Volume 11, Issue 4 (April 2024), Pages: 167-181
----------------------------------------------
Original Research Paper
A security framework to protect ePHI in Saudi Arabia's healthcare infrastructure
Author(s):
Naif Hakami, Hazzaa Alshareef, Maha Helal *
Affiliation(s):
College of Computing Informatics, Saudi Electronic University, Riyadh, Saudi Arabia
Full text
Full Text - PDF
* Corresponding Author.
Corresponding author's ORCID profile: https://orcid.org/0000-0002-3834-4410
Digital Object Identifier (DOI)
https://doi.org/10.21833/ijaas.2024.04.019
Abstract
Today, protecting patient privacy and ensuring the accuracy and integrity of their data are the two most crucial concerns in the healthcare field. Unauthorized access or changes to patients' private health records can lead to serious issues. Moreover, if healthcare providers fail to update a patient's records quickly, it could result in dangerous, even life-threatening situations. Attacks on hospital computer systems also present a significant danger to patient care. Establishing strong security measures and procedures through cybersecurity frameworks can help protect sensitive patient information, known as electronic protected health information (ePHI). The Security Rule by Health Insurance Portability and Accountability Act (HIPAA), a well-established set of security guidelines, focuses on safeguarding ePHI held by healthcare organizations and their associates. This paper suggests creating a Data Cybersecurity Framework (DCF) specifically for the healthcare sector in Saudi Arabia. This framework aims to shield ePHI and align with the security recommendations of the HIPAA Security Rule. The development of this proposed framework involved consultations with healthcare cybersecurity experts and concentrated on the healthcare system in Saudi Arabia. The research concludes that enhancing the protection of patient information and raising public awareness requires the joint efforts of various entities, including government bodies.
© 2024 The Authors. Published by IASE.
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
Keywords
Patient privacy, Data integrity, Cybersecurity framework, ePHI protection, Healthcare sector
Article history
Received 22 November 2023, Received in revised form 1 April 2024, Accepted 18 April 2024
Acknowledgment
No Acknowledgment.
Compliance with ethical standards
Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Citation:
Hakami N, Alshareef H, and Helal M (2024). A security framework to protect ePHI in Saudi Arabia's healthcare infrastructure. International Journal of Advanced and Applied Sciences, 11(4): 167-181
Permanent Link to this page
Figures
Fig. 1 Fig. 2 Fig. 3 Fig. 4 Fig. 5 Fig. 6 Fig. 7
Tables
Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12 Table 13 Table 14 Table 15
----------------------------------------------
References (16)
- Al Hamid HA, Rahman SM, Hossain MS, Almogren A, and Alamri A (2017). A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography. IEEE Access, 5: 22313-22328. https://doi.org/10.1109/ACCESS.2017.2757844 [Google Scholar]
- Alabdulatif A, Khalil I, Yi X, and Guizani M (2019). Secure edge of things for smart healthcare surveillance framework. IEEE Access, 7: 31010-31021. https://doi.org/10.1109/ACCESS.2019.2899323 [Google Scholar]
- Al-Kahtani N, Alrawiai S, Al-Zahrani BM, Abumadini RA, Aljaffary A, Hariri B, Alissa K, Alakrawi Z, and Alumran A (2022). Digital health transformation in Saudi Arabia: A cross-sectional analysis using healthcare information and management systems society’ digital health indicators. Digital Health. https://doi.org/10.1177/20552076221117742 [Google Scholar] PMid:35959196 PMCid:PMC9358341
- Almalki M, Fitzgerald G, and Clark M (2011). Health care system in Saudi Arabia: An overview. Eastern Mediterranean Health Journal, 17(10): 784-793. https://doi.org/10.26719/2011.17.10.784 [Google Scholar] PMid:22256414
- Alzahrani AG, Alhomoud A, and Wills G (2022). A framework of the critical factors for healthcare providers to share data securely using blockchain. IEEE Access, 10: 41064-41077. https://doi.org/10.1109/ACCESS.2022.3162218 [Google Scholar]
- Attallah N, Gashgari H, Al Muallem Y, Al Dogether M, Al Moamary E, Almeshari M, and Househ M (2016). A literature review on health information exchange (HIE). In: Mantas J, Hasman A, and Gallos G (Eds.), Unifying the applications and foundations of biomedical and health informatics: 173–176. IOS Press, Amsterdam, Netherlands. [Google Scholar]
- Czernek-Marszałek K and McCabe S (2024). Sampling in qualitative interview research: criteria, considerations and guidelines for success. Annals of Tourism Research, 104: 103711. https://doi.org/10.1016/j.annals.2023.103711 [Google Scholar]
- Duggineni S (2023). Impact of controls on data integrity and information systems. Science and Technology, 13(2): 29-35. [Google Scholar]
- Hathaliya JJ and Tanwar S (2020). An exhaustive survey on security and privacy issues in Healthcare 4.0. Computer Communications, 153: 311–335. https://doi.org/10.1016/j.comcom.2020.02.018 [Google Scholar]
- Hussain F, Abbas SG, Shah GA, Pires IM, Fayyaz UU, Shahzad F, Garcia NM, and Zdravevski E (2021). A framework for malicious traffic detection in IoT healthcare environment. Sensors, 21(9): 3025. https://doi.org/10.3390/s21093025 [Google Scholar] PMid:33925813 PMCid:PMC8123414
- Keshta I and Odeh A (2021). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal, 22(2): 177-183. https://doi.org/10.1016/j.eij.2020.07.003 [Google Scholar]
- Marron JA (2022). Implementing the health insurance portability and accountability act (HIPAA) security rule: A cybersecurity resource guide. National Institute of Standards and Technology, Gaithersburg, USA. https://doi.org/10.6028/NIST.SP.800-66r2.ipd [Google Scholar]
- Seh AH, Zarour M, Alenezi M, Sarkar AK, Agrawal A, Kumar R, and Khan RA (2020). Healthcare data breaches: Insights and implications. Healthcare, 8(2): 133. https://doi.org/10.3390/healthcare8020133 [Google Scholar] PMid:32414183 PMCid:PMC7349636
- Shah SM and Khan RA (2020). Secondary use of electronic health record: Opportunities and challenges. IEEE Access, 8: 136947–136965. https://doi.org/10.1109/ACCESS.2020.3011099 [Google Scholar]
- Tervoort T, De Oliveira MT, Pieters W, Van Gelder P, Olabarriaga SD, and Marquering H (2020). Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: A scoping review. IEEE Access, 8: 84352-84361. https://doi.org/10.1109/ACCESS.2020.2984376 [Google Scholar]
- Tucker K, Branson J, Dilleen M, Hollis S, Loughlin P, Nixon MJ, and Williams Z (2016). Protecting patient privacy when sharing patient-level data from clinical trials. BMC Medical Research Methodology, 16(Suppl 1): 77. https://doi.org/10.1186/s12874-016-0169-4 [Google Scholar] PMid:27410040 PMCid:PMC4943495
|