Abstract
This paper aims at identifying the specific legal requirements concerning data security and data protection of patient health data that apply to a cross-institutional electronic patient record (EPR) and describes possible solutions for meeting these requirements. In Germany, the legal framework for such records provide that disclosure of patient health information to physicians of third-party institutions is only allowed in case that it is necessary for the joint treatment of the patient, i.e. in case of a “treatment connection”. As a first step, the functionality of a remote-access architecture was proven allowing a one-way connection between the EPR systems of two health institutions in Germany, which jointly treat tumor patients. Besides, a signature system model for ensuring the integrity and authenticity of medical documents was developed and implemented in the existing information system architecture of the University Medical Center of Heidelberg. Especially in Germany, the legal framework for cross-institutional EPRs is very complex and has a considerable influence on the development and implementation of cross-institutional EPRs. However, its introduction is thought to be valuable, since a cross-institutional EPR will improve communication within shared care processes, and thus improve the quality of patient care.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
