Integrated personal health record (PHR) security: requirements and mechanisms

Abstract

Abstract Background Personal Health Records (PHRs) are designed to fulfill the goals of electronic health (eHealth) and empower the individual in the process of self-care. Integrated PHR can improve the quality of care, strengthen the patient-healthcare provider relationship, and reduce healthcare costs. Still, the process of PHR acceptance and use has been slow and mainly hindered by people’s concerns about the security of their personal health information. Thus, the present study aimed to identify the Integrated PHR security requirements and mechanisms. Methods In this applied study, PHR security requirements were identified with a literature review of (library sources, research articles, scientific documents, and reliable websites). The identified requirements were classified, and a questionnaire was developed accordingly. Thirty experts completed the questionnaire in a two-round Delphi technique, and the data were analyzed by descriptive statistics. Results The PHR security requirements were identified and classified into seven dimensions confidentiality, availability, integrity, authentication, authorization, non-repudiation, and right of access, each dimension having certain mechanisms. On average, the experts reached an agreement about the mechanisms of confidentiality (94.67%), availability (96.67%), integrity (93.33%), authentication (100%), authorization (97.78%), non-repudiation (100%), and right of access (90%). Conclusion Integrated PHR security is a requirement for its acceptance and use. To design a useful and reliable integrated PHR, system designers, health policymakers, and healthcare organizations must identify and apply security requirements to guarantee the privacy and confidentiality of data.