The transition from paper-based records to electronic medical records (EMRs) promises to revolutionize healthcare provision and delivery in the EU, but it also creates serious security concerns, as the increasing number of cyber attacks perpetrated against hospitals in the last year indicates. This article, which originates in the context of an ongoing e-health project, deals with the security of EMRs, from a computer science and legal perspective. The article explains, in the first part, what an EMR – a term that refers to the collection of information about the health status of an individual in digital format – is (Kierkegaard, 2011). It will do so by offering examples of EMRs compiled in different EU jurisdictions, and a description of the legal protection afforded therein. The second part draws on existing literature on cybersecurity. After defining security, it describes, with the aid of a table, the vulnerabilities and risks associated to EMRs, e.g. ransomware, malware, breaches, and in relation to their storage systems, e.g., in the local servers of the hospitals or in cloud storage systems (ENISA, 2015). This section is complemented by references to the legal frameworks (criminal law, data protection law, etc.) that are mobilised in response to these risks (Agrawala & Johnson, 2007). The classification of security concerns and the legal analysis will offer researchers in the field of regulation of technology, technology and health care management an updated source to advance knowledge in the area of cybersecurity and health research. Main references ENISA (European Union Agency for Network and Information Security): Security and Resilience in eHealth Infrastructures and Services, 2015 Kierkegaard, P., Electronic Health Record: Wiring Europe's Health Care. Computer Law and Security Report, 27(5), p.503-515, 2011 Agrawala, R., and Johnson, C., Securing electronic health records without impeding the flow of information. Int. J. Med. Inform. 76:471–479, 2007
Tsironi, A 2016, The security of electronic medical records - Lessons from the IRIS project. in Proceedings of the Cybrespace 2016 14th International Conference, Masaryk University, Brno. Cyberspace 2016, 14th International Conference, Masaryk University, Brno, Brno, Czech Republic, 25/11/16.
Tsironi, A. (2016). The security of electronic medical records - Lessons from the IRIS project. In Proceedings of the Cybrespace 2016 14th International Conference, Masaryk University, Brno
@inbook{a1b24523d3e94fe28f5380868055ce5e,
title = "The security of electronic medical records - Lessons from the IRIS project",
abstract = "The transition from paper-based records to electronic medical records (EMRs) promises to revolutionize healthcare provision and delivery in the EU, but it also creates serious security concerns, as the increasing number of cyber attacks perpetrated against hospitals in the last year indicates. This article, which originates in the context of an ongoing e-health project, deals with the security of EMRs, from a computer science and legal perspective. The article explains, in the first part, what an EMR – a term that refers to the collection of information about the health status of an individual in digital format – is (Kierkegaard, 2011). It will do so by offering examples of EMRs compiled in different EU jurisdictions, and a description of the legal protection afforded therein. The second part draws on existing literature on cybersecurity. After defining security, it describes, with the aid of a table, the vulnerabilities and risks associated to EMRs, e.g. ransomware, malware, breaches, and in relation to their storage systems, e.g., in the local servers of the hospitals or in cloud storage systems (ENISA, 2015). This section is complemented by references to the legal frameworks (criminal law, data protection law, etc.) that are mobilised in response to these risks (Agrawala & Johnson, 2007). The classification of security concerns and the legal analysis will offer researchers in the field of regulation of technology, technology and health care management an updated source to advance knowledge in the area of cybersecurity and health research. Main references ENISA (European Union Agency for Network and Information Security): Security and Resilience in eHealth Infrastructures and Services, 2015 Kierkegaard, P., Electronic Health Record: Wiring Europe's Health Care. Computer Law and Security Report, 27(5), p.503-515, 2011 Agrawala, R., and Johnson, C., Securing electronic health records without impeding the flow of information. Int. J. Med. Inform. 76:471–479, 2007 ",
keywords = "cybersecurity, e-health, electronic medical records",
author = "Aikaterini Tsironi",
year = "2016",
month = nov,
day = "25",
language = "English",
booktitle = "Proceedings of the Cybrespace 2016 14th International Conference, Masaryk University, Brno",
note = "Cyberspace 2016, 14th International Conference, Masaryk University, Brno ; Conference date: 25-11-2016 Through 26-11-2016",
url = "http://cyberspace.muni.cz/programme",
}