Today a multitude of information assets can be combined into electronic health records with a rich set of analytic aids that assist a user to understand them. By making this information readily available to new audiences, collaboration between healthcare providers and other stakeholders can be taken to a completely new level. This of course offers enormous potential efficiency gains, but also poses integrity and confidentiality issues. Furthermore, in recent years legislation in most countries has strengthened patient privacy regulations.

This paper discusses fundamental issues regarding personally identifiable information and privacy concerns in the context of personal health information processing. It also looks at some examples of legislative frameworks and reviews the fundamental similarities and differences between them, while drawing some general high-level conclusions regarding the requirements on information security and authorization.

The paper goes on to discuss the capabilities of predominant standards for electronic health records related information processing and the access control models they can use in the perspective of these high-level requirements.

Some resources on this web site are available for registered users only. To access them, you need to login. If you do not have an account yet, use the registration form.