Health Information Systems
Health Information Systems
Most of the current health system is reactive; a person seeks out medical help, whether at a local hospital, doctor’s office, or clinic. Each individual health provider, if they implement electronic medical records, will contain their own health information system which would house each patient’s electronic medical record. According to ISO/TS 20514 a health information system has been formally defined as: “a repository of information regarding the health status of a subject of care in computer form stored and transmitted securely, and accessible by multiple authorized users. It has a standardized or commonly agreed logical information model which is independent of EHR systems. Its primary purpose is the support of continuing, efficient and quality integrated health care and it contains information which is retrospective, concurrent and prospective.” Pertaining to the security aspect of the above definition ISO/TS 18308 states the following privacy and security requirements that current health information systems should conform to:
System Security
Authentication
Authorization
Confidentially
Consent
Integrity
Non-repudiation
Interoperability
Author Responsibility
Audit Trail
Version Management
Patient Access
Archiving/Data Retention
Due to the unique nature and function of health information systems they are required to house large amounts of personal data and consequently they are also required to adhere to comprehensive security standards. This makes it incredibly difficult to fully implement a health information system that successfully implements all aspects of the previous list of security requirements. Now that health information systems have been discussed and introduced the scope of the paper can more clearly be defined. As stated earlier the focus of the paper is on how electronic health records and personal health records can be used together. More specifically, it will investigate problems associated with authorization, interoperability, and patient access of electronic health records. There are, however, many challenges with connecting health information systems together, especially regarding authorization systems.
