The growing adoption of Electronic Health Records (EHRs) has led to a significant increase in privacy and security concerns [
1,
2,
3,
4,
5]. Despite the implementation of numerous privacy and security measures, patients’ privacy continues to be compromised, often due to unreliable information-sharing methods and inadequate privacy policies [
1,
6,
7,
8,
9,
10]. High-profile data breaches in systems such as Australia’s My Health Record (MHR) and the UK’s National Health Service (NHS) have exposed millions of records, resulting in substantial financial losses for the healthcare industry [
11]. Additionally, the expanding use of Machine Learning in healthcare for diagnostics, drug discovery, and precision medicine intensifies these concerns [
12,
13]. To achieve high accuracy, ML models often need to rely on analyzing vast amounts of patient data, including sensitive genetic and clinical information [
14,
15]. The prevalent application of ML in healthcare underscores the need to address the ethical, legal, and privacy challenges associated with implementing artificially intelligent systems (AIS) such as ML, deep learning, and Natural Language Processing (NLP) algorithms.
Context-sensitive privacy policies play a vital role in ensuring that privacy settings and access controls are meticulously adapted to the specific circumstances surrounding data [
16,
17,
18]. For example, sensitive health information may necessitate more stringent privacy controls compared to less critical data [
19]. Numerous privacy policies, such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and other privacy acts, regulations, and principles [
20,
21], have been established to address both local and global contexts. However, despite these local and international privacy policies, existing EHR systems have experienced privacy breaches, diminishing trust in health-related IT systems [
18]. Many users have opted out of systems such as Australia’s MHR system. These privacy standards tend to be generic, highlighting the need for a novel privacy model that better protects patients’ privacy in EHR settings.
Current strategies to safeguard EHRs involve systems that emphasize confidentiality, authentication, integrity, trust, verification, and authorization [
22,
23]. Intrusion Detection Systems (IDS) have been suggested to detect and categorize suspicious activities and security breaches [
22,
23]. However, these systems might still be vulnerable due to outdated repositories and potential alterations in patient data caused by malware or unauthorized access [
24]. Privacy-preserving ML frameworks have been proposed as potential solutions, using techniques such as homomorphic encryption, secure multiparty computation, and differential privacy to protect sensitive patient information while preserving analytical accuracy [
25,
26]. Despite these advancements, there remains a need for more robust and comprehensive solutions to safeguard health information. As a result, additional research is necessary to address this gap, focusing on a secure and privacy-preserving health data-sharing framework within the EHR sector that considers all relevant stakeholders and ensures patients’ privacy.
2. Personally-Controlled EHR Systems
Personal Electronic Health Record (PCEHR) systems enable individuals to manage their health information and control access. However, this also requires individuals to safeguard their data. Privacy is a crucial factor in sensitive sectors such as healthcare, and non-compliance can lead to substantial penalties. Regrettably, many large health information systems still display privacy issues and identification risks for users due to inadequate implementation of legal requirements [
27,
28]. Various proposals (e.g., [
29,
30]) have been presented to address privacy concerns in personal health records, but they frequently lack empirical evidence and real-world testing, and failed to address potential ethical and legal concerns of implementing such systems [
31]. Likewise, a proposed privacy-preserving personal health record (P3HR) system lacked a comprehensive evaluation of security and performance [
32], while a proposed Hippocratic database approach did not furnish empirical evidence or case studies to support its efficacy [
33]. One essential aspect to consider when developing personally controlled EHR systems is striking a balance between privacy and accessibility [
34]. It is critical to safeguard patients’ health information privacy while ensuring that authorized healthcare providers can access the information they need to deliver effective care. Another important factor when developing personally controlled EHR systems is ensuring they are user-friendly and accessible to all patients [
35,
36], regardless of age, education, or technological literacy. This is challenging due to the complex nature of health information and the variety of devices and platforms used to access EHR systems. Mamum et al. [
37] proposed a homomorphic encryption approach to encrypt patients’ information. The decryption key will be used by the patient, ensuring no other person can access their information without prior authorization. To enhance reliability and privacy, a cryptographic verification technique is introduced to ensure that only the authorized person has access to corresponding records [
38].
Privacy is a vital factor in sectors such as healthcare, banking, and defense, where confidential and sensitive data must be protected from unauthorized parties [
39]. Numerous legislative rules and regulations have been introduced in European countries to ensure citizens’ privacy [
39,
40]. Global data protection standards have been established, which outline specific data protection requirements and non-compliance penalties. According to Baker [
27], patient care involves providing relevant care for individual patients based on their preferences, needs, and values, and ensuring good clinical decisions are made. This patient care includes involving, informing, and listening to patients. Due to recent digital transformations in healthcare sectors and associated data and privacy breaches, rebuilding trust in health-related IT systems has become an urgent challenge.
While personally controlled EHR systems have the potential to enhance privacy and patient empowerment in healthcare, several challenges must be addressed to ensure their effectiveness and acceptability. These challenges include balancing privacy and accessibility, making EHR systems more user-friendly and accessible, and acknowledging the cultural and social context of EHR system development and implementation. Overcoming these challenges will require further research, collaboration, and innovation among healthcare providers, researchers, and technology developers.
3. Ensuring Privacy through Smart Contract—Healthcare Blockchain Systems
Blockchain-based EHR systems are increasingly gaining recognition for their potential to enhance security and privacy in managing health data. By leveraging distributed ledger technology, these systems can effectively prevent unauthorized access and data breaches. However, challenges still need to be addressed when implementing blockchain systems in healthcare, particularly when sharing patient information with multiple stakeholders.
Recent studies have explored the use of blockchain technology to improve security and privacy in healthcare IT systems. In [
41], the authors proposed a consortium blockchain for secure and privacy-preserving data sharing in e-health systems. Although their study provided an in-depth description of the proposed architecture and its benefits, it lacked empirical evidence and real-world evaluations, and did not discuss potential limitations or challenges associated with implementing such a system. In [
42], the study examined the applications of blockchain distributed ledger technologies in biomedical and healthcare settings [
42]. While the authors thoroughly reviewed existing literature and proposed various use cases, the study was published in 2017, and blockchain technology has evolved significantly since then. Moreover, the authors did not address potential drawbacks or limitations of using blockchain in healthcare settings. In [
43], the authors focused on the potential of blockchain technology for improving security and privacy of healthcare data stored in the cloud. The authors provided a comprehensive overview of the challenges and explained how blockchain could address them. However, the article did not critically evaluate the technology’s limitations and challenges, such as scalability and interoperability issues. In [
44], the authors proposed a blockchain-based incentive mechanism for privacy-preserving crowd-sensing applications. Despite presenting an interesting idea, the paper lacked sufficient detail on technical implementation and evaluation and did not compare the proposed mechanism to existing solutions or discuss limitations or future work. In [
45], the authors introduced a blockchain-based solution called Medblock for efficient and secure sharing of medical data. The authors claimed that their system could overcome traditional centralized data storage limitations but they did not provide a comprehensive evaluation of the proposed system’s scalability and efficiency or detailed information about its implementation. Finally, in [
46], the authors proposed a healthcare blockchain system using smart contracts for secure automated remote patient monitoring. While the authors presented a detailed description of the proposed system and a theoretical analysis of its security and privacy features, they lacked empirical evidence to support the system’s feasibility and effectiveness and did not address potential challenges in implementing the system in a real-world healthcare setting.
While blockchain-based EHR systems can offer significant benefits in terms of security and privacy, there are still challenges and limitations to be addressed, especially when sharing patient data with multiple stakeholders. Further research, validation, and critical analysis are needed to ensure the practicality, scalability, and effectiveness of these systems in real-world healthcare scenarios.
4. Context-Sensitive Privacy Policies
In recent years, there has been a growing interest in context-sensitive approaches within the EHR domain. In [
47], the paper presented a context-aware access control model for cloud-based data resources, incorporating imprecise context information. The authors utilized fuzzy logic to model the uncertainty in context information and developed a context-aware access control framework. However, the paper did not comprehensively evaluate of the proposed model, including comparative analysis with other state-of-the-art approaches, scalability, and performance testing. Additionally, there was no mention of any practical implementation of the proposed framework in real-world settings. While the proposed approach seemed promising, the lack of evaluation and practical implementation made it difficult to assess its effectiveness and feasibility. In [
48], the article introduced a policy model and framework for context-aware access control to information resources. Their model integrated contextual factors such as user identity, location, and time to determine access privileges. However, it lacked empirical validation of the proposed framework, leaving its effectiveness in real-world scenarios uncertain. Moreover, the article did not address potential ethical implications of context-aware access control, such as privacy and discrimination concerns. Further research and analysis are required to address these issues. In [
49], the article proposed a fog-based context-aware access control (CAC) system to achieve security scalability and flexibility. The authors argued that their system could enhance security in fog computing environments by providing dynamic and context-aware access control. The article offered a comprehensive overview of the proposed CAC system and discussed its implementation details. However, the article lacked empirical evaluation of the proposed system’s performance and scalability. Additionally, it did not address the potential challenges and limitations of implementing such a system in real-world scenarios. Overall, the proposed system appeared promising, but further research is necessary to validate its effectiveness and practicality. In [
50], the paper suggested an ontology-based approach for dynamic contextual role-based access control in pervasive computing environments. The authors described the architecture of the proposed system and evaluated its effectiveness through simulations. Nevertheless, the evaluation of the system was limited to simulations, and a real-world implementation and evaluation of the approach would be advantageous. Additionally, the paper could benefit from a more in-depth discussion of related work in the field of contextual role-based access control.
To summarize, while these context-sensitive approaches have made strides in proposing enhanced protection for EHRs, they have proven insufficient for accurately modeling relevant stakeholders and health information.
5. Homomorphic Encryption in EHR Systems
The role of homomorphic encryption in preserving the privacy of EHRs has been explored in various studies, which have claimed that the approach offers computation on encrypted data without necessitating decryption, effectively facilitating secure data sharing and collaboration. Paul et al. [
51] constructed a privacy-preserving framework, leveraging homomorphic encryption for protecting EHRs during collaborative machine learning processes. Although the proposed framework held potential, the study did not sufficiently address the framework’s limitations, including potential vulnerabilities of the encryption scheme, scalability, and maintaining confidentiality during collective learning. Ikuomola et al. [
52] addressed privacy concerns in e-health clouds using homomorphic encryption and access control. However, the research was marked by the absence of a detailed analysis of the solution’s effectiveness. Furthermore, potential vulnerabilities or attacks that could undermine the security of the proposed system, and scalability issues related to large-scale e-health cloud environments were not adequately addressed. Vengadapurvaja et al. [
53] developed an efficient homomorphic medical image encryption algorithm for secure medical image storage in the cloud. Despite its focus on medical images, the approach did not extend to the encryption of other types of EHR data. This narrow scope limited its comprehensive application to broader EHR privacy concerns. Alzubi et al. [
54] integrated homomorphic encryption with deep neural networks to secure the transmission and diagnosis of medical data. However, unspecified inadequacies were identified in preserving the privacy of EHR. A thorough examination of the study would provide a better understanding of these limitations. Subramaniyaswamy et al. [
55] implemented a somewhat homomorphic encryption scheme for IoT sensor signal-based edge devices. However, without detailed insights from the paper, it is difficult to identify specific inadequacies in preserving EHR privacy. Potential challenges could include scalability, performance, or vulnerability of the implemented scheme when applied to real-world EHR systems. Finally, Vamsi et al. [
56] investigated various homomorphic encryption schemes for securing EHR in the cloud environment. Despite potential benefits, several inadequacies were noted in the application of homomorphic encryption for preserving EHR privacy. Challenges, such as the performance overhead of homomorphic encryption, integration difficulties with existing healthcare systems, and the need for efficient key management strategies, were some identified concerns.
While various studies have explored the role of homomorphic encryption in preserving the privacy of EHR, each presents certain inadequacies. Key among these are the vulnerability of the encryption schemes employed, limitations in scalability, difficulties in maintaining the confidentiality of sensitive data, and the substantial computational overhead that their encryption techniques have introduced. Furthermore, a narrow focus on specific data types, such as medical images, excludes comprehensive coverage of EHR privacy concerns. Challenges in integrating homomorphic encryption schemes into existing healthcare systems, including issues of interoperability, data access control, and key management strategies, further compound the problem.