Compliance of Electronic Health Record Applications With HIPAA Security and Privacy Requirements

Abstract

Electronic health record (EHR) applications are digital versions of paper-based patients health information. EHR applications are increasingly being adopted in many countries. They have resulted in improved quality in healthcare, convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process by doctors. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. However, there have been reported breaches of protected health identifier (PHI) data stored by EHR applications. In many reported breaches, improper use of EHRs has resulted in disclosure of patient's protected health information. The goal of this chapter is to (1) provide an overview of HIPAA security and privacy requirements; (2) summarize recent literature works related to complying with HIPAA security and privacy requirements; (3) map some of the existing vulnerabilities with HIPAA security rules.