Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

A systematic literature review on security and privacy of Electronic Health Record Systems: Technical perspectives

Rezaeibagha, F., Win, K.T. and Susilo, W. (2015) A systematic literature review on security and privacy of Electronic Health Record Systems: Technical perspectives. Health Information Management Journal, 44 (3). pp. 23-38.

Link to Published Version:
*Subscription may be required


Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist.

This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems.

Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings.

Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques.

This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

Item Type: Journal Article
Publisher: SAGE
Copyright: © 2015 by Health Information Management Association of Australia Limited
Item Control Page Item Control Page