Privacy-Preserving Infrastructure for Health Information Systems

Sheikh Mohammad Idrees, Mariusz Nowostawski, Roshan Jameel and Ashish Kumar Mourya

Health Information System (HIS)

Providing guaranteed quality healthcare services to patients has become a priority for developing countries. The estimation of the morbidity and mortality rates directly affects the healthcare being provided and the research being conducted in the medical industry. With the rise in digitized healthcare data, the demands of security and privacy of stored data and data during exchange are also increasing. The integration of information technology (IT) and the healthcare industry has not only changed the treatment and diagnosis process but has also helped in enhanced data processing and research. Because of the rising expectations of the patients, hospital management, healthcare providers and the stakeholders, the demand for quality in the healthcare systems is rising, resulting in the escalation of implementation costs, lack of resources and several adaptations in medical practices [1]. Healthcare providers are moving towards decision-making processes for the advancement in diagnostics, which require the availability and accessibility of accurate data [2], which is provided by health information systems (HIS) [3]. The motive of designing HIS is to obtain useful information for making decisions and delivering quality services. The quality of the healthcare information systems should be defined by the effectiveness, social acceptance and the cost as per the guidelines provided by WHO [4]. An effective HIS provides integrated patient-centric infrastructure that is cost-effective and delivers measures for promotion in the healthcare industry. The privacy and security of medical data is the most important aspect of HIS as healthcare is totally reliant on data for treatment and research. Privacy denotes that access to the data is restricted to the authorized users only, while security deals with protecting the data from intruders.

Benefits of HIS

A HIS deals with the functional aspect of the healthcare framework that handles the management of the electronic healthcare data. The HIS is responsible for generating useful information that helps in the operational management of hospitals, policy making, efficiency, informed research and decision-making processes [5]. Such systems deal with the collection, storage, management and transmission of healthcare data. It is a fundamental tool for consolidating the planning and managing of healthcare services. The execution of such systems is responsible for providing improved healthcare quality, reduced cost of implementation and operation, error-free administration and organized management. A few of the benefits of HIS are depicted in Figure 7.1.

Types of HIS

The main purpose of HIS is to improve treatment processes by providing the latest information about the patient. This information is sensitive and needs to be accurate and confidential. It is the duty of the HIS to collect, store and analyse this heterogeneous big data of patients in a timely manner and provide access to the authorized users. The HIS could be of several types; a few of the prominent ones are mentioned below. These types of HIS depend on various aspects such as the type of data, level of implementation, government policies, etc., but the main objective is to offer accurate information in a timely, secure and private manner for improving the healthcare industry globally. [1]

Benefits of health information systems

FIGURE 7.1 Benefits of health information systems.

the data. These systems are also known as operational systems. Such HIS are usually developed before the execution, and hence provide the ability to configure the system as per the requirements.

  • Master patient index: The objective of this type of HIS is to connect the records of the patients from multiple databases. These systems hold the records of the patients listed at a healthcare institute and arrange them into indexed format to avoid the duplication of the data and provide accurate results.
  • Remote patient monitoring: Such systems provide online medical assistance, by collecting the data from sensor devices and transmitting them for analysis to the healthcare practitioner who is not physically available. Such systems are helpful for monitoring critical diseases like diabetes, heart health, blood pressure, etc. The data collected using the sensing devices can be used by healthcare professionals to monitor health or by researchers to facilitate better systems and decisions.
  • Administrative systems: Medical systems are reliant on admin data. In such HIS, the patient data are integrated with the medical systems. The patient data are the basic information about the patient, while the medical system consists of EHRs, lab tests and their outcomes, diagnosis and prescribed drugs, etc.
  • Subject/task-based systems: Subject-based HIS are associated with the patients/doctors; while task-based HIS are associated with some task. A subject can be linked to various task-based systems like admission, discharge, laboratory procedures, etc. In task-based systems there could be duplication in data because the subject information is needed for each of the tasks.
  • Decision support systems: These HIS transform the clinical and administrative data into significant information and make it available for the medical practices for making informed and appropriate decisions. This helps in diagnostics and drug-related research. Such a system has the capability to provide suitable medications to the patients based on their demographic information.

Evolution of HIS

The HIS has been covering both the medical and administrative aspects of healthcare since the 1960s [6]. The evolution is depicted in Figure 7.2. The principal drivers in the 1960s were automation in medical care. The infrastructure was based on expensive mainframe systems and storage. Thus, several hospitals had to share mainframes. The focused application area was automatic accounting. The 1970s was the era that needed better communication among the various administrators of

Evolution of health information systems

FIGURE 7.2 Evolution of health information systems.

multiple departments. The 1980s saw two big changes in the healthcare sector, first the productivity in terms of resources and reimbursement and second the introduction of midrange computers that encouraged the direct support of doctors, nurses and medical service providers to the systems. The aim was to improve the decision-making procedures and advance the healthcare being provided. In the 1990s, the amalgamation of healthcare and IT was emerging, which pushed the healthcare industry to integrate the hospitals and healthcare providers. The 2000s and 2010s saw the most advancement in the IT industry that has led to the development of integrated systems that have the capability to deal with broader and robust networks. The technology was advanced enough to provide commercially stronger healthcare services and real-time decision support systems. The focus area started to shift from domain expert-centric to patient-centric. The 2020s are going to be an era dedicated to patients. The healthcare systems will be technically advanced to provide realtime patient monitoring. The focus now is shifting towards the storage of the huge amount of healthcare data in a secure manner that is available and accessible all the time. Moreover, healthcare data are confidential, which makes privacy a big concern. Therefore, developing a system that ensures the privacy and security of the stored data as well as data in transit is required. Earlier, the main emphasis of the HIS was on the resource allocation, but in today’s world with the Internet, patients demand quality healthcare service in a cost-efficient manner.

Data Security and Privacy in Health Information Systems

There has been a paradigm shift in the healthcare industry with digitization. The electronically available healthcare data today are huge, diverse and complex in nature, and hence can be termed as heterogeneous big data. There are various promising opportunities and services that can be provided by these data. Nevertheless, such data are confidential and sensitive, and with the growth of trending technologies like cloud computing, data analytics, clinical mobility, etc., security and privacy are becoming the main concerns [7]. The privacy of the patient is a very sensitive issue, because the patient shares all of their medical history with doctors for better treatment [8]. However, there are certain diseases like HIV, psychotic disorders or any other contagious diseases whose disclosure might become a reason for social discrimination [9]. The healthcare data consist of medical history, path lab records, medication history, diagnosis and treatment details, genetic and sexual information, profession, etc. These data can be used for several purposes apart from the diagnosis, such as public policies deployment, advanced research, insurance claims, pharmacies, pharmaceutical companies, productivity, etc. Figure 7.3 shows how security is linked with all these domains.

Therefore, the HIS must have the ability to keep the personal information of the patients private. It must be capable of not only protecting the sensitive information, but also ensuring that authenticated users do the data collection and sharing in an organized way following the policies and regulations made by the government. Moreover, the data must be safeguarded against unauthorized access and integrity

Data security domains in health information systems

FIGURE 7.3 Data security domains in health information systems.

and availability must be assured. The data should be protected from malicious attacks and data breaches.

Security and Privacy in the Healthcare Data Life Cycle

The healthcare industries deliver efficient and appropriate medical care by storing, managing and transmitting a huge amount of healthcare data. However, the shortcomings are a dearth of technical resources and security of the data. The healthcare data are vulnerable to data disclosure and breaches. Therefore, maintaining the security of the data is very complicated. The security and privacy of the healthcare data need to address both medical as well as administrative data from in-house and external risks. A secure life cycle of the data must be proposed at the beginning of designing the HIS to ensure better decision-making in a cost- effective manner [10]. Figure 7.4 depicts the fundamental components of the life cycle of healthcare data.

Data collection: This is the first phase of the data life cycle. It deals w'ith the collection of medical data of various types from numerous sources in different formats. From a security viewpoint, it is very important to collect the data from trusted data sources and maintain the confidentiality of

The data life cycle in healthcare

FIGURE 7.4 The data life cycle in healthcare.

the patients. Moreover, some procedures must be implemented to ensure the protection of data from disclosure, duplication, theft, unauthorized access, etc.

  • Data transformation: After the collection of data, they are filtered on the basis of their structure and classified to find out whether any kind of alteration is needed to analyse them meaningfully. Basically, in this step the noise, missing values, outliers, etc., are removed from the data to improve the quality of the analytics. Moreover, the available data might have sensitive information that needs tremendous precautions to assure its safety [11]. Therefore, access control mechanisms, data partitioning and data anonymizing techniques are defined.
  • Data modelling: After collecting and transforming the data, they are kept in secure storage and analysis is done to produce useful information. For predictive analysis, several supervised techniques such as clustering, classification, etc., are applied. Furthermore, providing a secure processing environment is also of crucial importance. Since the mining of the data is usually done to extract sensitive data, the mining must be configured in such a way that the data are protected against data breaches.
  • Knowledge creation: This is the final step in the lifecycle of the data. In this stage, the healthcare professionals use the analysed data to generate some knowledge for better decision-making. The generated knowledge is considered to be extremely sensitive; hence the industries must not make it available publicly. Correspondingly, compliance with security standards and verification processes are the main objectives of this phase.

Healthcare Data Security Practices

The healthcare data are stored, maintained and transmitted to provide efficient and effective medical aid. However, the security of these data is very crucial, and several techniques are applied to fulfil this intimidating requirement of the organizations. The most prominent ones are given below:

  • Authentication: It is a process of ensuring that the assertions about and by anything or anyone are genuine. It helps in managing the access control to the network/data, protects and confirms the user identities, etc. The man- in-the-middle attack is a very common type of data eavesdropping activity, which can be handled by applying the authentication mechanisms. It is recommended to apply authentication at the end points of the network [12]. Moreover, hashing techniques [13], cryptography and one-time-pads [14] can also be applied for monitoring the information security. In a HIS, the healthcare data provided by the users, and the identities of the users must be confirmed before entering into the system.
  • Encryption: It is a technique to protect the data from unauthorized access by encoding the information such that only authentic users can decode it.

It protects the ownership of the data throughout the lifecycle, i.e., from data generation to cloud-based repository to the end users. It helps in avoiding attacks such as packet sniffing, breaching, theft, etc. Before applying any encryption, it must be ensured that it is easily applicable and can be extended when new health records are being added. There are several encryption techniques available today such as RSA, AES, DES, RC4, etc. [15], and the most suitable one should be selected on the basis of system requirements.

  • Data masking: It is a technique of replacing the information with some value that is not easily identifiable. It is different from encryption, because in encryption the original data are retrieved as they were, but in masking the mask is used instead of the original data so as to maintain the security and confidentiality of the actual information. This approach maintains the anonymity within the HIS [16]. Some of the masking techniques can protect against identity disclosure, while some could protect against both identity as well as attribute disclosure. Some masking techniques also work by adding noise to maintain anonymity. The masking does not require any other security mechanism to be applied during the transmission as the data are masked already, hence, reducing the overall cost of the system.
  • Access control: In order to maintain the security of the system, access control mechanisms are applied after the user authentication. The access control policies give privileges to the users based on their rights. It is a mechanism for granting permissions to the users and assuring that a user can only perform activities they have been granted permission for. There are several models for access control; the most widespread for healthcare data are attribute-based access control (ABAC) and role-based access control (RBAC) [17, 18].
  • Monitoring and auditing: Monitoring of the system is examining the network to catch intrusions, while auditing is maintaining the chronological record of all the activities performed on the data. These approaches are optional for ensuring the healthcare data system security [19]. Monitoring the entire network and traffic is a complicated process and suggests the implementation of a distributed network.

Healthcare Data Privacy Practices

The privacy of the patient is becoming a concern for healthcare organizations because of the increasing threats and attacks. The HIS should have the capability to verify the users and follow the privacy agreements to ensure the regulations are being maintained. The following are some of the traditional techniques that can be implemented to confirm the patient’s privacy:

  • De-identification: It is a technique of maintaining data confidentiality by not including any information in the content that might reveal any information about the identity of the patient. This could be done in two ways: Either by removing specific identifiers or statistically by the patients after verifying themselves. One such technique is called k-anonymity, in which the к number of identifiers that might help in revealing the patient’s identity is removed. But in this scenario, it becomes difficult to retract the original details and might cause data loss. Furthermore, if too many identifiers are removed for data safeguarding, it might lead to information forfeiture and would generate erroneous results.
  • Hybrid execution (HybrEx): This model was proposed for handling the privacy and confidentiality of data in cloud environments [20]. In such a framework, the data are deployed on the public cloud if identified as nonsensitive and over a private cloud if classified as sensitive. Furthermore, if at any instance the data are required from both types of clouds, the framework splits itself and run in both environments, hence maintaining the privacy of the stored data by prioritizing the sensitivity of the data over the functionality of the model.
  • Identity-based anonymization: It is a sanitization technique for filtering the information to protect the data privacy. In this, the identifiers are either removed or encrypted to make the data anonymous. The changes made are irreversible so that the subject of the data cannot be identified directly/indi- rectly or with the help of any third party. In healthcare data, it means any information like name, address or contact number must be deleted to keep the identity of the patients secured. It is a complex process as it combines data anonymization, for protecting the unintentional disclosure of the data, with data analysis. The identity-based anonymization also helps in detecting the vulnerabilities of the system.


Data Protection Laws in Some Countries

Country Name



IT Act and IT (Amendment) Act

United States of America


Patient Safety and Quality Improvement Act (PSQIA)

European Union

Data Protection Directive


Personal Information Protection and Electronic Documents Act

United Kingdom

Data Protection Act (DPA)


Russian Federal Law on Personal Data



Besides, in order to effectively safeguard sensitive patient data, different countries have designed laws; a few of them are listed in Table 7.1.

  • [1] Electronic health records: EHRs are the digital records of the patientsincluding health information, lab test results, doctor/hospital visits, diagnosis and treatments. In EHR-based HIS, the facility to collect and storethe patient’s health data electronically is provided. Moreover, in an openEHR system, the health data are kept in a non-proprietary setup, to avoidthe vendor lock-in problem. • Strategic systems: These types of HIS are used in classifying the information. Different provisions are provided for different types of informationbeing handled; usually a pyramid approach is used to differentiate among
< Prev   CONTENTS   Source   Next >