The digital version of health records has considerably improved the quality of care by simplifying the data storage process, patient follow-up, data track over time, more precise medical decisions and overall lowering the cost of care (Menachemi & Collum, 2011). However, with the rise of EHR a series of data protection issues arise. Storing health data is very important in the HER business. Weak health data protection may lead to identity theft, obtaining sensitive information about patients that may lead to stigmatization, obtaining medical care at the expense of others, ordering expensive drugs for resale, and fraudulent insurance claims (Farhadi et. al., 2019). A number of solutions were identified for data security and privacy by developing and implementing standards and measures and recently by using blockchain technology (Wang et. al, 2019; Shi et. al., 2020).
Read the following paper on Privacy and Security issues: Security and Privacy in the Era of Electronic Health Records (EHRs)
In order to protect patient data, EHR applications are guided by measures to ensure confidentiality, integrity, and availability. Examples of such measures are: Health Insurance Portability and Accountability Act (HIPAA), Health Level Seven International (HL7), The General Data Protection Regulation (GDPR). All these measures offer information and guidance to protect personal data when working with EHR.
Health Insurance Portability and Accountability Act (HIPAA): In 2003, HIIPA developed the Security Rule which establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Since its creation. The Security Rule suffered alterations and modifications in order to stay relevant to modern days.
Health Level Seven International (HL7): Founded in 1987, Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services. These standards define how information is packaged and communicated from one party to another, setting the language, structure and data types required for seamless integration between systems. HL7 standards support clinical practice and the management, delivery, and evaluation of health services, and are recognized as the most commonly used in the world. HL7 is supported by more than 1,600 members from over 50 countries, including 500+ corporate members representing healthcare providers, government stakeholders, payers, pharmaceutical companies, vendors/suppliers, and consulting firms. Romania has a HL7 Association as well as has implemented HL7 as a standard in current Hospital Software Platforms (such as AtlasMed, InfoWorld, etc.)The General Data Protection Regulation (GDPR): The GDPR standards were built based on the EU Charter of Fundamental Rights which stipulates that EU citizens have the right to protection of their personal data. The GDPR data protection package adopted in May 2018 aims at making Europe fit for the digital age. The regulation is an essential step to strengthen individuals' fundamental rights in the digital age and facilitate business by clarifying rules for companies and public bodies in the digital single market.