Security and privacy in electronic health records: A systematic literature review

Journal of Biomedical Informatics

Volumn 46, Issue 3, 2013, Pages 541-562

  Fernández Alemán, José Luis ^a   Señor, Inmaculada Carrión ^a   Lozoya, Pedro ángel Oliver ^a   Toval, Ambrosio ^a  

^a UNIVERSITY OF MURCIA   (Spain)

Author keywords

Confidentiality; Electronic health records; Privacy; Security; Standards; Systematic review

Indexed keywords

CONFIDENTIALITY; ELECTRONIC HEALTH RECORD; ELECTRONIC HEALTH RECORD SYSTEMS; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACTS; PUBLIC KEY INFRASTRUCTURE; SECURITY; SYSTEMATIC LITERATURE REVIEW; SYSTEMATIC REVIEW;

ACCESS CONTROL; DATA PRIVACY; DATABASE SYSTEMS; HEALTH INSURANCE; PUBLIC KEY CRYPTOGRAPHY; RECORDS MANAGEMENT; STANDARDS;

DIGITAL LIBRARIES;

ACCESS TO INFORMATION; COMMUNICATION SOFTWARE; COMPUTER SECURITY; ELECTRONIC MEDICAL RECORD; HEALTH CARE PERSONNEL; HEALTH CARE POLICY; HUMAN; PATIENT; PRIORITY JOURNAL; PRIVACY; REVIEW; SYSTEMATIC REVIEW;

COMPUTER SECURITY; ELECTRONIC HEALTH RECORDS; EUROPE; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT; PRIVACY; UNITED STATES;

EID: 84878197970     PISSN: 15320464     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jbi.2012.12.003     Document Type: Review

References (138)

1. Greenhalgh T., Hinder S., Stramer K., Bratan T., Russell J. Adoption, non-adoption, and abandonment of a personal electronic health record: case study of HealthSpace. BMJ 2010, 341:c5814.
2. Allard T., Anciaux N., Bouganim L., Guo Y., Folgoc L.L., Nguyen B., et al. Secure personal data servers: a vision paper. PVLDB 2010, 3(1-2):25-35.
3. Sainz-Abajo B., La-Torre-Díez I., Bermejo-González P., García-Salcines E., Díaz-Pernas J., Díez-Higuera J.F., et al. Evolución, beneficios y obstáculos en la implantación del Historial Clínico Electrónico en el sistema sanitario. RevistaeSalud.com 2010, 6(22):1-14.
4. Hesse B.W., Hansen D., Finholt T., Munson S., Kellogg W., Thomas J.C. Social participation in health 2.0. Computer 2010, 43(11):45-52.
5. Benaloh J, Chase M, Horvitz E, Lauter K. Patient controlled encryption: ensuring privacy of electronic medical records. In: Proc ACM workshop on cloud computing security; 2009. p. 103-14.
6. Los países europeos compartirán las historias clínicas de sus pacientes antes de; 2015. <> [accessed 07.12.12]. http://www.europapress.es.
7. Rothstein M.A. Health privacy in the electronic age. J Leg Med 2007, 28(4):487-501.
8. Farzandipour M., Sadoughi F., Ahmadi M., Karimi I. Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst 2010, 34(4):629-642.
9. Haas S., Wohlgemuth S., Echizen I., Sonehara N., Müller N. Aspects of privacy for electronic health records. Int J Med Inform 2011, 80(2):e26-e31.
10. ISO/EN 13606. <> [accessed 07.12.12]. http://www.iso.org/iso/home.htm.
11. Westin A.F. Privacy and freedom 1967, Atheneum, New York.
12. NHS Lothian Communications Office. NHS Lothian staff member loses patient data. <> [accessed 07.12.12]. http://www.nhslothian.scot.nhs.uk/MediaCentre/PressReleases/2008/Pages/0307PatientData.aspx.
13. Department of Veterans Affairs Office of Inspector General. Review of issues related to the loss of VA information involving the identity of millions of veterans; 2006. [accessed 07.12.12]. http://www.va.gov/oig/apps/info/OversightReports.aspx?igRT=ai/&igPG=4.
14. Rothstein M.A., Talbott M.K. Compelled authorizations for disclosure of health records: magnitude and implications. Am J Bioeth 2007, 7(3):38-45.
15. Zurita L., Nøhr C. Patient opinion-EHR assessment from the users perspective. Stud Health Technol Inform 2004, 107(2):1333-1336.
16. Kirchner H, Prokosch H, Dudeck J, Jöckel KH, Lehmacher W, Gesenhues S. Querschnittsbefragung von 8.000 BARMER-VersichertenzuErwartungen und EinsatzeinerelektronischenGesundheitsakte [Survey on expectations and implementation of an electronic health record, in German]. In: Proc of the annual meeting of the GMDS; 2009.
17. Chhanabhai P., Holt A. Consumers are ready to accept the transition to online and electronic records if they can be assured of the security measures. Med Gen Med 2007, 9(1):8.
18. Hoerbst A., Kohl C.D., Knaup P., Ammenwerth E. Attitudes and behaviors related to the introduction of electronic health records among Austrian and German citizens. Int J Med Inform 2010, 79(2):81-89.
19. HIT Standards Committee. Privacy and security standards applicable to ARRA requirements; 2009. [accessed 07.12.12]. http://www.healthit.hhs.gov.
20. Wiljer D., Urowitz S., Apatu E., DeLenardo C., Eysenbach G., Harth T., et al. Patient accessible electronic health records: exploring recommendations for successful implementation strategies. J Med Internet Res 2008, 10(4):e34.
21. Brigade T. The new threat: attackers that target healthcare (and what you can do about it). [accessed 07.12.12]. http://www.infosecwriters.com/text_resources/pdf/New_Threat_Brigade.pdf.
22. Mellado D., Fernández-Medina E., Piattini M. Security requirements engineering framework for software product lines. Inform Softw Technol 2010, 52(10):1094-1117.
23. Liu LS, Shih PC, Hayes GR. Barriers to the adoption and use of personal health record systems. In: Proc of iConference; 2011. p. 363-70.
24. Anderson R, Brown I, Dowty T, Inglesant P, Heath W, Sasse A. Database state. Joseph Rowntree Reform Trust; 2009. [accessed 07.12.12]. http://www.cl.cam.ac.uk/~rja14/Papers/database-state.pdf.
25. ISO 27799:2008. Health informatics - information security management in health using ISO/IEC 27002. [accessed 07.12.12]. http://www.iso.org/iso/home.htm.
26. Liberati A., Altman D.G., Tetzlaff J., Mulrow C., Gøtzsche P.C., Ioannidis J.P.A., et al. The PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate health care interventions: explanation and elaboration. J Clin Epidemiol 2009, 62(10):e1-34.
27. Neubauer T., Heurix J. A methodology for the pseudonymization of medical data. Int J Med Inform 2011, 80(3):190-204.
28. Deutsch E., Duftschmid G., Dorda W. Critical areas of national electronic health record programs-is our focus correct?. Int J Med Inform 2010, 79(3):211-222.
29. Colwill C. Human factors in information security: the insider threat - who can you trust these days?. Information Security Technical Report 2009, 14(4):186-196.
30. Kahn S., Sheshadri V. Medical record privacy and security in a digital environment. IT Professional 2008, 10(2):46-52.
31. Hu J., Chen H.H., Hou T.W. A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards & Interfaces 2010, 32(5-6):274-280.
32. Win K.T., Susilo W., Mu Y. Personal health record systems and their security protection. J Med Syst 2006, 30(4):309-315.
33. Agrawal R., Johnson C. Securing electronic health records without impeding the flow of information. Int J Med Inform 2007, 76(5-6):471-479.
34. Elger B.S., Iavindrasana J., Lo Iacono L., Müller H., Roduit N., Summers P., et al. Strategies for health data exchange for secondary, cross-institutional clinical research. Comput Methods Programs Biomed 2010, 99(3):230-251.
35. Narayan S, Gagné M, Safavi-Naini R. Privacy preserving EHR system using attribute-based infrastructure. In: Proc ACM workshop on cloud computing security; 2010. p. 47-52.
36. Hembroff GC, Muftic S. SAMSON: Secure access for medical smart cards over networks. In: Proc IEEE int world of wireless mobile and multimedia networks (WoWMoM) symp; 2010. p. 1-6.
37. Zhang R Liu L. Security models and requirements for healthcare application clouds. In: Proc IEEE 3rd int cloud computing (CLOUD) conf; 2010. p. 268-75.
38. Sun J., Fang Y. Cross-domain data sharing in distributed electronic health record systems. IEEE Trans Parallel Distrib Syst 2010, 21(6):754-764.
39. Faresi AAL, Wijesekera D, Moidu K. A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules. In: Proc ACM international health informatics symposium; 2010. p. 637-46.
40. Ardagna C.A., di Vimercati S.D.C., Foresti S., Grandison T., Jajodia S., Samarati P. Access control for smarter healthcare using policy spaces. Comput Secur 2010, 29(8):848-858.
41. Horvath M.M., Winfield S., Evans S., Slopek S., Shang H., Ferranti J. The DEDUCE guided query tool: providing simplified access to clinical data for research and quality improvement. J Biomed Inform 2011, 44(2):266-276.
42. Dekker M., Etalle S. Audit-based access control for electronic health records. Electron Notes Theoret Comput Sci 2007, 168:221-236.
43. Peleg M., Beimel D., Dori D., Denekamp Y. Situation-based access control: privacy management via modeling of patient data access scenarios. J Biomed Inform 2008, 41(6):1028-1040.
44. Falcão-Reis F., Costa-Pereira A., Correia M.E. Access and privacy rights using web security standards to increase patient empowerment. Stud Health Technol Inform 2008, 137:275-285.
45. Rostad L. An initial model and a discussion of access control in patient controlled health records. In: Proc conf availability, reliability and security ARES; 2008. p. 935-42.
46. Ferraiolo D.F., Sandhu R., Gavrila S., Kuhn D.R., Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 2001, 4(3):224-274.
47. van der Linden H., Kalra D., Hasman A., Talmon J. Inter-organizational future proof EHR systems. A review of the security and privacy related issues. Int J Med Inform 2009, 78(3):141-160.
48. ENV 13729:2000. Health informatics. Secure user identification. Strong authentication microprocessor cards. [accessed 07.12.12]. http://www.freestd.us/soft/144932.htm.
49. Quantin C., Jaquet-Chiffelle D.O., Coatrieux G., Benzenine E., Allaert F.A. Medical record search engines, using pseudonymised patient identity: an alternative to centralised medical records. Int J Med Inform 2011, 80(2):e6-11.
50. Kalra D., Singleton P., Milan J., Mackay J., Detmer D., Rector A., et al. Security and confidentiality approach for the clinical e-science framework (CLEF). Methods Inf Med 2005, 44(2):193-197.
51. Ueckert F, Prokosch HU. Implementing security and access control mechanisms for an electronic healthcare record. In: Proc AMIA symp; 2002. p. 825-9.
52. Ueckert F., Müller M.L., Bürkle T., Prokosch H.U. An electronic health record to support patients and institutions of the health care system. Ger Med Sci 2004, 2.
53. Ueckert F., Goerz M., Ataian M., Tessmann S., Prokosch H.U. Empowerment of patients and communication with health care professionals through an electronic health record. Int J Med Inform 2003, 70(2-3):99-108.
54. Riedl B, Grascher V, Neubauer T. Applying a threshold scheme to the pseudonymization of health data. In: Proc 13th Pacific rim int symp dependable computing PRDC; 2007. p. 397-400.
55. Riedl B, Grascher V, Fenz S, Neubauer T. Pseudonymization for improving the privacy in e-health applications. In: Proc annual Hawaii int conf system sciences; 2008. p. 1-9.
56. Riedl B, Neubauer T, Goluch G, Boehm O, Reinauer G, Krumboeck A. A secure architecture for the pseudonymization of medical data. In: Proc int conf availability, reliability and security ARES; 2007. p. 397-400.
57. Huang L.C., Chu H.C., Lien C.Y., Hsiao C.H., Kao T. Privacy preservation and information security protection for patients' portable electronic health records. Comput Biol Med 2009, 39(9):743-750.
58. Alhaqbani B, Fidge C. Privacy-preserving electronic health record linkage using pseudonym identifiers. In: Proc int conf e-health networking, applications and services healthcom; 2008. p. 108-17.
59. Shamir A. How to share a secret. Commun ACM 1979, 22(11):612-613.
60. Choe J., Yoo S.K. Web-based secure access from multiple patient repositories. Int J Med Inform 2008, 77(4):242-248.
61. Daglish D, Archer N. Electronic personal health record systems: a brief review of privacy, security, and architectural issues. In: Proc world congress privacy, security, trust and the management of e-business congress; 2009. p. 110-20.
62. Jian W.S., Wen H.C., Scholl J., Shabbir S.A., Lee P., Hsu C.Y., et al. The Taiwanese method for providing patients data from multiple hospital EHR systems. J Biomed Inform 2011, 44(2):326-332.
63. Lemaire E.D., Deforge D., Marshall S., Curran D. A secure web-based approach for accessing transitional health information for people with traumatic brain injury. Comput Methods Programs Biomed 2006, 81(3):213-219.
64. Bos J.J. Digital signatures and the electronic health records: providing legal and security guarantees. Int J Biomed Comput 1996, 42(1-2):157-163.
65. Sucurovic S. An approach to access control in electronic health record. J Med Syst 2010, 34(4):659-666.
66. Sucurovic S. Implementing security in a distributed web-based EHCR. Int J Med Inform 2007, 76(5-6):491-496.
67. France F.H.R., Bangels M., De-Clercq E. Purposes of health identification cards and role of a secure access platform (be-health) in Belgium. Int J Med Inform 2007, 76(2-3):84-88.
68. Al-zharani S, Sarasvady S, Chandra H, Pichappan P. Controlled EHR access in secured health information system. In: Proc int digital information management conf; 2007. p. 63-8.
69. Yu WD, Chekhanovskiy MA. An electronic health record content protection system using SmartCard and PMR. In: Proc int e-health networking, application and services conf; 2007. p. 11-8.
70. Bouwman B, Mauw S, Petkovic M. Rights management for role-based access control. In: Proc 5th IEEE consumer communications and networking conf CCNC; 2008. p. 1085-90.
71. Jafari M, Safavi-Naini R, Saunders C, Sheppard NP. Using digital rights management for securing data in a medical research environment. In: Proc digital rights management workshop; 2010. p. 55-60.
72. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proc IEEE symp security and privacy; 2007. p. 321-34.
73. Ruotsalainen P. A cross-platform model for secure electronic health record communication. Int J Med Inform 2004, 73(3):291-295.
74. Reni G., Molteni M., Arlotti S., Pinciroli F. Chief medical officer actions on information security in an Italian rehabilitation centre. Int J Med Inform 2004, 73(3):271-279.
75. Lovis C., Spahni S., Cassoni N., Geissbuhler A. Comprehensive management of the access to the electronic patient record: towards trans-institutional networks. Int J Med Inform 2007, 76(5-6):466-470.
76. Al-Riyami SS, Paterson KG. Certificateless public key cryptography. In: Proc ASIACRYPT; 2003. p. 452-73.
77. Rostad L, Edsberg O. A study of access control requirements for healthcare systems based on audit trails from access logs. In: Proc annual computer security applications conf; 2006. p. 175-86.
78. Tsiknakis M, Katehakis D, Orphanoudakis S. A health information infrastructure enabling secure access to the life-long multimedia electronic health record. In: Proc computer assisted radiology and surgery; 2004. p. 289-94.
79. Jin J., Ahn G.J., Hu H., Covington M.J., Zhang X. Patient-centric authorization framework for electronic healthcare services. Comput Secur 2011, 30(2-3):116-127.
80. Bakker A. Access to EHR and access control at a moment in the past: a discussion of the need and an exploration of the consequences. Int J Med Inform 2004, 73(3):267-270.
81. ISI Journal Citation Reports (JCR); 2011. [accessed 07.12.12]. http://www.accesowok.fecyt.es/jcr.
82. SCImago Journal Rank (SJR); 2010. [accessed 07.12.12]. http://www.scimagojr.com/journalrank.php.
83. CORE. COmputing Research and Education; 2010. [accessed 07.12.12]. http://www.core.edu.au/index.php/categories/conference/%20rankings/1.
84. Bouhaddou O., Cromwell T., Davis M., Maulden S., Hsing N., Carlson D., et al. Translating standards into practice. Experience and lessons learned at the Department of Veterans Affairs. J Biomed Inform 2012, 45(4):813-823.
85. Glaser J., Henley D.E., Downing G., Brinner K.M. Advancing personalized health care through health information technology: an update from the American Health Information Community's Personalized Health Care Workgroup. J Am Med Inform Assoc 2008, 15(4):391-396.
86. McGuire A.L., Fisher R., Cusenza P., Hudson K., Rothstein M.A., McGraw D., et al. Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider. Genet Med 2008, 10(7):495-499.
87. Win K.T. A review of security of electronic health records. HIM J 2005, 34(1):13-18.
88. Dreiseitl S., Vinterbo S., Ohno-Machado L. Disambiguation data: extracting information from anonymized sources. J Am Med Inform Assoc 2002, 9(6 Suppl. 1):s110-s114.
89. Lo-Iacono L. Multi-centric universal pseudonymisation for secondary use of the EHR. Stud Health Technol Inform 2007, 126:239-247.
90. Gulcher J.R., Kristjánsson K., Gudbjartsson H., Stefánsson K. Protection of privacy by third-party encryption in genetic research in Iceland. Eur J Hum Genet 2000, 8(10):739-742.
91. Pommerening K., Reng M. Secondary use of the electronic health record via pseudonymisation. Medical care compunetics 1 2004, 441-446. IOS Press, Amsterdam. L. Bos, S. Laxminarayan, A. Marsh (Eds.).
92. European Agency for the Evaluation of Medical Products (EMEA) Committee for Proprietary Medicinal Products. Position paper on terminology in pharmacogenomics. Report No. EMEA/CPMP/3070/01, London; 2002.
93. Sweeney L. K-anonymity: a model for protecting privacy. Int J Uncertain Fuzzy Knowl-Based Syst 2002, 10(5):557-570.
94. Ferris TA, Garrison GM, Lowe HJ. A proposed key escrow system for secure patient information disclosure in biomedical research databases. In: Proc AMIA symp; 2002. p. 245-9.
95. De-Moor G.J.E., Claerhout B., De-Meyer F. Privacy enhancing techniques - the key to secure communication and management of clinical and genomic data. Methods Inf Med 2003, 42(2):148-153.
96. Thornburgh T. Social engineering: the " Dark Art" In: Proc annual conference on Information security curriculum development; 2004. p. 133-5.
97. Huang L.C., Chu H.C., Lien C.Y., Hsiao C.H., Kao T. Embedding a hiding function in a portable electronic health record for privacy preservation. J Med Syst 2010, 34(3):313-320.
98. Kushida C.A., Nichols D.A., Jadrnicek R., Miller R., Walsh J.K., Griffin K. Strategies for de-identification and anonymization of electronic health record data for use in multicenter research studies. Med Care 2012, 50:S82-S101.
99. Hu J., Han F. A pixel-based scrambling scheme for digital medical images protection. J Netw Comput Appl 2009, 32(4):788-794.
100. van-der-Haak M., Mludek V., Wolff A.C., Bülzebruck H., Oetzel D., Zierhut D., et al. Networking in shared care-first steps towards a shared electronic patient record for cancer patients. Methods Inf Med 2002, 41(5):419-425.
101. Ball E., Chadwick D.W., Mundy D. Patient privacy in electronic prescription transfer. IEEE Secur Privacy 2003, 1(2):77-80.
102. Horst H. How to tamper with electronic health records. [accessed 07.12.12]. http://www.gnumed.net/gnotary/tampering.html.
103. Allaert F., Le-Teuff G., Quantin C., Barber B. The legal knowledge of the electronic signature: a key for a secure direct access of patients to their computerised medical record. Int J Med Inform 2004, 73:239-242.
104. Alban R.F., Feldmar D., Gabbay J., Lefor A.T. Internet security and privacy protection for the health care professional. Current Surgery 2005, 62:106-110.
105. Sax U., Kohane I., Mandl K.D. Wireless technology infrastructures for authentication of patients: PKI that rings. J Am Med Inform Assoc 2005, 12(3):263-268.
106. Park MA. Embedding security into visual programming courses. In: Proc information security curriculum development conference; 2011. p. 84-93.
107. Wang Y., Hu J., Phillips D. A fingerprint orientation model based on 2D Fourier expansion (FOMFE) and its application to singular-point detection and fingerprint indexing. IEEE Trans Pattern Anal Mach Intel 2007, 29:573-585.
108. Ross A., Shah J., Jain A.K. From template to image: reconstructing fingerprints from minutiae points. IEEE Trans Pattern Anal Mach Intel 2007, 29:544-560.
109. Liberty Alliance Project 2009. [accessed 07.12.12]. http://www.projectliberty.org.
110. Smith D. The challenge of federated identity management. Network Security 2008, 2008(4):7-9.
111. Barrows R.J., Clayton P. Privacy, confidentiality and electronic medical records. J Am Med Inform Assoc 1996, 3:139-148.
112. Boxwala A.A., Kim J., Grillo J.M., Ohno-Machado L. Using statistical and machine learning to help institutions detect suspicious access to electronic health records. J Am Med Inform Assoc 2011, 18(4):498-505.
113. Ferreira A., Cruz-Correia R., Antunes L., Chadwick D. Access control: how can it improve patients' healthcare?. Stud Health Technol Inform 2007, 127:65-76.
114. Blobel B. Authorisation and access control for electronic health record systems. Int J Med Inform 2004, 73(3):251-257.
115. Zhang L, Ahn GJ, Chu BT. A role-based delegation framework for healthcare information systems. In: Proc ACM symposium on Access control models and technologies; 2002. p. 125-34.
116. Na S, Cheon S. Role delegation in role-based access control. In: Proc ACM workshop on Role-based access control; 2000. p 39-44.
117. Standard Guide for Information Access Privileges to Health Information, ASTM E1986-98; 2005. [accessed 07.12.12]. http://www.astm.org/DATABASE.CART/HISTORICAL/E1986-98R05.htm.
118. ISO DTS 21298 Functional and structural roles. [accessed 07.12.12]. http://www.iso.org/iso/home.htm.
119. American National Standard Institute (ANSI). American National Standard for information technology: role based access control. Technical Report ANSI INCITS 359-2004; 2004. [accessed 07.12.12]. http://www.csrc.nist.gov/rbac/EDACcompliance.pdf.
120. Li N., Byun J.W., Bertino E. A critique of the ANSI Standard on role-based access control. IEEE Security Privacy 2007, 5(6):41-49.
121. Mohan A, Blough DM. An attribute-based authorization policy framework with dynamic conflict resolution. In: Proc symposium on identity and trust on the internet; 2010. p. 37-50.
122. Motta G.H., Furuie S.S. A contextual role-based access control authorization model for electronic patient record. IEEE Trans Inf Technol Biomed 2003, 7(3):202-207.
123. Bates G.W. Special requirements of electronic medical record systems in obstetrics and gynecology. Obstet Gynecol 2010, 116(4):994.
124. Rissanen E, Firozabadi BS, Sergot MJ. Discretionary overriding of access control in the privilege calculus. In: Proc formal aspects in security and trust; 2004. p. 219-32.
125. ISO/TS 22600-1 Health informatics-Privilege management and access control-Part 1: Overview and policy management. ISO 2006. [accessed 07.12.12]. http://www.iso.org/iso/home.htm.
126. ISO/TS 22600-2 Health informatics-Privilege management and access control-Part 2: Formal models; 2006. [accessed 07.12.12]. http://www.iso.org/iso/home.htm.
127. Bilykh I, Bychkov Y, Dahlem D, Jahnke JH, McCallum G, Obry C, et al. Can GRID services provide answers to the challenges of national health information sharing? In: Proc conference of the centre for advanced studies on collaborative research; 2003. p. 39-53.
128. US Department of Health and Human Services, Office for Civil Rights. Standards for protection of electronic health information; final rule. Federal Register 45 cfr: pt. 164; 2003.
129. Win K.T. Web-based personal health record systems evaluation. Int J Healthcare Technol Manage 2006, 7(3-4):208-217.
130. Yoon-Flannery K., Zandieh S.O., Kuperman G.J., Langsam D.J., Hyman D., Kaushal R. A qualitative analysis of an electronic health record (EHR) implementation in an academic ambulatory setting. Inform Prim Care 2008, 16(4):277-284.
131. McAlearney A.S., Chisolm D.J., Schweikhart S., Medow M.A., Kelleher K. The story behind the story: physician skepticism about relying on clinical information technologies to reduce medical errors. Int J Med Inform 2007, 76(11-12):836-842.
132. Koppel R., Metlay J.P., Cohen A., Abaluck B., Localio A.R., Kimmel S.E., et al. Role of computerized physician order entry systems in facilitating medication errors. JAMA 2005, 293(10):1197-1203.
133. Fernando J., Dawson L. The health information system security threat lifecycle: an informatics theory. Int J Med Inform 2009, 78(12):815-826.
134. Fernando J., Dawson L. Clinician assessments of workplace security training-an informatics perspective. eJHI 2008, 3(1):e7.
135. AHIMA. The state of HIPAA privacy and security compliance, April 2006. [accessed 07.12.12]. http://www.library.ahima.org/xpedio/groups/public/documents/ahima/bok1_022739.pdf.
136. Masys D., Baker D., Butros A., Cowles K.E. Giving patients access to their medical records via the internet: the PCASSO experience. J Am Med Inform Assoc 2002, 9(2):181-191.
137. Patel V.L., Arocha J.F., Shortliffe E.H. Cognitive models in training health professionals to protect patients' confidential information. Int J Med Inform 2000, 60(2):143-150.
138. Kierkegaard P. Electronic health record: wiring Europe's healthcare. Comput Law Security Rev 2011, 27(5):503-515.