Security and privacy consideration for the deployment of electronic health records: a qualitative study covering Greece and Oman

Abstract

ABSTRACT The deployment of an Electronic Health Record (EHR) introduced multiple and obvious benefits. Nevertheless, it also introduced various issues and challenges. Among others, these include considerations regarding the levels of system access, provisions for security and authorization protocols, provisions for backup and recovery mechanisms, and the training of IT staff and their appreciation of the system. The study focused on these areas, and introduced a number of related concepts and observations, based on the opinions of a sample population of EHR system stakeholders across Greece and Oman. The study adopted a qualitative methodology, utilizing field work and visits to the natural settings of medical units in the two countries, where a total of 40 professionals were interviewed. The results indicate that the views of professionals are largely divided in terms of patient access to their personal records. It was also observed that the access of third parties to such records should be both restricted and recorded. In terms of the security level, the ICTs training and the backup and recovery mechanism in place, professionals were generally satisfied, with the majority of the interviewees also confirming that an authorization scheme should be followed in order to access the EHR.