Abstract:
Privacy and security are important aspects in healthcare that requires proper consideration to ensure patient safety. Centralized electronic medical record has been introduced in Rwanda to enhance the care continuum and to provide patient with rights on their personal medical records, however there is still privacy and security concerns that need to be addressed for ensuring the privacy and security of patient record. This qualitative study aimed to explore the privacy and security issues of the introduced centralized medical record concept, design and propose mitigation measures to ensure the privacy and security of individual electronic medical records.
Methods
This qualitative study used in depth interviews of 70 participants including 29 doctors and nurses, 24 patients and 17 ICT experts selected using purposive sampling method. The interviews were conducted using a semi-structured questionnaire that explored the privacy and security issues of the centralized electronic health record in Rwanda. The interviews were audio-recorded, transcribed verbatim, and analyzed thematically.
Results
The study found that the centralized electronic health record in Rwanda still have unsolved privacy and security concerns including undesirable access and breach of patient data, network attacks, Data loss, Data forgery which includes theft, fraud, and other privacy violations. The design of mitigation measures to prevent the presented privacy and security concerns was seen as the potential solution found in this study. The mitigation measures include Access restriction with strong password and multifactor authentication, role-based access, data encryption, Employee training and awareness, Incident response plan, Regular auditing, Regulatory compliance, Vendor Management, Data backups and disaster recovery.
Conclusion
