|
“Reliable security control is the key to a worry-free experience for users when utilising an information technology (IT) system. In the Electronic Health Record Sharing System (eHRSS), various security measures are implemented at different levels to provide a protected environment for sharing patients’ information.” |
Ms Clara Cheung,
Chief Systems Manager
(IT and Electronic Health Record Operations),
Hospital Authority
|
|
|
|
Ms Cheung said cyber security requirements for eHRSS are stringent, as a huge volume of sensitive patient data and multiple stakeholders and users are involved. “Patients will be hesitant to join eHRSS if they don’t feel secure about their data privacy, despite the many benefits of electronic health record (eHR) sharing,” she stressed.
Ms Cheung, who has been leading eHRSS’ technical development, said security features have been built into each part of the system management process of eHRSS to guard against fast-evolving security threats such as cyber attacks, and minimise the risk of data breach.
|
|
Cyber security requirements for eHRSS are stringent, as a huge volume of sensitive patient data and multiple stakeholders and users are involved |
|
|
|
|
Security-by-Design |
Security-by-design is a very important approach in the development of eHRSS to protect patient data and prevent cyber attacks, under which central security controls are included in the system architecture as early as in the design stage, according to Ms Cheung.
“Adding security elements afterwards will be difficult and ineffective,” commented Ms Cheung, saying that security-by-design has been widely promoted in the IT industry.
|
|
|
Early from system design, implementation of security controls across the application, system and network levels has been planned to build up a multi-layered defence mechanism
|
|
|
Ms Cheung elaborated, “Early from system design, we have planned to implement security controls across the application, system and network levels in order to build up a multi-layered defence mechanism.
Our security considerations have covered a wide spectrum of scenarios, ranging from typical usages to high-impact security incidents. We have to make sure there are adequate safeguards, and we never assume every eHRSS user is equally conversant about cyber security protection.”
“Such mechanism enables us not only to defend, but also to detect probable cyber attacks so that we can respond quickly to eradicate incident.”
Citing a simple example, Ms Cheung said, “Multiple log-in attempts within a short period of time may imply an attack is going on. Our defence system can spot them out and alert us early for taking security incident response actions.” |
|
|
Security Principles and Safeguards
Apart from architectural design, eHRSS has also incorporated important security principles and mechanisms to protect data privacy.
According to Ms Cheung, first and foremost, healthcare providers (HCPs) are required to obtain sharing consents from patients for accessing and uploading their eHRs. All data accesses by healthcare professionals (HCProfs) have to be based on the “Patient-under-care” and “Need-to-know” principles. |
|
HCPs are required to obtain sharing consents from patients for accessing and uploading their eHRs |
|
|
|
“The role-based access control is another important privacy protection mechanism,” Ms Cheung pointed out, “With pre-defined access rights set in accordance with different HCProfs’ roles in providing clinical care, there are different levels of access to the eHRs in the system.” |
|
|
Access to eHRSS is secured by two-factor authentication |
|
“In addition, access to eHRSS is secured by two-factor authentication,” Ms Cheung emphasised, “Authorised HCProfs have to provide their unique passwords and the random one-time passcodes generated by their own security tokens to authenticate identity for login to the system.” |
|
“We strive to safeguard data privacy and system security in eHRSS. All accesses will be logged and are subject to audit and inspection. Patients will receive notifications via their selected communication means, i.e. SMS, email or post when their eHRs are accessed. They can report any suspicious access or irregularity immediately once identified,” she continued.
Ms Cheung highlighted, “For eHRSS users, the basic but utmost important cyber security measures they can take are to keep their user names, passwords and security tokens safe, and never share their own accounts with others. Since HCProfs’ accounts in eHRSS are assigned to individuals, the HCProfs can use the same account at all HCPs they are authorised to login to eHRSS. In other words, they do not need to remember different user names, passwords and use different tokens with different HCPs. They must not leave their account passwords and tokens with any organisation even when they leave employment with an HCP.” |
|
Patients will receive notifications via their selected communication means, i.e. SMS, email or post when their eHRs are accessed |
|
|
|
|
Future Challenges in Cyber Security for Stage Two Development
|
Regarding the Stage Two Development of eHRSS, Ms Cheung anticipated that there would be more challenges on data privacy and security protection. “Unlike Stage One when eHRSS users are mainly HCPs, Stage Two eHRSS will involve members of the public accessing their eHRs through the Patient Portal,” she remarked.
“While mobile technology allows users’ convenient access to the
Patient Portal, the security risks will be greater at the same time,”
she said, referring to the Patient Portal mobile application.
“More security controls will be adopted to minimise the security
risks, such as verifying user’s identity with one-time passcode
when he/ she logs into the system, restricting the download of
sensitive data, etc. We also plan to enable identity
authentication through the ‘eID’ launched by the Government
with a view to strengthening the portal’s capability in security
protection,” Ms Cheung mentioned. |
|
More challenges on data privacy and security protection for Stage Two Development of eHRSS are anticipated as it will involve members of the public accessing their eHRs through the Patient Portal |
|
|
|
She added that the security controls will be complemented by industry security standards for mobile devices. “For instance, existing built-in security features of mobile devices like ‘Touch ID’ and ‘Face ID’ are useful complements because they are proven and can be upgraded as technology advances,” she added.
|
|
Maintaining High Standard for Security Management |
In 2018, eHRSS was awarded the ISO/IEC 27001:2013 certification after its Information Security Management System passed the relevant certification audit. Talking about the key factors for maintaining a high security standard, Ms Cheung said there are three critical aspects - on-going education, regular review and continuous improvement. |
|
Training sessions and seminars are organised to provide up-to-date and latest cyber security information to HCPs, IT colleagues and frontline staff |
|
|
|
“Security measures cannot work effectively without users’ cooperation and compliance. Therefore, enhancing the awareness and vigilance amongst HCPs as well as our IT colleagues and frontline staff is also one of our tasks to safeguard data privacy and security of eHRSS. To this end, we have been organising training sessions and seminars to provide up-to-date and latest cyber security information. Regular technical audits, meetings and drills, etc. are also conducted on an on-going basis to evaluate the effectiveness of the existing system security measures and look for areas of improvement,” she remarked. |
|
“Despite all the challenges ahead, we will endeavour to upkeep a high standard of information security management system for eHRSS through continuous improvement by learning from local and international experiences,” Ms Cheung concluded. |
|
|
|
|
|
|
|