Abstract:
With the advent of increasingly sophisticated and futuristic Electronic Health Record (EHR) systems with capabilities to enhance not only the process of caregiving but also taking part in medical research through provision of clinical data have put the EHRs on a tight rope to balance between the quality of care and privacy protection of patients records. In order to achieve interoperability and better care facilities the data must be shared among different information systems of health care. Which demands the compliance of security and privacy policies from not only the end nodes utilizing the information but also from the network mediums and channels used to perform these exchanges. In this thesis, the Security evaluation framework for appraising the National EHR (N-EHR) initiatives has been proposed. The proposed framework utilizes the security threats to Health Information Systems (HIS) and the inherent vulnerabilities of the digital infrastructure to define the security requirements and evaluation metrics. Through this framework the state of security of an infrastructure can be evaluated to find out current level of security and identify neglected areas. The framework is supplemented with security guidelines to support the use of EHRs at national level while maintaining the state of security and privacy of patients medical records. The guidelines will enable nations who are in development phase of their N-EHR process (e.g. Pakistan) to integrate security by design and also provide directions to move towards a secure and efficient infrastructure to nations who have already developed their infrastructure.
