

Background

Personal Health Records (PHRs) are designed to fulfill the goals of electronic health (eHealth) and empower the individual in the process of self-care. Integrated PHR can improve the quality of care, strengthen the patient-healthcare provider relationship, and reduce healthcare costs. Still, the process of PHR acceptance and use has been slow and mainly hindered by people’s concerns about the security of their personal health information. Thus, the present study aimed to identify the Integrated PHR security requirements and mechanisms.

Methods

In this applied study, PHR security requirements were identified with a literature review of (library sources, research articles, scientific documents, and reliable websites). The identified requirements were classified, and a questionnaire was developed accordingly. Thirty experts completed the questionnaire in a two-round Delphi technique, and the data were analyzed by descriptive statistics.

Results

The PHR security requirements were identified and classified into seven dimensions confidentiality, availability, integrity, authentication, authorization, non-repudiation, and right of access, each dimension having certain mechanisms. On average, the experts reached an agreement about the mechanisms of confidentiality (94.67%), availability (96.67%), integrity (93.33%), authentication (100%), authorization (97.78%), non-repudiation (100%), and right of access (90%).

Conclusion

Integrated PHR security is a requirement for its acceptance and use. To design a useful and reliable integrated PHR, system designers, health policymakers, and healthcare organizations must identify and apply security requirements to guarantee the privacy and confidentiality of data.

Available only for authorised users

Chapman R, Haroon S, Simms-Williams N, Bhala N, Miah F, Nirantharakumar K, et al. Socioeconomic deprivation, age and language are barriers to accessing personal health records: a cross-sectional study of a large hospital-based personal health record system. BMJ Open. 2022;12(1):e054655. https://doi.org/10.1136/bmjopen-2021-054655.CrossRefPubMedPubMedCentral

Groenen CJ, Kremer JA, IntHout J, Meinders MJ, van Duijnhoven NT, Vandenbussche FP. Effects of a Personal Health Record in Maternity Care: a stepped-wedge trial. Int J Environ Res Public Health. 2021;18(19):10343. https://doi.org/10.3390/ijerph181910343.CrossRefPubMedPubMedCentral

Nahm E-S, Diblasi C, Gonzales E, Silver K, Zhu S, Sagherian K, et al. Patient-centered personal health record and portal implementation toolkit for ambulatory clinics: a feasibility study. CIN: Comput Inform Nurs. 2017;35(4):176–85. https://doi.org/10.1097/CIN.0000000000000318.CrossRefPubMed

Toni E, Pirnejad H, Makhdoomi K, Mivefroshan A, Niazkhani Z. Patient empowerment through a user-centered design of an electronic Personal Health record: a qualitative study of user requirements in chronic kidney disease. BMC Med Inform Decis Mak. 2021;21:1–15. https://doi.org/10.1186/s12911-021-01689-2.CrossRef

Vachon E, Robb BW, Haggstrom DA. Impact of a Personal Health record intervention upon Surveillance among Colorectal Cancer Survivors: Feasibility Study. JMIR cancer. 2022;8(3):e34851. https://doi.org/10.2196/34851.CrossRefPubMedPubMedCentral

Paydar S, Emami H, Asadi F, Moghaddasi H, Hosseini A. Functions and outcomes of personal health records for patients with chronic diseases: a systematic review. Perspect Health Inf Manag 2021, 18(Spring).

Alawneh R, El Sheikh A, Kanaan R. Development of embedded Personal Health CareRecord System. iBusiness. 2011;3(2):178–83. https://doi.org/10.4236/ib.2011.32024.CrossRef

Harahap NC, Handayani PW, Hidayanto AN. Functionalities and issues in the implementation of personal health records: systematic review. JMIR. 2021;23(7):e26236. https://doi.org/10.2196/26236.CrossRefPubMedPubMedCentral

Harahap NC, Handayani PW, Hidayanto AN. The Challenges in Integrated Personal Health Record Adoption in Indonesia: A Qualitative Analysis of Regulatory Perspectives. In: 2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS: 2021: IEEE; 2021: 169–174. https://doi.org/10.1109/ICIMCIS53775.2021.9699353.

10.

Alkhatlan H. Evaluation of young adults’ Preferences, needs, and the understandability of the Personal Health Record Data contents. University of Pittsburgh; 2010.

11.

Caligtan CA, Dykes PC. Electronic health records and personal health records. In: Seminars in oncology nursing: 2011: Elsevier; 2011: 218–228. https://doi.org/10.1016/j.soncn.2011.04.007.

12.

AHIMA e-HIM Personal Health Record Work Group. Defining the personal health record. Journal of AHIMA 2005, 76(6):24-25.2005.

13.

Taha J, Czaja SJ, Sharit J, Morrow DG. Factors affecting usage of a personal health record (PHR) to manage health. Psychol Aging. 2013;28(4):1124. https://doi.org/10.1037/a0033911.CrossRefPubMedPubMedCentral

14.

Andrikopoulou E, Scott P, Herrera H, Good A. What are the important design features of personal health records to improve medication adherence for patients with long-term conditions? A systematic literature review. BMJ open. 2019;9(9):e028628. https://doi.org/10.1136/bmjopen-2018-028628.CrossRefPubMedPubMedCentral

15.

Bourgeois FC, Nigrin DJ, Harper MB. Preserving patient privacy and confidentiality in the era of personal health records. Pediatrics. 2015;135(5):e1125–7. https://doi.org/10.1542/peds.2014-3754.CrossRefPubMed

16.

Abd-Alrazaq A, Bewick BM, Farragher T, Gardner P. Factors affecting patients’ Use of Electronic Personal Health Records in England: cross-sectional study. JMIR. 2019;21(7):e12373. https://doi.org/10.2196/12373.CrossRefPubMedPubMedCentral

17.

Flaumenhaft Y, Ben-Assuli O. Personal health records, global policy and regulation review. Health Policy. 2018;122(8):815–26. https://doi.org/10.1016/j.healthpol.2018.05.002.CrossRefPubMed

18.

Fylan F, Caveney L, Cartwright A, Fylan B. Making it work for me: beliefs about making a personal health record relevant and useable. BMC Health Serv Res. 2018;18(1):1–12. https://doi.org/10.1186/s12913-018-3254-z.CrossRef

19.

Kaelber DC, Jha AK, Johnston D, Middleton B, Bates DW. A research agenda for personal health records (PHRs). J Am Med Inform Assoc. 2008;15(6):729–36. https://doi.org/10.1197/jamia.M2547.CrossRefPubMedPubMedCentral

20.

Dontje K, Corser WD, Holzman G. Understanding patient perceptions of the electronic personal health record. J Nurse Pract. 2014;10(10):824–8. https://doi.org/10.1016/j.nurpra.2014.09.009.CrossRef

21.

Hawthorne KH, Richards L. Personal health records: a new type of electronic medical record. Records Manage J. 2017. https://doi.org/10.1108/RMJ-08-2016-0020.CrossRef

22.

Pang PC-I, McKay D, Chang S, Chen Q, Zhang X, Cui L. Privacy concerns of the australian My Health Record: implications for other large-scale opt-out personal health records. Inf Process Manag. 2020;57(6):102364. https://doi.org/10.1016/j.ipm.2020.102364.CrossRef

23.

Daglish D, Archer N. Electronic personal health record systems: a brief review of privacy, security, and architectural issues. In: Privacy, Security, Trust and the Management of e-Business, 2009 CONGRESS’09 World Congress on: 2009: IEEE; 2009: 110–120. https://doi.org/10.1109/CONGRESS.2009.1.

24.

Furano RF, Kushniruk AW, Barnett J. Deriving a Set of Privacy Specific Heuristics for the Assessment of PHRs (Personal Health Records). In: ITCH: 2017; 2017: 125–130. https://doi.org/10.3233/978-1-61499-742-9-125.

25.

Meigasari DA, Handayani PW, Hidayanto AN, Ayuningtyas D. Do Electronic Personal Health Records (E-PHR) Influence People Behavior to Manage Their Health? In: 2020 International Conference on Information Management and Technology (ICIMTech): 2020: IEEE; 2020: 482–487. https://doi.org/10.1109/ICIMTech50083.2020.9211293.

26.

Farzandipour M, Sadoughi F, Ahmadi M, Karimi I. Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst. 2010;34(4):629–42. https://link.springer.com/article/10.1007/s10916-009-9276-7.CrossRefPubMed

27.

US Department of Health Human Services. Literature review and environmental scan: evaluation of personal health records pilots for fee-forservice Medicare enrollees from South Carolina. 2010, 17:2012.

28.

Wynia M, Dunn K. Dreams and nightmares: practical and ethical issues for patients and physicians using personal health records. J Law Med Ethics. 2010;38(1):64–73. https://doi.org/10.1111/j.1748-720X.2010.00467.x.CrossRefPubMed

29.

Rodolfo I, Laranjo L, Correia N, Duarte C. Design strategy for a national integrated personal health record. In: Proceedings of the 8th Nordic Conference on Human-Computer Interaction: Fun, Fast, Foundational: 2014; 2014: 411–420. https://doi.org/10.1145/2639189.2641205.

30.

Rodolfo IMS. Design strategy for Integrated Personal Health Records: improving the user experience of Digital Healthcare and Wellbeing. Universidade NOVA de Lisboa (Portugal); 2017.

31.

Alyami MA. Toward patient-centered personal health records systems to promote evidence-based decision-making and information sharing. Towson University; 2018.

32.

Abdekhoda M, Dehnad A, Khezri H. The effect of confidentiality and privacy concerns on adoption of personal health record from patient’s perspective. Health and Technology. 2019;9(4):463–9. https://doi.org/10.1007/s12553-018-00287-z.CrossRef

33.

Kumar N, Mathuria A. Security and privacy issues in outsourced Personal Health Record. Research advances in Cloud Computing. Springer; 2017: 431–47. https://doi.org/10.1007/978-981-10-5026-8_17.

34.

Israelson J, Cankaya EC. A hybrid web based personal health record system shielded with comprehensive security. In: System Science (HICSS), 2012 45th Hawaii International Conference on: 2012: IEEE; 2012: 2958–2968. https://doi.org/10.1109/HICSS.2012.6.

35.

Chaudhary S, Somani G, Buyya R. Research advances in Cloud Computing. Springer; 2017. https://doi.org/10.1007/978-981-10-5026-8.

36.

Padol PR, More HK, Mandre NV, Shimpi PN. Personal health records in cloud computing. Int Res J Eng Technol. 2018;5(2):1666–73.

37.

Señor IC, Fernández-Alemán JL, Toval A. Are personal health records safe? A review of free web-accessible personal health record privacy policies. JMIR. 2012;14(4):e114. https://doi.org/10.2196/jmir.1904.CrossRef

38.

Wang C-K. Security and privacy of personal health record, electronic medical record and health information. Probl Perspect Manage. 2015;13(4):19–26.

39.

Kyriazis D, Autexier S, Boniface M, Engen V, Jimenez-Peris R, Jordan B et al. The CrowdHEALTH project and the hollistic health records: collective wisdom driving public health policies. Acta Inf Med 2019, 27(5):369https://doi.org/10.5455/aim.2019.27.369-373.

40.

Kiourtis A, Mavrogiorgou A, Mavrogiorgos K, Kyriazis D, Graziani A, Symvoulidis C, et al. Electronic Health Records at People’s Hands across Europe: the InteropEHRate Protocols. In: pHealth 2022. IOS Press; 2022. pp. 145–50. https://doi.org/10.3233/SHTI220973.

41.

Hansen A. Guidelines on Minimum/Non-Exhaustive patient Summary dataset for Electronic Exchange in Accordance with the Cross-Border Directive 2011/24. In.: European Commission; 2013.

42.

Samarati P, de Vimercati SC. Access control: Policies, models, and mechanisms. In: International School on Foundations of Security Analysis and Design: 2000: Springer; 2000: 137–196. https://doi.org/10.1007/3-540-45608-2_3.

43.

Abdulnabi M, Al-Haiqi A, Kiah MLM, Zaidan A, Zaidan B, Hussain M. A distributed framework for health information exchange using smartphone technologies. J Biomed Inform. 2017;69:230–50. https://doi.org/10.1016/j.jbi.2017.04.013.CrossRefPubMed

44.

Coatrieux G. Contribution au contrôle d’intégrité des images médicales. Université de Rennes 1; 2011.

45.

Zhou L, DeAlmeida D, Parmanto B. Applying a user-centered approach to building a mobile personal health record app: development and usability study. JMIR mHealth and uHealth. 2019;7(7):e13194. https://doi.org/10.2196/13194. https://preprints.jmir.org/preprint/13194.CrossRefPubMedPubMedCentral

46.

Avancha S, Baxi A, Kotz D. Privacy in mobile technology for personal healthcare. ACM Comput Surv (CSUR). 2012;45(1):1–54. https://doi.org/10.1145/2379776.2379779.CrossRef

47.

Blobel B. Architectural approach to eHealth for enabling paradigm changes in health. Methods Inf Med. 2010;49(2):123–34. https://doi.org/10.3414/ME9308.CrossRefPubMed

48.

Romero J, López P, Noguera JLV, Cappo C, Pinto-Roa DP, Villalba C. Integrated, reliable and cloud-based personal health record: a scoping review. arXiv preprint arXiv. 2016;160903615. https://doi.org/10.48550/arXiv.1609.03615.

49.

Dubbink D. Personal health records in dutch hospitals: is hte hype already over? University of Twente; 2013.

50.

Keikavousi MR, Asadi F, Paydar S, Khounraz F. Development of Inflammatory Bowel Diseases Registry Software. Middle East J Dig Dis 2021, 13(2):145. https://doi.org/0.34172/mejdd.2021.218.

51.

Mishra P. User interface design: for existing system monitoring application. 2013.

52.

Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A. Security and privacy in electronic health records: a systematic literature review. J Biomed Inform. 2013;46(3):541–62. https://doi.org/10.1016/j.jbi.2012.12.003.CrossRefPubMed

53.

Dimitropoulos LL. Privacy and security solutions for interoperable health information exchange. Impact analysis. RTI International: 2007.

54.

US Department of Health and Human Services. Personal health records and the HIPAA privacy rule. Washington, [accessed 2020-06-20][WebCite Cache ID 6kLwH4Pzu]. 2008. DC URL: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/healthit/phrs.pdf.

55.

Park HS, Kim KI, Soh JY, Hyun YH, Jang SK, Lee S, et al. Factors influencing acceptance of personal health record apps for workplace health promotion: cross-sectional questionnaire study. JMIR mHealth and uHealth. 2020;8(6):e16723. https://doi.org/10.2196/16723.CrossRefPubMedPubMedCentral

Title: Integrated personal health record (PHR) security: requirements and mechanisms
Authors: Azamossadat Hosseini
Hassan Emami
Yousef Sadat
Somayeh Paydar
Publication date: 01-12-2023
Publisher: BioMed Central
Published in: BMC Medical Informatics and Decision Making / Issue 1/2023
Electronic ISSN: 1472-6947
DOI: https://doi.org/10.1186/s12911-023-02225-0

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Integrated personal health record (PHR) security: requirements and mechanisms

Abstract

Background

Methods

Results

Conclusion

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Abstract

Background

Methods

Results

Conclusion

Please log in to get access to this content

Other articles of this Issue 1/2023

Ontology-driven and weakly supervised rare disease identification from clinical notes

The effect of health literacy intervention on adherence to medication of uncontrolled hypertensive patients using the M-health

Body landmarks and genetic algorithm-based approach for non-contact detection of head forward posture among Chinese adolescents: revitalizing machine learning in medicine

Associations between blood pressure control and clinical events suggestive of nutrition care documented in electronic health records of patients with hypertension

Committee experiences of using formal consensus in healthcare guidelines: a longitudinal qualitative study

Prediction and diagnosis of depression using machine learning with electronic health records data: a systematic review