Overview of Security Considerations for eHealth

Author(s): MEASURE Evaluation SIFSA

Year: 2015

Abstract:

Security is of fundamental importance when dealing with health information, especially data that contains identifiable patient information, which may be particularly sensitive.

The South African National eHealth Strategy explicitly states the need for regulations on privacy, confidentiality, and security and the need to protect information and patient privacy at all times. It is therefore important that when electronic patient records are rolled out, thorough security is implemented. This requires assigning a dedicated specialised team to information security.

There are many security domains that need to be considered when deploying eHealth systems. Personally identifiable health data is particularly sensitive and its security must be ensured. Because of this, security professionals should be involved at all stages of the design, development, procurement, and implementation of patient-based health information systems. Significant attention must be paid to access controls and assessing risk. When risks and vulnerabilities are found, there should be a plan in place to mitigate that risk.