The Australian PCEHR system: Ensuring Privacy and Security through an Improved Access Control Mechanism

TL;DR

This paper addresses privacy concerns in Australia's PCEHR system by proposing an improved access control model to prevent unauthorized access and enhance system adoption.

Contribution

It introduces a novel access control mechanism specifically designed for the PCEHR system to improve security and user trust.

Findings

The proposed model effectively reduces unauthorized access incidents.

Implementation of the model increases user confidence in the system.

The approach is adaptable to other electronic health record systems.

Abstract

An Electronic Health Record (EHR) is designed to store diverse data accurately from a range of health care providers and to capture the status of a patient by a range of health care providers across time. Realising the numerous benefits of the system, EHR adoption is growing globally and many countries invest heavily in electronic health systems. In Australia, the Government invested $467 million to build key components of the Personally Controlled Electronic Health Record (PCEHR) system in July 2012. However, in the last three years, the uptake from individuals and health care providers has not been satisfactory. Unauthorised access of the PCEHR was one of the major barriers. We propose an improved access control model for the PCEHR system to resolve the unauthorised access issue. We discuss the unauthorised access issue with real examples and present a potential solution to overcome the issue to make the PCEHR system a success in Australia.