eHealth News 07

System Security - Paramount Importance at eHRSS

In the previous issue of eHealth News, we have shared with readers details of the security framework and patient authentication of the Electronic Health Record Sharing System (eHRSS). Here comes part two of the series, in which readers will learn about the access control mechanism and the relevant security measures implemented within the system.

Role-based Access at a Glance

Healthcare providers can only access the health data of patients under their care with patients' consent. Role-based access control is built in the eHRSS in accordance with the clinical needs and functions of different role-based users. At the initial stage of eHR sharing, healthcare providers can give their doctors, nurses and dentists access rights to personal particulars and health records of patients under their care. Administrative users are not allowed to view health records of patients and can only have limited access rights to personal particulars used for patient registration. When accessing the eHRSS, all healthcare users must first be authenticated by a combination of identification means such as password, digital certificate or authentication token. eHRSS will also verify their professional status through a central database before allowing access.

Role-based Access Control

Audit Control and Access Notification

All access activities will be logged in the eHRSS to allow detection and tracking of improper data access. The eHRSS will also send notifications to patients through short message service (SMS) or email whenever their eHealth Records are accessed. This can help alerting patients on any unauthorised access of their eHealth Records.

Access Notification

Restricted Downloading

As many security incidents are caused by data downloading and subsequent improper handling/use of data, downloading of health data from the eHRSS is mostly restricted in principle to minimise the risk of data leakage and/or misuse. However, limited downloading of health data such as Participant Master Index and allergy/ adverse drug reaction data is allowed for healthcare providers for patient management and essential clinical decisions.

 

Fun Quiz
Read next
Fun Quiz -
Chance to Win a Prize

 

eHRSS - A Breakthrough in e-Government Initiatives
GOPC PPP in Focus
GOPC PPP and Radi Collaboration - A Prelude to eHR Sharing
CMS On-ramp Works for Better Clinical Workflows
Fun Quiz
Subscribe to eHealth News
Download Previous eHealth News
   
 
Top

Last revision date: 30 May 2015

Web Accessibility Recognition Scheme