Confidentiality in the era of electronic health records: ethical challenges and solutions

Ziad Saleh Alhomidan; Nasser Mathyab Albaqami; Abdulrahman Abdulkhaliq Alshehri; Abdullah Abdulaziz Aldubaib; Abdulaziz Bandar Alsuwailem; Khalid Faisal Al Ghadam

doi:10.18203/2394-6040.ijcmph20250945

Authors

Ziad Saleh Alhomidan Department of Medical Administration, Ministry of Defence, Riyadh, Saudi Arabia
Nasser Mathyab Albaqami Department of Pediatrics, Ministry of Defence, Riyadh, Saudi Arabia
Abdulrahman Abdulkhaliq Alshehri Department General Medicine, Ministry of Defence, Riyadh, Saudi Arabia
Abdullah Abdulaziz Aldubaib Department of Family Medicine, King Abdulaziz Medical City, Riyadh, Saudi Arabia
Abdulaziz Bandar Alsuwailem Department of Emergency Medicine, Ministry of Defence, Riyadh, Saudi Arabia
Khalid Faisal Al Ghadam Department of Neonatal Intensive Care Unit, Armed forces Hospital Southern Region, Khamis Mushayt, Saudi Arabia

DOI:

https://doi.org/10.18203/2394-6040.ijcmph20250945

Keywords:

Electronic health records, Confidentiality, Encryption, Artificial intelligence , Data security

Abstract

The incorporation of electronic health records (EHRs) into healthcare systems has greatly enhanced medical data management efficiency and patient care. Concerning patient confidentiality, this digital transformation also raises ethical and security issues. Sensitive health information protection is a concern due to unauthorized access, cyber threats, and legal complications. Ethical principles of patient autonomy and informed consent are usually breached when patients lack control over their use of data, especially for secondary uses such as research and commercial exploitation. For enhancing security and confidentiality of EHRs, several technology alternatives have been suggested. Self-sovereign identity systems and patient-controlled data-sharing models are also being explored to enable more transparency and empower patients with greater control over their health records. Ethical dilemmas surrounding EHR confidentiality are examined in this literature review, which also looks at privacy risks, legal frameworks, and technological solutions. This review will also delve into the possibility of blockchain, artificial intelligence (AI)-powered cybersecurity, role-based access control, and encryption as viable measures for maintaining the confidentiality of EHR. By incorporating the latest research, this review aims to provide healthcare providers, policymakers, and researchers with information on how digital health privacy and security practices evolve.

Metrics

Metrics Loading ...

References

Stoumpos AI, Kitsios F, Talias MA. Digital transformation in healthcare: technology acceptance and its applications. Int J Environmen Res Publ Heal. 2023;20(4):3407. DOI: https://doi.org/10.3390/ijerph20043407

Li E, Clarke J, Ashrafian H, Darzi A, Neves AL. The impact of electronic health record interoperability on safety and quality of care in high-income countries: systematic review. J Med Internet Res. 2022;24(9):e38144. DOI: https://doi.org/10.2196/38144

Al-Shammari MA, Jaafar JS, Elfeshawy R. The role of electronic health records in improving pediatric nursing care: a systematic review. Egypt Pediatr Asso Gazette. 2024;72(1):77. DOI: https://doi.org/10.1186/s43054-024-00318-7

Javaid M, Haleem A, Singh RP. Health informatics to enhance the healthcare industry's culture: An extensive analysis of its features, contributions, applications and limitations. Inform Health. 2024;1(2):123-48. DOI: https://doi.org/10.1016/j.infoh.2024.05.001

Osawaru G. Electronic Health Record Data Breaches in US Healthcare Industry: A Quantitative Study Using the Protection Motivation Theory (PMT) to Mitigate Data Breaches, University of the Cumberlands. 2024.

Mancho AT. A case study on data insecurity in automated medical record security lapses. Northcentral University; 2015.

Snellings E. Cyber Threats on the Electronic Healthcare Record System, Utica College. 2020.

Stadler A. The Health Insurance Portability and Accountability Act and its Impact on Privacy and Confidentiality in Healthcare. 2021.

Marovic B, Curcin V. Impact of the European general data protection regulation (GDPR) on health data management in a European Union candidate country: a case study of Serbia. JMIR Med Informat. 2020;8(4):e14604. DOI: https://doi.org/10.2196/14604

Yuan B, Li J. The policy effect of the General Data Protection Regulation (GDPR) on the digital public health sector in the European Union: an empirical investigation. Int J Environ Res Publ Heal. 2019;16(6):1070. DOI: https://doi.org/10.3390/ijerph16061070

Khan ZF, Alotaibi SR. Applications of artificial intelligence and big data analytics in m‐health: A healthcare system perspective. J Healthcare Enginring. 2020;2020(1):8894694. DOI: https://doi.org/10.1155/2020/8894694

Mondal H, Mondal S. Ethical and social issues related to AI in healthcare. Methods Microbiol. 2024;55:247-81. DOI: https://doi.org/10.1016/bs.mim.2024.05.009

Banerjee S, Barik S, Das D, Ghosh U. EHR security and privacy aspects: A systematic review. IFIP International Internet of Things Conference. 2023. DOI: https://doi.org/10.1007/978-3-031-45878-1_17

Alarfaj KA, Rahman MH. The Risk Assessment of the Security of Electronic Health Records Using Risk Matrix. Applied Sci. 2024;14(13):5785. DOI: https://doi.org/10.3390/app14135785

Sharma P, Bir J, Prakash S. Navigating Privacy and Security Challenges in Electronic Medical Record (EMR) Systems: Strategies for Safeguarding Patient Data in Developing Countries-A Case Study of the Pacific. Paper presented at: International Conference on Medical Imaging and Computer-Aided Diagnosis. 2023. DOI: https://doi.org/10.1007/978-981-97-1335-6_33

Brown LT. Human factors and the insider threat to electronic health records: A case study, Northcentral University. 2018.

Burks A. Strategies Used in Healthcare Organizations to Protect Information Against Security Breaches: A Case Study, University of Phoenix. 2024.

Seh AH, Zarour M, Alenezi M, Amal KS, Alka A, Rajeev K, et al. Healthcare data breaches: insights and implications. Healthcare. 2020;8(2):133. DOI: https://doi.org/10.3390/healthcare8020133

Alshamrani M. IoT and artificial intelligence implementations for remote healthcare monitoring systems: A survey. J King Saud University Computer Information Sci. 2022;34(8):4687-701. DOI: https://doi.org/10.1016/j.jksuci.2021.06.005

Paraschiv E-A, Cîrnu CE, Vevera AV. Integrating Artificial Intelligence and Cybersecurity in Electronic Health Records: Addressing Challenges and Optimizing Healthcare Systems. 2024. DOI: https://doi.org/10.5772/intechopen.1007041

Paul M, Maglaras L, Ferrag MA, Almomani I. Digitization of healthcare sector: A study on privacy and security concerns. ICT Express. 2023;9(4):571-88. DOI: https://doi.org/10.1016/j.icte.2023.02.007

Nemec Zlatolas L, Welzer T, Lhotska L. Data breaches in healthcare: security mechanisms for attack mitigation. Cluster Computing. 2024;27(7):8639-54. DOI: https://doi.org/10.1007/s10586-024-04507-2

Ala'a M, Ramayah T, Al-Sharafi MA. Exploring the impact of cybersecurity on using electronic health records and their performance among healthcare professionals: A multi-analytical SEM-ANN approach. Technol Society. 2024;77:102592. DOI: https://doi.org/10.1016/j.techsoc.2024.102592

Neprash HT, McGlave CC, Cross DA, Beth AV, Michael AP, Jared DH, et al. Trends in ransomware attacks on US hospitals, clinics, and other health care delivery organizations, 2016-2021. JAMA Health Forum. 2022;3(12):e224873. DOI: https://doi.org/10.1001/jamahealthforum.2022.4873

Koppel R, Kuziemsky C. Healthcare data are remarkably vulnerable to hacking: connected healthcare delivery increases the risks. In: Improving Usability, Safety and Patient Outcomes with Health Information Technology. IOS Press. 2019;218-22. DOI: https://doi.org/10.3233/978-1-61499-951-5-218

Alugoju NR. The Dark Side Of Ai: A Growing Globalthreat In Cybersecurity. International Journal Of Engineering And Technology Research (IJETR). 2024;9(2):579-87.

Poongodi R, Samuel R, Rohith P, Parthasarathy S, Ramana B. Strengthening Cybersecurity in Indian Healthcare–Lessons from the Recent Ransomware Attacks on Hospitals. IJARIIT. 2024;16(6):NA.

Isibor E. Regulation of Healthcare Data Security: Legal Obligations in A Digital Age. Faculty Of Law In Partial Fulfilment Of The Requirement For The Award Of Bachelor Of Laws (Ll.B) Of Obafemi Awolowo University Ile-Ife, Osun State, Nigeria. 2024;1-132.

Alanazi AT, Alanazi A. Clinicians’ perspectives on healthcare cybersecurity and cyber threats. Cureus. 2023;15(10):e47026. DOI: https://doi.org/10.7759/cureus.47026

Nifakos S, Chandramouli K, Nikolaou CK, et al. Influence of human factors on cyber security within healthcare organisations: A systematic review. Sensors. 2021;21(15):5119. DOI: https://doi.org/10.3390/s21155119

Marušič D, Rupel VP, Mihelj P. Cross-Border Experiences in Health IT: What Are the Requests for the Medical Record? Opportunities and Emerging Issues. Paper presented at: New Perspectives in Medical Records: Meeting the Needs of Patients and Practitioners. 2017. DOI: https://doi.org/10.1007/978-3-319-28661-7_13

Nalin M, Baroni I, Faiella G, Maria R, Flavia M, Erol G, et al. The European cross-border health data exchange roadmap: Case study in the Italian setting. J Biomed Informat. 2019;94:103183. DOI: https://doi.org/10.1016/j.jbi.2019.103183

De Moor G, Sundgren M, Kalra D, Andreas S, Martin D, Brecht C, et al. Using electronic health records for clinical research: the case of the EHR4CR project. J Biomed Informat. 2015;53:162-73. DOI: https://doi.org/10.1016/j.jbi.2014.10.006

Shah SM, Khan RA. Secondary use of electronic health record: Opportunities and challenges. IEEE. 2020;8:136947-65. DOI: https://doi.org/10.1109/ACCESS.2020.3011099

Cobrado UN, Sharief S, Regahal NG, Zepka E, Mamauag M, Velasco LC. Access control solutions in electronic health record systems: A systematic review. Informat Med Unlocked. 2024;101552. DOI: https://doi.org/10.1016/j.imu.2024.101552

Cascini F, Pantovic A, Al-Ajlouni YA, Puleo V, De Maio L, Ricciardi W. Health data sharing attitudes towards primary and secondary use of data: a systematic review. EClinicalMedicine. 2024;71. DOI: https://doi.org/10.1016/j.eclinm.2024.102551

Omar IA, Jayaraman R, Salah K, Simsekler MCE, Yaqoob I, Ellahham S. Ensuring protocol compliance and data transparency in clinical trials using Blockchain smart contracts. BMC Med Res Methodol. 2020;20:1-17. DOI: https://doi.org/10.1186/s12874-020-01109-5

Esmaeilzadeh P, Mirzaei T. The potential of blockchain technology for health information exchange: experimental study from patients’ perspectives. J Med Internet Res. 2019;21(6):e14184. DOI: https://doi.org/10.2196/14184

Abhishek, Tripathy HK, Mishra S. A succinct analytical study of the usability of encryption methods in healthcare data security. In: Next generation healthcare informatics. Springer. 2022;105-20. DOI: https://doi.org/10.1007/978-981-19-2416-3_7

Chen F, Luo Y, Zhang J, Junru Z, Ziyang Z, Chuanxin Z,et al. An infrastructure framework for privacy protection of community medical internet of things: Transmission protection, storage protection and access control. World Wide Web. 2018;21(1):33-57. DOI: https://doi.org/10.1007/s11280-017-0455-z

Dubovitskaya A, Baig F, Xu Z, Rohit S, Pratik SZ, Arun S, et al. ACTION-EHR: Patient-centric blockchain-based electronic health record data management for cancer care. Journal of medical Internet research. 2020;22(8):e13598. DOI: https://doi.org/10.2196/13598

Shuaib K, Abdella J, Sallabi F, Serhani MA. Secure decentralized electronic health records sharing system based on blockchains. J King Saud University Computer Inform Sci. 2022;34(8):5045-58. DOI: https://doi.org/10.1016/j.jksuci.2021.05.002

Hu VC, Ferraiolo D, Kuhn DR. Assessment of access control systems. Vol 76: US Department of Commerce, National Institute of Standards and Technology. 2006. DOI: https://doi.org/10.6028/NIST.IR.7316

Samonte MJC, Dalina CQ, Pingol YEM, Yee FNME. Secure Healthcare Access: Design and Implementation of a Web Application through Role-Based Access Control in an Integrated Diagnostic Health Center. Paper presented at: 2024 14th International Conference on Software Technology and Engineering (ICSTE). 2024. DOI: https://doi.org/10.1109/ICSTE63875.2024.00048

Hämäläinen M. Analysis of artificial intelligence in cybersecurity identity and access management: potential for disruptive innovation. Lappeenranta–Lahti University of Technology LUT Master's Programme in Software Product Management and Business, Master’s thesis. 2024.

Fareed G, Faiza KES, Johnson E. AI-Powered IAM Solutions for Strengthening HIPAA Compliance in Cloud-Based Healthcare Systems. Int J Adv Engineering Technol Innovations. 2021;1(4):118-45.

Chaudhari S, Tomar S, Rawat A. Design, implementation and analysis of multi layer, Multi Factor Authentication (MFA) setup for webmail access in multi trust networks. Paper presented at: 2011 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC). 2011. DOI: https://doi.org/10.1109/ETNCC.2011.5958480

Carmel V, Akila D. A survey on biometric authentication systems in cloud to combat identity theft. J Crit Rev. 2020;7(03):540-7. DOI: https://doi.org/10.31838/jcr.07.03.97

Saks MJ, Grando A, Murcko A, Millea C. Granular patient control of personal health information: federal and state law considerations. Jurimetrics. 2018;58(4):411.

Nowrozy R, Ahmed K, Kayes A, Wang H, McIntosh TR. Privacy preservation of electronic health records in the modern era: A systematic survey. ACM Computing Surveys. 2024;56(8):1-37. DOI: https://doi.org/10.1145/3653297

Siqueira A, Da Conceição AF, Rocha V. Blockchains and self-sovereign identities applied to healthcare solutions: A systematic review. ACM Comput Surv. 2021;1(1):1-28.

Bai P, Kumar S, Aggarwal G, Mahmud M, Kaiwartya O, Lloret J. Self-sovereignty identity management model for smart healthcare system. Sensors. 2022;22(13):4714. DOI: https://doi.org/10.3390/s22134714

Ettaloui N, Arezki S, Gadi T. Blockchain‐Based Electronic Health Record: Systematic Literature Review. Human Behavior Emerging Technologies. 2024;2024(1):4734288. DOI: https://doi.org/10.1155/hbe2/4734288

Negro-Calduch E, Azzopardi-Muscat N, Krishnamurthy RS, Novillo-Ortiz D. Technological progress in electronic health record system optimization: Systematic review of systematic literature reviews. Int J Med Informatics. 2021;152:104507. DOI: https://doi.org/10.1016/j.ijmedinf.2021.104507

Rashid MRA, Al Rafi A, Islam MA, Sharkar SU, Rafi ZH, Hasan M, et al. Enhancing land management policy in Bangladesh: A blockchain-based framework for transparent and efficient land management. Land Use Policy. 2025;150:107436. DOI: https://doi.org/10.1016/j.landusepol.2024.107436

Alhasan TK. Managing legal risks in health information exchanges: A comprehensive approach to privacy, consent, and liability. J Healthcare Risk Management. 2025;NA. DOI: https://doi.org/10.1002/jhrm.70002

Xia L, Cao Z, Zhao Y. Paradigm Transformation of Global Health Data Regulation: Challenges in Governance and Human Rights Protection of Cross-Border Data Flows. Risk Management Healthcare Policy. 2024;17:3291-304. DOI: https://doi.org/10.2147/RMHP.S450082

Sabonchi AKS. Securing Electronic Health Records with Cryptography and Lion Optimization. J Cyber Security. 2025;7(1):21-43. DOI: https://doi.org/10.32604/jcs.2025.059645