EHR Security

by Jerome Carter on May 3, 2012

Updated March 24, 2017     (Page is updated monthly on the 19th. For more frequent resource alerts, follow EHR Science on Twitter:@ehrscience.)

This page focuses on the HIPAA Security Rule with particular attention given to software design, risk assessment, and  meaningful use requirements.  Please use the contact form to suggest additions or corrections.

Websites
AHRQ
Health Information Security and Privacy Collaboration Toolkit – Toolkit aimed at addressing privacy and security concerns of health information exchanges.

American Medical Association
HIPAA privacy and security toolkit: Helping your practice meet new compliance requirements, 2013

Applied Computer Security Associates – An organization focused on computer security that sponsors the Annual Computer Security Applications Conference

This chapter  is from a book published in 1995 that addresses audit trail design.  It is a very good introduction to the key concepts involved.

Jajodia S, Gadia S, Bhargava G. Logical Design of Audit Information in Relational Databases. In Information Security: An Integrated Collection of Essays. Abrams, Jajodia, and Podell, Eds. IEEE Computer Society Press, Los Alamitos, CA, 585-595. 1995. 

Health and Human Services (Website)
HIPAA Audit Security Protocol – Audit protocol used to determine HIPAA compliance for privacy and security
Guidance on De-identification of Protected Health Information
HIPAA Omnibus Final Rule  

Security Reference Documents (HHS)
Administrative Safeguards
Basics of Risk Analysis and Risk Management
Organizational, Policies and Procedures and Documentation Requirements
Physical Safeguards
Security 101 for Covered Entities
Security Standards: Implementation for the Small Provider
Technical Safeguards

National Institute of Standards and Technology (Website)
NIST Cybersecurity Practice Guide, Special Publication 1800-1: Securing Electronic Health Records on Mobile Devices, 2015
Cyber Security Framework Draft, 2013 
Security and Privacy Controls for Federal Information Systems and Organizations (Special Publication 800-53, R4)
Guide for Conducting Risk Assessments (Special Publication 800-30)
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (NIST Special Publication 800-66)

Office of the National Coordinator (Privacy and Security Website)
Legal Health Record Template 
Guide to the Privacy and Security of Health Information
Your Mobile Device and Health Information Privacy and Security

Software/Web Applications
HIPAA Security Rule Toolkit (NIST)
Cybersecure: Contingency Planning -(ONC) disaster recovery/business continuity training game
Cybersecure: Your Medical Practice – (ONC) privacy and security training game for practices

Posts
e-Discovery
e-Discovery, Metadata, and You

EHR Security
Is Your EHR Hackable?

HIPAA
Technical Safeguards in Certified EHRs
HIPAA Requirements for Meaningful Use Objective 15
The HIPAA Security Rule: Components and Compliance

Information Security
Information Security: A Practical Guide
The Nightmare of Undead Data
In Case of Disaster, Break Glass
Encryption, an Ounce of Prevention…

Key Articles
Kum HC, Krishnamurthy A, Machanavajjhala A, Reiter MK, Ahalt S. Privacy preserving interactive record linkage (PPIRL). J Am Med Inform Assoc. 2013 Nov 7. [E] 

jpc Rodrigues J, de la Torre I, Fernandez G, Lopez-Coronado M. Analysis of the security and privacy requirements of cloud-based electronic health records systems. J Med Internet Res. 2013 Aug 21;15(8):e186.

Hanada E, Kudou T, Tsumoto S. Ensuring the Security and Availability of a Hospital Wireless LAN System. Stud Health Technol Inform. 2013;192:166-70. 

Fernández-Alemán JL, Señor IC, Lozoya PÁ, Toval A. Security and privacy in electronic health records: A systematic literature review. J Biomed Inform. 2013  Jun;46(3):541-62.  

Dekkera MAC, Etalleb s.  Audit-Based Access Control for Electronic Health Records. Electronic Notes in Theoretical Computer Science. 168:2007; 221–236 

Articles
[New  February 20 – March 24, 2017]  [E] = e-pub date
Niimi Y, Ota K. Examination of an Electronic Patient Record Display Method to Protect Patient Information Privacy. Comput Inform Nurs. 2017 Feb;35(2):100-108.

Walker DM, Johnson T, Ford EW, Huerta TR. Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior. J Med Internet Res. 2017 Jan 4;19(1):e2.

Yigzaw KY, Michalas A, Bellika JG. Secure and scalable deduplication of horizontally partitioned health data for privacy-preserving distributed statistical computation. BMC Med Inform Decis Mak. 2017 Jan 3;17(1):1.

Jung J, Kang D, Lee D, Won D. An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information  System. PLoS One. 2017 Jan 3;12(1):e0169414.

Kim S, Lee H, Chung YD. Privacy-preserving data cube for electronic medical records: An experimental evaluation. Int J Med Inform. 2017 Jan;97:33-42.

2016
Yuan J, Malin B, Modave F, Guo Y, Hogan WR, Shenkman E, Bian J. Towards a Privacy Preserving Cohort Discovery Framework for Clinical Research Networks. J Biomed Inform. 2016 Dec 19. [E]

Zhang L, Wu Q, Mu Y, Zhang J. Privacy-Preserving and Secure Sharing of PHR in the Cloud. J Med Syst. 2016 Dec;40(12):267.

Zeadally S, Isaac JT, Baig Z. Security Attacks and Solutions in Electronic Health (E-health) Systems. J Med Syst. 2016 Dec;40(12):263.

Jayabalan M, O’Daniel T. Access control and privilege management in electronic health record: a systematic literature review. J Med Syst. 2016 Dec;40(12):261.

Wu Y, Lu X, Su J, Chen P. An Efficient Searchable Encryption Against Keyword Guessing Attacks for Sharable Electronic Medical Records in Cloud-based System. J Med Syst. 2016 Dec;40(12):258.

Eom J, Lee DH, Lee K. Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System. J Med Syst. 2016 Dec;40(12):253.

Poulis G, Loukides G, Skiadopoulos S, Gkoulalas-Divanis A. Anonymizing datasets with demographics and diagnosis codes in the presence of utility constraints. J Biomed Inform. 2016 Nov 7. pii: S1532-0464(16)30160-5. [E]

Sahi A, Lai D, Li Y. Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan. Comput Biol Med. 2016 Nov 1;78:1-8.

Sher ML, Talley PC, Cheng TJ, Kuo KM. How can hospitals better protect the privacy of electronic medical records? Perspectives from staff members of health information management departments. HIM J. 2016 Oct 4.

Williams RL, Taylor JF. Four steps to preserving adolescent confidentiality in an electronic health environment. Curr Opin Obstet Gynecol. 2016 Oct;28(5):393-8.

Brown SM, Aboumatar HJ, Francis L, Halamka J, Rozenblum R, Rubin E, Sarnoff Lee B, Sugarman J, Turner K, Vorwaller M, Frosch DL; Privacy, Access, and Engagement Task Force of the Libretto Consortium of the Gordon and Betty Moore Foundation. Balancing digital information-sharing and patient privacy when engaging families in the intensive care unit. J Am Med Inform Assoc. 2016 Sep;23(5):995-1000.

Pageler NM, Grazier G’Sell MJ, Chandler W, Mailes E, Yang C, Longhurst CA. A rational approach to legacy data validation when transitioning between electronic health record systems. J Am Med Inform Assoc. 2016 Sep;23(5):991-4.

Smith FL 3rd. Malware and Disease: Lessons from Cyber Intelligence for Public Health Surveillance. Health Secur. 2016 Aug 26. [E]

Rangraz Jeddi F, Akbari H, Rasoli S. Older people home care through electronic health records: functions, data elements and security needs. Contemp Nurse. 2016 Apr-Jun;52(2-3):352-65.

Lin CY, Kao YH, Lee WB, Chen RC. An efficient reversible privacy-preserving data mining technology over data streams. Springerplus. 2016 Aug 24;5(1):140

Fontaine J, Zheng K, Van De Ven C, Li H, Hiner J, Mitchell K, Gendler S, Hanauer DA. Evaluation of a proximity card authentication system for health care settings. Int J Med Inform. 2016 Aug;92:1-7.

Williams RL, Taylor JF. Four steps to preserving adolescent confidentiality in an electronic health environment. Curr Opin Obstet Gynecol. 2016 Jul 20. [E]

Rangraz Jeddi F, Akbari H, Rasoli S. Older People Home Care through Electroni Health Records: Functions, Data Elements and Security Needs. Contemp Nurse. 2016 Jul 15:1-14. [E]

Yasnoff WA. A secure and efficiently searchable health information architecture. J Biomed Inform. 2016 Jun;61:237-46.

Al Ayubi SU, Pelletier A, Sunthara G, Gujral N, Mittal V, Bourgeois FC. A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of “Bring Your Own Devices” Policies. JMIR Mhealth Uhealth. 2016 May 11;4(2):e50.

Chen SW, Chiang DL, Liu CH, Chen TS, Lai F, Wang H, Wei W. Confidentiality Protection of Digital Health Records in Cloud Computing. J Med Syst. 2016 May;40(5):124.

Yasnoff WA. A Secure and Efficiently Searchable Health Information Architecture. J Biomed Inform. 2016 Apr 21. [E]

Tipton SJ, Forkey S, Choi YB. Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle. J Med Syst. 2016 Apr;40(4):100.

Kuo A, Dang S. Secure Messaging in Electronic Health Records and Its Impact on Diabetes Clinical Outcomes: A Systematic Review. Telemed J E Health. 2016 Mar 30. [E]

Lehnbom EC, Douglas HE, Makeham MA. Positive beliefs and privacy concerns shape the future for the Personally Controlled Electronic Health Record. Intern Med J. 2016 Jan;46(1):108-11.

2015
Papoutsi C, Reed JE, Marston C, Lewis R, Majeed A, Bell D. Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study. BMC Med Inform Decis Mak. 2015 Oct 14;15:86.

Griffith R. Patient information: confidentiality and the electronic record. Br J Nurs. 2015 Sep 24;24(17):894-5.

Li CT, Weng CY, Lee CC, Wang CC. A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System. J Med Syst. 2015 Sep 9. [E]

Kho AN, Cashy JP, Jackson KL, Pah AR, Goel S, Boehnke J, Humphries JE, Kominers SD, Hota BN, Sims SA, Malin BA, French DD, Walunas TL, Meltzer DO, Kaleba EO, Jones RC, Galanter WL. Design and implementation of a privacy preserving electronic health record linkage tool in Chicago. J Am Med Inform Assoc. 2015 Sep;22(5):1072-80. [E]

Mir O, van der Weide T, Lee CC. A Secure User Anonymity and Authentication Scheme Using AVISPA for Telecare Medical Information Systems. J Med Syst. 2015 Sep;39(9):265.

Brisson GE, Neely KJ, Tyler PD, Barnard C. Privacy Versus Confidentiality: More on the Use of the Electronic Health Record for Learning. Acad Med. 2015 Aug;90(8):1001.

Li J. A Privacy Preservation Model for Health-Related Social Networking Sites. J Med Internet Res. 2015 Jul 8;17(7):e168.

Liu Z, Chen Y, Tang B, Wang X, Chen Q, Li H, Wang J, Deng Q, Zhu S. Automatic de-identification of electronic medical records using token-level and character-level conditional random fields. J Biomed Inform. 2015 Jun 26. [E]

Rezaeibagha F, Win KT, Susilo W. A systematic literature review on security and privacy of electronic health record systems: technical perspectives. HIM J. 2015 Jun 26. [E]

Kels CG. Electronic health records and adolescent privacy. JAMA. 2015 Apr 7;313(13):1373.

Patel V, Beckjord E, Moser RP, Hughes P, Hesse BW. The role of health care experience and consumer information efficacy in shaping privacy and security perceptions of medical records: national consumer survey results. JMIR Med Inform. 2015 Apr 2;3(2):e14.

Das AK. A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System. J Med Syst. 2015 Feb 10. [E]

Bayer R, Santelli J, Klitzman R. New challenges for electronic health records: confidentiality and access to sensitive health information about parents and adolescents. JAMA. 2015 Jan 6;313(1):29-30.

Landman A, Emani S, Carlile N, Rosenthal DI, Semakov S, Pallin DJ, Poon EG. A mobile app for securely capturing and transferring clinical images to the electronic health record: description and preliminary usability study. JMIR Mhealth Uhealth. 2015 Jan 2;3(1):e1.

Meslin EM, Schwartz PH. How bioethics principles can aid design of electronic health records to accommodate patient granular control. J Gen Intern Med. 2015 Jan;30 Suppl 1:3-6.

Caine K, Tierney WM. Point and counterpoint: patient control of access to data in their electronic health records. J Gen Intern Med. 2015 Jan;30 Suppl 1:38-41.

Caine K, Kohn S, Lawrence C, Hanania R, Meslin EM, Tierney WM. Designing a Patient-Centered User Interface for Access Decisions about EHR Data: Implications from Patient Interviews. J Gen Intern Med. 2015 Jan;30 Suppl 1:7-16.

Naam NH, Sanbar S. Advanced Technology and Confidentiality in Hand Surgery. J Hand Surg Am. 2015 Jan;40(1):182-187.

Alanazi HO, Zaidan AA, Zaidan BB, Kiah ML, Al-Bakri SH. Meeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing. J Med Syst. 2015 Jan;39(1):165.

2014
Alanazi HO, Zaidan AA, Zaidan BB, Kiah ML, Al-Bakri SH. Meeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing. J Med Syst. 2014 Dec 7 [E]

Vogel J, Brown JS, Land T, Platt R, Klompas M. MDPHnet: Secure, Distributed Sharing of Electronic Health Record Data for Public Health Surveillance, Evaluation, and Planning. Am J Public Health. 2014 Dec;104(12):2265-70.

Mazumdar S, Konings P, Hewett M, Bagheri N, McRae I, Del Fante P. Protecting the privacy of individual general practice patient electronic records for geospatial epidemiology research. Aust N Z J Public Health. 2014
Dec;38(6):548-52. 2014 Oct 12. [E]

Sittig DF, Gonzalez D, Singh H. Contingency planning for electronic health record-based care continuity: a survey of recommended practices. Int J Med Inform. 2014 Nov;83(11):797-804.

Chen CL, Yang TT, Chiang ML, Shih TF. A privacy authentication scheme based on cloud for medical environment. J Med Syst. 2014 Nov;38(11):143.

Newhauser W, Jones T, Swerdloff S, Newhauser W, Cilia M, Carver R, Halloran A,Zhang R. Anonymization of DICOM electronic medical records for radiation therapy. Comput Biol Med. 2014 Oct;53:134-40.

Somolinos R, Munoz A, Hernando ME, Pascual M, Caceres J, Sanchez-de-MadariagaR, Fragua J, Serrano P, Salvador C. Service for the pseudonymization of electronic healthcare records based on ISO/EN 13606 for the secondary use of information. IEEE J Biomed Health Inform. 2014 Sep 26. [E]

Gummadi S, Housri N, Zimmers TA, Koniaris LG. Electronic medical record: a balancing act of patient safety, privacy and health care delivery. Am J Med Sci.  2014 Sep;348(3):238-43.

Gkoulalas-Divanis A, Loukides G, Sun J. Publishing data from electronic health records while preserving privacy: A survey of algorithms. J Biomed Inform. 2014 Aug;50C:4-19. doi: 10.1016/j.jbi.2014.06.002.

Loukides G, Liagouris J, Gkoulalas-Divanis A, Terrovitis M. Disassociation for electronic health record privacy. J Biomed Inform. 2014 Aug;50:46-61.

South BR, Mowery D, Suo Y, Leng J, Ferrández O, Meystre SM, Chapman WW. Evaluating the effects of machine pre-annotation and an interactive annotation interface on manual de-identification of clinical text. J Biomed Inform. 2014 Aug;50:162-72.

Bos JW, Lauter K, Naehrig M. Private predictive analysis on encrypted medical data. J Biomed Inform. 2014 Aug;50:234-43.

Landberg AH, Nguyen K, Pardede E, Rahayu JW. ?-Dependency for privacy-preserving XML data publishing. J Biomed Inform. 2014 Aug;50:77-94.

Jones KH, Ford DV, Jones C, Dsilva R, Thompson S, Brooks CJ, Heaven ML, Thayer DS, McNerney CL, Lyons RA. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation. J Biomed Inform. 2014 Aug;50:196-204.

Randall SM, Ferrante AM, Boyd JH, Bauer JK, Semmens JB. Privacy-preserving record linkage on large real world datasets. J Biomed Inform. 2014 Aug;50:205-12.

Chen CL, Yang TT, Shih TF. A Secure Medical Data Exchange Protocol Based on Cloud Environment. J Med Syst. 2014 Jul 19. [E]

Abbas A, Khan SU. A Review on the State-of-the-Art Privacy-Preserving Approaches in the e-Health Clouds. IEEE J Biomed Health Inform. 2014 Jul;18(4):1431-41.

Neame R. Effective sharing of health records, maintaining privacy: a practical schema. Online J Public Health Inform. 2013 Jul 1;5(2):217.

Committee opinion no. 599: adolescent confidentiality and electronic health records. Obstet Gynecol. 2014 May;123(5):1148-50.

Kim KW, Lee JD. On the security of two remote user authentication schemes for  telecare medical information systems. J Med Syst. 2014 May;38(5):17.

Wen F. A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System. J Med Syst. 2014 May;38(5):42.

Yu YC, Hou TW. An efficient forward-secure group certificate digital signature scheme to enhance EMR authentication process. Med Biol Eng Comput. 2014 May;52(5):449-57.

Goldstein MM. Health Information Privacy and Health Information Technology in  the US Correctional Setting. Am J Public Health. 2014 May;104(5):803-9.

Menon AK, Jiang X, Kim J, Vaidya J, Ohno-Machado L. Detecting Inappropriate Access to Electronic Health Records Using Collaborative Filtering. Mach Learn. 2014 Apr 1;95(1):87-101.

Li H, Hong W, Dong S, Liu Y, Wang E. A Resettable and Reprogrammable DNA-Based Security System To Identify Multiple Users with Hierarchy. ACS Nano. 2014 Mar 3. [E]

Kreissl R. Assessing Security Technology’s Impact: Old Tools for New Problems. Sci Eng Ethics. 2014 Mar 2. [E]

Tong Y, Sun J, Chow SS, Li P. Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J Biomed Health Inform. 2014 Mar;18(2):419-29.

Wang H, Wu Q, Qin B, Domingo-Ferrer J. FRR: Fair remote retrieval of outsourced private medical records in electronic health networks. J Biomed Inform. 2014 Feb 18. [E]

Schwartze J, Haarbrandt B, Fortmeier D, Haux R, Seidel C. Authentication systems for securing clinical documentation workflows. A systematic literature review. Methods Inf Med. 2014;53(1):3-13.

2013
Kum HC, Krishnamurthy A, Machanavajjhala A, Reiter MK, Ahalt S. Privacy preserving interactive record linkage (PPIRL). J Am Med Inform Assoc. 2013 Nov 7. [E]

Kuzu M, Kantarcioglu M, Inan A, Bertino E, Durham E, Malin B. Efficient Privacy-Aware Record Integration. Adv Database Technol. 2013:167-178.

Chen YC, Horng G, Lin YJ, Chen KC. Privacy preserving index for encrypted electronic medical records. J Med Syst. 2013 Dec;37(6):9992.

Kiah ML, Nabi MS, Zaidan BB, Zaidan AA. An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1. J Med Syst. 2013 Oct;37(5):9971.

Awasthi AK, Srivastava K. A biometric authentication scheme for telecare medicine information systems with nonce. J Med Syst. 2013 Oct;37(5):9964.

Demers G, Kahn C, Johansson P, Buono C, Chipara O, Griswold W, Chan T. Secure  scalable disaster electronic medical record and tracking system. Prehosp Disaster Med. 2013 Oct;28(5):498-501.

Hsu CL, Lee MR, Su CH. The role of privacy protection in healthcare information systems adoption. J Med Syst.  2013 Sep 8.  [E]

Picazo-Sanchez P, Bagheri N, Peris-Lopez P, Tapiador JE. Two RFID Standard-based Security Protocols for Healthcare Environments. J Med Syst. 2013 2013 Aug 16 [E]

O’Dowd A. Medical data: does patient privacy trump access for research? BMJ. 2013 Sep 11;347:f5516.

Gulick S. Be Prepared: Enforcement of the New HIPAA Rules. J Am Coll Radiol.2013 Sep 7. [E]

Nordgren A. Privacy by Design in Personal Health Monitoring. Health Care Anal. 2013 Aug 27. [E]

Wang CJ, Huang DJ. The HIPAA Conundrum in the Era of Mobile Health and Communications. JAMA. 2013 Aug 26. [E]

Agaku IT, Adisa AO, Ayo-Yusuf OA, Connolly GN. Concern about security and privacy, and perceived control over collection and use of health information are  related to withholding of health information from healthcare providers. J Am Med  Inform Assoc. 2013 Aug 23. [E]

jpc Rodrigues J, de la Torre I, Fernandez G, Lopez-Coronado M. Analysis of the security and privacy requirements of cloud-based electronic health records systems. J Med Internet Res. 2013 Aug 21;15(8):e186.

Lecoanet A, Sellier E, Carpentier F, Maignan M, Seigneurin A, Fran?ßois P. Experience feedback committee in emergency medicine: a tool for security management. Emerg Med J. 2013 Aug 20.  [E]

Mitchener-Nissen T. Addressing social resistance in emerging security technologies. Front Hum Neurosci. 2013 Aug 20;7:483.

Kels CG, Kels LH. Medical Privacy After Death: Implications of New Modifications to the Health Insurance Portability and Accountability Act Privacy Rule. Mayo Clin Proc. 2013 Aug 20. [E]

Mansoori B, Rosipko B, Erhard KK, Sunshine JL. Design and Implementation of Disaster Recovery and Business Continuity Solution for Radiology PACS. J Digit Imaging. 2013 Aug 6. [E]

Cooley J, Smith S. Privacy-preserving screen capture: Towards closing the loop for health IT usability. J Biomed Inform. 2013 Aug;46(4):721-33.

Ermakova, Tatiana; Fabian, Benjamin, “Secret Sharing for Health Data in Multi-provider Clouds,” Business Informatics (CBI), 2013 IEEE 15th Conference on , vol., no., pp.93,100, 15-18 July 2013

Anthony, D.; Campbell, A.; Candon, T.; Gettinger, A.; Gunter, C.; Johnson, M.; Kotz, D.; Marsch, L.; Molina-Markham, A.; Page, K.; Smith, S., “Securing Information Technology in Healthcare,” Security & Privacy, IEEE , vol.PP, no.99, pp.1,1, 0 2013

Jungchae Kim; Byuck Jin Lee; Yoo, S.K., “Design of real-time encryption module for secure data protection of wearable healthcare devices,” Engineering in Medicine and Biology Society (EMBC), 2013 35th Annual International Conference of the IEEE , vol., no., pp.2283,2286, 3-7 July 2013

Malay DS. Electronic Health Records, Privacy, and Surveillance. J Foot Ankle Surg. 2013 Jul .18 [E]

Fernandes AC, Cloete D, Broadbent MT, Hayes RD, Chang CK, Jackson RG, Roberts  A, Tsang J, Soncul M, Liebscher J, Stewart R, Callard F. Development and evaluation of a de-identification procedure for a case register sourced from mental health electronic records. BMC Med Inform Decis Mak. 2013 Jul 11;13(1):71. [E]

Neame R. Effective sharing of health records, maintaining privacy: a practical schema. Online J Public Health Inform. 2013 Jul 1;5(2):217.

Yamashita Y, Ogaito T. Rebuilding and the private cloud of the hospital information system by the virtualization technology. Stud Health Technol Inform.  2013;192:1183.

Shin SY, Lyu Y, Shin Y, Choi HJ, Park J, Kim WS, Lee JH. Experience of De-identification System Development for Clinical Research in Tertiary Hospital.  Stud Health Technol Inform. 2013;192:1044.

Niimi Y, Ota K. Display methods of electronic patient record screens: patient  privacy concerns. Stud Health Technol Inform. 2013;192:1029.

Alsalamah S, Gray WA, Hilton J, Alsalamah H. Information security requirements in patient-centred healthcare support systems. Stud Health Technol Inform. 2013;192:812-6.

Le T, Thompson H, Demiris G. An examination of electronic health information  privacy in older adults. Stud Health Technol Inform. 2013;192:709-13.

Mense A, Hoheiser-Pförtner F, Schmid M, Wahl H. Concepts for a Standard based Cross-organisational Information Security Management System in the Context of a Nationwide EHR. Stud Health Technol Inform. 2013;192:548-52.

Hanada E, Kudou T, Tsumoto S. Ensuring the Security and Availability of a Hospital Wireless LAN System. Stud Health Technol Inform. 2013;192:166-70.

Jiang P, Wen Q, Li W, Jin Z, Zhang H. An Anonymous User Authentication with Key Agreement Scheme without Pairings for Multiserver Architecture Using SCPKs. ScientificWorldJournal. 2013 Jun 9;2013:419592.

Wade-Vuturo AE, Mayberry LS, Osborn CY. Secure messaging and diabetes management: experiences and perspectives of patient portal users. J Am Med Inform Assoc. 2013 May 1;20(3):519-25.

Cummings E, Borycki EM, Roehrer E. Issues and considerations for healthcare consumers using mobile applications. Stud Health Technol Inform. 2013;183:227-31.

Fernández-Alemán JL, Señor IC, Lozoya PÁ, Toval A. Security and privacy in electronic health records: A systematic literature review. J Biomed Inform. 2013  Jun;46(3):541-62.

Mohammed N, Jiang X, Chen R, Fung BC, Ohno-Machado L. Privacy-preserving heterogeneous health data sharing. J Am Med Inform Assoc. 2013 May 1;20(3):462-9.

Lee TF, Chang IP, Lin TH, Wang CC. A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System. J Med Syst. 2013 Apr 4. [E]

Martínez S, Sánchez D, Valls A. A semantic framework to protect the privacy of electronic health records with non-numerical attributes. J Biomed Inform. 2013 Apr;46(2):294-303.

Liu J, Tang G, Sun Y. A secure steganography for privacy protection in healthcare system. J Med Syst. 2013 Apr;37(2):9918.

Xie Q, Zhang J, Dong N. Robust anonymous authentication scheme for telecare medical information systems. J Med Syst. 2013 Apr;37(2):9911.

Chang YF, Yu SH, Shiao DR. A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care. J Med Syst. 2013 Apr;37(2):9902.

Taitsman JK, Grimm CM, Agrawal S. Protecting patient privacy and data security. N Engl J Med. 2013 Mar 14;368(11):977-9.

Regola N, Chawla NV. Storing and using health data in a virtual private cloud. J Med Internet Res. 2013 Mar 13;15(3):e63.

Bonython W, Arnold B. Disclosure ‘downunder’: misadventures in Australian genetic privacy law. J Med Ethics. 2013 Mar 9. [E]

Senft DJ. Mobile devices: Technology aid-Security risk. Geriatr Nurs. 2013 Mar 7 [E]

Mitka M. New HIPAA rule aims to improve privacy and security of patient records. JAMA. 2013 Mar 6;309(9):861-2.

Chen WK, Tso HK. Visual sharing protection method for medical images. J Med Syst. 2013 Feb;37(1):9900.

Jiang Q, Ma J, Ma Z, Li G. A privacy enhanced authentication scheme for telecare medical information systems. J Med Syst. 2013 Feb;37(1):9897.

Franklin R. Secure messaging: myths, facts, and pitfalls. Fam Pract Manag. 2013 Jan-Feb;20(1):21-4.

Lee TF, Chang IP, Wang CC. Simple Group Password-based Authenticated Key Agreements for the Integrated EPR Information System. J Med Syst.  2013 Jan 19. [E]

Kwon J, Johnson ME. Security practices and regulatory compliance in the healthcare industry. J Am Med Inform Assoc. 2013 Jan 1;20(1):44-51.

Dwork C, Pottenger R. Toward practicing privacy. J Am Med Inform Assoc. 2013 Jan 1;20(1):102-8.

Ohno-Machado L. Sharing data for the public good and protecting individual privacy: informatics solutions to combine different goals. J Am Med Inform Assoc. 2013 Jan 1;20(1):1.

Caine K, Hanania R. Patients want granular privacy control over health information in electronic medical records. J Am Med Inform Assoc. 2013 Jan 1;20(1):7-15.

Fabbri D, Lefevre K. Explaining accesses to electronic medical records using diagnosis information. J Am Med Inform Assoc. 2013 Jan 1;20(1):52-60.

White R, Horvitz E. From web search to healthcare utilization: privacy-sensitive studies from mobile data. J Am Med Inform Assoc. 2013 Jan 1;20(1):61-8.

2012
Pan T, Erickson BJ, Marcus DS; CTSA Imaging Informatics Project Group. Whitepapers on imaging infrastructure for research part three: security and privacy. J Digit Imaging. 2012 Dec;25(6):692-702.

Chen TS, Liu CH, Chen TL, Chen CS, Bau JG, Lin TC. Secure Dynamic access control scheme of PHR in cloud computing. J Med Syst. 2012 Dec;36(6):4005-20.

Nikooghadam M, Zakerolhosseini A. Secure communication of medical information  using mobile agents. J Med Syst. 2012 Dec;36(6):3839-50.

Masi M, Pugliese R, Tiezzi F. Security analysis of standards-driven communication protocols for healthcare scenarios. J Med Syst. 2012 Dec;36(6):3695-711.

Hsiao TC, Liao YT, Huang JY, Chen TS, Horng GB. An authentication scheme to healthcare security under wireless sensor networks. J Med Syst. 2012 Dec;36(6):3649-64.

Hawrylak PJ, Schimke N, Hale J, Papa M. Security risks associated with radio  frequency identification in medical environments. J Med Syst. 2012 Dec;36(6):3491-505.

Osunmuyiwa O, Ulusoy AH. Wireless security in mobile health. Telemed J E Health. 2012 Dec;18(10):810-4.

Hamacher K. Resilience to leaking – dynamic systems modeling of information security. PLoS One. 2012;7(12):e49804.

Committee on Adolescence; Council on Clinical and Information Technology. Standards for health information technology to ensure adolescent privacy. Pediatrics. 2012 Nov;130(5):987-90.

Durham E, Xue Y, Kantarcioglu M, Malin B. Quantifying the Correctness, Computational Complexity, and Security of Privacy-Preserving String Comparators for Record Linkage. Inf Fusion. 2012 Oct 1;13(4):245-259.

Chen YY, Lu JC, Jan JK. A secure EHR system based on hybrid clouds. J Med Syst. 2012 Oct;36(5):3375-84.

Hsiao TC, Wu ZY, Chung YF, Chen TS, Horng GB. A secure integrated medical information system. J Med Syst. 2012 Oct;36(5):3103-13.

Lee HC, Chang SH. RBAC-Matrix-based EMR right management system to improve HIPAA compliance. J Med Syst. 2012 Oct;36(5):2981-92.

Liu CH, Chung YF, Chiang TW, Chen TS, Wang SD. A mobile agent approach for secure integrated medical information systems. J Med Syst. 2012 Oct;36(5):2731-41.

Schadt EE. The changing privacy landscape in the era of big data. Mol Syst Biol. 2012 Sep 11;8:612.

Dhopeshwarkar RV, Kern LM, O’Donnell HC, Edwards AM, Kaushal R. Health care consumers’ preferences around health information exchange. Ann Fam Med. 2012 Sep;10(5):428-34.

Pencarrick Hertzman C, Meagher N, McGrail KM. Privacy by Design at Population  Data BC: a case study describing the technical, administrative, and physical controls for privacy-sensitive secondary use of personal information for research in the public interest. J Am Med Inform Assoc. 2012 Aug 30. [E]

Carrión Señor I, Fernández-Alemán JL, Toval A. Are personal health records safe? A review of free web-accessible personal health record privacy policies. J Med Internet Res. 2012 Aug 23;14(4):e114.

Ohno-Machado L. Informatics 2.0: implications of social media, mobile health, and patient-reported outcomes for healthcare and individual privacy. J Am Med Inform Assoc. 2012 Sep 1;19(5):683.

Deleger L, Molnar K, Savova G, Xia F, Lingren T, Li Q, Marsolo K, Jegga A,Kaiser M, Stoutenborough L, Solti I. Large-scale evaluation of automated clinicalnote de-identification and its impact on information extraction. J Am Med Inform Assoc. 2012 Aug 2. [E]

Kramer DB, Baker M, Ransford B, Molina-Markham A, Stewart Q, Fu K, ReynoldsMR. Security and privacy qualities of medical devices: an analysis of FDApostmarket surveillance. PLoS One. 2012;7(7):e40200. [E] 2012 Jul 19.

Liu CH, Chung YF, Chen TS, Wang SD. The enhancement of security in healthcare information systems. J Med Syst. 2012 Jun;36(3):1673-88

Luxton DD, Kayl RA, Mishkind MC. mHealth data security: the need for HIPAA-compliant  standardization. Telemed J E Health. 2012 May;18(4):284-8.

Yu YC, Huang TY, Hou TW. Forward secure digital signature for electronic medical records. J Med Syst. 2012 Apr;36(2):399-406.

Whipple EC, Allgood KL, Larue EM. Third-year medical students’ knowledge of privacy and security issues concerning mobile devices. Med Teach. 2012 Apr 10.

Greene AH. HIPAA compliance for clinician texting. J AHIMA. 2012 Apr;83(4):34-6.

Tomes JP. Staying compliant with the HIPAA privacy and security rules. J AHIMA. 2012 Mar;83(3):32-4.

Schweitzer EJ. Reconciliation of the cloud computing model with US federal electronic health record regulations. J Am Med Inform Assoc. 2012 Mar-Apr;19(2):161-5.

Freymann JB, Kirby JS, Perry JH, Clunie DA, Jaffe CC. Image data sharing for biomedical research–meeting HIPAA requirements for De-identification. J Digit Imaging. 2012 Feb;25(1):14-24.

Kiel JM. HIPAA and its effect on informatics. Comput Inform Nurs. 2012 Jan;30(1):1-5.

Clemens NA. Privacy, consent, and the electronic mental health record: The Person vs. the System. J Psychiatr Pract. 2012 Jan;18(1):46-50.

Erdal BS, Liu J, Ding J, Chen J, Marsh CB, Kamal J, Clymer BD. A database de-identification framework to enable direct queries on medical data for secondary use. Methods Inf Med. 2012;51(3):229-41.

2011
Li F, Zou X, Liu P, Chen JY. New threats to health data privacy. BMC Bioinformatics. 2011 Nov 24;12 Suppl 12:S7.

Andersen CM. A primer for health care managers: data sanitization, equipment disposal, and electronic waste. Health Care Manag (Frederick). 2011 Jul-Sep;30(3):266-70.

Lee CD, Ho KI, Lee WB. A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans Inf Technol Biomed. 2011 Jul;15(4):550-6.

Miller AR, Tucker CE. Encryption and the loss of patient data. J Policy Anal Manage. 2011  Summer;30(3):534-56.

Walsh T; AHIMA. Security audits of electronic health information (updated). J AHIMA. 2011 Mar;82(3):46-50.

Williams PA. Is the biggest security threat to medical information simply a lack of understanding? Stud Health Technol Inform. 2011;168:179-87.

Shin D, Sahama T, Kim SJ, Kim JH. Data encryptions techniques for electronic health record exchange. Stud Health Technol Inform. 2011;164:392-6.

2010
Bennett K, Bennett AJ, Griffiths KM. Security considerations for e-mental health interventions. J Med Internet Res. 2010 Dec 19;12(5):e61.

Chen YP, Hsieh SH, Cheng PH, Chien TN, Chen HS, Luh JJ, Lai JS, Lai F, Chen SJ.  An agile enterprise regulation architecture for health information security management. Telemed J E Health. 2010 Sep;16(7):807-17.

Flores Zuniga AE, Win KT, Susilo W. Biometrics for electronic health records.  J Med Syst. 2010 Oct;34(5):975-83.

Sucurovic S. An approach to access control in electronic health record. J Med Syst. 2010 Aug;34(4):659-66.

Farzandipour M, Sadoughi F, Ahmadi M, Karimi I. Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst. 2010 Aug;34(4):629-42.

Lorence D, Chin J, Richards M. Meeting the ONCHIT population health mandate: a proposed model for security in selective transportable distributed environments. J Med Syst. 2010 Aug;34(4):563-72.

Ferreira A, Antunes L, Chadwick D, Correia R. Grounding information Security in healthcare. Int J Med Inform. 2010 Apr;79(4):268-83.

Mohammad Y, Stergioulas L. Building an information security strategy for EHR: guidelines for assessing the current situation. Conf Proc IEEE Eng Med Biol Soc.2010;2010:3919-22.

Koufi V, Malamateniou F, Vassilacopoulos G, Papakonstantinou D. Healthcare  system evolution towards SOA: a security perspective. Stud Health Technol Inform. 2010;160(Pt 2):874-8.

Ferreira A, Correia R, Chadwick D, Antunes L. Access control in healthcare: the methodology from legislation to practice. Stud Health Technol Inform. 2010;160(Pt 1):666-70.

Dougherty M, Washington L. Still seeking the legal EHR. The push for electronic records increases, the record management questions remain. J AHIMA. 2010 Feb;81(2):42-5.

Katt B, Trojer T, Breu R, Schabetsberger T, Wozak F. Meeting EHR security requirements: SeAAS approach. Stud Health Technol Inform. 2010;155:85-91.

Bjornsson BT, Sigurdardottir G, Stefansson SO. Risk assessment of integrated electronic health records. Stud Health Technol Inform. 2010;155:78-84.
Croll P. Privacy, security and access with sensitive health information. Stud Health Technol Inform. 2010;151:167-75.

 

2009
Fernando JI, Dawson LL. The health information system security threat lifecycle: an informatics theory. Int J Med Inform. 2009 Dec;78(12):815-26.

Peng C, Kesarinath G, Brinks T, Young J, Groves D. Assuring the privacy and security of transmitting sensitive electronic health information. AMIA Annu Symp Proc. 2009 Nov 14;2009:516-20.

Huang LC, Chu HC, Lien CY, Hsiao CH, Kao T. Privacy preservation and information security protection for patients’ portable electronic health records. Comput Biol Med. 2009 Sep;39(9):743-50.

Manion FJ, Robbins RJ, Weems WA, Crowley RS. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study. BMC Med Inform Decis Mak. 2009 Jun 15;9:31.

Demster B, Halpert A, Hjort B, Thomas-Lloyd A. Sanction guidelines for privacy and security breaches. J AHIMA. 2009 May;80(5):57-62.

van der Linden H, Kalra D, Hasman A, Talmon J. Inter-organizational future proof EHR systems. A review of the security and privacy related issues. Int J Med Inform. 2009 Mar;78(3):141-60.

Byrne JM, Elliott S, Firek A. Initial experience with patient-clinician secure messaging at a VA medical center. J Am Med Inform Assoc. 2009 Mar-Apr;16(2):267-70.

Weber-Jahnke JH. Security evaluation and assurance of electronic health records. Stud Health Technol Inform. 2009;143:290-6.

2008
McGuire AL, Fisher R, Cusenza P, Hudson K, Rothstein MA, McGraw D, Matteson S, Glaser J, Henley DE. Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider. Genet Med. 2008 Jul;10(7):495-9

El Emam K, Dankar FK. Protecting privacy using k-anonymity. J Am Med Inform Assoc. 2008 Sep-Oct;15(5):627-37.

Vivas T, Zambrano A, Huerta M. Mechanisms of security based on digital certificates applied in a telemedicine network. Conf Proc IEEE Eng Med Biol Soc. 2008;2008:1817-20.

Adibi S, Agnew GB. On the diversity of eHealth security systems and mechanisms. Conf Proc IEEE Eng Med Biol Soc. 2008;2008:1478-81.

Walsh D, Passerini K, Varshney U, Fjermestad J. Safeguarding patient privacy in electronic healthcare in the USA: the legal view. Int J Electron Healthc. 2008;4(3-4):311-26.  .

Weerasinghe D, Rajarajan M, Elmufti K, Rakocevic V. Patient privacy protection using anonymous access control techniques. Methods Inf Med. 2008;47(3):235-40.

Pharow P, Blobel B. Mobile health requires mobile security: challenges, solutions, and standardization. Stud Health Technol Inform. 2008;136:697-702.

Lea N, Hailes S, Austin T, Kalra D. Knowledge management for the protection of information in electronic medical records. Stud Health Technol Inform. 2008;136:685-90.

Katsikas S, Lopez J, Pernul G. The challenge for security and privacy services in distributed health settings. Stud Health Technol Inform. 2008;134:113-25. Review.

2007
Kailar R, Muralidhar V. A security architecture for health information networks. AMIA Annu Symp Proc. 2007 Oct 11:379-83.

Bønes E, Hasvold P, Henriksen E, Strandenaes T. Risk analysis of information security in a mobile instant messaging and presence system for healthcare. Int J Med Inform. 2007 Sep;76(9):677-87

Green-Shook S, Quinsey CA. Audit functionality and the EHR. The importance of sound reports and clear policies. J AHIMA. 2007 Jun;78(6):62-3.

Agrawal R, Johnson C. Securing electronic health records without impeding the flow of information. Int J Med Inform. 2007 May-Jun;76(5-6):471-9

Lovis C, Spahni S, Cassoni N, Geissbuhler A. Comprehensive management of the access to the electronic patient record: towards trans-institutional networks. Int J Med Inform. 2007 May-Jun;76(5-6):466-70.

Ruotsalainen P, Manning B. A notary archive model for secure preservation  and distribution of electrically signed patient documents. Int J Med Inform. 2007May-Jun;76(5-6):449-53.

Sucurovic S. Implementing security in a distributed web-based EHCR. Int J Med Inform. 2007 May-Jun;76(5-6):491-6.

Blobel B. Comparing approaches for advanced e-health security infrastructures. Int J Med Inform. 2007 May-Jun;76(5-6):454-9.

Lekkas D, Gritzalis D. Long-term verifiability of the electronic healthcare records’ authenticity. Int J Med Inform. 2007 May-Jun;76(5-6):442-8.

Wozak F, Schabetsberger T, Ammmenwerth E. End-to-end security in telemedical networks–a practical guideline. Int J Med Inform. 2007 May-Jun;76(5-6):484-90.

Blobel B. Comparing approaches for advanced e-health security infrastructures. Int J Med Inform. 2007 May-Jun;76(5-6):454-9.

Bakker AR. The need to know the history of the use of digital patient data, in particular the EHR. Int J Med Inform. 2007 May-Jun;76(5-6):438-41.

Sandell P. Framework for securing personal health data in clinical decision support systems. J Healthc Inf Manag. 2007 Spring;21(2):34-40.

Collmann J, Cooper T. Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security. J Am Med Inform Assoc. 2007 Mar-Apr;14(2):239-43

Weerasinghe D, Elmufti K, Rajarajan M, Rakocevic V. Securing electronic health records with novel mobile encryption schemes. Int J Electron Healthc. 2007;3(4):395-416.

Steele R, Gardner W, Chandra D, Dillon TS. Framework and prototype for a secure XML-based electronic health records system. Int J Electron Healthc.2007;3(2):151-74.

Malin B, Airoldi E. Confidentiality preserving audits of electronic medical record access. Stud Health Technol Inform. 2007;129(Pt 1):320-4.

2006
Carter P, Lemery C, Mikels D, Bowen R, Hjort B. Privacy and security in health information exchange. J AHIMA. 2006 Nov-Dec;77(10):64A-64C

Liu BJ, Zhou Z, Huang HK. A HIPAA-compliant architecture for securing clinical images. J Digit Imaging. 2006 Jun;19(2):172-80.

Blobel B. Advanced and secure architectural EHR approaches. Int J Med Inform. 2006 Mar-Apr;75(3-4):185-90.

Rudolph BA, Shah GH, Love D. Small numbers, disclosure risk, security, and reliability issues in Web-based data query systems. J Public Health Manag Pract. 2006 Mar-Apr;12(2):176-83.

Choi YB, Capitan KE, Krause JS, Streeper MM. Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules. J Med Syst. 2006 Feb;30(1):57-64.

Ray P, Wimalasiri J. The need for technical solutions for maintaining the privacy of EHR. Conf Proc IEEE Eng Med Biol Soc. 2006;1:4686-9.

Susilo W, Win KT. Securing electronic health records with broadcast encryption schemes. Int J Electron Healthc. 2006;2(2):175-84.

Dalley A, Lynch K, Feltham P, Fulcher J; David Bomba. The use of smart tokens to permit the secure, remote access of electronic health records. Int J Electron Healthc. 2006;2(1):1-11.

Pharow P, Blobel B. Specific interoperability problems of security infrastructure services. Stud Health Technol Inform. 2006;121:349-63

Hildebrand C, Pharow P, Engelbrecht R, Blobel B, Savastano M, Hovsto A. BioHealth–the need for security and identity management standards in eHealth. Stud Health Technol Inform. 2006;121:327-36.

Blobel B, Pharow P. Formal policies for flexible EHR security. Stud Health Technol Inform. 2006;121:307-16.

 

2005

Lorence DP, Churchill R. Incremental adoption of information security in health-care organizations: implications for document management. IEEE Trans Inf Technol Biomed. 2005 Jun;9(2):169-73.

Sax U, Kohane I, Mandl KD. Wireless technology infrastructures for authentication of patients: PKI that rings. J Am Med Inform Assoc. 2005 May-Jun;12(3):263-8.

Hofler LD, Hardee J, Dildy K, Burleson D, Grady J. HIPAA audit and system activity review. Developing a process that focuses on the greatest risks first. J AHIMA. 2005 Mar;76(3):34-8; quiz 41-2.

Naqvi S, Riguidel M, Demeure I. Security architecture for health grid using ambient intelligence. Methods Inf Med. 2005;44(2):202-6.

Kalra D, Singleton P, Milan J, Mackay J, Detmer D, Rector A, Ingram D. Security and confidentiality approach for the Clinical E-Science Framework (CLEF). Methods Inf Med. 2005;44(2):193-7.

2004
Amatayakul M. What is security auditing? J AHIMA. 2004 Nov-Dec;75(10):58-9.

Gritzalis D, Lambrinoudakis C. A security architecture for interconnecting health information systems. Int J Med Inform. 2004 Mar 31;73(3):305-9.

Cavalli E, Mattasoglio A, Pinciroli F, Spaggiari P. Information security concepts and practices: the case of a provincial multi-specialty hospital. Int J Med Inform. 2004 Mar 31;73(3):297-303.

Ruotsalainen P. A cross-platform model for secure Electronic Health Record communication. Int J Med Inform. 2004 Mar 31;73(3):291-5.

Blobel B. Authorisation and access control for electronic health record systems. Int J Med Inform. 2004 Mar 31;73(3):251-7.

Hagland M. Electronic record, electronic security. J AHIMA. 2004 Feb;75(2):18-22.

Schou CD, Frost J, Maconachy WV. Information assurance in biomedical informatics systems. IEEE Eng Med Biol Mag. 2004 Jan-Feb;23(1):110-8.

Wickramasinghe N, Misra SK. A wireless trust model for healthcare. Int J Electron Healthc. 2004;1(1):60-77.

Ruotsalainen P. Security requirements in EHR systems and archives. Stud Health Technol Inform. 2004;103:453-8.

Pharow P, Blobel B. Security infrastructure services for electronic archives and electronic health records. Stud Health Technol Inform. 2004;103:434-40.

Defteraios S, Lambrinoudakis C, Gritzalis D. High level security policies for health: from theory to practice. Stud Health Technol Inform. 2004;103:416-23.

Blobel B, Pharow P. Implementing MDA-based distributed, interoperable, flexible, scalable, portable, and secure EHR systems. Stud Health Technol Inform. 2004;103:394-9.

Kallepalli VN, Ehikioya SA, Camorlinga S, Rueda JA. Security middleware infrastructure for DICOM images in health information systems. J Digit Imaging. 2003 Dec;16(4):356-64.

Ruotsalainen P. Security requirements in EHR systems and archives. Stud Health Technol Inform. 2004;103:453-8.

Louwerse K. Access control management in practical settings. Stud Health Technol Inform. 2004;103:424-7.

2003
Bakker AR. The evolution of Health Information Systems, security in practice and open issues. Stud Health Technol Inform. 2003;96:15-20.

van der Haak M, Wolff AC, Brandner R, Drings P, Wannenmacher M, Wetter T. Data security and protection in cross-institutional electronic patient records. Int J Med Inform. 2003 Jul;70(2-3):117-30.

2002
Ueckert FK, Prokosch HU. Implementing security and access control mechanisms for an electronic healthcare record. Proc AMIA Symp. 2002:825-9.

2000
Blobel B. Advanced tool kits for EPR security. Int J Med Inform. 2000 Nov;60(2):169-75.

Smith J. Towards a secure EPR: cultural and educational issues. Int J Med Inform. 2000 Nov;60(2):137-42.

Anderson JG. Security of the distributed electronic patient record: a case-based approach to identifying policy issues. Int J Med Inform. 2000 Nov;60(2):111-8.

1999
Pronkin MA, Shifrin MA. Security for electronic patient record systems. Stud Health Technol Inform. 1999;68:866-8.