Implementing security and access control mechanisms for an electronic healthcare record.

Personal Electronic Health Records (EHR) have recently been published as one means to support patient empowerment and patient control over their personal health record. The functionality of such an EHR may vary from a simple web-based interface for interactive data entry and data review up to a much more powerful system additionally supporting electronic data/document communication between clinical information systems of primary care practitioners or hospitals and even reminder based support for the empowered citizen, to actively take care of his health, based on relevant disease management programs. Since storage and communication of data in an EHR comprises sensible personal health data, each of those functions need specific security and access management requirements to be considered and implemented. In this article the most critical requirements for these aspects will be classified and respective mechanisms to provide secure data storage and communication as well as flexible access management functions will be presented.