Data Security and Privacy Management in Healthcare Applications and Clinical Data Warehouse Environment

Health Information is considered the most sensitive information associated to an individual. Even though numerous suitable policies, guidelines, and compliance requirements are in place to safeguard health information, privacy and security breach remains key issues for electronic healthcare systems. In this paper we focus on these issues and propose a security and privacy model implemented in Methodist Environment for Translational and Outcomes Research (METEOR). METEOR was developed at Houston Methodist Hospital and consists of two components: the enterprise data warehouse (EDW) and a software intelligence and analytics (SIA) layer. This model indicates that patient privacy is best protected by implementing a systematic mix of technologies and best practices such as technical de-identification of data, restrictive data access, and security measures in the underlying technical platforms. Our results suggest that the proposed security model make data security compromise and unauthorized access of protected patient health information extremely improbable.