Requirements of Secure Storage Systems for Healthcare Records

Recent compliance regulations are intended to foster and restore human trust in digital information records and, more broadly, in our businesses, hospitals, and educational enterprises. In the health sector, storage and management of electronic health records have become a vital issue. Specifically, with the passing of the Health Insurance Portability and Accountability Act (HIPAA), the security of medical records has come into focus. HIPAA and other regulations in the health sector require strict compliance with specific privacy and security requirements. Unfortunately, existing storage solutions do not live up to the task of ensuring compliance with mandated legislation. In this position paper, we discuss the main characteristics of the health sector record management regulations, and present a set of requirements for secure, trustworthy storage that complies with these regulations. We also briefly analyze existing storage models, and show that they are not suitable for meeting the requirements of health-care record storage.