Compliance of Open Source EHR Applications with HIPAA and ONC Security and Privacy Requirements

Author

Maryam FarhadiFollow
Hisham HaddadFollow
Hossain ShahriarFollow

Date of Submission

Spring 5-1-2019

Degree Type

Thesis

Degree Name

Master of Science in Computer Science (MSCS)

Department

Computer Science

Committee Chair/First Advisor

Hisham Haddad

Track

CyberSecurity

Chair

Dan Lo

Committee Member

Hossian Shahriar

Committee Member

Selena He

Related Publications

1. Maryam Farhadi, Hisham M Haddad, Hossain Shahriar, Static Analysis of HIPAA Security Requirements in Electronic Health Record Applications, Proc. of 42nd IEEE Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, pp. 474-479.
   
   
2. Farhadi, M., Haddad, H., Shahriar, H. M. (2018). In Y. Malleh (Ed.), Compliance of Electronic Health Record Applications with HIPAA Security and Privacy Requirements (pp. 199-213). Security and Privacy Management, Techniques, and Protocols. https://www.igi-global.com/chapter/compliance-of-electronic-health-record-applications-with-hipaa-security-and-privacy-requirements/202045
   
   
3. Farhadi, M., Haddad, H., Shahriar, H. M. (2019). Compliance Checking of Electronic Health Record Applications for Security and Privacy Requirements. (under review) Proc. of 43^rd IEEE Annual Computer Software and Applications Conference (COMPSAC). https://ieeecompsac.computer.org/2019/

Abstract

Electronic Health Records (EHRs) are digital versions of paper-based patient's health information. EHR applications are increasingly being adopted in many countries. They have resulted in improved quality in healthcare, convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. However, there have been reported breaches of Protected Health Identifier (PHI) data stored by EHR applications. In many reported breaches, improper use of EHRs has resulted in disclosure of patient’s PHI data. Inefficient application design threatens the integrity of EHRs, which leads to fraud and endangering patient's health. The goal of this paper is to identify HIPAA technical requirements, evaluate an open source EHR application (OpenEMR) for security vulnerabilities using an open-source scanner tool (RIPS), and map identified vulnerabilities to HIPAA technical requirements.