Rune Hystad
Department of Health and Nursing Science, University of Agder, Norway
Rune Fensli
Center for eHealth and Health Care Technology, Department of ICT, University of Agder, Norway
Download article
Published in: Scandinavian Conference on Health Informatics; August 22; 2014; Grimstad; Norway
Linköping Electronic Conference Proceedings 102:6, p. 37-44
Published: 2014-08-20
ISBN: 978-91-7519-241-3
ISSN: 1650-3686 (print), 1650-3740 (online)
Access control is an essential function in electronic health records (EHR) to maintain the duality between patient safety and patient privacy by ensuring that authorized personnel are allowed access to health records. In the Norwegian secondary care; access control in EHR must be given on the basis of decisions about health care; so called decision based access. There is however no empirical data on experiences with the use and setup of decision based access. A Delphi survey was therefore undertaken to identify what end users and system administrators consider to be important challenges; and ways to improve the access control. The survey shows that challenges identified in previous studies are still present. Access control is not sufficiently tailored to treatment processes; and there is extensive use of exception mechanisms; which creates long event records that are not followed up systematically and therefore may go at the expense of patient privacy. Possible improvements include more education; standardization of access control; easier use of exception mechanisms and a more process oriented access control.
Access control; Electronic health records; Security measures; Patient safety; Delphi Technique
[1] Røstad L. Access Control in Healthcare Information Systems.
PhD thesis. Norwegian University of Science and
Technology; 2009.
[2] Ferreira A; Cruz-Correia R; Antunes L; Chadwick D. Access
control: how can it improve patients’ healthcare? Stud
Health Technol Inform 2007;127: 65-76.
[3] Nystadnes T. EPJ Standard del 2: Tilgangsstyring; retting og sletting Vol. 6/05; 2007.
[4] Helsedirektoratet. Norm for informasjonssikkerhet.
http://helsedirektoratet.no/lover-regler/norm-forinformasjonssikkerhet/Sider/default.aspx (accessed 4 Jan 2014).
[5] Schmidt R. Managing Delphi surveys using nonparametric
statistical techniques. Decision Sciences 1997;28(3): 763-774.
[6] Okoli C; Pawlowski SD. The Delphi Method as a research
tool: an example; design considerations and applications.
Information & Management 2004;42(1): 15-29.
[7] Hsieh HF; Shannon SE. Three Approaches to Qualitative
Content Analysis. Qualitative Health Research 2005;15(9):
1277-1288.
[8] Åhlfeldt RM. Information Security in Distributed
Healthcare. PhD Thesis. Stockholm University; 2008.
[9] Skulmoski; G.J; Hartman; F.T; Krahn; J. The Delphi method
for graduate research. Journal of Information Technology
Education 2007;6: 1–21.
[10] Andresen H. Tilgang til og videreformidling av helseopplysninger.
PhD Thesis. University of Oslo; 2010.
[11] Faxvaag A; Johansen TS; Heimly; V; Melby L. Grimsmo
A. Healthcare Professionals’ Experiences With EHRSystem
Access Control Mechanisms. Studies in Health
Technology and Informatics 2011;169: 601-605.
[12] Innomed. Mønstergjenkjenning som metode for å
oppdage taushetspliktbrudd ved bruk av pasientjournal.
http://www.innomed.no/media/media/prosjekter/rapporter/56_-_Monstergjenkjenning.pdf (accessed 8 Feb 2014).
[13] Andresen H & Aasland OG. Helsepersonells håndtering
av pasientopplysninger. Tidsskrift for den Norske legeforening
2008;128(24): 2823 – 7.
[14] Økland S. Haumann K.. & Christiansen RS. Urettmessig
tilegnelse av taushetsbelagte opplysninger fra kliniske ITsystemer.
Msc thesis. University of Agder: 2011.
[15] DIPS. Forenklet brukeradministrasjon.
http://dips.mediabok.no/113/index.html#14/z (accessed 10
Mar 2014).
[16] Andresen Ø. Moglegheiter for kvalitetsregister gjennom
ny IKT. http://www.helsebergen.no/fagfolk/forskning/Documents/kvalitetsregisterkonferansen%202013-%20postere%20foredrag/Registerkonferanse2013%20%C3%98rjan%20Andersen.pdf (accessed 21 Feb 2014).
[17] Finborud IM. Prosjekter gjennom tidene – hva har vi lært
http://www.nasjonalikt.no/filestore/Arrangementer/Prosjektledersamling_
2014/IngerM.Finborud_ProsjektarbeidiHelseSrst.pdf (accessed 18 Mar 2014).
