Security of Electronic Health Records: Case of King Fahad Medical City in Jeddah

Abstract

Healthcare data stored and managed in Electronic Health Records (EHRs) are sensitive and require adequate protection and security. To this day, little is known about EHR security in Saudi Arabia. In this project, some information was contributed to covering this research gap by investigating the mechanisms implemented in Kind Fahad Medical City as perceived by its medical professionals. The project involved interviewing six healthcare providers from Kind Fahad Medical City and viewing their responses from the perspective of the literature review which provided insights into the best practices in EHR data security. The findings indicate that Kind Fahad Medical City applies the best practices in the field (including encryption, access control and relevant policies), although it can further improve its security through multiple-factor authentication, greater enforcement of its policies, as well as additional training of its professionals who come into contact with EHRs. The findings are of interest to the Kind Fahad Medical City, where they can be of practical use, but they also contribute data to an under-researched topic and uncover the need for additional investigation of Saudi EHRs and EHR security from the perspective of healthcare professionals, who operate EHRs.

Keywords: EHR, electronic health record, data protection, data security, cybersecurity