Security control model for electronic health records

Abstract

Secure Electronic Health Records (EHR) is essential in provision of reliable information to support delivery of healthcare services. The adoption of (EHR) provides improved patient care that is more efficient. The use of EHR raises concerns over protection of patient’s information. Therefore, there is need of a security control model of Electronic health records in the expanded environment. This study developed a model that ensures that the Electronic Health Records is secure from any threat that will compromise the safety of patient’s information at the Moi Teaching and Referral Hospital. The study was guided by three research objectives: To examine security controls of the current EHR system, establish the security controls requirements and to model a security control model for EHR for MTRH. This study was also guided by Systems Theory formulated on the relationship between independent variables and dependent variables on enforcing information security on Technical, Administrative and physical security controls in managing risks, internal process controls and information auditing. The study adopted a cross sectional survey study design on security of patient’s health records with a target population of 200 health records MTRH members of staff working in 8 departments and handling patient’s health information, with a sample size of 133. A three-level questionnaire with both structured and unstructured questions with five-point scale chart was used. The data collected was coded, entered and analyzed using the statistical package for social sciences (SPSS). The summarized data was presented in percentages and frequency distribution tables, charts and graphs. The study findings showed that the administrative Security controls were well articulated in MTRH (60%) compared to Technical (36%) and Physical security controls (32%). Therefore, the study recommended a security control model that secures EHR for MTRH. This is represented by the three-security control in equal measure. This model ensures a proper organized structure for enforcing information security and vital approaches, techniques, procedures and necessary policies and technologies to ensure confidentiality, integrity and availability to ensure a secure EHR.