Informatics in Medicine Unlocked (Jan 2024)
Access control solutions in electronic health record systems: A systematic review
Abstract
Electronic Health Records (EHRs) are electronically-stored patient medical histories shared among healthcare institutions. Recent studies show that EHRs experience healthcare data protection challenges, and the difficulty lies in providing access to the right individuals at the appropriate time and place. This study synthesizes and analyzes existing literature on access control solutions in EHRs through a systematic literature review. Using the 2020 PRISMA guidelines, a total of 20 qualified journal articles were examined and each proposed mechanism was grouped according to the four categories of access control: Identification, Authentication, Authorization, and Accountability (IAAA). Our findings reveal an interconnection between these categories, with the most popular authorization mechanism being Attribute-based Access Control (ABAC). Methodologies analyzed include a credential system (12 studies), authentication (10 studies), and accountability (2 studies); these most commonly used unique IDs, digital signatures and access control logs respectively. Prominent research gaps found in the sample literature are methodology implementation and standards compliance limitations, of which the former includes the lack of multi-factor authentication, emergency access, patient consent, and accountability. From these findings we infer that further research is needed to protect EHRs from these information security threats.
