Design methodology for improved security and efficiency in health information electronic health record environment

Abstract

The form of medical information management has shifted from the zero generation, in which the medical information is recorded on the paper chart of simple medical records, to the first generation, in which the medical information is managed through anonymous information, computerization of the order, and OCS (Order Communication System), and to the second generation in which the medical information is managed by utilizing medical history, clinical opinion records, electronic medical record, and order communication system. In the previous environment of second generation, the medical information was managed and utilized within the medical institutions. However, the recent EHR (Electronic Health Record), which has received attention lately and is expected to spread and be utilized fast, is highly recognized as the high-tech medical information technology which integrates the electronic medical records (EMR) in all the hospitals through network for sharing. EHR is known to be effective as it can improve the compatibility by integrating the patients’ medical treatment data and can also improve the effect of the treatment while reducing overlapping investments and waste through standardization. However, there is no clear solution to the problems of the compatibility according to the medical process and forms of data and system, and the leakage of personal and medical information. Therefore, this thesis proposes the method of managing account and authority, the encryption method of attribute-driven data, and the method of the log management. The thesis also suggests the designing method of information security system that can be utilized in EHR environment. If these proposed methods are utilized, the problems such as leakage of medical and personal information and data compatibility are expected to be solved efficiently. © 2016 American Scientific Publishers. All rights reserved.