Strengthening Legal Compliance for Privacy in Electronic Health Information Systems: A Review and Analysis

Liu, Vicky, May, Lauren J., Caelli, William J., & Croll, Peter R. (2008) Strengthening Legal Compliance for Privacy in Electronic Health Information Systems: A Review and Analysis. electronic Journal of Health Informatics, 3(1), pp. 1-14.

View at publisher (open access)


It is well recognised that adoption of information communication and technology (ICT) in healthcare can transform healthcare services. Numerous countries are seeking to establish national e-health development and implementation. To collect, store and process individual health information in an electronic system, healthcare providers need to comply with the appropriate security and privacy legislation. Deploying ICT systems in healthcare operations can provide advantages in healthcare delivery; however, risks to privacy in such e-health systems must be addressed. Adopting appropriate security technologies can simplify some of the complexity associated with privacy concerns. Evaluation criteria can be useful in providing a benchmark for users to assess the degree of confidence they can place in health information systems for the storage and processing of sensitive health information. This paper also provides an overview of the "Common Criteria (CC)" for the assessment of IT products and systems and relates privacy requirements to the relevant CC Protection Profiles. We recommend a certain level of security in healthcare related information systems. Healthcare providers need to deploy strong security platforms to ensure the protection of electronic health information from both internal and external threats including the provision of conformance in health information systems to regulatory and legal requirements.

Impact and interest:

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 13586
Item Type: Journal Article
Refereed: Yes
Additional Information: The contents of this journal can be freely accessed online via the journal's web page (see hypertext link) - registration required.
Additional URLs:
Keywords: Security evaluation for health information systems, e, health and privacy, confidentiality, Electronic Health Records, Australian privacy legislation, HIPAA mplications
ISSN: 1446-4381
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Format not elsewhere classified (080499)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2008 (The authors)
Copyright Statement: Copyright of articles is retained by authors; originally published in the electronic Journal of Health Informatics ( This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License (
Deposited On: 19 May 2008 00:00
Last Modified: 28 Mar 2012 03:27

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page