期刊名称:International Journal of Electrical and Computer Engineering
电子版ISSN:2088-8708
出版年度:2020
卷号:10
期号:1
页码:455-466
DOI:10.11591/ijece.v10i1.pp455-466
出版社:Institute of Advanced Engineering and Science (IAES)
摘要:Health records are an integral aspect of any Hospital Management System. With newer innovations in technology, there has been a shift in the way of recording health information. Medical records which used to be managed using various paper charts have now become easier to organize and maintain, thereby increasing the efficiency of medical staff. The Electronic Health Records (EHR) System is becoming a high-tech medical management technology developed for the economic or emerging economic countries like India. In a national health system, the EHR integrates the Electronic Medical Records (EMR) in all collaborating hospitals through different networks. EHR gives healthcare professionals a way to share and manage patient data quickly and effectively. Due to the mass storage of confidential patient data, healthcare organizations are considered as one of the most targeted sectors by intruders. This paper proposes a security framework for EHR system, which takes into consideration the integrity, availability, and confidentiality of health records. The threats posed to the EHR system are modeled by STRIDE modeling tool, and the amount of risk is calculated using DREAD. The paper also suggests the security mechanism and countermeasures based on security standards, which can be utilized in an EHR environment. The paper shows that the utilization of the proposed methods effectively addresses security concerns such as breach of sensitive medical information.
关键词:Electronic Health Records;Healthcare;Security Framework;Threat Modeling;Risk Assessment
