Secondary Use of Electronic Health Record

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2020.3011099, IEEE Access
Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2017.DOI
Secondary Use of Electronic Health

Record: Opportunities and Challenges
SHAHID MUNIR SHAH AND RIZWAN AHMED KHAN
Faculty of Information Technology, Barrett Hodgson University, Karachi, Pakistan
shahid.munir@bhu.edu.pk, rizwan.khan@bhu.edu.pk
Corresponding author: Rizwan Ahmed Khan (e-mail: rizwan.khan@bhu.edu.pk).
ABSTRACT In the present technological era, healthcare providers generate huge amounts of clinical data
on a daily basis. Generated clinical data is stored digitally in the form of Electronic Health Record (EHR) as
a central data repository of hospitals. Data contained in EHR is not only used for the patients’ primary care
but also for various secondary purposes such as clinical research, automated disease surveillance and clinical
audits for quality enhancement. Using EHR data for secondary purposes without consent or in some cases
even with consent creates privacy issues. Secondly, EHR data is also made accessible to various stakeholders
including different government agencies at various geographical sites through wired or wireless networks.
Sharing of EHR across multiple agencies makes it vulnerable to cyber attacks and also makes it difficult to
implement strict privacy laws as in some cases data is shared with organization that is governed by specific
regional law. Privacy of an individual could be severely affected when their sensitive private information
contained in EHR is leaked or exposed to the public. Data leaks can cause financial losses or an individual
may encounter social boycott if their medical condition is exposed in public. To protect patients personal
data from such threats, there exists different privacy regulations such as General Data Protection Regulation
(GDPR), Health Insurance Portability and Accountability Act (HIPAA) and My Health Record (MHR).
However, continually evolving state-of-the-art techniques in Machine Learning (ML), Data Analytics (DA)
and hacking are making it even more difficult to completely protect an individual’s / patient’s privacy. In this
article, we have systematically examined various secondary uses of EHR with the aim to highlight how these
secondary uses affect patients’ privacy. Secondly, we have critically analyzed GDPR & HIPAA regulations
and highlighted their possible areas of improvement, considering escalating use of technology and different
secondary uses of EHR.
INDEX TERMS Electronic Health Records (EHR), ethical concerns, General Data Protection Regulation
(GDPR), privacy, secondary uses of EHR.
I. INTRODUCTION procedure is adopted by the medical practitioners because of

LINICAL data is generated in the form of ongoing ease of handling, lack of understanding or for the purpose of
C patient diagnostic services. These services usually take
place in hospitals, clinics or laboratories through different
treating more patients in less time. However, this method of
storing patient’s medical information is not useful for the pa-
clinical trials (via medical imaging or doctors’ prescriptions) tients and does not guarantee accurate and timely deliverance
or through wireless body area network using wearable sen- of healthcare services. Some other problems associated with
sors [1]. All of these sources produce a huge amount of manual recording of clinical / medical data are:
clinical data world wide and its volume is experiencing an 1) Paper based medical records can easily be altered or
exponential growth. It is estimated that clinical data will can be lost and may cause severe consequences.
swell up to 2314 Exabytes by 2020 from a figure of 153 2) Physicians / clinicians can prescribe wrong medica-
Exabytes in 2013 with an annual growth rate of 48% [2]. tions (due to alteration of paper based medical records)
In most of the countries (especially developing countries), or cannot advise right medications during follow up
data generated during routine clinical practices is stored visits without properly knowing past medical records
manually in the form of paper based medical records. This of patients.
VOLUME 4, 2016 1
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
R. A . Khan et al.
making by providing automated analysis of data [8].

3) EHR system acts as a central database of informa-
tion for patient documentation and billing, maintaining
quality, and supporting patient related sensitive deci-
sions [9].
4) Data saved in EHRs can be accessed through multiple
locations simultaneously and also can be shared with
different partner organizations conveniently. Thus,
making data accessible to the concerned physicians
across multiple sites to better provide healthcare ser-
vices.
5) EHR reduces the probability of errors related to medi-
cal data analysis as it stores complete medical records
and thus lowers overall healthcare cost [10].
With all the above mentioned benefits of using EHR,
certain risk factors are also associated with it. The most
important issue is the data security and patient’s privacy. In
FIGURE 1. EHR as a clinical data repository.
case, if EHR data is leaked / theft or stolen from the database
it can be misused (by altering dosage of drugs or treatment
procedure etc.) and may cause severe complications or even
3) It is not practical for a person to carry a huge bunch
lead to the patient’s death [11]. It is therefore utmost impor-
of paper based past medical records during follow up
tant to protect patient’s information in the central database
visits or to describe complete medical history to a
from unauthorized wrong hands. Patient’s information may
physician / clinician in case of change of physician or
also be stolen while it is in transmission to the other linked
hospital.
services over the network or when it is stored on distributed
4) Reviewing and analyzing paper based records poses
servers of cloud.
cumbersome task for new physicians or medical staff Information contained in EHR is also used for different
when patients change their physicians or hospital. secondary purposes (other than patient personal care) such
To avoid all of the above described difficulties, an auto- as clinical research, health promotions, clinical audit and
mated / electronic online patient information system through clinical governance, national screening and preventive cam-
which patients’ complete medical record is made available to paigns, audits against national standards, national statistics,
healthcare professionals is required. Such electronic system planning future services, and resource allocations etc. [12]
also serves the purpose of storing patients data for longer (refer Section V for discussion on secondary uses of EHR).
time without any alterations and makes it accessible through For all such uses, patients may not be willing to share their
different locations to support quick decision making pro- information as often patients share their private health data
cesses [3]. for their personal care and not for the other / secondary uses.
Healthcare organizations are now adopting techniques to Using patient sensitive information for different secondary
digitize medical records to overcome challenges (described purposes without their consent can seriously affect their
above) faced by them or by patients while using paper privacy.
based medical records [4]. With the new technique, patients’ To safeguard patient privacy or personal data, there exist
clinical data is now stored as Electronic Health Records privacy standards in different regions of the world such as
(EHR). EHR are the patients’ computerized health records General Data Protection Regulation (GDPR) in Europe [13],
that contain patients’ complete information along with their [14], Health Insurance Portability and Accountability Act
medical history in a format (refer Figure 1) that can be (HIPAA) in the United States (US) [15] and My Health
easily shared among different health care providers or can Record (MHR) in Australia [16], [17]. These standards
be accessed by them through different linked locations when provide legislation to protect personal data but with fast
required [5]. paced advancement in Data Analytics (DA) and Artificial
Adoption of EHR provide range of benefits over the tradi- Intelligence (AI) [18], [19] poses new challenges for such
tional paper based medical record systems. For Example: standards.
1) EHR are capable of storing structured, coded and Our contributions in this article are following:
electronic patient data all together to form a complete 1) In this study we have described various secondary uses
history of patient’s health [6]. of EHR with the aim to highlight how these secondary
2) Electronic data saved as EHR makes a Decision Sup- uses affect patients’ privacy, refer Section V for discus-
port System (DSS) for monitoring health outputs to sion on secondary uses of EHR.
improve health care quality [7], where DSS is a tool, 2) In this article we have discussed various issues as-
usually software based tool, that supports decision sociated with secondary use of EHR (refer Section
2 VOLUME 4, 2016
R. A . Khan et al.
VI). Referred section also elaborates on security and the healthcare providers. This part explains, how the data
privacy issues of using EHR data (Section VI-D). from the patient is captured, how it is formatted according
3) This article has systematically analyzed GDPR and to the policies and standard and finally, how the formatted
HIPAA regulation and enlisted their challenges for data is stored in an interoperable database. Access part is
ensuring data privacy in this era where usage of EHR based on the access of the data stored in EHR by the different
data (that contains sensitive personal information) has authorized users or organization. This part explains how
grown exponentially, refer Section VII for discussion confidential information from EHR can be securely accessed
on this issue. by the authorized users via user friendly interfaces.
Our contributions in this article are oriented toward un-
derstanding ethical concerns when dealing with personal A. EHR STANDARDS
data in the era of AI. Research domain of our contributions For the effective use of data contained in EHR, it must be
(described above) needs more collaborative efforts by the shared through different linked locations such as clinics,
research community working in the domain of medicine, hospitals, radiology departments, pharmacies, laboratories
computing and law to achieve better insight. Ethical issues and patient homes [22] (refer Figure 3)
arising due to fast proliferation of AI-assisted technologies Shared data at multiple locations ensures patients solitary
[20] will raise various serious concerns, specially related to care by identifying their basic needs in terms of care, safety,
privacy of individuals. Due to the complex nature of this timeliness, and effective monitoring. It also helps medical
interdisciplinary research domain, it is hard to find literature staff (physician, nurses etc.) to take the right actions based
on the topic and thus, our article is novel as it systematically on patient conditions. The data usefulness can further be
analyzes uses of sensitive EHR data which, if violated, cre- increased if the data contained in EHR is linked with different
ates many privacy and ethical concerns. clinical decision support systems (CDSS). CDSS refers to
The rest of the paper is structured as follows: Section II dean automated medical data analysis tool that suggests next
scribes EHR along with their different standards. Section III steps for treatment and generates alerts by predicting future
describes information sources of EHR. Section IV presents conditions / trends by analyzing provided data [23]. By this
an overview of various Deep Learning (DL) approaches way, the physicians can take sensitive decisions quickly and
for EHR data analysis. Section V describes use of EHR in effectively [24].
various secondary purposes. Section VI presents challenges However, without any industry standard for information
of using EHR for secondary purposes. Section VII describes exchange, it is usually difficult to share and exchange EHR
systematic analysis of popular data protection regulations i.e. data across multiple sites. The same difficulty was faced
GDPR and HIPAA in the context of patients privacy and data by the healthcare organizations to communicate EHR data
security with respect to secondary uses of EHR. Finally, in with each other and with different DSSs when there was no
the Section VIII conclusions are presented. industry standard available for health information exchange.
It was the main reason behind the slow adoption of the EHR
II. ELECTRONIC HEALTH RECORDS (EHR): DATA system in healthcare organizations even if their adoption was
SHARING highly beneficial for them [25].
EHR is a clinical data repository containing basic patient
information such as a patient’s personal profile, their com- 1) Health Level Seven (HL7) standard
plete family history, laboratory reports, physicians and other The Health Level Seven (HL7) organization was established
medical staff notes etc. Along with this primary information, in the US in March 1987 to develop consistent common
EHR also contains data form the other hospital informa- standards for Hospital Information System (HIS) [26]. Af-
tion systems such as Imaging data from Radiology depart- terwards this organization defined HL7-Clinical Document
ment, patients genomics data from Genetic department or Architecture (HL7 CDA) as EHR messaging standard for
Endoscopic and Colonoscopic data from Gastroenterology easy integration, interchange, sharing and retrieval of in-
department etc. Figure 1 illustrates the most important data formation across different clinical information systems. The
elements included in the EHR. HL7 standard allows different healthcare organizations to
EHR also provides functionality of generating reminders share and exchange patient information via encoded data
for routine screenings and disease reporting, generating exchange. It provides a common syntax of information for
graphical trends against various parameters such as blood different clinical information systems to share information
pressure monitoring, heart beat monitoring, blood glucose (contained in EHR) conveniently [9].
level monitoring etc. The same is also shown in Figure 1. The HL7 CDA Framework 1.0 release, became an Amer-
Such reporting is highly beneficial for patients health and ican National Standards Institute (ANSI) approved HL7
safety especially when patients are in critical condition and standard in November 2000 [27]. After the release of the
their strict monitoring is required. first version, version 2 and version 3 releases were also
Conceptually EHR system can be divided into two basic made available with some new standards and modifications
parts [21]. Creation part and the access part (refer Figure [28]. HL7 CDA is a markup for specifying composition and
2). Creation part is based on the interaction of patients with semantics of data ingredients of EHR such as a discharge
VOLUME 4, 2016 3
R. A . Khan et al.
FIGURE 2. Conceptual overview of EHR system.
streamline information exchange mechanisms / procedures,

that can be used by different departments across hospitals
[29]. However, different limitations were exposed in this
version such as a difficult implementation process, having a
number of optional segments and above all lack of proper
representation that is capable enough to identify techniques
for exchanging messages and interfaces [30]. To overcome
the shortcomings of version 2, version 3 was developed in
the year 1995 . Although HL7 version 3 resolved much
of the problems of previous versions, it could not resolve
the incompatibility issue raised because of a variety of sub
versions [31]. In order to further improve HL7 standards,
another novel interoperability standard i.e. Fast Healthcare
Interoperability Resources (FHIR) was initiated in the year
2011 [32] by HL7 organization. FHIR standards are very
simple to adapt, possess scalability and are robust in nature.
FIGURE 3. EHR data sharing. These standards have potential capabilities of supporting
work flows in small devices like mobile phones [33]
report, admission summary, progress and procedure reports III. ELECTRONIC HEALTH RECORD INFORMATION
and to exchange them with various stakeholders. It is an SOURCES
absolute object document that may hold clinical data in var- Adoption of EHR is beneficial both for patients, physicians
ious formats such as text, image, sound, or other multimedia and healthcare providers. It improves overall healthcare qual-
content. Extensible Markup Language (XML) is used to ity, omits paperwork, reduces medical errors and increases
encode the HL7 CDA clinical documents, which then can be work efficiency as well as reduces overall healthcare cost
exchanged in form of HL7 messages or using other transport [34].
solutions.
Beside patients personal care, EHR data is also used for
An HL7 CDA message consists of a header and a
different secondary purposes (refer sectionV for secondary
body. Header contains information regarding patient, source
uses of EHR). However, EHR data has not been utilized to
(provider) and the authentication of the message. On the
its full potential for secondary uses and one of the reasons
other hand, the body of the message includes organized clin-
for under utilization of EHR data is non uniformity in its
ical reports i.e. lab, radiology, Magnetic Resonance Imaging
data components. Non uniformity in data elements exists
(MRI), Computed Tomography (CT) scan, ultrasound etc.
because of the fact that during daily clinical practices, EHR
data is often recorded in free text and unstructured format.
2) Fast Healthcare Interoperability Resources (FHIR) Therefore, EHR contains structured and unstructured sets of
In order to improve inter interoperability and exchange of information. Figure 4 elaborates more on the structured and
information, HL7 released different versions from time to unstructured data components of EHR. As shown in Figure
time. In 1988, HL7 version 2 was released to enhance and 4, structured data includes laboratory results, vital signs,
4 VOLUME 4, 2016
R. A . Khan et al.
prescriptions, medications and International Classification of To overcome challenges faced by traditional NLP ap-
Diseases (ICD) codes whereas, unstructured data includes proaches in extracting information from EHR, recently, Deep
narrative information (free text) such as images and graph- Learning (DL approaches have gained popularity [45]. Pop-
ics, radiology reports, visit notes, discharge summary, chief ularity of DL models is due to:
complaint etc. 1) their capability of analyzing multiple data types,
Figure 4 depicts that the major portion of EHR data 2) their ability to extract optimal features and learn repre-
consisted of unstructured elements. Such data elements are sentation from data automatically [46].
not represented in any standard coding scheme such as ICD 3) their robustness against high complex functions, and
codes, therefore, their retrieval, reporting and aggregation 4) their performance gets better on large datasets and it
is not easy like structured data using commonly available further improves as data grows in size [47].
database tools [34]. It is therefore required to convert un- Various DL architectures and frameworks have been used
structured data elements into structured data in order to make for EHR analysis. For example, deep patient [48] a unsuper-
it equally useful for secondary uses. vised deep feature learning architecture, deepr [49] a convo-
One of the methods to convert unstructured data into lution Neural Network (CNN) based architecture, Med2Vec
structured data is manually reviewing EHR by the experts [50] a Multi Layer Perceptron (MLP) based architecture,
using text charts or data abstraction methods [35]. However, Doctor AI [51] a Recurrent Neural Networks (RNN) based
these methods are time consuming and not reliable to capture architecture etc. are few of the popular Deep Neural Net-
all the structured information. Furthermore, it is beyond the works (DNN) architectures employed for EHR data analysis
capacity of human to review clinical data of EHR in large and processing. Even though, various DL architectures have
volume. Natural language processing (NLP) methods have been used, the most popular DNN architecture used for EHR
shown their usefulness for extraction of structured clinical data analysis is RNN [52] [53]. This is due to the fact that
data from unstructured data elements [36], [37]. RNN are capable of dealing with the temporal nature of
Mostly, NLP uses statistical (probabilistic) Machine EHR data in an effective manner [54]. In short, with the
Learning (ML) models to derive language data from large technology advancements, at one side EHR have become
volumes of free text data. These models use text data to iden- more informative sources than ever before but on the other
tify common patterns and associations in the data. NLP based hand, DL approaches have opened new avenues to extract and
ML models give meanings to words and phrases in text and use information contained in EHR for different real world
convert unstructured data elements of EHR into structured applications.
codes. In short, NLP captures unstructured data elements DL models have shown promising results in EHR data
of EHR, analyzes the data elements with respect to their analysis and its processing [55] [56] but with new advance-
grammatical structures, obtains meanings from grammatical ments in medical testing, nature of EHR data (its unstructured
structures, and finally summarizes information to make it elements) is getting complex. With time EHR will contain
useful for further analysis. such pieces of data / information that was never used before.
Therefore, for the effective management of advanced and
IV. DEEP LEARNING FOR EHR DATA ANALYSIS vast data contained in EHR, more efficient tools are required.
Researchers need to develop such tools that can efficiently
As discussed above, techniques under the umbrella of NLP
manage EHR data and can convert it into knowledge that
are used to extract information from unstructured clinical
benefits society.
notes. Such techniques utilize different sequence labeling
algorithms such as Conditional Random Fields (CRFs), Hid-
den Markov Models (HMMs), Artificial Neural Networks V. SECONDARY USES OF EHR
(ANN) etc. [38] to label relevant information to be extracted. One of the contributions of this study, as described above, is
Sequence labeling is a robust technique that has been used systematic analysis of various secondary uses of EHR data
for automatic recognition of various tasks e.g. speech recog- with the aim to highlight how these secondary uses affect
nition [39], network intrusion detection [40], mental illness patient’s privacy. This section discusses different popular
detection using social media content [41]. Data contained in secondary uses of EHR data. Section VI elaborates on chal-
EHR (in the form of clinical notes) is often noisy, incomplete lenges associated with the secondary use of EHR data while
and inconsistent as well as it contains grammatical errors, Section VI-D focuses on privacy and security challenges of
misspelled words etc. (refer Section VI for more detail), thus EHR data.
effectiveness of sequence labeling is limited for extraction
of relevant information from EHR data [42]. To sum up, A. CLINICAL RESEARCH
It is usually a difficult task for the traditional sequence The basic purpose of clinical research is to use EHR for
labeling algorithms to extract relevant information from EHR design and execution of clinical trials for new medicines [57].
data [43] and traditional algorithms also face challenges in Health related issues are directly proportional to the pop-
analyzing EHR data due as such algorithms are not suitable ulation. Since the population of the world (especially third
for dealing with huge columns of data [44]. world countries) has increased at a fast pace in the past few
VOLUME 4, 2016 5
R. A . Khan et al.
FIGURE 4. Unstructured and structured data elements of EHR.
TABLE 1. Different Domains of Clinical Research 1) Prediction of diseases based on patients present data
[59].
Domains of clinical re- Examples
search 2) Study of drug behaviors with different diseases or
Hypothesis Generation To understand the people response on intro- different patients i.e. study on antibiotics [60].
ducing new drugs. 3) Developing vaccines for the prevention of diseases
Epidemiology To find causes of disease in community of
people. before their attack [61].
Drug utilization To figure out the use of medicines and to Other than the areas mentioned above, there exists multiple
determine the frequency.
Patient Recruitment To raise the awareness of clinical trials.
domains (refer Table 1) where clinical research is essential to
Health Technology As- Evaluating large number of research publi- overcome the existing problems of the medical world and to
sessments cations on a topic of interest and generat- ensure high quality of healthcare delivery to the patients.
ing highly consolidated information for policy
makers and health care providers. In the domain of clinical research, EHR is an essential part
Comparative Obtaining real world evidences from the anal- because it is a basic information source and a possible way
Effectiveness ysis of real world data generated through rou- of exchanging clinical information with different stakehold-
tine clinical practices to help decision makers
for making effective decisions. ers. Based on this exchange of information, various health
Pragmatic Trails Observing patients’ treatment and their out- statistics are developed and decisions are made. For exam-
comes in real world situations to provide on ple, based on data collected word wide, the World Health
ground real information to the decision makers
so that they can make effective decisions for Organization (WHO) publishes various reports time to time
the enhancement of quality of care. for public awareness and for the authorities knowledge to
understand the current trends and future needs related to
particular diseases [62], [63] .
years. This abrupt increase in the population of the world Table 2 lists possible information sources available in EHR
has posed many challenges for healthcare professionals. For that can help in successfully carrying out clinical research in
example, healthcare organizations, hospitals, laboratories are different domains.
facing shortage of trained medical staff to tackle healthcare Table 2 shows that EHR contains enough information to
needs of large population and because of insufficient health- carry out clinical research in different domains. Successful
care facilities, new types of diseases are grown in people or utilization of this information for research purposes requires
existing diseases exhibit more complicated behaviors. There- development of new and emerging research infrastructures
fore, there exists a need to discover new drugs with better capable of exchanging information based on latest published
results as well as new techniques and robust strategies to fight standards. However, when data is shared across different
against new grown diseases or existing complicated diseases healthcare organizations, it raises different security and pri-
structures i.e. Covid-19 [58]. All such activities require clin- vacy concerns. These concerns are discussed in Section
ical research to be conducted. Thus, clinical research holds VI-D.
a pivotal role in tackling some of the hard pressed medical
issues. B. PUBLIC HEALTH SURVEILLANCE
Some of the other areas where clinical research is required Another secondary use of EHR is Public Health Surveillance
are: (PHS). PHS is a process of collecting, analyzing and inter-
6 VOLUME 4, 2016
R. A . Khan et al.
TABLE 2. Different information sources available in EHR that can help in

carrying out clinical Research
Data Sources Explanation Possible areas of Clinical

Research
Demographics It includes patient’s basic Data analysis, community
information such as name, based research, age related
age, gender, date of birth, research, disease surveil-
address, contact, allergies, lance, and all other epidemi-
past medical history and di- ological human population
agnosis studies.
Daily Habits Using tobacco, alcohol, and Cancer research, chronic
(Risky other sedative drugs. drug usage implications
Behaviors) on health, mental illness,
psychological disorders.
Facts and Weight, height, blood pres- Hypertension research, FIGURE 5. Traditional v/s automated surveillance.
Monitoring sure, blood sugar, heart beat. Body Mass Index (BMI)
based research, diabetic
research, early childhood
growth studies and
40% of world’s population. Pakistan is one of the most
cognitive outcomes. affected country from it. There are several other examples
Laboratory Complete Blood Count, To investigate the origin of of PHS world wide like reported in [66], [67].
Data Prothrombin Time, disease, study of communi-
Basic Metabolic Panel, cable and non communica-
As discussed above, PHS is a common practice world
Comprehensive Metabolic ble diseases as well as blood wide but mostly in third world countries it is performed
Panel, Lipid Profile, Liver disorders. using manual procedures [68], [69]. In these methods, data
Functioning Test, Thyroid
Stimulating Hormone,
about disease for surveillance purposes is collected using
Hemoglobin A1C, traditional methods. For example, physicians prescription
Urinalysis, Microbiological records are gathered either from patients or from hospi-
Culture with antibiotic
resistance tests and others
tals and clinics or through public surveys [70], similarly
Various Human population or, hy- Research of all non commu- data from other departments of the hospitals (laboratories,
Encounters perlipidemia, diabetes, anx- nicable diseases. radiology departments, emergency departments etc) is also
Data iety and obesity, allergies,
reflux esophagitis, respira-
collected manually by visiting the logs of these departments’
tory problems, depressive databases. The collected data is then cross communicated
disorder, asthma, nail fun- between public health staff and health protecting agencies via
gus, urinary tract kidney
failure, migraine
telephonic and fax communication networks. Collected data
Special tests & Appendectomy, Special investigative tests is stored on papers manually and manual procedures are used
Procedures Electrocardiogram, for the advance research on to analyze the stored data [71]. This method of PHS is time
Biopsies, Angiographies, non communicable diseases
Therapies identification and control.
consuming, requires large manpower and needs huge efforts
Imaging Magnetic Resonance Imag- Cancer Research, identifica- to record, store and analyze the data. It is also not a reliable
ing, Ultra Sound, Comput- tion and monitoring of Con- method as there are chances of errors due to manual handling
erized Axial Tomography, genital anomalies diseases
Positron Emission Tomog- in unborn babies, bone frac-
of data. Inaccurate and uncertain outcomes are possible based
raphy etc. tures and tumors, can be on the collection and inspection of manually collected and
used to monitor response of stored data [72]. Such traditional methods are not suitable
tumors to chemotherapy or
radiations.
for the confirmation of certain diseases, understanding its
severity, its transmission risks, and the spread of other linked
diseases.
With more effective ways, surveillance of diseases can be
preting data related to a specific disease for administering and performed by actively monitoring patients’ EHR. As EHR is
assessing public health on the whole [64]. PHS particularly rich in variety of data, the summary generated by analyzed
investigates those diseases, which harm or may tend to harm data is provided to public health agencies for prevention and
a large population and grow in communities like epidemic control of diseases. Health surveillance by EHR provides the
or pandemic diseases. Its main functions include collection glance of the health status of the community, which promotes
of facts about a particular disease, risk factors of its spread the quality of healthcare. It tracks the key diseases, with more
and interpretation and analysis of the collected facts for effective ways than manual procedures. Use of EHR provides
controlling the disease to prevent the public from its severe the opportunity to automate the PHS. It is an effective way
effects. of preventing outbreaks by discovering utmost danger cases
One of the examples of PHS is the surveillance of the irrespective of merely reacting to outbreaks [73]. Figure 5
Dengue outbreak in Pakistan that has been reported in [65]. elaborates the effectiveness of EHR based automated surveil-
Dengue is a viral disease which causes high fever in patients lance against the traditional manual surveillance systems.
and spreads in people because of the bite of a particular During traditional surveillance, most of the time is uti-
Aedes aegypti mosquito. Recently, it has affected around lized on manual screenings and reviewing charts and less
VOLUME 4, 2016 7
R. A . Khan et al.
time is saved for the actual intervention. On the other hand

automated PHS assisted by EHR data is time efficient in
analyzing data. The same is shown in Figure 5.
Use of EHR for public health surveillance has proved to be
effective in developed countries such as the United Kingdom
(UK), United States (US), France, Norway, Canada and
Australia [74]. In these countries, local health departments
have diverted their manual surveillance system towards EHR
based electronic surveillance system. This practice has ad-
vanced the functionality of PHS [75]. Developing nations
have also initiated adoption of EHRs for PHS to robustly
analyze data and take actions, if required [76]. Thus, it is
an important need of the present day automated surveillance
systems to use data from EHR. For example, Integrated
Disease Surveillance and Response System (IDSRS) requires
data to be obtained from patient medical records [77], [78]. FIGURE 6. Clinical audit as a cyclic process.
During the ongoing COVID-19 outbreak, the importance
of digital data recording systems (like EHR) has been clearly
revealed and demonstrated to the whole world [79]. EHR has EHR conveniently provides data to the auditors from multiple
been proved to be an efficient tool for detecting, monitoring access points to perform clinical audits to better provide the
and managing needs of a health systems [80]. Leveraging quality of the care to the patients.
on artificial intelligence based tracking systems different
countries were able to track movement of Corona positive VI. CHALLENGES ASSOCIATED WITH SECONDARY
individuals, thus tracking down any further local transmis- USES OF EHR
sions of the virus [80], [81]. It would not be possible, without Primarily, EHR data is collected for patient’s individual care
extensive utilization of EHR, to place in practice a system and administrative billing purposes. Using this data for differ-
of effective public health surveillance specially to predict, ent secondary purposes (as elaborated in Section V) is always
monitor and manage pandemic like COVID-19 [58], [82]. challenging [6], [85]. It is because priorities and settings of
primary and secondary uses are different. The quality of data
C. CLINICAL AUDIT AND QUALITY ASSURANCE collected for the primary purpose cannot be the same as the
The aim of clinical audit is to enhance patient care via rig- quality of data collected for secondary uses. For example,
orous analysis of care provided against benchmark standards data collected for clinical research needs much more care
[83]. Clinical audit is a systematic way of settling standards, and attention during collection than the data gathered during
analyzing data based on standards, performing actions to routine clinical practices in the form of EHR. The quality of
meet settled standards and executing proper monitoring to collected clinical data is a serious concern of the researchers.
sustain the standards. Clinical audit is a cyclic process (refer Due to this reason, with respect to reuse of clinical data, the
Figure 6) that contains different stages to be followed for the authors of [86] suggested that the data must be used for its
achievement of best practices in clinical practices. primary purpose only.
Standards settled for the clinical audits require not only Following are different factors of concern that affect the
to be obeyed by the medical staff (doctors, nurses, mid- quality of clinical data collected through EHR.
wives, therapists etc.) but also by the healthcare organizations
like hospitals, clinics, nursing homes, ambulatory surgical
A. CORRECTNESS
centers, autonomous laboratories, radiology units, collection
units etc. Clinical audit focuses on broadly accepted methods Correctness refers to the accuracy of the collected data that
to improve overall healthcare quality. For example, organiza- is directly linked with its initial documentation (how the data
tional development, information management and statistics was collected, recorded and stored). EHR data is collected
evaluation are the key functions of clinical audits. through routine clinical practices during which the clinicians
The role of EHR is important in clinical audits as it priority is to collect the patients data according to their own
provides detailed and accurate information to the auditors. point of interest and according to different administrative
Using EHR for clinical audits give convenience to the au- needs but not according to their various secondary uses (refer
ditors to perform the clinical audits as compared to use of Section V). The chances of errors are obvious in this case.
traditional clinical data for audit [84]. Figure 6 shows that According to the study presented in [87], data accuracy
the data collection and data analysis are the important parts collected through EHR ranges between 44% to 100%.
of the clinical audit. In order to perform quality clinical Errors in EHR may lead to different outcomes, if their data
audits, the clinical data must be easily available as well as is used for various secondary purposes. Errors include:
the available data must be reliable to perform clinical audit. 1) Inaccurate predictions by clinical researchers
8 VOLUME 4, 2016
R. A . Khan et al.
2) Degradation in health standards and statistics as data wrong results. Therefore, such inconsistent data is not useful
analyzed was error prone. for secondary use.
3) False health surveillance results that may lead to un-
foreseen medical emergency. D. SECURITY AND PRIVACY CHALLENGES
Improvement in accuracy of EHR is essential to make it EHR based clinical data provides many advantages over
equally beneficial for primary as well as secondary uses. manual paper based medical records. It is cost effective,
improves overall healthcare quality and above all can be
B. INCOMPLETENESS easily accessed through different linked locations. All such
Another factor that affects quality of clinical data is related to advantages motivate health providing agencies and medi-
the completeness of the EHR. Usually, EHR do not contain cal practitioners to adopt an EHR based system. However,
complete patient history. It is because patients do not always adoption of EHR and its data processing introduces several
trust a single healthcare organization and may visit several privacy and security issues. Especially, when this data is used
such organizations to get a sense of satisfaction. Study con- for secondary purposes (refer Section V for discussion on
ducted in [88] showed that out of 1.1 million adult patients, secondary uses of EHR). In the next subsections, security and
31% visited two or more hospitals, whereas, one percent privacy challenges related to secondary uses of EHR have
patients visited five or more hospitals for acute care during been separately discussed.
a five year period of their study.
Patients also miss follow up visits suggested by the physi- 1) Security challenges
cians or sometimes due to the perfunctory of the concerned EHR data is the most vulnerable data to the Cyber Threats.
medical staff (who records patient related data), incomplete The prime reason for criminals to target healthcare data is
records are stored in EHR. A Study was conducted at to get financial gain. Criminals sell valuable data taken from
Columbia University on 3068 pancreatic cancer patients out EHR to the “darkweb” [92] (darkweb refers to the content
of which only 48% patients had complete pathology records, on the web that is not indexed by search engines and thus
while the rest had incomplete records about the disease [89]. remains hidden from the general public) and achieve high
EHR data is also considered incomplete for secondary financial gain. For the criminals, EHR data is more informa-
uses because of the data “locked-up” condition. Locked-up tive than credit cards because it contains various fixed iden-
condition means records have details regarding patients but it tifiers and important financial information that is extremely
is not present in the coded portion of the record or in other valuable in black markets. Fixed identifiers of EHR data can
words data present in EHR is structured and unstructured not be reset like the ones in credit cards. Such identifiers in
(already described in Section III). Structured data is in the EHR are the best information sources for the criminals to get
format that can be easily processed by the computers. On easy access to the patient’s bank accounts for getting loans
the other hand unstructured data mostly requires NLP (for or to capture their passports and other important documents
hand written prescriptions) technique to be applied to make (property, insurance etc.) [93]. There are several cases, which
it structured (detail is provided in Section III) and processable shows that highly sensitive information of patients was easily
by computers [90], [91]. stolen by simply stealing EHR data. For example, a recent
article published a story about theft of EHR data (20,000
C. INCONSISTENCY records) from North Carolina-based Catawba Valley Medi-
EHR data is handled by various individuals and at different cal Center. Stolen data contained patients’ names, dates of
locations. Multiple persons are involved in entering, storing birth, medical data, health insurance information and social
and processing the data, therefore, data contains several security numbers [94].
definitions. Most of the data is present without mentioning Since, the data in EHR contains more detailed information
proper units as units are often remembered by the medical than the other sources, therefore, in case of cyber attacks
staff and they can understand language written by each other. (Ransomware, Distributed Denial of Service (DDoS) etc.),
On the other hand for the non concerned person (who wants a big population can be affected at once that can lead much
to use the data for secondary purposes), it may be highly beyond the financial losses [95]. For example, in the United
difficult to interpret the data without specified units. Involve- States (US), 4.5 millions patients’ affected by losing their
ment of different individuals in preparation and processing data form a popular group of hospitals through hackers attack
of EHR leads to an inconsistent form of data. It means, [96]. Similarly, 80 millions people were affected because
data present in EHR is not uniform. In such non uniform their healthcare data was lost from a health insurance com-
data, it is often difficult to relate assessments of different pany in US [97].
practitioners (because the assessment of different clinicians Other than personal and financial information, EHR data
is often different). Secondly, data inconsistency also arises also contains patient’s highly confidential data in the form of
due to the fact that the data is collected with different tools at physicians’ personal notes, neuroimaging data [98], [99], X-
different locations, which may be time varying (data coding rays, ultrasounds as well as lab reports. This data may include
regulations and system abilities may change with time) [85]. lab results of HIV and other sexually transmitted diseases
Inconsistent data may lead to erroneous data analysis and [100], mental disorders [101], personality disorders [102],
VOLUME 4, 2016 9
R. A . Khan et al.
contagious diseases as well as doctors sensitive comments protect information contained in EHR while it is accessible
about patient mental illness or personality disorders etc. All to different stakeholders through network. Different crypto-
such data is stored in the hospital’s local database (each graphic, non cryptographic and hybrid access control models
hospital may have its own local electronic database), which have been developed to securely access EHR data [115]
is connected across other hospitals’ or health providers’ [116], but with the advancements in technology, securing
databases via wired or wireless connections for sharing pur- data in EHR is more challenging as it was ever before.
poses. Transfer of such confidential data over the internet Therefore, there is a high need of securing data in EHR over
creates several security risks. It provides a chance to hackers the network and on cloud servers [117].
and other harmful attackers to access the data and use it Especially securing EHR data on the cloud needs more
for their own purpose [103]. In case of patients monitored attention. According to the recently published research in
at home, the data from patients is collected through a dis- literature [111] the existing privacy and security-protecting
tributed network of sensors. Securing such data is another mechanisms are not enough to ensure foolproof security in
big challenge because there are greater chances of spying and the e-health cloud. Even though, researchers have introduced
skimming [104]. a few very advanced encryption methods such as Attribute
With the passage of time healthcare technologies are ex- Based Encryption (ABE) [118], Key Policy Attribute Based
tending and new technologies are being introduced to provide Encryption (KP-ABE) [119] and Cipher text policy Attribute
instant help to the patients and to enhance healthcare quality. Based Encryption (CP-ABE) [120] but these are not of much
For example, different smart devices monitor health (with the help because the data hosted on clouds is not only vulnerable
general purpose devices or wearable sensors) and prescribe to external hackers’ attacks but also to the internal attacks
medications as well as provide telemedicine technology for from the authorized people (database administrators and key
delivering remote care [105]. Patients now can easily access managers). The above mentioned advanced access control
healthcare facilities by integrating their mobile phones with method cannot provide support when the key managers are
telemedicine and telehealth services using simple mobile attackers.
applications [106]. As the technology in healthcare is con- In order to overcome such deficiencies of cloud based
tinually evolving, its inter connectivity is also evolving. With storage, recently blockchain chain technology has been in-
the help of interconnected networks, patients’ information is troduced in the healthcare sector [121] [122]. Although
made broadly available to the relevant organizations and staff blockchain technology provides a range of benefits over the
to provide quality healthcare. Exchange of patient informa- cloud computing technology, it does not provide fine-grained
tion over the large inter connected network is beneficial in control of access over EHR. In blockchain technology, only
many ways but has increased existing security risks. the patient’s private key can decrypt the encrypted EHR
With the increased used of smart healthcare services, e [123].
health solutions [107] [108], and digital record systems, EHR It is worth mentioning here to explain that the security
data generates sheer volume of data (Alone in US 48% of healthcare data is not only today’s concern rather it was
growing annually [109]), therefore, most of the data of EHR the concern before the emergence of the EHR [124]. Data
database is stored on cloud services [110]. security was well studied before the EHR came into existence
Cloud storage of EHR is beneficial in many ways like (paper based patients records were needed to be safeguarded
it provides cost effective storage, easy access as well as within the premises of hospitals and not on large scales)
processing and updating of information is achieved with but with the adoption of EHR multiple gateways opened
improved effectiveness and efficiency but on the other hand for accessing patients’ information remotely. Furthermore,
opens new doors for the threats and breaches [111]. It is be- The patient’s EHR contains more detailed information all
cause highly sensitive and confidential patients’ information together in a single source as compared to the previous
contained in EHR is stored on a third party server where the paper based medical records, which were distributed among
owner does not have any direct access [112]. Vulnerabilities different departments of hospitals. With the adoption of EHR
also increase because of the fact that during cloud services, it is now easy for the criminals to attack millions of people at
a large amount of EHR data runs on a wide network of a time and to steal their valuable information (because EHR
integrated remote servers and is accessed by multiple autho- are interconnected with numerous networks. In the case of
rized users as a single echo system from different distributed paper based records it was not possible to steal millions of
locations [113]. patients records at a time).
Cyber security is a technology that safeguards computer In short, adoption of EHR has not only provided the range
networks and information contained in them from different of benefits but also introduced potential risks of cyber attacks.
cyber attacks [114]. In case of healthcare data, cyber security Healthcare organizations spend more on increasing their
technology needs to be robust and strong as the healthcare integration but do not spend much on their system protection.
sector presents a lucrative avenue to cyber criminals to attack In order to gain patients’ trust and to give them satisfaction
and get hold of very sensitive data to gain large financial regarding their data safety, the healthcare providers have to
benefits. think about developing robust practical standards and solu-
There have been many efforts reported in literature to tions with particular healthcare / EHR needs.
10 VOLUME 4, 2016
R. A . Khan et al.
2) Privacy challenges her data was lost [128], [133].

Privacy is defined as “right to be left alone” or to keep In research conducted by Bovenberg and Almeida [135]
away from public domain [125]. The United Nations General referred to a case of patients versus Myriad Genetics, a
Assembly (UNGA) declared privacy as a fundamental human molecular diagnostic company. The case was about four
right in its universal declaration of human rights. However, US cancer patients who wanted to have full access to their
in this digital era the term privacy has become subjective genomic data. Myriad claimed that patients were provided
and is interpreted and implemented differently by each state with all the information that was necessary to be included in
or country [126]. Such ambiguities are sometimes exploited their reports and additional data was not part of the medical
for different reasons, for example EHR data is used to gain record set. Patients, however, claimed that the additional data
financial benefits [127] or for different secondary purposes, was acquired from their lab samples, hence they have the
refer Section V for discussion on secondary uses of EHR. right over data and only they should decide what happens
As mentioned above, EHR data contains several security to their data.
risks especially when the information contained in them is In order to protect sensitive data many patients try to
shared with different stakeholders over the interconnected conceal their sensitive information. It is because of the lack
networks. Other than security issues, there are certain privacy of confidence in the system’s security retaining their data.
concerns linked with exchange and sharing of EHR data. It also shows mistrust of patients’ on medical staff (doctors,
These privacy concerns are usually raised due to the fact that nurses and the others) because patients think that they might
when the patients data (which was recorded for the purpose disclose their confidential information to the public that may
of patient individual care) is being shared or linked without create embarrassment for them in society [136]. Some events
consent or knowledge of a particular individual. Usually have happened in the past because of which patients have
consent of an individual is necessary for sharing of data become more sensitive in disclosing their private informa-
but ambiguity arises when different healthcare organizations tion. For example, in 2013, one of the medical technicians
have different perspectives on the question of “who owns the of a US hospital was found guilty in selling patients medical
data?”. Does data belong to the patient, his / her physician, information [137]. Similarly, a hospital in the US informed
health insurance organization, healthcare organization, social its 34000 patients that their medical information has been
security agency or is it jointly owned by all [124], [128]? lost from their agent [138]. Due to all such incidents, patients
Breach of data can happen due to various reasons, refer don’t feel confident in disclosing their information even to the
Section VI-D1, which has many ethical repercussions. For physicians. Hiding facts and information from the physicians
example, disclosing a patient’s sensitive private information and the medical staff can lead to treatment failure. Thus,
such as sexually transmitted diseases or mental illness in such challenges may have severe consequences for patients,
the public domain can negatively impact an individual’s healthcare providers and even for the governments.
reputation. In extreme cases such individuals can face so- It is highly recommended from policy makers, leaders and
cial boycott as people start avoiding an individual if they related authorities to discuss privacy and security concerns
know that he / she has sexually transmitted diseases like of EHR data (database storage policies or its sharing poli-
HIV, chlamydia etc. [129]. Secondly, a person’s status in cies and paradigms) and formulate policies to address these
the society is seriously affected if his / her mental illness concerns. There are some existing policies, which need to be
is disclosed to the public [130]. Another dimension to this revised or reformulated according to the present day era, an
issue is financial impact on an individual’s life as medical era of data analytics, big data and artificial intelligence.
insurance companies usually calculate premium / cost of
insurance based on medical history and life events. In such VII. POPULAR DATA PROTECTION REGULATIONS AND
cases insurance companies can increase their premium [131], THEIR CHALLENGES
[132]. A. GENERAL DATA PROTECTION REGULATION (GDPR)
The privacy of clinical data has been subject to a lot of In order to protect patients’ personal sensitive data from
research and it has been difficult to determine how much of different security threats and privacy violations, in some
the data belongs to the patient and how much of it may belong regions of the world, data protection regulations have been
to healthcare organizations and whether the consent of the enforced by the authorities. The most popular data protection
owner of data is needed, in case the data is to be used for the regulations are General Data Protection Regulation (GDPR)
research purpose [128], [133], [134]. Privacy of patients can [13], Health Insurance Portability and Accountability Act
be affected when his / her data is used for clinical research or (HIPAA) [139] In this study we have critically analyzed these
secondary use, refer Section V for discussion on secondary regulations in terms of how these protect patient privacy and
uses of EHR. For example, a blood sample given by a patient enforce data security.
is stored in a laboratory and after carrying out requested After years of discussions, drafting, negotiations and ef-
analysis the same sample is analyzed again for the purpose forts, in April 2016 GDPR was passed by European Union.
of clinical research. Even though the sample is returned back On 25 May 2018, the European Parliament and Council of the
to the laboratory without any damage, still it violated data European Union both with their combined efforts enforced
privacy because by this way the patient’s control over his / the GDPR 2016/679 [140]. Since then, professionals, citizens
VOLUME 4, 2016 11
R. A . Khan et al.
and authorities across Europe and beyond are strictly bound • “Processing is necessary for compliance with the
to the legal regimes imposed by GDPR. It is an exhaustive law (Article 6(1)(c))”.
document of legislation that addresses challenges of data • “Processing is necessary to protect vital interest of
protection of personal data. The aim of GDPR is to con- the data subject (Article 6(1)(d))”.
trol and improve handling and processing of personal data • “Processing is necessary for the performance of
particularly of European citizens. It oversees every aspect a task carried out in the public interest (Article
of citizens personal data handling and has recommended to 6(1)(e)”.
impose heavy penalties for non compliance that may include • “Processing is necessary for a legitimate interest
prosecution of any organization in the world that is found of the controller or third party (Article 6(1)(f)”.
guilty of privacy breach or misusing European citizens data
[141]. In order to process personal data lawfully, all the
GDPR is not only beneficial for the citizens but also for clauses of the Article 6 (mentioned above) are im-
the organizations as it gives citizens confidence to share their portant to be followed by the data controllers but the
data with the organizations when required. It also boosts most pertinent clause of the article 6 in the context
organizations business and helps them in their smooth run- of EHR data is 6(1)(a) that relates to the processing
ning without any hurdle of acquiring citizens data (without of personal data with the consent of the person whose
trust citizens usually do not share their data when required data is being used. However, based on the employer-
by the organizations, refer Section VI-D2 for discussion on employee or physician-patient relationships, where one
mistrust between data provider and data handler). Even with party (physician in our case) is in power and processes
all these obvious advantages, organizations in the past were other party’s personal data, consent is not a proper legal
rigid to adapt (at present they are forced to adapt) privacy basis to be relayed upon [147]. This is due to the fact
regulations imposed by GDPR [142]. This is due to the fact that data protection regulation requires consent should
that enterprises and organizations were facing challenges be genuinely free without any pressure / intimidation.
in implementing these regulations [143]. The organizations It can only be possible if the patients have freedom
were already complying with the regulations imposed by the in giving their consent or not and have a choice to
European Data Protection Directive (EDPD) of 1995 [144] withdraw their consent at any point of time without any
and were not prepared for the new changes or possibly there detriment as easy as they gave it.
was a lack of awareness of the new requirements raised by 2) Purpose limitations (Article 5(1)(b)): Purpose limita-
the GDPR. Another issue with the implementation of GDPR tions bounds organizations (healthcare organizations)
was financial needs, human resource requirements as well as and individuals to collect personal data only for a
proper training of the employees to understand the GDPR specific, explicit and legitimate purpose and the data
regulations [145]. must be used for achieving that purpose only. Data
GDPR defines six main data protection principles (other purpose must be clearly defined before its collection
data protection principles further clarify them or further and it should not be further processed in a way that is
enhance them) that organizations (healthcare organizations) incompatible with the original defined purpose(s).
have to comply with when processing European citizens 3) Data minimization (Article 5(1)(c)): In order to use
personal data [146]. personal data, it must be limited to its primary purpose
Each of these principles is briefly explained below with only. It must not be collected more than its need.
implications on EHR data. 4) Accuracy(Article 5(1)(d)): In dealing with the citizens
personal data it must be responsibly dealt for example,
1) Lawfulness, fairness and transparency (Article if the data needs updation and inaccurate or incomplete
5(1)(a)): This article states that citizens personal data data elements need to be removed, all must be done
must be processed lawfully, fairly and transparently. with high accuracy.
Lawful processing of data is further defined in Article 5) Storage limitations (Article 5(1)(e)): Storage limi-
6, which states that in order to process personal data tations refer to the fact that personal data must be
lawfully, it is necessary for the data controllers to set deleted after it has been used and no longer further
out / obey one of the following conditions (In this needed. It means data should be collected with a proper
section the term “data controller” is used multiple predefined time-line and it must be removed after the
times and in the context of this study this term refers to time-line is reached.
healthcare organizations which records and stores/hold 6) Integrity and Confidentiality (Article 5(1)(f)): It is
personal data): the entire responsibility of the individuals or organi-
• “The data subject must be given consent (Article zations (who want to process citizens personal data) to
6(1)(a))”. ensure the safe processing of data and to protect it from
• “Processing is necessary for the performance of a unauthorized use. During processing, data must be safe
contract to which the data subject is party (Article from any accidental loss, damage or demolition and it
6(1)(b))”. must be protected against any unlawful use.
12 VOLUME 4, 2016
R. A . Khan et al.
If analyzed critically, clauses (b-f) of Article 5 have of personal data pseudonymisation should be performed [13].
contradictory nature in the context of EHR data concepts. Pseudonymisation is a technique to ensure that an individual
The regulations mentioned in these clauses (such as data won’t be identified through personal data (personal data
minimization, purpose limitation) limits the quantity of data includes direct and indirect identifiers that can identify a
collection and enforces its deletion soon after the purpose has person for example, name , ID number, location, contact
been achieved. On the other hand, healthcare organizations information (Article 4)) [13]. The process is to replace the
encourage collecting more and more data and to save it for main characteristic of an individual with randomly generated
longer periods of time for the purpose of detailed analysis, indicators. The information regarding identification must be
mining and predictions [148], as discussed in Section V. stored separately [153]. Even if pseudonymisation technique
Article 25 further enhances the ideas presented in Article is applied, it is possible to re-identify individuals by combin-
5 by defining privacy by design i.e. “The controller must ing different data sets [154]. Re-identification pulls down the
implement appropriate technical and organizational measures illusion of privacy policies, which are promised by technol-
for ensuring that, by default, only personal data which are ogists. Lawmakers should re-evaluate law and consider the
necessary for each specific purpose of the processing are weakness of pseudonymisation [155].
processed”. Although, this Article enhances protection of Other than the regulations described above, one of the
personal data by demanding privacy by design form the most controversial regulation is the “Right to be Forgotten”
controllers but it is difficult to implement because of its (Article 17). This article imposes an obligation of erasure of
broader definition and due to the requirement of additional one’s personal data on the controllers. It gives the right to
implementation cost and resources. Furthermore, privacy by the users to erase their data any time from all the available
design can show rigid behavior with time (like the other places from where they want as per their request. According
embedded technical solutions) because of not updating its to concept of healthcare data where decision support and
measures frequently [149]. predictive systems are being made by archiving the patients’
It has already been described in this study (refer Section personal data (consider case of public health surveillance or
VI) that the healthcare data is one of the most vulnerable clinical research, refer Section V), this article creates huge
data in terms of security threats, therefore needs special controversy because logically no more backups or archives
attention for protection during processing. Article 9 of GDPR of data would be applicable by the organizations.
defines the processing of such special categories of data,
which requires additional protections in processing such as B. HEALTH INSURANCE PORTABILITY AND
genetic data, biometric data, healthcare data etc. Article 9 ACCOUNTABILITY ACT (HIPAA)
imposes additional obligations and provides more restrictive
In the year 1996 US congress made and passed HIPAA act
legal basis for processing health related sensitive data. The
to protect the patients’ confidential health information con-
recommendation of this article is to obtain explicit consent of
tained in their medical records. HIPAA act brought forth mul-
collecting and processing sensitive personal data. Although,
tiple standards for addressing the privacy and security related
explicit consent of data processing is required in processing
issues with the patients Protected Health Information (PHI)
any type of personal data (Refer article 6(1)(a) mentioned
[156]. In terms of HIPAA, PHI refers to the “Individually
above) but in case of processing healthcare data, obtaining
Identifiable Information” that is transmitted through elec-
consent is usually difficult, specially for secondary purpose,
tronic or any other media with the exception of educational
refer Section V for secondary uses of EHR data. Obtaining
or employment records [157]. The basic purpose of HIPAA
explicit consent for every secondary use is a time consuming,
was to secure healthcare information that is subjected to
costly as well as an exhausting process [150]. There has been
the health transactions. The HIPAA regulations were slowly
a great debate on obtaining specific consent in literature. The
implemented and its additional rules and regulations were
conclusive outcome of all such debates is to shift specific
released from time to time. During the period from 2002 to
consent into a broader consent of data processing that covers
2007, the following six additional regulations were released
the range of its future uses (such as secondary uses of EHR)
[158].
[151].
At present, most of the patients are not aware (or do • In October 2002, standards for electronic claims and
not want to be aware) about what happens to their data transactions were established.
once it has been taken from them and also they do not • In April 2003, guidelines for the disclosure of patient
know about the data processing procedures undertaken by health information were established.
the healthcare providers. According to Spiekermann et al. • In June 2004, National Employer Identifier Rule (NERI)
[152], if individuals knew about today’s healthcare business was established according to which the federal tax
model and how third parties use personal private data, they identification number was considered as the employer’s
would be surprised and feel betrayed. Obviously, under such national identifier.
circumstances, obtaining broad consent is not logical. • In April 2005, some technical as well as administrative
Article 32 of GDPR defines security of processing of per- protocols were established for the security and integrity
sonal data. According to it, to process and maintain security of the patient’s health information.
VOLUME 4, 2016 13
R. A . Khan et al.
•In February 2006, HIPAA enforcement rule was estab- i.e. different types of information sharing platforms like
lished to guide how the government will enforce the social media posts [168]. Therefore, it can cause personal in-
organizations to implement HIPAA regulations. formation leak [169]. In case of releasing patient information
• In May 2007, National Provider Identifier (NPI) rule from uncovered entities like online e-commerce platforms,
was established based on which a national identifier social media posts, fitness trackers data on the internet etc.
for each provider was made and the procedures for HIPAA does not provide any protection.
spreading, storing, and updating the identifier was set In short, HIPAA with HITEC and Cure regulations have
up. not advanced itself with fast growing technology. It does
In 2009, Health Information Technology for Economic not completely fulfill patients’ expectations of immediate
and Clinical Health (HITECH) Act was passed. The prime availability of their health data electronically when needed
objective of this act was to promote across the USA, imple- [170] and robustly securing personal data. Therefore, HIPAA
mentation of EHR by providing different incentive programs rules need further refinement [171] keeping in view of fast
for adoption of EHR and penalties for not implementing it pace proliferation of technology and AI assisted gadgets.
[159], [160]. Alongside the EHRs implementation, HITEC In light of above discussion, HIPAA rules need major
also expanded the existing HIPAA privacy and security reg- amendments in order to robustly protect patients personal
ulations and enhanced the monetary penalties of HIPAA and sensitive data and to make it accessible instantly where
violations [161]. and when needed. There is also a need to define and include
In 2013, HIPAA was further enhanced by adding new different non covered entities into HIPAA’s scope to extend
rules known as Omnibus rules 2013 [162]. After the Om- its protection to different information sources critically asso-
nibus rules, HIPAA’s coverage was expanded from healthcare ciated with the EHR data in the present digital era.
providers (physicians, hospitals, insurance companies etc.)
to third party administrators (pharmacy benefit managers, VIII. CONCLUSION
hospitals consultants etc.) who after the implementation of The objective of this research article is to provide overview
these rules, get punishments in case of any privacy breach of EHR and its various secondary uses, how such uses
[163]. effect individuals privacy and whether the existing impor-
In the year 2016, 21st Century Cures Act was passed tant privacy regulations i.e. GDPR and HIPPA overcome
[164], which further enhanced existing HIPAA regulations these privacy challenges. Article began with an overview
by solving several interoperability issues. The Cures Act of EHR, its data sources that contribute to making EHR.
defines specific policies to promote patient access to their Then, different standards for sharing EHR data i.e. HL7
data. Particularly, its purpose was to establish strong linkage and FHIR are discussed. Subsequently, thorough analysis of
and partnership between healthcare organizations and health various secondary uses of EHR with the aim to highlight how
information exchange organizations to ease patient access to these secondary uses affect patients’ privacy is presented. In
their information contained in EHR, in a format that is easy the last, the article critically examined GDPR and HIPAA
to understand & handle, secure while accessing, and can be regulations and highlighted possible areas of improvement in
updated automatically [165]. these regulations, considering escalating use of technology
HIPAA provides comprehensive guidelines to understand and different secondary uses of EHR.
the use of technology for the collecting, storing and trans- Presented article outlined various secondary uses of EHR
mitting PHI. It focuses on streamlining procedures for im- to give readers an idea that how effectively EHR data can
plementation of different security measures but on the other be used in different domains such as clinical research, public
hand it does not elaborate on how to practically implement health surveillance and clinical audits to provide effective,
such measures. After its legislation in 1966, HIPAA has timely and quality healthcare facilities to the patients, refer
not undergone any major iteration, therefore, its rules have Section V. In order to use EHR data for secondary purposes
been outdated and cannot provide much help in safeguarding more effectively, challenges associated with the secondary
against the vague threats of the present digital age [166]. uses of EHR have also been described to make readers
Due to this reason, alternative frameworks are being adopted well aware of the EHR data challenges when using it for
by the healthcare providers in order to give their systems secondary purposes.
full support against threats. For example, in complement In the present technological era, adoption of EHR has
to HIPAA, National Institute of Standards and Technology positively impacted healthcare services. With the help of
(NIST) provided a framework (published in 2014 and aug- seamless data sharing an individual can avail instant health-
mented in 2018) that specifically focuses the areas where care services at their location of preference. However, with
HIPAA lacks (like, helping organizations by educating and evolving technology, risks of data security and compromise
training their employees) [167]. of privacy have also been significantly increased. EHR data
Another major issue with HIPAA regulations is that its contains highly personal and sensitive information i.e. ID /
protection applies only on covered entities i.e. health care social security number, bank details, family information and
providers, clinicians, pharmacies, health care facilities and medical history. Unauthorized access to EHR information
healthcare clearinghouses but not on the non covered entities can have devastating financial and social impact on individu-
14 VOLUME 4, 2016
R. A . Khan et al.
als if such sensitive information is leaked in the public sphere. zation system. International Journal of Security and Its Applications,
In this article different ethical and privacy issues arising from 7(4):287–298, 2013.
[12] Sheila Teasdale, David Bates, Karen Kmetik, Jeff Suzewits, and Mike
EHR data leak are discussed in detail in Section VI-D. In Bainbridge. Secondary uses of clinical data in primary care. Informatics
the referred section, data security and patients’ privacy risks in primary care, 15(3), 2007.
related to the secondary uses of EHR especially when EHR [13] General Data Protection Regulation. Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016 on the
data is stored on cloud, transmitted through network and protection of natural persons with regard to the processing of personal
shared & exchanged with multiple stakeholders are critically data and on the free movement of such data, and repealing Directive
studied. 95/46, 2016.
[14] Jan Philipp Albrecht. How the GDPR will change the world. Eur. Data
There exists different privacy regulations to protect pa- Prot. L. Rev., 2, 2016.
tients privacy and data security when EHR data is used [15] Accountability Act. Health insurance portability and accountability act
for secondary purposes and transferred & exchanged with of 1996. Public law, 104:191, 1996.
[16] Bronwyn Hemsley, Shaun McCarthy, Natalie Adams, Andrew Georgiou,
multiple concerned stakeholders through different linked lo- Sophie Hill, and Susan Balandin. Legal, ethical, and rights issues in the
cations. However, there is a need to critically examine such adoption and use of the “my health record” by people with communi-
regulations to analyze them for calculating their effectiveness cation disability in australia. Journal of Intellectual & Developmental
Disability, 43(4):506–514, 2018.
in terms of safeguarding personal data as per present era [17] Shanton Chang Patrick Cheong-Iao Pang. The twitter adventure of
needs. There is also a need to highlight the challenges of #myhealthrecord: An analysis of different user groups during the opt-
such regulations to further improve their effectiveness in out period. Studies in Health Technology and Informatics, pages 142 –
148, 2019.
safeguarding personal data from the potential cyber attacks [18] Rumaisah Munir and Rizwan Ahmed Khan. An extensive review on
and to cope with the technological advancements of cyber at- spectral imaging in biometric systems: Challenges & advancements.
tacks. In this study, important privacy regulations i.e. GDPR Journal of Visual Communication and Image Representation, 65, 2019.
[19] Rizwan Ahmed Khan, Arthur Crenn, Alexandre Meyer, and Saida
and HIPPA are studied in perspective of secondary use of Bouakaz. A novel database of children’s spontaneous facial expressions
EHR, refer Section VII. Our purpose is to highlight possible (LIRIS-CSE). Image and Vision Computing, 83-84:61 – 69, 2019.
improvements areas in these regulations to make them more [20] Muhammad Shoaib Jaliaawala and Rizwan Ahmed Khan. Can autism
be catered with artificial intelligence-assisted intervention technology? a
effective in protecting privacy and data security and to make comprehensive survey. Artificial Intelligence Review, 2019.
them robust against escalating AI-assisted techniques in data [21] N Anju Latha, B Rama Murthy, and U Sunitha. Electronic health record.
analytics and cyber attacks. International Journal of Engineering, 1(10):25–27, 2012.
[22] Kristiina Häyrinen, Kaija Saranto, and Pirkko Nykänen. Definition,
structure, content, use and impacts of electronic health records: a review
REFERENCES of the research literature. International journal of medical informatics,
[1] Samaher Al-Janabi, Ibrahim Al-Shourbaji, Mohammad Shojafar, and 77(5):291–304, 2008.
Shahaboddin Shamshirband. Survey of main challenges (security and [23] Kensaku Kawamoto, Caitlin A Houlihan, E Andrew Balas, and David F
privacy) in wireless body area networks for healthcare applications. Lobach. Improving clinical practice using clinical decision support
Egyptian Informatics Journal, 18:113–122, 2017. systems: a systematic review of trials to identify features critical to
[2] Pijush Kanti Dutta Pramanik, Saurabh Pal, and Moutan Mukhopadhyay. success. British Medical Journal, 2005.
Healthcare big data: A comprehensive overview. In Intelligent Systems [24] Christian Castaneda, Kip Nalley, Ciaran Mannion, Pritish Bhattacharyya,
for Healthcare Management and Delivery, pages 72–100. IGI Global, Patrick Blake, Andrew Pecora, Andre Goy, and K Stephen Suh. Clinical
2019. decision support systems for improving diagnostic accuracy and achiev-
[3] Mohammed Maghazil. A comparative analysis of data security in ing precision medicine. Journal of clinical bioinformatics, 5, 2015.
computer-based and paper-based patient record systems from the percep- [25] Albert Boonstra and Manda Broekhuis. Barriers to the acceptance
tions of healthcare providers in major hospitals in Saudi Arabia. PhD of electronic medical records by physicians from systematic review to
thesis, The George Washington University, 2004. taxonomy and interventions. BMC health services research, 10, 2010.
[4] Ofir Ben-Assuli. Electronic health records, adoption, quality of care, legal [26] Dipak Kalra and David Ingram. Electronic health records. In Information
and privacy issues and their implementation in emergency departments. technology solutions for healthcare, pages 135–181. Springer, 2006.
Health policy, 119, 2015. [27] Robert H Dolin, Liora Alschuler, Calvin Beebe, Paul V Biron, Sandra Lee
[5] Caroline Spiranovic, Allison Matthews, Joel Scanlan, and Kenneth C Boyer, Daniel Essin, Elliot Kimber, Tom Lincoln, and John E Mattison.
Kirkby. Increasing knowledge of mental illness through secondary The HL7 clinical document architecture. Journal of the American
research of electronic health records: opportunities and challenges. Ad- Medical Informatics Association, 8(6):552–569, 2001.
vances in Mental Health, 14(1):14–25, 2016. [28] Robert H Dolin, Liora Alschuler, Sandy Boyer, Calvin Beebe, Fred M
[6] David F Lobach and Don E Detmer. Research challenges for electronic Behlen, Paul V Biron, and Amnon Shabo. HL7 clinical document
health records. American Journal of Preventive Medicine, 32, 2007. architecture, release 2. Journal of the American Medical Informatics
[7] Patrick J O’Connor, JoAnn M Sperl-Hillen, William A Rush, Paul E Association, 13(1):30–39, 2006.
Johnson, Gerald H Amundson, Stephen E Asche, Heidi L Ekstrom, and [29] Tim Benson and Grahame Grieve. HL7 version 2. In Principles of Health
Todd P Gilmer. Impact of electronic health record clinical decision Interoperability, pages 223–242. Springer, 2016.
support on diabetes care: a randomized trial. The Annals of Family [30] George W Beeler. HL7 Version 3—An object-oriented methodology for
Medicine, 9:12–21, 2011. collaborative standards development. International Journal of Medical
[8] Andriy Temko, William Marnane, Geraldine Boylan, and Gordon Light- Informatics, 48, 1998.
body. Clinical implementation of a neonatal seizure detection algorithm. [31] Thamer Al-Enazi and Samir El-Masri. HL7 engine module for healthcare
Decision Support Systems, 70, 2015. information systems. Journal of medical systems, 37, 2013.
[9] Tom Seymour, Dean Frantsvog, and Tod Graeber. Electronic health [32] Duane Bender and Kamran Sartipi. HL7 FHIR: An Agile and RESTful
records (EHR). American Journal of Health Sciences (AJHS), 3(3):201– approach to healthcare information exchange. In Proceedings of the
210, 2012. 26th IEEE international symposium on computer-based medical systems,
[10] Nir Menachemi and Taleah H Collum. Benefits and drawbacks of pages 326–331, 2013.
electronic health record systems. Risk management and healthcare [33] Meenakshi Sharma and Himanshu Aggarwal. HL7 Based Middleware
policy, 4, 2011. Standard for Healthcare Information System: FHIR. In Proceedings
[11] Jin Wang, Zhongqi Zhang, Kaijie Xu, Yue Yin, and Ping Guo. A research of 2nd International Conference on Communication, Computing and
on security and privacy issues for patient related data in medical organi- Networking, pages 889–899. Springer, 2019.
VOLUME 4, 2016 15
R. A . Khan et al.
[34] Ashish Atreja, Jean-Paul Achkar, Anil K Jain, C Martin Harris, and [53] Abhyuday N Jagannatha and Hong Yu. Structured prediction models
Bret A Lashner. Using technology to promote gastrointestinal outcomes for rnn based sequence labeling in clinical text. In Proceedings of
research: a case for electronic health records. The American journal of the conference on empirical methods in natural language processing.
gastroenterology, 2008. conference on empirical methods in natural language processing, volume
[35] Junji Lin, Tianze Jiao, Joseph E Biskupiak, and Carrie McAdam-Marx. 2016, page 856. NIH Public Access, 2016.
Application of electronic medical record data for health outcomes re- [54] Jose Roberto Ayala Solares, Francesca Elisa Diletta Raimondi, Yajie
search: a review of recent literature. Expert review of pharmacoeco- Zhu, Fatemeh Rahimian, Dexter Canoy, Jenny Tran, Ana Catarina Pinho
nomics & outcomes research, 13(2):191–200, 2013. Gomes, Amir H Payberah, Mariagrazia Zottoli, Milad Nazarzadeh, et al.
[36] Katherine P Liao, Tianxi Cai, Guergana K Savova, Shawn N Murphy, Deep learning for electronic health records: A comparative review of
Elizabeth W Karlson, Ashwin N Ananthakrishnan, Vivian S Gainer, multiple deep neural architectures. Journal of Biomedical Informatics,
Stanley Y Shaw, Zongqi Xia, Peter Szolovits, et al. Development of 101:103337, 2020.
phenotype algorithms using electronic medical records and incorporating [55] Vikas Yadav and Steven Bethard. A survey on recent advances in
natural language processing. BMJ, 350, 2015. named entity recognition from deep learning models. arXiv preprint
[37] Kory Kreimeyer, Matthew Foster, Abhishek Pandey, Nina Arya, Gwen- arXiv:1910.11470, 2019.
dolyn Halford, Sandra F Jones, Richard Forshee, Mark Walderhaug, and [56] Stefano Silvestri, Angelo Esposito, Francesco Gargiulo, Mario Sicuranza,
Taxiarchis Botsis. Natural language processing systems for capturing Mario Ciampi, and Giuseppe De Pietro. A big data architecture for the
and standardizing unstructured clinical information: a systematic review. extraction and analysis of ehr data. In 2019 IEEE World Congress on
Journal of biomedical informatics, 73:14–29, 2017. Services (SERVICES), volume 2642, pages 283–288. IEEE, 2019.
[38] Feifan Liu, Chunhua Weng, and Hong Yu. Advancing clinical research [57] Pascal Coorevits, Mats Sundgren, Gunnar O Klein, Anne Bahr, Brecht
through natural language processing on electronic health records: tra- Claerhout, Christel Daniel, Martin Dugas, Danielle Dupont, Andreas
ditional machine learning meets deep learning. In Clinical Research Schmidt, Peter Singleton, et al. Electronic health records: new opportuni-
Informatics, pages 357–378. Springer, 2019. ties for clinical research. Journal of internal medicine, 274(6):547–560,
[39] Dimitri Palaz, Mathew Magimai-Doss, and Ronan Collobert. End-to-end 2013.
acoustic modeling using convolutional neural networks for hmm-based [58] Sultan Mahmood, Khaled Hasan, Michelle Colder Carras, and Alain
automatic speech recognition. Speech Communication, 108:15–32, 2019. Labrique. Global preparedness against covid-19: We must leverage
[40] Azhagiri Mahendiran and Rajesh Appusamy. An intrusion detection the power of digital health. JMIR Public Health and Surveillance,
system for network security situational awareness using conditional ran- 6(2):e18980, 2020.
dom fields. International Journal of Intelligent Engineering and Systems, [59] Yawen Xiao, Jun Wu, Zongli Lin, and Xiaodong Zhao. A deep learning-
11(3):196–204, 2018. based multi-model ensemble method for cancer prediction. Computer
[41] Avishek Choudhury and Christopher Greene. Prognosticating autism methods and programs in biomedicine, 153:1–9, 2018.
spectrum disorder using artificial neural network: Levenberg-marquardt [60] Cassandra Willyard. The drug-resistant bacteria that pose the greatest
algorithm. Archives of Clinical and Biomedical Research, 2(2018):188– health threats. Nature News, 543(7643), 2017.
197, 2018. [61] Ian H Spicknall, Katharine J Looker, Sami L Gottlieb, Harrell W Ches-
[42] Benjamin Shickel, Patrick James Tighe, Azra Bihorac, and Parisa son, Joshua T Schiffer, Jocelyn Elmes, and Marie-Claude Boily. Review
Rashidi. Deep ehr: a survey of recent advances in deep learning of mathematical models of hsv-2 vaccination: Implications for vaccine
techniques for electronic health record (ehr) analysis. IEEE journal of development. Vaccine, 2018.
biomedical and health informatics, 22(5):1589–1604, 2017. [62] World Health Organization. Global status report on alcohol and health
[43] Pranjul Yadav, Michael Steinbach, Vipin Kumar, and Gyorgy Simon. 2018. World Health Organization, 2019.
Mining electronic health records (ehrs) a survey. ACM Computing [63] World Health Organization et al. Global hepatitis report 2017. World
Surveys (CSUR), 50(6):1–40, 2018. Health Organization, 2017.
[44] Oleg Sofrygin, Zheng Zhu, Julie A Schmittdiel, Alyce S Adams, [64] Steven M Teutsch and R Elliott Churchill. Principles and practice of
Richard W Grant, Mark J van der Laan, and Romain Neugebauer. Tar- public health surveillance. Oxford University Press, USA, 2000.
geted learning with daily ehr data. Statistics in medicine, 38(16):3073– [65] Shahbaz Ahmad, Muhammad Asif, Ramzan Talib, Muhammad Adeel,
3090, 2019. Muhammad Yasir, and Muhammad H Chaudary. Surveillance of intensity
[45] Venet Osmani, Li Li, Matteo Danieletto, Benjamin Glicksberg, Joel level and geographical spreading of dengue outbreak among males and
Dudley, and Oscar Mayora. Processing of electronic health records using females in punjab, pakistan: A case study of 2011. Journal of infection
deep learning: a review. arXiv preprint arXiv:1804.01758, 2018. and public health, 11:472–485, 2018.
[46] Cao Xiao, Edward Choi, and Jimeng Sun. Opportunities and challenges [66] Amy M Schwartz, Alison F Hinckley, Paul S Mead, Sarah A Hook, and
in developing deep learning models using electronic health records data: Kiersten J Kugeler. Surveillance for lyme disease—united states, 2008–
a systematic review. Journal of the American Medical Informatics 2015. MMWR Surveillance Summaries, 66(22), 2017.
Association, 25(10):1419–1428, 2018. [67] Kimberly E Mace, Paul M Arguin, and Kathrine R Tan. Malaria
[47] Andre Esteva, Alexandre Robicquet, Bharath Ramsundar, Volodymyr surveillance—United States, 2015. MMWR Surveillance Summaries, 67,
Kuleshov, Mark DePristo, Katherine Chou, Claire Cui, Greg Corrado, 2018.
Sebastian Thrun, and Jeff Dean. A guide to deep learning in healthcare. [68] Erum Khan, Jaweriah Siddiqui, Sadia Shakoor, Vikram Mehraj, Bushra
Nature medicine, 25(1):24–29, 2019. Jamil, and Rumina Hasan. Dengue outbreak in karachi, pakistan, 2006:
[48] Riccardo Miotto, Li Li, and Joel T Dudley. Deep learning to predict experience at a tertiary care center. Transactions of the Royal Society of
patient future diseases from the electronic health records. In European Tropical Medicine and Hygiene, 101(11):1114–1119, 2007.
Conference on Information Retrieval, pages 768–774. Springer, 2016. [69] Anupkumar R Anvikar, Naman Shah, Akshay C Dhariwal, Gagan Singh
[49] Nilmini Wickramasinghe. Deepr: a convolutional net for medical records. Sonal, Madan Mohan Pradhan, Susanta K Ghosh, and Neena Valecha.
2017. Epidemiology of plasmodium vivax malaria in india. The American
[50] Edward Choi, Mohammad Taha Bahadori, Elizabeth Searles, Catherine journal of tropical medicine and hygiene, 95:108–120, 2016.
Coffey, Michael Thompson, James Bost, Javier Tejedor-Sojo, and Jimeng [70] Bela Shah and Prashant Mathur. Surveillance of cardiovascular disease
Sun. Multi-layer representation learning for medical concepts. In risk factors in india: the need & scope. The Indian journal of medical
Proceedings of the 22nd ACM SIGKDD International Conference on research, 132(5), 2010.
Knowledge Discovery and Data Mining, pages 1495–1504, 2016. [71] Hadi Siswoyo, Meda Permana, Ria P Larasati, Jeffryman Farid, Asep
[51] Edward Choi, Mohammad Taha Bahadori, Andy Schuetz, Walter F Stew- Suryadi, and Endang R Sedyaningsih. EWORS: using a syndromic-based
art, and Jimeng Sun. Doctor ai: Predicting clinical events via recurrent surveillance tool for disease outbreak detection in Indonesia. In BMC
neural networks. In Machine Learning for Healthcare Conference, pages proceedings, volume 2, 2008.
301–318, 2016. [72] Meander E Sips, Marc JM Bonten, and Maaike SM van Mourik. Au-
[52] Abhyuday N Jagannatha and Hong Yu. Bidirectional rnn for medical tomated surveillance of healthcare-associated infections: state of the art.
event detection in electronic health records. In Proceedings of the Current opinion in infectious diseases, 30(4):425–431, 2017.
conference. Association for Computational Linguistics. North American [73] Ashish Atreja, Steven M Gordon, Daniel A Pollock, Russell N Olmsted,
Chapter. Meeting, volume 2016, page 473. NIH Public Access, 2016. and Patrick J Brennan. Opportunities and challenges in utilizing elec-
16 VOLUME 4, 2016
R. A . Khan et al.
tronic health records for infection surveillance, prevention, and control. [95] Mohiuddin Ahmed and Abu SSM Barkat Ullah. False data injection
American journal of infection control, 36, 2008. attacks in healthcare. In Australasian Conference on Data Mining, pages
[74] James W Keck, John T Redd, James E Cheek, Larry J Layne, Amy V 192–202. Springer, 2017.
Groom, Sassa Kitka, Michael G Bruce, Anil Suryaprasad, Nancy L [96] Mayra Rosario Fuentes. Cybercrime and other threats faced by the
Amerson, Theresa Cullen, et al. Influenza surveillance using electronic healthcare industry. Trend Micro, 2017.
health records in the american indian and alaska native population. [97] Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest. Hype and
Journal of the American Medical Informatics Association, 21(1):132– heavy tails: A closer look at data breaches. Journal of Cybersecurity,
138, 2013. 2(1):3–14, 2016.
[75] Guthrie S Birkhead, Michael Klompas, and Nirav R Shah. Uses of [98] Hamza Sharif and Rizwan Ahmed Khan. A novel machine learning based
electronic health records for public health surveillance to advance public framework for detection of Autism Spectrum Disorder (ASD). Arxiv:
health. Annual review of public health, 36:345–359, 2015. 2019.
[76] Wilson Odero, Joseph Rotich, Constantin T Yiannoutsos, Tom Ouna, and [99] Jay N Giedd. Structural magnetic resonance imaging of the adolescent
William M Tierney. Innovative approaches to application of information brain. Annals of the New York Academy of Sciences, 1021:77–85, 2004.
technology in disease surveillance and prevention in western kenya. [100] Heidi Julien and Ina Fourie. Reflections of affect in studies of information
Journal of biomedical informatics, 40(4):390–397, 2007. behavior in HIV/AIDS contexts: An exploratory quantitative content
[77] Sher Ali Abdualah, Muhammad Salman, Misbahud Din, Kachkol Khan, analysis. Library and Information Science Research, 37(1):3 – 9, 2015.
Munib Ahamd, Faisal Hayat Khan, and Muhammad Arif. Dengue [101] L Bellak. The schizophrenic syndrome and attention deficit disorder.
outbreaks in Khyber Pakhtunkhwa (KPK), Pakistan in 2017: an integrated Thesis, antithesis, and synthesis? The American psychologist, 49:25–29,
disease surveillance and response system (IDSRS)-based report. Polish 1994.
journal of microbiology, 68:115–119, 2019. [102] Anthony W Bateman, John Gunderson, and Roger Mulder. Treatment of
[78] Philip C Onyebujoh, Ajay K Thirumala, and Jean-Bosco Ndihokubwayo. personality disorder. The Lancet, pages 735 – 743, 2015.
Integrating laboratory networks, surveillance systems and public health [103] Jay G Ronquillo, J Erik Winterholler, Kamil Cwikla, Raphael Szymanski,
institutes in africa. African journal of laboratory medicine, 5(3):1–4, and Christopher Levy. Health IT, hacking, and cybersecurity: national
2016. trends in data breaches of protected health information. JAMIA Open,
[79] Aditya Kapoor, Santanu Guha, Mrinal Kanti Das, Kewal C Goswami, and pages 15–19, 2018.
Rakesh Yadav. Digital healthcare: The only solution for better healthcare [104] Marci Meingast, Tanya Roosta, and Shankar Sastry. Security and privacy
during covid-19 pandemic? Indian Heart Journal, 2020. issues with health care information technology. In 2006 International
[80] J Jeffery Reeves, Hannah M Hollandsworth, Francesca J Torriani, Randy Conference of the IEEE Engineering in Medicine and Biology Society,
Taplitz, Shira Abeles, Ming Tai-Seale, Marlene Millen, Brian J Clay, and pages 5453–5458, 2006.
Christopher A Longhurst. Rapid response to covid-19: health informatics [105] Dimiter V Dimitrov. Medical internet of things and big data in healthcare.
support for outbreak management in an academic health system. Journal Healthcare informatics research, 22(3):156–163, 2016.
of the American Medical Informatics Association, 27(6):853–859, 2020. [106] Ronald S. Weinstein, Ana Maria Lopez, Bellal A. Joseph, Kristine A.
[81] Bragazzi NL, Dai H, Damiani G, Behzadifar M, Martini M, and Wu J. Erps, Michael Holcomb, Gail P. Barker, and Elizabeth A. Krupinski.
How big data and artificial intelligence can help better manage the Telemedicine, Telehealth, and Mobile Health Applications That Work:
COVID-19 pandemic. International Journal of Environmental Research Opportunities and Barriers. The American Journal of Medicine, 127:183
and Public Health, 17, 2020. – 187, 2014.
[82] Claire N Shappell and Chanu Rhee. Leveraging electronic health record [107] Ilsun You, Kim-Kwang Raymond Choo, Chi-Lun Ho, et al. A
data to improve sepsis surveillance, 2020. smartphone-based wearable sensors for monitoring real-time physiologi-
[83] Robin Burgess and John Moorhead. New principles of best practice in cal data. Computers & Electrical Engineering, 65:376–392, 2018.
clinical audit. Radcliffe Publishing, 2011. [108] Chloe De Grood, Aida Raissi, Yoojin Kwon, and Maria Jose Santana.
Adoption of e-health technology by physicians: a scoping review. Journal
[84] Pasquale Esposito and Antonio Dal Canton. Clinical audit, a valuable
of multidisciplinary healthcare, 9:335, 2016.
tool to improve quality of care: General methodology and applications in
nephrology. World journal of nephrology, 3, 2014. [109] LB Minor. Harnessing the power of data in health. Stanford Med. Heal.
Trends Rep., 2017.
[85] K Bruce Bayley, Tom Belnap, Lucy Savitz, Andrew L Masica, Nilay
[110] Christian Esposito, Alfredo De Santis, Genny Tortora, Henry Chang,
Shah, and Neil S Fleming. Challenges in using electronic health record
and Kim-Kwang Raymond Choo. Blockchain: A panacea for healthcare
data for cer: experience of 4 learning organizations and solutions applied.
cloud-based data security and privacy? IEEE Cloud Computing, 5(1):31–
Medical care, 51, 2013.
37, 2018.
[86] Johan van der Lei. Use and abuse of computer-stored medical records.
[111] Shekha Chenthara, Khandakar Ahmed, Hua Wang, and Frank Whittaker.
Methods of information in medicine, 30(02):79–80, 1991.
Security and privacy-preserving challenges of e-health solutions in cloud
[87] William R Hogan and Michael M Wagner. Accuracy of data in computer- computing. IEEE access, 7:74361–74382, 2019.
based patient records. Journal of the American Medical Informatics
[112] Assad Abbas and Samee U Khan. A review on the state-of-the-art
Association, 4:342–355, 1997.
privacy-preserving approaches in the e-health clouds. IEEE Journal of
[88] Fabienne C Bourgeois, Karen L Olson, and Kenneth D Mandl. Patients Biomedical and Health Informatics, 18(4):1431–1441, 2014.
treated at multiple acute health care facilities: quantifying information [113] Rui Zhang and Ling Liu. Security models and requirements for health-
fragmentation. Archives of internal medicine, 170(22):1989–1995, 2010. care application clouds. In 2010 IEEE 3rd International Conference on
[89] Taxiarchis Botsis, Gunnar Hartvigsen, Fei Chen, and Chunhua Weng. cloud Computing, pages 268–275. IEEE, 2010.
Secondary use of EHR: data quality issues and informatics opportunities. [114] Anjum Nazir and Rizwan Ahmed Khan. Combinatorial optimization
Summit on Translational Bioinformatics, 2010, 2010. based feature selection method: A study on network intrusion detection.
[90] Abel N Kho, Luke V Rasmussen, John J Connolly, Peggy L Peissig, Arxiv:2019.
Justin Starren, Hakon Hakonarson, and M Geoffrey Hayes. Practical [115] Pasupathy Vimalachandran, Hua Wang, Yanchun Zhang, Guangping
challenges in integrating genomic data into the electronic health record. Zhuo, and Hongbo Kuang. Cryptographic access control in electronic
Genetics in Medicine, 15(10), 2013. health record systems: a security implication. In International Conference
[91] Naren Ramakrishnan, David Hanauer, and Benjamin Keller. Mining on Web Information Systems Engineering, pages 540–549. Springer,
electronic health records. Computer, 43(10):77–81, 2010. 2017.
[92] Gabriel Weimann. Going Dark: Terrorism on the Dark Web. Studies in [116] Uthpala Premarathne, Alsharif Abuadbba, Abdulatif Alabdulatif, Ibrahim
Conflict & Terrorism, 39(3):195–206, 2016. Khalil, Zahir Tari, Albert Zomaya, and Rajkumar Buyya. Hybrid
[93] Clemens Scott Kruse, Benjamin Frederick, Taylor Jacobson, and D Kyle cryptographic access control for cloud-based ehr systems. IEEE Cloud
Monticone. Cybersecurity in healthcare: A systematic review of modern Computing, 3(4):58–64, 2016.
threats and trends. Technology and Health Care, 25(1):1–10, 2017. [117] Shekha Chenthara, Hua Wang, and Khandakar Ahmed. Security and
[94] Jessica Davis. 3 phishing hacks breach 20,000 Catawba Valley pa- privacy in big data environment. 2018.
tient records. https://www.healthcareitnews.com/news/3-phishing-hacks- [118] Cheng Guo, Ruhan Zhuang, Yingmo Jie, Yizhi Ren, Ting Wu, and
breach-20000-catawba-valley-patient-records, October 2018. Kim-Kwang Raymond Choo. Fine-grained database field search using
VOLUME 4, 2016 17
R. A . Khan et al.
attribute-based encryption for e-healthcare clouds. Journal of medical [142] Nils Gruschka, Vasileios Mavroeidis, Kamer Vishi, and Meiko Jensen.
systems, 40(11):235, 2016. Privacy Issues and Data Protection in Big Data: A Case Study Analysis
[119] Kun Liu. Secure electronic health record system based on online/offline under GDPR. In 2018 IEEE International Conference on Big Data (Big
kp-abe in the cloud. In IoTBDS, pages 110–116, 2017. Data), pages 5027–5033. IEEE, 2018.
[120] Hui Cui, Robert H Deng, Guowei Wu, and Junzuo Lai. An efficient and [143] Colin Tankard. What the GDPR means for businesses. Network Security,
expressive ciphertext-policy attribute-based encryption scheme with par- 2016(6):5–8, 2016.
tially hidden access structures. In International Conference on Provable [144] Directive1995. Directive 95/46/EC on the protection of individuals with
Security, pages 19–38. Springer, 2016. regard to the processing of personal data and on the free movement of
[121] William J Gordon and Christian Catalini. Blockchain technology for such data, 1995.
healthcare: facilitating the transition to patient-driven interoperability. [145] Christina Tikkinen-Piri, Anna Rohunen, and Jouni Markkula. EU
Computational and structural biotechnology journal, 16:224–230, 2018. General Data Protection Regulation: Changes and implications for per-
[122] Lanxiang Chen, Wai-Kong Lee, Chin-Chen Chang, Kim-Kwang Ray- sonal data collecting companies. Computer Law & Security Review,
mond Choo, and Nan Zhang. Blockchain based searchable encryption for 34(1):134–153, 2018.
electronic health record sharing. Future Generation Computer Systems, [146] Michelle Goddard. The EU General Data Protection Regulation (GDPR):
95:420–429, 2019. European regulation that has a global impact. International Journal of
[123] C Eben Exceline and Jasmine Norman. Existing enabling technologies Market Research, 59(6):703–705, 2017.
and solutions to maintain privacy and security in healthcare records. [147] Mark J Taylor and Megan Prictor. Insight or intrusion? correlating
Security and Privacy of Electronic Healthcare Records: Concepts, routinely collected employee data with health risk. Social Sciences, 8,
Paradigms and Solutions, page 155, 2019. 2019.
[124] M. Meingast, T. Roosta, and S. Sastry. Security and privacy issues [148] Omer Tene and Jules Polonetsky. Big data for all: Privacy and user
with health care information technology. In 2006 IEEE Engineering in control in the age of analytics. Nw. J. Tech. & Intell. Prop., 11, 2012.
Medicine and Biology Society, pages 5453–5458, 2006. [149] Giorgia Bincoletto. A data protection by design model for privacy
[125] Committee on Regional Health Data Network Institute of Medicine. management in electronic health records. In Annual Privacy Forum,
Health Data in the Information Age: Use, Disclosure, and Privacy. 2019.
National Academies Press, 1994. [150] Menno Mostert, Annelien L Bredenoord, Monique CIH Biesaart, and
[126] Mehmet Kayaalp. Patient Privacy in the Era of Big Data. Balkan medical Johannes JM van Delden. Big Data in medical research and EU
journal, 35:8–17, 2018. data protection law: challenges to the consent or anonymise approach.
[127] L. Jean Camp and M. Eric Johnson. The Economics of Financial and European Journal of Human Genetics, 24, 2016.
Medical Identity Theft. Springer, 2012. [151] Christopher A Harle, Elizabeth H Golembiewski, Kiarash P Rahmanian,
[128] National Research Council. Networking Health: Prescriptions for the Babette Brumback, Janice L Krieger, Kenneth W Goodman, Arch G
Internet. The National Academies Press, Washington, DC, 2000. Mainous III, and Ray E Moseley. Does an interactive trust-enhanced
[129] SNS. Hiv positive couple face social boycott. electronic consent improve patient experiences when asked to share their
https://www.thestatesman.com/world/hiv-positive-couple-face-social- health records for research? a randomized trial. Journal of the American
boycott-83187.html, 2015. Medical Informatics Association, 26(7):620–629, 2019.
[130] Patrick W. Corrigan, Amy C. Watson, Peter Byrne, and Kristin E. Davis. [152] Sarah Spiekermann, Alessandro Acquisti, Rainer Böhme, and Kai-Lung
Mental illness stigma: Problem of public health or social justice? Social Hui. The challenges of personal data markets and privacy. Electronic
Work, 2005. markets, 25(2):161–167, 2015.
[131] David J Knutson. The Future of Disability in America, chapter Risk
[153] Paul Voigt and Axel von dem Bussche. Scope of Application of the
Adjustment of Insurance Premiums in the United States and Implication
GDPR. In The EU General Data Protection Regulation (GDPR), pages
for People with Disabilities. The National Academies Press, 2007, 2007.
9–30. Springer, 2017.
[132] Assad Abbas, Kashif Bilal, Limin Zhang, and Samee U. Khan. A cloud
[154] Tal Z Zarsky. Incompatible: The GDPR in the age of big data. Seton Hall
based health insurance plan recommendation system: A user centered
L. Rev., 47, 2016.
approach. Future Generation Computer Systems, 43-44:99 – 109, 2015.
[155] Paul Ohm. Broken promises of privacy: Responding to the surprising
[133] Gesine Richter, Christoph Borzikowsky, Wolfgang Lieb, Stefan
failure of anonymization. UCLA l. Rev., 57, 2009.
Schreiber, Michael Krawczak, and Alena Buyx. Patient views on research
use of clinical data without consent: Legal, but also acceptable? European [156] Anne Marie Wheeler and Burt Bertram. The counselor and the law: A
Journal of Human Genetics, jan 2019. guide to legal and ethical practice. John Wiley & Sons, 2019.
[134] David I. Shalowitz and Franklin G. Miller. Disclosing Individual Results [157] Tyler Wilkinson and Rob Reinhardt. Technology in Counselor Education:
of Clinical ResearchImplications of Respect for Participants. The Journal HIPAA and HITECH as Best Practice. Professional Counselor, 5(3):407–
of the American Medical Association (JAMA), 294(6):737–740, 2005. 418, 2015.
[135] Jasper A. Bovenberg and Mara Almeida. Patients v. Myriad or the GDPR [158] Joan M Kiel, Frances A Ciamacco, and Bradley T Steines. Privacy
Access Right v. the EU Database Right. European Journal of Human and data security: HIPAA and HITECH. In Healthcare information
Genetics, 27(2):211–215, 2019. management systems, pages 437–449. Springer, 2016.
[136] Batami Sadan. Patient data confidentiality and patient rights. Interna- [159] Niam Yaraghi and Ram D Gopal. The role of hipaa omnibus rules
tional Journal of Medical Informatics, 62:41 – 49, 2001. in reducing the frequency of medical data breaches: Insights from an
[137] District of Columbia U.S. Attorney’s Office. Former howard university empirical study. The Milbank Quarterly, 96(1):144–166, 2018.
hospital employee pleads guilty to selling personal information [160] Jessica Pipersburgh. The push to increase the use of EHR technology
about patients. https://archives.fbi.gov/archives/washingtondc/press- by hospitals and physicians in the United States through the HITECH
releases/2012/former-howard-university-hospital-employee-pleads- Act and the Medicare incentive program. Journal of health care finance,
guilty-to-selling-personal-information-about-patients, 2012. 38:54–78, 2011.
[138] Fouzia F Ozair, Nayer Jamshed, Amit Sharma, and Praveen Aggarwal. [161] Wilnellys Moore and Sarah A Frye. A Review of the HIPAA, Part
Ethical issues in electronic health records: A general overview. Perspec- 1: History, PHI, and Privacy and Security Rules. Journal of nuclear
tives in clinical research, 6(2), 2015. medicine technology, 2019.
[139] Health Insurance Portability and Accountability Act of 1996 (HIPAA). [162] Niam Yaraghi and Ram D Gopal. The role of hipaa omnibus rules
Pub. L. No. 104-191, 110 Stat. 1936, 1996. in reducing the frequency of medical data breaches: Insights from an
[140] Eugenia Politou, Alexandra Michota, Efthimios Alepis, Matthias Pocs, empirical study. The Milbank Quarterly, 96(1):144–166, 2018.
and Constantinos Patsakis. Backups and the right to be forgotten in [163] C Jason Wang and Delphine J Huang. The hipaa conundrum in the era of
the GDPR: An uneasy relationship. Computer Law & Security Review, mobile health and communications. JAMA, 310(11):1121–1122, 2013.
34:1247–1257, 2018. [164] Aaron S Kesselheim and Jerry Avorn. New “21st century cures” legisla-
[141] Sean Sirur, Jason RC Nurse, and Helena Webb. Are we there yet?: tion: speed and ease vs science. Jama, 317(6):581–582, 2017.
Understanding the challenges faced in complying with the general data [165] Carolyn T Lye, Howard P Forman, Jodi G Daniel, and Harlan M
protection regulation (GDPR). In Proceedings of the 2nd International Krumholz. The 21st century cures act and electronic health records one
Workshop on Multimedia Privacy and Security, pages 88–95. ACM, year later: will patients see the benefits? Journal of the American Medical
2018. Informatics Association, 25(9):1218–1220, 2018.
18 VOLUME 4, 2016
R. A . Khan et al.
[166] Derek Mohammed. Us healthcare industry: Cybersecurity regulatory

and compliance issues. Journal of Research in Business, Economics and
Management, 9(5):1771–1776, 2017.
[167] Samara M Ahmed and Adil Rajput. Threats to patients’ privacy in smart
healthcare environment. In Innovation in Health Informatics, pages 375–
393. Elsevier, 2020.
[168] I Glenn Cohen and Michelle M Mello. HIPAA and protecting health
information in the 21st Century. Jama, 320(3):231–232, 2018.
[169] Wilnellys Moore and Sarah Frye. Review of hipaa, part 2: limitations,
rights, violations, and role for the imaging technologist. Journal of
Nuclear Medicine Technology, 48(1):17–23, 2020.
[170] Bryan S Lee, Jan Walker, Tom Delbanco, and Joann G Elmore. Trans-
parent electronic health records and lagging laws. Annals of internal
medicine, 165(3):219–220, 2016.
[171] S Trent Rosenbloom, Jeffery RL Smith, Rita Bowen, Janelle Burns,
Lauren Riplinger, and Thomas H Payne. Updating hipaa for the electronic
medical record era. Journal of the American Medical Informatics
Association, 26(10):1115–1119, 2019.
DR. SHAHID MUNIR SHAH has received his

PhD in Information technology (IT) from Univer-
sity of Sindh, Jamshoro. Before PhD. He has done
MS telecom and MSc. Electronics. He has vast
teaching experience in mathematical and applied
sciences background in national and international
organizations of repute. Currently he is working as
an Assistant Professor at Barrett Hodgson Univer-
sity, Karachi, Pakistan. His research interests in-
clude machine learning, signal processing, natural
language processing and pattern recognition.
DR. RIZWAN AHMED KHAN has received

PhD in Computer Vision from Université Claude
Bernard Lyon 1, France in 2013. He has worked
as postdoctoral research associate at Labora-
toire d’InfoRmatique en Image et Systemes
d’information (LIRIS), Lyon, France. Currently
he is working as Professor at Barrett Hodgson
University, Karachi, Pakistan. His research inter-
ests include machine learning, computer vision,
image processing, pattern recognition and human
perception.
VOLUME 4, 2016 19

Secondary Use of Electronic Health Record

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Secondary Use of Electronic Health Record

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Secondary Use of Electronic Health

I. INTRODUCTION procedure is adopted by the medical practitioners because of

making by providing automated analysis of data [8].

FIGURE 2. Conceptual overview of EHR system.

streamline information exchange mechanisms / procedures,

FIGURE 4. Unstructured and structured data elements of EHR.

TABLE 2. Different information sources available in EHR that can help in

Data Sources Explanation Possible areas of Clinical

time is saved for the actual intervention. On the other hand

2) Privacy challenges her data was lost [128], [133].

[166] Derek Mohammed. Us healthcare industry: Cybersecurity regulatory

DR. SHAHID MUNIR SHAH has received his

DR. RIZWAN AHMED KHAN has received

You might also like