Standardization and security for the EMR

Abstract

The Ministry of Health and Welfare of Japan announced `Healthcare Information Strategy 21' in 1994. This report shows that the Healthcare Information System is the key to improving the quality and efficiency of healthcare. One of the elements for realizing the new Healthcare Information System is the Electronic Medical Record (EMR). Following the publication of this report, work began with the aim of discovering a way to recognize the EMR as formal documentation and four national projects of research and development have been started. The themes of these projects are: `Interoperability of EMR', `Standardization of EMR', `Modeling of the Clinical Process' and `Security for EMR'. The Japanese Association of the Healthcare Information Systems Industry (JAHIS) is in charge of `Security for EMR'. There are many discussions in relation to the security for EMR. However, many of these discussions relate to information technology, while there are few discussions regarding definitions of security. Therefore, there are many different theories about security itself, which will be an obstacle to standardization. To design the security system for EMR, JAHIS has defined `Security for EMR' as the first step. The present study was conducted with medical informatics and security specialists. It has designed `Requirement Definitions', `Goals of Security', `Estimation of threats to security', `Necessity conditions' and a `Security Model'. This paper covers these definitions and our security design concept.