A security framework to protect ePHI in Saudi Arabia's healthcare infrastructure

Abstract

Today, protecting patient privacy and ensuring the accuracy and integrity of their data are the two most crucial concerns in the healthcare field. Unauthorized access or changes to patients' private health records can lead to serious issues. Moreover, if healthcare providers fail to update a patient's records quickly, it could result in dangerous, even life-threatening situations. Attacks on hospital computer systems also present a significant danger to patient care. Establishing strong security measures and procedures through cybersecurity frameworks can help protect sensitive patient information, known as electronic protected health information (ePHI). The Security Rule by Health Insurance Portability and Accountability Act (HIPAA), a well-established set of security guidelines, focuses on safeguarding ePHI held by healthcare organizations and their associates. This paper suggests creating a Data Cybersecurity Framework (DCF) specifically for the healthcare sector in Saudi Arabia. This framework aims to shield ePHI and align with the security recommendations of the HIPAA Security Rule. The development of this proposed framework involved consultations with healthcare cybersecurity experts and concentrated on the healthcare system in Saudi Arabia. The research concludes that enhancing the protection of patient information and raising public awareness requires the joint efforts of various entities, including government bodies.