INTRODUCTION
The security and privacy of patient health information remains a major concern for most health facilities in recent times where patient data can easily be shared between institutions. Patient health information is considered by many as one of the most confidential of all types of personal information.
Protecting this confidentiality is therefore essential if the privacy of subjects of care is to be maintained. Securing patient health information involves security mechanisms versus any party not authorized to access the data. Security and privacy in electronic health records systems can be seriously threatened by hackers, viruses, and worms.
According to studies carried out in several countries, concerns regarding data security and privacy have appeared. A recent study estimated that each year there are 25 million compelled authorizations for the disclosure of health records in the United States.
In order to prevent these concerns, organizations such as the Certification Commission for Healthcare Information Technology (CCHIT) offer a certified program which covers a rigorous inspection of, among other things, security aspects based on existing standards, which is relevant for the United States. There is a real concern about both people’s and entities’ access levels to patient health information.
A patients’ health information might be expose and accessible from several networks or devices in the health facility. (by visiting different doctors’ offices, departments, providers, etc.
Security defects in some of these areas could cause the disclosure of information to unauthorized persons or companies. Patient health information therefore need protection against manipulations, unauthorized accesses and abuses, which includes taking into account training on the security techniques, encryption of health information, user-authentication and authorization.
Patient health information might be tempered with to the extent that administrative staff could for example access information without the patient’s explicit consent in a financial and billing reviews. According to the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, patients’ privacy violations and breaches are becoming more expensive than ever
Therefore, there is the need to assess the various security mechanisms for protecting patient health information from unauthorized access to improve the quality of care delivery.