From: Integrated personal health record (PHR) security: requirements and mechanisms
Security requirements & mechanisms | Experts Opinions | ||||
---|---|---|---|---|---|
Agree | Disagree | ||||
Number | Percent | Number | Percent | ||
Confidentiality | Registering authorized PHR users | 28 | 93.33 | 2 | 6.67 |
Determining the information sensitivity level in PHR | 30 | 100 | 0 | 0 | |
Encrypting data or key fields in PHR databases | 30 | 100 | 0 | 0 | |
Hiding Information from unauthorized users | 30 | 100 | 0 | 0 | |
Restrictions of information updating by unauthorized users | 24 | 80 | 6 | 20 | |
Availability | Creating an information backup | 28 | 93.33 | 2 | 6.67 |
Specifying data access control list | 30 | 100 | 0 | 0 | |
Integrity | Using digital signature | 26 | 86.67 | 4 | 13.33 |
Determining the Standard terminology | 30 | 100 | 0 | 0 | |
Authentication | Assigning username to all user | 30 | 100 | 0 | 0 |
Determining Password mechanisms | 30 | 100 | 0 | 0 | |
Using biometric scans (fingerprints, face, hands, retina) | 30 | 100 | 0 | 0 | |
Authorization | Defining the roles (patient, provider, system manager, etc.) | 30 | 100 | 0 | 0 |
Defining users’ access level to information | 28 | 93.33 | 2 | 6.67 | |
Compiling user’s list to access information in emergencies | 30 | 100 | 0 | 0 | |
Non-Repudiation | Creating an audit log (information audit) | 30 | 100 | 0 | 0 |
Creating accountability of users for any changes and manipulations | 30 | 100 | 0 | 0 | |
Access Right | Determining the time and individual (authorized users) to access personal health data by PHR owner | 28 | 93.33 | 2 | 6.67 |
Authorizing another user to access & control the information for sharing by the PHR owner | 28 | 93.33 | 2 | 6.67 | |
Reviewing entities’ access to personal health data by PHR owner | 30 | 100 | 0 | 0 | |
Revocation of entities’ access by PHR owner at any time | 23 | 76.67 | 7 | 23.33 | |
Restricting the previous physician’s access right to PHR | 26 | 86.67 | 4 | 13.33 |