The electronic health record / Ehr describes all digital information technologies used in patient care. It is an electronic database that provides all the patient’s health information, including personal data. Electronic health records contain fewer errors and are characterized by high security with better time management and lower costs. As a result, it offers faster and more precise access to medical information. Table 1 compares the electronic health record with the records used manually.

Comparison of electronic health records with the records manually ehr


According to ISA (International Standards Association), the EHR must contain information about care in a computer-readable form. Multiple users can securely access it. All the users have access to their medical records, except visitors who have not been granted permission. The longer-term goal is to assist with continued, qualitative, and practical health care. A patient may get care from several hospitals during his lifetime, so each of those facilities should be allowed to use his previous data without restriction.

When EHR systems are interoperable, they can help. When using an integrated EHR system, various research facilities and hospitals can share patient diagnosis data and results. For instance, reducing the number of physical tests done would save both time and money in the medical field. It may even potentially benefit more medical workers to have an integrated EHR. Vital information like adverse drug reactions can help the physician and patients alike. Providing detailed genetic information to the patients can improve disease prevention, detection, treatment, and diagnosis. While business information technology has managed to catch up to a great extent, there is still a considerable lag in implementing electronic health care in the sector.

The discovery of this reality and the continual growth in the healthcare sector have dramatically increased the demand for electronic health records systems to satisfy this need. However, the policies governing the medical field can make this difficult. The patient’s medical records are private. The most critical feature in an information system is the ability to keep personal information private. A large number of medical records legislation is aimed at protecting their privacy.

Since it is impossible to design an EHR system without considering all policies and difficulties, therefore EHR is not to be neglected in the design process. It is necessary to use a secure, dependable, and transparent system. with the encouragement of each country’s medical department and business organization, a great number of organizations and companies are now showing significant enthusiasm for EHR implementation.

Interoperability is possible to evaluate on three distinct levels: protocol, the system’s behavior to the end-user, and the outcome. HL7 (Health Level Seven) defines interoperability as Technical, Semantic, and Process. From the technical point of view, the primary concerns are related to health data transfer and security. In the process of transmitting the data, both send and receive are done in a standardized manner.

The semantic part is an integration based on both parties’ relevance and take on the information sent back and forth. Semantic tools were applied to make the researcher’s findings intelligible to the participant. Process part: operation interoperability focuses on a more holistic approach to data use that results in increased value.

Standards play a main role in EHR interoperability. Many standards are under evaluation to solve the interoperability problem such as: (HL7), (DICOM), openEHR, CEN EN 13606 EHRcom and (IHE). HL7 is an organization dedicated to the development of international information interoperability. several well-known standards are applied to the storage of medical data and used to create data formats. In a CDA (Clinical Document Architecture), Clinical documents can be beneficial for architecture.

Hospitals can set up clinical documentation in the same area, making it easy for information exchange. HL7 Version 3 messaging specifies electronic workflows for all HL7 standards. It depends on an XML encoding syntax. HL7 v3 Messaging explains a message delivery standard. Massage packaged by HL7 v3 Messaging from one EHR system which designed based on HL7 standard can read by another HL7 based EHR system. There is also the open document exchangeable modality protocol for handling, storing, printing, and transmitting medical images. (DICOM) used to import, export, and organize data, and makes it possible to create, change, and access 3D models and other project data and protocols.

It is known as a lot of useful medical images that can be found here. The storage and delivery of data are defined with this standard. DICOM uses TCP/IP as its communication protocol, while TCP/IP provides data format in end-to-end communication. The CEN13606 specification recommends a semantic data model and electronic document composition rules. However, it provides a rather small set of standards for practice.

The primary two main functions of standards are: making something easier to see and easier to do. Refine the organization of data storage. Some of the medical data can be ordered in a unique fashion that promotes unity. Medical information was assembled under defined criteria and documented systematically. Exchangeable specifications are features that belong to the technical
part of interoperability. These established standards can be employed when a new EHR is constructed.

Some large health care facilities build their own EHR system based on in-house resources or help from a third party due to a lack of knowledge in the medical informatics domain. It causes some heterogeneous systems to look that way. Interoperability is difficult because the heterogeneous systems are already in place. Moving previously-stored patient data from one system to another is hard. Hospitals and healthcare facilities are unlikely to invest in a new EHRs because of the high cost of implementation. Also, the system’s interoperability has its issues.

Clinical information delivery can be provided at various locations, including medical clinics. A larger system requires a greater effort to put together. It is a challenge to form a distributed system. The deployment and adoption of the standards have proceeded at a slow pace. Wider variation of patient data management policies on privacy Semantic and creative interoperability are treated the same.

The term semantic interoperability is defined as being able to receive information that was sent to you in the way the sender meant. For interoperability purposes, the reviewers of this medical record utilized a different file format and could not read the record sent message by the openEHR system. To increase the cross-system semantic understandability, the information interrogated (or shared) has to have the same meaning or make sense across all the systems Semantic tools are used to define the meaning, not differentiate between presentations.

The most important benefit of semantic interoperability is that it can communicate with systems you have never encountered before. The systems are not completely standardized. Even though everybody has agreed on the standardized formats, no consensus has yet been formed on the data storage and transmission of information and interpretation of that information. If you want to have a good system, then the best thing to do is reuse the existing components. For speaking with an unfamiliar system, how do you deal with the data?

No matter how well-defined the reporting rules are, HL7 systems cannot generate an openEHR record. There is an important concept called ontology matching, which can help in two ways: on the one hand, it can identify the similarities, and on the other, it can help resolve terminological and conceptual ambiguities. Semantic interop generally translates into intuitive mapping. However, one phrase may indicate “blood type,” while another system may show “blood group”. A semantic map is then used to determine 8 “blood type”. All the terminology from one medical system can be imported into another, allowing a semantic map that accounts for the correspondence between them to be constructed.

Semantic interoperability (semi- or hybrid applications) applications have the same aim. Middleware (such as CORBA) is the technology of communicating with diverse systems that must employ different compilation environments. Middleware is software that translates software written in other languages or environments into another. Additionally, if he or she is knowledgeable, he or she can translate between people who speak different languages.

Using middleware, people that know several languages are key to a successful Internet application. Middleware software that translates across systems. The middleware appears to be integrated in a lower layer than the semantic. Middleware, which facilitates the interconnectivity of and integration of distributed systems, has become critical to the business and research sectors.

Medical sharing is possible with grid electronic interoperability. It is an integration of technical and semantic/sexemtic using the HL7 Semantic Model. It can represent HL7 information conveyed by the message. XML is mainly used to send information and use web systems as a platform for everything in GRID. The WSDL, UDDI, and XML help drive the integration of different types of middleware using commonly available protocols across different platforms utilizing commonly used protocols and standards such as HTTP and XML[16]. Middleware connects disparate systems that are made of types.

For a GRID model, data storage and transport systems are governed by standards. The semantic model may be used to map creative expressions to other standards. It will help with the creation of a decentralized system. XML is a common and preferred technology for delivering messages over the internet. Simultaneously, this model’s availability of the above two requirements can be addressed: technical and semantic interoperability.

The above discussion suggests a simple conclusion: a new system should be design according to HL7 and openEHR standards. Most countries now use semantically specific tools to link multiple EHR systems. Semantic tools have a limitation: they are only as accurate as their source data. People need accurate information in the medical, so precision is essential. Ontology maps impact interoperability.


An EHR system’s interoperability allows for large amounts of data storage. Much of the developed world’s healthcare has arrived at a place where patients are served by physicians, therapists, primary care providers. That could be a significant problem. Sharing of confidential information increases the danger of abuse and theft. Also, medical records contain private information, like a phone number for the patient and general information, like the patient’s name and medical information.

Patients are embarrassed to share their diagnosis with their doctor when it has nothing to do with their diseases. It is merely an attempt to share the information relative to physicians. Intrusion into medical records can be used to commit financial fraud. In order to prevent this, appropriate security measures are essential.

HIPAA (Health Insurance Portability and Accountability Act) places legal requirements on accessing patient data in systems.Under the HIPAA rules, we are required to implement “mechanisms that record and analyze activity in electronic health information systems”. Many access control models are undergrowth to make contact with this legal requirement: Role-Based Access Control (RBAC), Mandatory Access Control (MAC), Usage Control (UCON), Tees Confidential Model (TCM), and Digital Right Management (DRM).

RBAC: Authorities are linked to functions in this model. A suitable position will be allocated to a user when they register with an EHR system. When a consumer enters a role, they receive the authority of that role. Roles are generated in an organization to accomplish a variety of tasks. Based on their responsibilities and qualifications, users are assigned to the appropriate task. When a user’s duty or qualification changes, they may change their position. In general, a user’s authority is determined by their position.

DRM: Public and private key pairs were generated. The key pair is provided by a third-party organization, known as a digital authorization center, that users consider to be trusted. A public key can be used for both encryption and decryption. Only the recipient of the message will be able to read the message. Creative expression: The record generator generates the key pair. Copies may be made, but the end-users cannot print or share. In any digital rights management (DRM) system, data is always encrypted, making it hard for anyone who does not have 10 permission to read it. Digital Rights Management (DRM) may restrict data usage because it prevents unauthorized copying or distribution, so it prevents unauthorized data access.

UCON: Subject, object, and right are the three components. Authorize also has three other components: an authorization law, a requirement, and an obligation. The authority is dependent on the subject and object attributions, as well as the authority criterion. Before or after the access acts, access rights may be assigned. When compared to other access control models, the mutable attribute is the most distinguishing feature. The mutable attribute will change as the access result changes. RBAC, MAC, and DRM are all part of the UCON model. It is a new generation of control access models.

TCM: permissions are applied to users regardless of role, and assign algorithm processing to various resource types[21]. Not only user roles, but also identities. The identity is a department in a wider role. It describes more of a role than a feature. What is unique about usernames is that the user identities can be assigned to each person. Identity allows users to administer the right of access in a more versatile manner.

MAC: Not tied to any user action. The system is administered by security administrators. In the MAC model, subjects and users are placed into different security categories. Determine whether to grant or deny access to the users. For example, registered nurses deal with many patients. The administrator should assign a higher security level before the nurse does. Her security level is sufficient for her to allow her to access patient data at a lower level.

If a patient has been accessed, an audit log will be created. Verification of this audit log records can be done when treatment is underway. Everyone who accessed the patient’s data can be identified during treatment. The access audit tool concentrates on creating an automatic access log. It is important to have access to a patient’s medical record to see and control the condition of their records. For example, a smart card and a credit card serve a similar purpose. The card is magnetically encoded. It is considered data storage. User’s data and medical records are included in this chip. The user has a smart card; it is up to the user to decide whether to share it.

Compared with all the various access control models, UCON is promising. The latest model of access control. A UCON-based system is more difficult to operate than the others. It costs more money and time to design and implement a system like this. An RBAC model is simpler to design than the UCON model. EHR system offers state-of security and provides considerable flexibility. Using the Role-Based Access Control (RBAC) approach was found to be appropriate because permissions are assigned to roles. The people in the hospital are divided into two groups: patients and medical practitioners.

Role Based Access Control Model

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

What is Penile Curvature, How is It Treated?

Penile curvature, which is a condition encountered in men, is one of…

What is Radioactive Iodine (Atom) Therapy?

Radioactive iodine therapy is a radiation-based treatment method used in the treatment…

Early Childhood Caries

What is Early Childhood Caries? In 1978, the American Academy of Pediatric…

Is it Possible to Learn NLP in 10 Days?

Manage Your Mind with NLP The English abbreviation of NLP is “Neuro Linguistic Programming”, which…