Security modeling for protecting electronic patients’ consent

Loading...
Thumbnail Image
Date
2018
Journal Title
Journal ISSN
Volume Title
Publisher
University of Dar es Salaam
Abstract
The adoption of health information system (HIS) in the health sector has emerged as a significant element in the healthcare domain. Electronic patient records (EPR), which are part of HIS, represent patients’ medical records electronically. Patients’ consent to EPR access is crucial for patients’ privacy to be achieved. Research studies were done on consent management system (CMS) adoption and integration with HIS as the way to manage EPR access in HIS. However, majority of them provides inadequate security mechanism to protect the patients’ consent. This study has developed a model to protect patients’ consent. The model development process involved identification of HIS and CMS as assets. Then, identification of threats on CMS was performed to determine the types of threats that may affect patients’ consent. This was performed together with attack trees analysis and risk assessment. Then, the model was design by applying cryptography techniques to ensure CMS security requirements are achieved. Simulated and collected data from the university of Dar Es Salaam Medical Center were used to test the developed model. Develop model enforced CMS to process requests from trusted and registered sources only. It also provides assurance of consent integrity and confidentiality without depending on third party technologies such as Secure Socket Layer (SSL) .In addition, audit trails, authorization and reliable availability of consent are provided by the developed model. Therefore, the develop model has improved patients’ security significantly compared to other studies in the reviewed literature.
Description
Available in print form, East Africana Collection, Dr. Wilbert Chagula Library, ( THS EAF QA76.6.T34D352)
Keywords
Computer programming, Security Modelling, Electronic Patients', Data protection
Citation
Damas, E. (2018). Security modeling for protecting electronic patients’ consent. Master dissertation, University of Dar es Salaam