Standard Operating Procedures for a Secure Electronic Health Record in Low-Resource Settings


PDF document icon ms-20-194.pdf — PDF document, 596 kB (611,123 bytes)

Author(s): MEASURE Evaluation

Year: 2020

Standard Operating Procedures for a Secure Electronic Health Record in Low-Resource Settings   Abstract:

These standard operating procedures have the following objectives:

  • Provide guidance for implementing security safeguards for an electronic health record (EHR) in a low-resource country using current best practices tailored for low-resource settings.
  • Incorporate best practices based on National Institute of Standards and Technology Special Publication 800, International Organization for Standardization 27001, the Office of the National Coordinator Security Risk Assessment Tool, and other international privacy and security standards.
  • Understand common threats to security that must be regularly assessed.

Safeguarding an EHR to maximize privacy, confidentiality, and security while ensuring that the system data are accessible to users is critical to EHR adoption and acceptance as well as respecting the rights of patients to private and confidential treatment. EHR implementers should take advantage of safeguards built into software and operating systems that enhance privacy and security. In addition, policies and procedures should be in place that promote a culture of information and system security awareness and respect for privacy.

Best practices around privacy and security for information systems are widely available, but often they do not account for the availability of resources, such as human resource capacity and Internet connectivity. This job aid has been curated to highlight critical privacy and security safeguards based on international best practices while taking into account EHR implementation scenarios commonly practiced in low-resource settings.