Security and Privacy in Health Informatics: Safeguarding Patient Data in a Digital World
DOI:
https://doi.org/10.70445/avjcs.2.3.2025.52-68Keywords:
Health informatics, data security, privacy, electronic health records, encryption, access control, interoperability, data sharing, cyber threats.Abstract
Digital technologies under health informatics bring transformative power to healthcare that produces better patient care together with enhanced operational effectiveness. Health informatics produces vital security and privacy issues while operating in healthcare environments. A comprehensive analysis studies fundamental aspects of health informatics security which integrates rate of protection for different healthcare data types alongside standard cyber threats alongside internal information breaches while demonstrating security protocols that incorporate data encryption and access management systems. The analysis covers secure information exchange paradigms and system database compatibility standards as well as ethical matters that relate to patient interface agreements with digital healthcare standards. Modern healthcare demands immediate protection of health data at three levels when the information exists in digital format across large data centers. Secure health information management depends on robust security structures that combine objectives for patient privacy rights and standardized data transmission protocols to promote trust and realize secure effective information use across the connected healthcare system.
References
[1]. Ladan A, Daura UD. Health Information Management by Record Officers: A Study of Military Hospitals in Lagos Metropolis. MiddleBelt Journal of Library and Information Science. 2015 Aug 29; 13.
[2]. American Association for Marriage and Family Therapy [AAMFT]. (2015). AAMFT code of ethics. https://www.aamft.org/AAMFT/Legal_Ethics/Code_of_Ethics.aspx
[3]. Cavanagh, R., Gerson, S. M., Gleason, A., Mackey, R., & Ciulla, R. (2023). Competencies needed for behavioral health professionals to integrate digital health technologies into clinical care: A rapid review. Journal of Technology in Behavioral Science,8(4), 446–459. https://doi.org/10.1007/s41347-022-00242-w
[4]. Malkani AL, Roche MW, Kolisek FR, et al.: Manipulation under anesthesia rates in technology-assisted versus conventional-instrumentation total knee arthroplasty. Surg Technol Int. 2020, 36:336-40
[5]. Ofa SA, Ross BJ, Flick TR, Patel AH, and Sherman WF: Robotic total knee arthroplasty vs conventional total knee arthroplasty: a nationwide database study. Arthroplast Today. 2020, 6:1001-8.e3. 10.1016/j.artd.2020.09.014
[6]. Nwoye E, Woo WL, Gao B, Anyanwu T: Artificial intelligence for emerging technology in surgery: systematic review and validation. IEEE Rev Biomed Eng. 2023, 16:241-59. 10.1109/RBME.2022.3183852
[7]. Soufyane A, Abdelhakim BA, Ahmed MB: An intelligent chatbot using NLP and TF-IDF algorithm for text understanding applied to the medical field. Emerging Trends in ICT Sustainable Development. Springer International Publishing, 2021. 3-10. 10.1007/978-3-030-53440-0_1 12.
[8]. Laymouna M, Ma Y, Lessard D, Schuster T, Engler K, Lebouché B: Roles, users, benefits, and limitations of chatbots in health care: rapid review. J Med Internet Res. 2024, 26:e56930. 10.2196/56930
[9]. Junaid SB, Imam AA, Balogun AO, et al.: Recent advancements in emerging technologies for healthcare management systems: a survey. Healthcare (Basel). 2022, 10:1940. 10.3390/healthcare10101940
[10]. Quazi S: Artificial intelligence and machine learning in precision and genomic medicine . Med Oncol. 2022, 39:120. 10.1007/s12032-022-01711-1
[11]. Basu K, Sinha R, Ong A, Basu T: Artificial intelligence: how is it changing medical sciences and its future? . Indian J Dermatol. 2020, 65:365-70. 10.4103/ijd.IJD_421_20
[12]. Yamin MM, Ullah M, Ullah H, Katt B: Weaponized AI for cyber-attacks. J Inf Secur Appl. 2021, 57:102722. 10.1016/j.jisa.2020.102722
[13]. Kaur R, Gabrijelčič D, Klobučar T: Artificial intelligence for cybersecurity: literature review and future research directions. Inf Fusion. 2023, 97:101804. 10.1016/j.inffus.2023.101804
[14]. Essén A, Stern AD, Haase CB, et al.: Health app policy: international comparison of nine countries' approaches. NPJ Digit Med. 2022, 5:31. 10.1038/s41746-022-00573-1
[15]. Murdoch B: Privacy and artificial intelligence: challenges for protecting health information in a new era . BMC Med Ethics. 2021, 22:122. 10.1186/s12910-021-00687-3
[16]. Meszaros J, Minari J, Huys I: The future regulation of artificial intelligence systems in healthcare services and medical research in the European Union. Front Genet. 2022, 13:927721. 10.3389/fgene.2022.927721
[17]. Sarpatwari A, Kesselheim AS: The 21st century cures act: opportunities and challenges . Clin Pharmacol Ther. 2015, 98:575-7. 10.1002/cpt.208
[18]. Sheikh A, Anderson M, Albala S, et al.: Health information technology and digital innovation for national learning health and care systems. Lancet Digit Health. 2021, 3:383-96. 10.1016/S2589-7500(21)00005-4
[19]. Bak M, Madai VI, Fritzsche MC, Mayrhofer MT, McLennan S: You can't have AI both ways: balancing health data privacy and access fairly. Front Genet. 2022, 13:929453. 10.3389/fgene.2022.929453
[20]. Maliha G, Gerke S, Cohen IG, and Parikh RB: Artificial intelligence and liability in medicine: balancing safety and innovation. Milbank Q. 2021, 99:629-47. 10.1111/1468-0009.12504
[21]. Cestonaro C, Delicati A, Marcante B, Caenazzo L, Tozzo P: Defining medical liability when artificial intelligence is applied on diagnostic algorithms: a systematic review. Front Med (Lausanne). 2023, 10:1305756. 10.3389/fmed.2023.1305756
[22]. Change healthcare cyberattack was due to a lack of multifactor authentication, UnitedHealth CEO says. (2024). Accessed: February 20, 2025: https://apnews.com/article/change-healthcarecyberattackunitedhealth-senate-9e2fff70ce4f93566043210bdd347a1f.
[23]. UnitedHealth to take up to $1.6 billion hit this year from Change hack . (2024). Accessed: February 20, 2025: https://www.reuters.com/business/healthcare-pharmaceuticals/unitedhealth-warns-115-135share-hit-thisyear-hack-2024-0.
[24]. Herzog CM, Chao SY, Eilerman PA, Luce BK, Carnahan DH. Metabolic syndrome in the Military Health System based on electronic health data, 2009–2012. Military Medicine. 2015 Jan 1; 180(1):83–90. https://doi.org/10.7205/MILMED-D-14-00039
[25]. Leightley D, Chui Z, Jones M, Landau S, McCrone P, and Hayes RD, et al. integrating electronic healthcare records of armed forces personnel: Developing a framework for evaluating health outcomes in England, Scotland and Wales. International journal of medical informatics. 2018 May 1; 113:17–25.
[26]. James T, Nottingham Q, Kim BC. Determining the antecedents of digital security practices in the general public dimension. Inf Technol Manage. 2013; 14(2):69–89.
[27]. Simplilearn. What is digital security: Overview, Types, and Applications explained 2022. Available from: https://www.simplilearn.com/what-is-digital-security-article#whatisdigitalsecurity
[28]. Khan S, Hoque A. Digital health data: a comprehensive review of privacy and security risks and some recommendations. Comput Sci J Moldova. 2016; 71(2):273–92.
[29]. Healthcare information and management systems society. Cybersecurity in healthcare 2022. Available from: https://www.himss.org/resources/cybersecurity-healthcare
[30]. Adane K. The current status of cyber security in Ethiopia. Available SSRN 3545189. 2020. 14. Compliancy group. HIPAA wall of shame healthcare data breaches 2022. Available from: https://compliancy-group.com/2021-healthcare-data-breach es/
[31]. Fernández-Alemán JL, Sánchez-Henarejos A, Toval A, Sánchez-García AB, Hernández-Hernández I, Fernandez-Luque L. Analysis of health professional security behaviors in a real clinical setting: an empirical study. Int J Med Inf. 2015; 84(6):454–67.
[32]. Schaik P. Risk perceptions of cyber-security and precautionary behaviour. Comput Hum Behav. 2017.
[33]. Khan HU, AlShare KA. Violators versus non-violators of information security measures in organizations—A study of distinguishing factors. J Organizational Comput Electron Commer. 2019; 29(1):4–23.
[34]. Wilkowska W, Ziefle M. Privacy and data security in E-health: requirements from the user’s perspective. Health Inf J. 2012; 18(3):191–201.
[35]. Manyazewal T, Woldeamanuel Y, Blumberg HM, Fekadu A, Marconi VC. The potential use of digital health technologies in the African context: a systematic review of evidence from Ethiopia. Npj Digit Med. 2021;4(1):125
[36]. Oumer A, Muhye A, Dagne I, Ishak N, Ale A, Bekele A. Utilization, determinants, and Prospects of Electronic Medical Records in Ethiopia. Biomed Res Int. 2021; 2021:2230618.
[37]. Halevi T, Memon N, Lewis J, Kumaraguru P, Arora S, Dagar N, et al. editors. Cultural and psychological factors in cyber-security. Proceedings of the 18th international conference on information integration and web-based applications and services; 2016.
[38]. Lubua E, Semlambo A, Mkude C. Factors affecting the Security of Information Systems in Africa: A literature review. Univ Dar es Salaam Libr J. 2023; 17:94–114
[39]. Hull MS. Factors affecting Secure Computer Behaviour. Carleton University; 2015. 24. Dadimos H. Ethiopia - Data protection overview 2021. Available from: https:// www.dataguidance.com/notes/ethiopia-data-protection-overview
[40]. Healthcare information and management systems society. Healthcare Information and Management Systems Society (HIMSS). Healthcare Cybersecurity Survey 2021. Available from: https://www.himss.org/resources/2021-himss-healthcare-cybersecurity-survey-report
[41]. John Snow I, JSI, Ethiopia Launches Digital Health Innovation and Learning Center. 2020| News, August 6th. Available from: https://www.jsi.com/ethiopi a-launches-digital-health-innovation-and-learning-center/
[42]. Hindawi. Privacy and Security in eHealth Systems 2022, Apr 01. Available from: https://www.hindawi.com/journals/jhe/si/373027/
[43]. George Antonyo. Evaluating Usability of Security Mechanisms of E-Health Applications: Cases from Ethiopia. Addis Ababa University (AAU) Institutional Repository 2020:69.
[44]. Naing L, Nordin RB, Abdul Rahman H, Naing YT. Sample size calculation for prevalence studies using scalex and ScalaR calculators. BMC Med Res Methodol. 2022;22(1):209.
[45]. Dagnew E, Woreta SA, Shiferaw AM. Routine health information utilization and associated factors among health care professionals working at public health institution in North Gondar, Northwest Ethiopia. BMC Health Serv Res. 2018; 18(1):685.
[46]. Howard DJ. Development of the cybersecurity attitudes scale and modeling cybersecurity behavior and its antecedents. University of South Florida; 2018.
[47]. Cassidy R. Attitudes towards digital health technology: Introducing the Digital Health Scale. medRxiv. 2021:2021.09.03.21262482.
[48]. Adedeji P, Irinoye O, Ikono R, Komolafe A. Factors influencing the use of electronic health records among nurses in a teaching hospital in Nigeria. J Health Inf Developing Ctries. 2018;12(2).
[49]. Balaji J. Knowledge, attitude and practice study on awareness and preventing cyber threats among the electronic devices used by the doctors of government medical college Vellore, Tamil Nadu, India. Int J Community Med Public Health. 2020;7(1):283.
[50]. Internatinal standard organization. Information security management in health using ISO/IEC 27002 2016. Available from: https://www.iso.org/standar d/62777.html
[51]. Pattinson M, Butavicius M, Parsons K, McCormac A, Calic D, editors. Factors that Influence Information Security Behavior: an Australian web-based study. Human aspects of Information Security, privacy, and trust; 2015 2015//; Cham: Springer International Publishing.
[52]. Rajivan P, Moriano P, Kelley T, Camp LJ. Factors in an end user security expertise instrument. Information & Computer Security; 2017
[53]. Alharthi, H., Al-Muallim, S., & Al-Harbi, A. (2019). Theoretical framework of Electronic Health Record (EHR) implementation success factors. ResearchGate. https://www.researchgate.net/figure/Theoretical-framework-of-Electronic-HealthRecord-EHRimplementation-suc-cess-factors_fig3_335062949
[54]. Alsulami, H., & Sandhu, K. (2024). Technologies and methods for enhancing security and privacy in Health Information Systems (HISs): A systematic review. Computers, 13(2), 41. https://www.mdpi.com/2073-431X/13/2/41
[55]. Alsulami, H., Sandhu, K., & Woods, P. (2022). Perceived vulnerability of EHRs to security concerns: A literature review. Journal of Biomedical Informatics, 131, 104117. https://pmc.ncbi.nlm.nih.gov/articles/PMC9647912
[56]. Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77-101.
[57]. Creswell, J. W. (2014). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches (4th Ed.). Sage Publications.
[58]. Kvale, S., & Brinkmann, S. (2009). InterViews: Learning the Craft of Qualitative Research Interviewing (2nd ed.). Sage Publications. Mettler, M. (2016). Blockchain technology in healthcare: The revolution starts here. Proceedings of the 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom), 1-3.
[59]. Nguyen, L., Bellucci, E., & Nguyen, L. T. (2020). Electronic health record (EHR) adoption: Effects and barriers. Journal of Medical Internet Research, 22(11), e19349. https://pmc.ncbi.nlm.nih.gov/articles/PMC7761950
[60]. Thierer, A. D. (2019). Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom. George Mason University Mercatus Center.
[61]. Kshetri, N. (2019). Cybercrime and Cybersecurity in the Global South. Journal of Global Information Technology Management, 22(2), 1-11.
[62]. Evans, D. (2020). The Internet of Things: How the Next Evolution of the Internet is Changing Everything. Cisco Internet Business Solutions Group.
[63]. Schwartz, P. M. (2021). Global Data Privacy: The EU's Influence Beyond Borders. California Law Review, 109(1), 5-54. 7. Nguyen, N., Tran, M. H., & Vu, L. (2020). Artificial Intelligence in Cybersecurity: Emerging Trends and Research Directions. IEEE Access, 8, 69267-69291
[64]. Zyskind, G., & Nathan, O. (2019). Decentralizing Privacy: Using Blockchain to Protect Personal Data. IEEE Security & Privacy, 15(3), 33-43. 9. Cavoukian, A. (2019). PIPEDA and the Challenge of Big Data: Moving from Regulatory Compliance to Real Accountability. Canadian Privacy Law Review, 16(8), 1-12.
[65]. Tene, O., & Polonetsky, J. (2019). Big Data and Privacy: Making Ends Meet. Stanford Law Review Online, 64, 63-70. 11. Weber, R. H. (2020). Regulatory Sandboxes and Innovation Hubs for Fintech. Banking and Finance Law Review, 36(2), 195-210.
[66]. Greenleaf, G. (2021). Global Data Privacy Laws 2021: 145 National Laws & Many Bills. Privacy Laws & Business International Report, 169, 24-27. 13. Whitman, M. E., & Mattord, H. J. (2022). Principles of Information Security. Cengage Learning.
[67]. Mitchell, J. (2022). Public-Private Partnerships in Cybersecurity: Strengthening Collaborative Responses. Journal of Cybersecurity Policy, 8(2), 45-63.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 AlgoVista: Journal of AI & Computer Science
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish in this journal agree to the following terms:
- Authors retain copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors can enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
