SRI Security Research Institute, Edith Cowan University
Place of Publication
Perth, Western Australia
This paper presents a case study of security issues related to the operationalization of smart-care, an electronic medical record (EMR) used to manage Human Immunodeficiency Virus (HIV) health information in Zambia. The aim of the smart-care program is to link up services and improve access to health information, by providing a reliable way to collect, store, retrieve and analyse health data in a secure way. As health professionals gain improved access to patient health information electronically, there is need to ensure this information is secured, and that patient privacy and confidentiality is maintained. During the initial stages of the program there were security and confidentiality concerns arising from lost cards and unlimited access by clinical staff. However, the introduction of pin numbers for patient cards and clinical staff access cards with passwords helped address some of the concerns. Nonetheless, public health information technologists still advocate for security that provides more reliable measures that protect devices, networks, transmission, and applications. Since its inception in 2004, Smart-care has expanded to integrate more than 500 health facilities by the end of 2009. In rural and remote locations without internet, smart cards and mobile devices such as laptops are used to transfer data for onward merging with the national database.