Strengthening Privacy and Confidentiality Protection for Electronic Health Records

M. Czapski and R. Steele (Australia)


Electronic health records, security, privacy, encryption


Inappropriate disclosure and use of personal health information could have severe adverse consequences for the individual to whom it pertains, but non-disclosure could adversely affect other individuals or the society. In Australia efforts are under way to develop legislation that will address the protection of confidential health information. Development of large-scale health information repositories, intended to facilitate access to health information to many more parties than was previously possible, makes the issue of consent enforcement and access control more urgent than ever. Literature suggests that the majority of security threats arise out of insider activities. It is proposed to develop a confidentiality protection framework that will ensure personal, identifiable health information is only disclosed by consent or under circumstances prescribed by law, and that all access to that information is audited. The framework, based on encryption of health information at the time of collection, and decryption at the time of authorised use, provides a number of advantages over the traditional, enterprise-centric protection model.

Important Links:

Go Back