Chapter 5: Discussion & Conclusion

Transcription

1 Chapter 5: Discussion & Conclusion

2 5.1 INTRODUCTION The outcome of this research is analyzed to check if it meets the objectives outlined in chapter one. In chapter one, for each objective, a set of research questions was formulated to help in achieving the stipulated objectives. In this chapter, the questions will be revisited to check if they have been answered. There would be scenarios where the question was eliminated; the justification of this elimination would be presented in the upcoming discussion. One of the research outcomes is to produce a prototype application to show the viability of this research topic. The pitfalls in the development processes will be discussed as the problems and limitations faced in this dissertation; however some recommendations for future enhancement of the prototype application will be outlined at the end to conclude this research. 5.2 RESEARCH OUTCOMES & DISCUSSION Two outcomes have been achieved at the end of this research. Firstly a prototype is developed to demonstrate the implementation of secure medical record using smartcard technology. The next outcome is the review of the study in two major subject domains of the research, Electronic Medical Record (EMR) and Smartcard Technology. Although the main expected research outcome stated in this chapter has been achieved, the validity and limitation of the achieved outcomes would only be considered successful if the research 145

3 questions to achieve the objectives are clearly answered. The discussion below attempts to measure the achievement of the research in accordance to the research questions for each objective Objective 1: To evaluate the significance of Electronic Medical Record (EMR) in healthcare institutions The outcome of this objective is to be able to understand the significance of EMR and to implement the concept in this research. To achieve this objective a literature review was carried out. The outcome of the study on what is an EMR, the different terminologies in EMR study, the importance and the emergence of the field, the adoption of EMR in healthcare industry and the issues and concerns of records security have been summarized as EMR is one of most fast growing bioinformatics field and more and more countries and healthcare organizations are moving towards implementing it to improve their service level to their patients. EMR also reduces operational cost in healthcare organization. The research questions formulated earlier for this objective are as follows: What are the different terms and definitions of EMR in healthcare? What are the strengths and limitations of an EMR based system? What are major concerns of EMR adoption? What are the threats to EMR? What are the EMR security concerns? There were many different definitions for electronic medical records by different authors and from different type of information it carries, however the definition stated in the 146

4 literature review is best described to suit the scope of the project. Although EMR offers many benefits and strength, the major concern of EMR implementation is the threats it poses from various parts of the system. Patient s concern over security, privacy and confidentiality of their EMR were also identified as the major barrier in adopting EMR systems. The acceptance level of EMR in most parts of the world is still low and this clearly reflected by the total number of implementations and the adoption rate of EMR among the healthcare service providers. All five questions were addressed in detail in the literature review study and this certainly implies that this research has managed to achieve its first objective successfully Objective 2: To study how the smartcard technology is used to secure electronic medical information The next study objective in the literature review is about the smartcard technology and its capabilities to support the implementation of a secure medical record. The conclusion from the study is that smartcards contain the technical ability to hold medical records and its best suited with all required technical architecture to protect the EMR. However, there is still the gap of implementing EMR on smartcards. Research questions for this objective as stated earlier are as follows: What is the architecture and components of a smartcard? What are the different types of smartcards adopted currently? What are the international and industrial standards used for smartcards? How smartcard is being utilized in healthcare industry? How smartcard can be used to secure health information? 147

5 In conclusion from the study done in the literature review, smartcards have the full capability to hold electronic medical records securely by adopting some standards and other security measures efficiently Objective 3: To develop a prototype application to support secure implementation of EMR using smartcard Chapter 3 explains in detail what the security concerns of EMR are and how a secure implementation of EMR can be achieved using smartcard technology. File System API commands and Security API commands where implemented to provide the entire system architecture a 4-level security option. The outcome of this objective was the successful implementation of the 4-level security model using smartcard. As stated in 1.7.3, the research question for objective three are: What are the smartcard protocols and standards to be adopted? What are the technical measures taken to secure the EMR on the smartcard? What is the software development methodology to be used for the implementation? Does the prototype application demonstrate sufficient security measures for the medical records on a smartcard? Do the general security test, compliance test and performance evaluation results of the developed prototype validate the secure implementation of EMR Smartcard? 148

6 In Chapter 3, first three questions were answered and with the technical measures and methodological approaches clearly defined. An object-oriented approach was adopted, in the form of UML methodology, for the analysis and design part. Chapter 4 answers the last two questions by justifying the development platform and gives a detailed and systematic test procedure to analyze the results of the secure medical record smartcard prototype. The expected research outcome and the final research outcome do vary in different degrees based on the objective itself. As a result of not having questionnaires for the study analysis, the outcomes only depict the compilation of other research work done in the similar area. However, the study conducted in the literature review provided all the information required for the two technical fields involved, the EMR and smartcard technology. The limitation and the challenges faced to reach the outcome will be discussed in the next section SUMMARY OF ACHIEVEMENTS The achievements in this research are as below: Thorough understanding of the different definitions of electronic medical records Thorough understanding of the distinct difference between smartcard technologies and how they can be implied in software applications. Successful in using the unified software development methodology to design and develop the tool. A 4-level security model was successfully created and tested for EMR smartcard application. 149

7 Successfully developed the clinic management system with secure electronic medical record prototype implemented. Successfully compared the results from various test procedures to justify the success of the Secure EMR implementation using smartcard technology. 5.3 CHALLENGES The challenges faced in this research are mostly from two sources. Firstly, the research done in the area of smartcard-based electronic medical record is scarce. Although there are number of researches done on the field of electronic medical record, not many implementations have the smartcard component as a topic. Most of researches are focusing on implementation of EMR using database-related or web-based system architecture. This restricts the availability of study material to gain more information on the related topics. Secondly, the development of smartcard applications is made complicated with choice of smartcard platforms or frameworks available. There are many smartcard operating systems available in the market, but every smartcard manufacturer has implemented the Security API in different ways although the final outcome would be similar. The familiarization process with the smartcard technology requires quite substantial amount time, which restricts from analyzing all available smartcard operating systems for comparison. A long duration of time was spent in understanding the methods, functions and how the prototype application works for the integration. Some built-in classes could not be understood, and 150

8 hence, an alternative method was taken to design and implement classes to support the features mentioned as in the user requirement. 5.4 LIMITATION Limitation of this research will be explained in two sections. Firstly the limitation will be addressing the lack of information on the study of EMR adoption in Malaysia. Initially this research intended to provide significant information and analyzing the implementation of EMR in Malaysia. However due to limitation of resources of published information on the Telehealth project, this section was only narrated on what and how it was implemented currently in a very small scope. Further explanation and implementation methodology of this national project was not available for public access, therefore this research could only present the information and study based on available information published in yearly reports and newspaper articles. This has also made the comparison of implementation on EMR systems impossible to be presented. The second area of limitation is more towards the architecture and study of the smartcard technology. There were many smartcard technology available in the market, however analysis the characteristic, strength and limitations was impossible within the short time span. Moreover, the scope of this research was to enhance the security aspect therefore the concentration of the study on smartcard was on the architecture details. Apart from this the other constraint is the limitation of the architecture of the card. The memory and storage limitation limit the idea of having large amount of health information stored within the 151

9 card. Therefore what is to be stored in the smartcard will be determined by the memory allocation of the card and this makes it quite impossible for health cards to have historical information. 5.5 FUTURE ENHANCEMENTS The implementation of a smartcard-based secure medical record can be further improved by applying more features of the smartcard technology to improve the following areas: Memory management: A well-defined memory mapping of the card EEPROM will significantly improve the memory efficiency. Windows-like folder architecture with suitable file type can be adopted for this purpose. In the current research, a Variable Length Record File was used to store medical records. By adopting Dynamic Length Record File, memory usage will be reduced and more data can be stored. Use of Public Key Infrastructure (PKI): The current implementation of 4-level security model relies on internal and external key management architecture and encryption of data using industrial standard triple DES algorithm. Using PKI, a more robust, efficient and secure key handling method can be implemented with the use of a more sophisticated cryptography technology. All records in the current EMR smartcard is written in an encrypted format, but have not been compressed. This was not a part of the current research, but would 152

10 definitely improve other aspects of a smartcard application, i.e transmission time, memory management and data retrieval process, if implemented wisely. Adopting Open Source card architecture such as JavaCard (OpenCard Framework) would give more space for manufacturer-independent development environment. The current research utilizes PC/SC standards for smartcard from Microsoft and ACOS, a vendor-specific card operating system. Healthcare industry-specific standard (HL7) incorporation on the EMR Smartcard records. On the other hand, another recommendation for future work would be a localized survey and study of the EMR in Malaysian environment. As the government envisions implementing the national Telehealth Plan, it would be greatly beneficial if a localized study conducted with more detailed medical records retrieved from our available Total Hospital Information System. 5.6 SUMMARY Patients in the modern world are more concerned about the use of their medical records to receive better healthcare anywhere they go. The emergence of the need to keep and carry such highly confidential data is significantly rising over the past decade. As the infusion of 153

11 information technology is growing in fast phase, more and more hospitals or medical institutions are moving forward to implement a complete hospital information system. Although such systems provide a mechanism for the care providers to share the medical records among them, the real need of the patient to hold their own records in the wallet is not being achieved. Patients want their medical records stored in a media that they can easily and securely access as and when they need. Smartcard technology promises a secure means for such data, but the issues and concerns surrounding the technology have to be address effectively. This research has clearly outlined the significance of the two major components, EMR and smartcard technology, and has derived a method for the implementation of secure medical record using the smartcard technology. As conclusion in this study, an in-depth understanding of the related fields and concepts in securing electronic medical record were achieved. To illustrate the research idea, a prototype application was developed and tested. The user testing of application shows the aim of the research has been fulfilled. However, with the limitation of the implementation, the flaws of smartcard security handling are to be noted for further improvement. 154