Information Security Requirements for Implementing Electronic Health Records in Iran

Document Type : Research Paper



Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information security requirements in electronic health records and Importance and priority of each of them in this project deals with Iran.

Methodology: this research is a descriptive-survey in nature and was conducted on December 2009 to December 2010.  Its statistical population was comprised of experts and professionals of health industry of the country who had work record in Health Electronic, from among them 83 people were selected to answer to questionnaires. One-way test was used to analyze data. After their effect was proven using variance analysis and Shefe test, their priority was evaluated through SPSS16.

Findings: Information safety criteria in Health Electronic Records fell into four categories.  Security variables with average of 4.10 and access control 3.26 have highest and lowest importance, respectively, from experts’ point of view. Personnel security 3.96, management of activity continuation when facing loss 3.99 and physical and environmental security (4.52) stand in third and fourth ranks. Communication management and exploitation (3.71) takes jointly second and third ranks. System support and development (3.58) took the second rank. 

Conclusion: All criteria of organizational security that include  , personnel security, physical security, communication and exploitation management, access control, support and expansion  system; and compliance with law are effective on implementation of EHR (Electronic Health Care) in the country. Public trust toward the privacy of their medical records in EHR can be increased through observing privacy of people’s information, ability to monitor and prosecute any offense, observance of moral and legal standards and providing a system that can identify attack on EHR.