College of Information and Communication Technology
Permanent URI for this community
Browse
Browsing College of Information and Communication Technology by Author "Damas, Emmanuel"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Security modeling for protecting electronic patients’ consent(University of Dar es Salaam, 2018) Damas, EmmanuelThe adoption of health information system (HIS) in the health sector has emerged as a significant element in the healthcare domain. Electronic patient records (EPR), which are part of HIS, represent patients’ medical records electronically. Patients’ consent to EPR access is crucial for patients’ privacy to be achieved. Research studies were done on consent management system (CMS) adoption and integration with HIS as the way to manage EPR access in HIS. However, majority of them provides inadequate security mechanism to protect the patients’ consent. This study has developed a model to protect patients’ consent. The model development process involved identification of HIS and CMS as assets. Then, identification of threats on CMS was performed to determine the types of threats that may affect patients’ consent. This was performed together with attack trees analysis and risk assessment. Then, the model was design by applying cryptography techniques to ensure CMS security requirements are achieved. Simulated and collected data from the university of Dar Es Salaam Medical Center were used to test the developed model. Develop model enforced CMS to process requests from trusted and registered sources only. It also provides assurance of consent integrity and confidentiality without depending on third party technologies such as Secure Socket Layer (SSL) .In addition, audit trails, authorization and reliable availability of consent are provided by the developed model. Therefore, the develop model has improved patients’ security significantly compared to other studies in the reviewed literature.Item Security modelling for protecting electronic patients’ consent.(University of Dar es Salaam, 2018) Damas, EmmanuelThe adoption of Health Information System (HIS) in the health sector has emerged as a significant element in the healthcare domain. Electronic Patient Records (EPR), which are part of HIS, represents patients’ medical records electronically. Patients' consent to EPR access is crucial for patients' privacy to be achieved. Research studies were done on Consent Management System (CMS) adoption and integration with HIS as the way to manage EPR access in HIS. However, majority of them provides inadequate security mechanisms to protect the patients’ consent. This study has developed a model to protect patients’ consent. The model development process involved identification of HIS and CMS as assets. Then, identification of threats on CMS was performed to determine the types of threats that may affect patients’ consent. This was performed together with attack trees analysis and risk assessment. Then, the model was designed by applying cryptography techniques to ensure CMS security requirements are achieved. Simulated and collected data from the University of Dar Es Salaam Medical Center were used to test the developed model. Developed model enforced CMS to process requests from trusted and registered sources only. It also provides assurance of consent integrity and confidentiality without depending on third party technologies such as Secure Socket Layer (SSL). In addition, audit trails, authorization and reliable availability of consent are provided by the developed model. Therefore, the developed model has improved patients’ consent security significantly compared to other studies in the reviewed literature.