Chapter 1: Introduction
1.1 BACKGROUND AND MOTIVATION The infusion of Information Technology (IT) has triggered rapid changes in the healthcare sector in various ways. IT infusion is the degree to which different information technology tools are integrated into organizational activities (Idowu, 2006). The past decade has seen an impressive and exponential IT infusion in healthcare sector to support healthcare processes, notably in Clinical Information Systems and Total Hospital Information Systems. The field of information technology studies in health sector or generally referred as Medical Informatics has created an increasing interest in reaching consumers and patients directly through computers and telecommunication systems. Consumer health informatics is the branch of medical informatics that analyses consumers' needs for information; studies and implements methods of making information accessible to consumers; and models and integrates consumers' preferences into medical information systems. Consumer health informatics is perhaps the most challenging and rapidly expanding field in medical informatics; and it is paving the way for healthcare in the information age (Eysenbach, 2000). The advancement of medical informatics, the changes in medical record keeping trends and the security challenges faced by healthcare records create a motivation to identify and resolve the underlying issues wisely using some secure technologies. Smartcard technology particularly presents a new paradigm of computing environment based on embedding 1
processing elements and offers the benefits of easy mobility in a pocket, with the capability of storing large capacity of information. More importantly, smartcard with the local processing capabilities facilitates the development of active programs that are designed to effectively and accurately manage often complex patient s medical record. Essentially, the patient s information is augmented with active programs residing within the smart card to provide rich services such as record management facilities, security and authentication. By closely combining the medical informatics and benefits of smartcard technologies for medical application, rich services can rapidly be developed and implemented, with the ultimate objective of improving the quality of health care. 1.2 ADVANCEMENT OF MEDICAL INFORMATICS IN MALAYSIA In Malaysia, medical institutions within the Ministry of Health (MOH) such as Selayang Hospital, Putrajaya Hospital and Putrajaya Health Clinic have adopted paperless environment with the implementation of Total Hospital Information System (THIS), with another thirteen (13) MOH hospitals are in the planning stage to implement various levels of Hospital Information Systems. The MOH has also reviewed the implementation of its Telehealth Application Project under the Multimedia Super Corridor (MSC) Flagship, and have allocated over RM60 million, within the period of the 9 th Malaysia Plan up to 2010, to spearhead this flagship project (Chua, 2005). The Malaysian Telehealth project, as illustrated in Figure 1.1, consists of four major components: Lifetime Health Plan, Mass Customized and Personalized Health Information & Education, Continuing Professional Development, and Teleconsultation. 2
Figure 1.1: The Four Components of Malaysian Telehealth Application Source: Telemedicine in Malaysia, Sept 2003 The Lifetime Health Record component within the Telehealth project guidelines gathering and maintaining patients medical information as one of the most important organizational activities in healthcare as it offers tremendous opportunities to healthcare professionals in their day-to-day and research work, reducing clinical errors and as a result, increases the quality of healthcare provided. 1.3 CHANGES IN MEDICAL RECORD KEEPING TREND With the implementation of clinical information systems, hospitals as well as private-sector healthcare providers are moving away from traditional paper-based records to electronic versions; patients lifetime medical records and histories are recreated in an electronic 3
format as they incorporate more technology into its daily practices (Harrison & Palacio, 2006). The term electronic medical records (EMRs), are often referred to and used interchangeably with electronic health records (EHR) or computer-based patients records (CPR), and are rapidly replacing paper predecessors (Thomas, 2006). However, many EMR implementation projects do not aim at introducing the EMR and eliminating the paper-based counterpart entirely. They take more precautious and well-planned strategies, such as stage-by-stage implementation model. As a start, the EMR is introduced along with its paper-based counterpart, and both are kept updated. In such environments, healthcare practitioners have to deal with a hybrid electronic and paper-based solution. This probably limits the use of EMR and errors are prone to develop due to cumbersome maintenance of the medical record information in dual storage media. In the final stage, the paper-based counterpart will get eliminated and full electronic record keeping method will be implemented (Hallvard, 2004). Once filled with elaborate shelving and filing cabinets, such rooms are now being replaced with server farms and data warehouses after the migration. 1.4 THE ELECTRONIC MEDICAL RECORD Electronic medical records fall under the purview of medical informatics, a combination of computation and computer science and medical record keeping. An EMR is best defined as a patient medical record stored in digital format. In general, EMRs document patients' 4
histories, family histories, risk factors, findings from physical examinations, vital signs, test results, known allergies, immunizations, health problems, therapeutic procedures and medications, and responses to therapy (Wikipedia, 2008). It facilitates access of patient data by clinical staff at any given location accurate and complete claims processing by insurance companies when the need arises building automated checks for drug and allergy interactions clinical notes prescriptions scheduling patients visits, procedures etc. sending and viewing labs The electronic medical record is used solely by the provider (physician, clinic, hospital) that creates the record. These records are known as Electronic Health Records (EHR) when the following process is done: (Wikipedia, 2006) Reports and histories (labs, pharmacy, radiology, consults, etc) are electronically added Items in the record are electronically exchanged with other providers Personal health record component which allows patients to participate in documenting and creating their medical history and communicate with their provider exist 5
Based on the processes above, it can be concluded that EHR system includes the collection of electronic health information about an individual. Health information is defined as information pertaining to the health of an individual or healthcare provided to an individual. Health information from EHR based systems should be made available to the individual at any time categorized by different security access levels. The significant benefit of EMR firstly is instantaneous availability of patients' medical history, treatment regimes, and health status in routine and emergency clinical situations. With easy access to health records a huge amount of time and cost is reduced during diagnosis and of course it increases the efficiency of providing treatment to patients. From the perspective of care providers, in the highly specialized, fragmented, and geographically dispersed world of medical care in this country, the capacity to have immediate access to data concerning their patient's current illnesses and treatments from anywhere in the world would be enhanced by interacting with an electronic medical record system network. The ability to share information among the multiple providers like health clinics, public and private clinics and hospitals, pharmacies and pathology labs are often involved in the care of patients would also be facilitated. Improved coordination and communication between patients' care providers and between providers and patients, could allow less redundancy in history taking, diagnostic interventions, and potentially dangerous treatments (Silverman, 1998). EMR reduces the deviations or the variations in narration of the patient s medical history and helps to avoid where the treatment is given without complete medical histories of the patient. 6
Confidentiality and security issues are concerns associated with both the paper-based health record and the EHR. While the potential benefits from the availability of real time information concerning patients' medical status, integration of care, and the ability to link aggregated clinical, financial, and outcomes data would seem to be compelling, there will be significant problems in translating these strengths into the delivery of healthcare, without the risk of compromising health record accessibility and its security. 1.4.1 ACCESSIBILITY & SECURITY OF EMR Implementation of EMR systems promises significant advances in patient-care, because such systems enhance readability, availability, and data quality. (Jolt Roukema MD, 2006). However, as healthcare organizations collect, process, and store more health information electronically and use both private and public communications systems to transmit this information between different entities, they must ensure adequate mechanisms are in place to protect this highly confidential information. Insurers, managed care organizations, public health officials, researchers, and others with a need for patient information have had to develop policies and practices for protecting the information they collect and, ultimately, the privacy of the individuals to whom the information pertains. Protected EMR empower patients as well by putting health information into their hand securely, including information on their own health, such as diagnoses, lab results, personal risk factors, and prescribed drugs. One way of enabling patients access to their electronic medical record may be through internet or the adoption of smartcards, or both. 7
1.5 THE EMERGENCE OF SMARTCARDS IN HEALTHCARE The emergence of smartcard technology is recognized as a potential solution to effectively and accurately manage patients electronic medical records. Smartcard is a credit card sized plastic card embedded with an integrated circuit chip or processor. It provides not only memory capacity, but some computational capability as well. Smartcards can be used as places to store health information directly, or the EMR can be put onto the internet and smartcards can serve as keys by providing access. Smartcards in addition provides portability, the flexibility and convenience of carrying their personal health records anywhere they bring them to. Thus, this research analyses methods of securing patients personal electronic health record using smartcard technology by assessing smartcard s technical capabilities. This study also reviews the different types of smartcard platforms and identifies a way of implementing secure EMR using smartcard technology. 1.6 PROBLEM STATEMENT Many healthcare institutions have spent millions to maintain electronic health records. Maintenance in this concept is defined as the ability to operate, manipulate and save all details pertaining health information in a primary-care center. In the modern age of technology, many systems were developed to fulfill the requirements of the stake holders in healthcare institutions. EMR-based Hospital Information Systems were brought to limelight 8
whereby it seems to be the answer for efficient retrieval of information and of course reduction on cost for big bulk of paper storage. A brief idea on what an EMR is and the emergence of smartcards has been explained in the section above. This section attempts to explain what the problems in implementing a secure EMR system. Effective EMR systems should be designed so that they can exchange all their stored data according to public standards (Mandl et.al, 2001). Ideally it should be possible to create each patient s personal health record so that it is accessible at all points of care within the health service and contains data from all institutions involved in that patient s care. This is a major barrier in current EMR implementation models, where a patient s health record is stored and maintained within a local database system with no access from outside its own domain. Most EMR systems do not provide effective access for patients to their own data, and despite technical feasibility. EMR systems should be designed so that they contain some components or elements that allow patients to access, update and carry their own health records securely to obtain greater healthcare service wherever they choose to go. Giving patients control over permissions to carry or view their records is the key to ensuring a successful adoption of EMR while protecting their privacy. Secondly, patients are becoming increasingly anxious about the privacy of their medical records (Kurtz, 1999). Privacy is the right of an individual to control disclosure of his or her own health information. Patients should have the right to decide who can examine and alter what part of their medical records (Gostin, 1999). In principle a patient might choose to allow no access to such records, though at the risk of receiving uninformed and thus 9
inferior care. At the other extreme some might have no hesitation in making their records completely public. For most patients, the appropriate degree of confidentiality will fall in between and will be a compromise between privacy and the desire to receive informed help from medical practitioners. Because an individual may have different preferences about different aspects of his or her medical history, access to various parts of the record should be authorized independently. For example, psychiatric notes may deserve closer protection than immunization history. Further, patients should be able to grant different access rights to different providers, based either on their role or on the particular individual. Most patients will probably also choose to provide a confidentiality override policy that would allow an authenticated healthcare provider in an emergency to gain access to records that he or she would not normally be able to, though at the cost of triggering an automatic audit (Gostin, 1999). Another obvious problem from this discussion is that not only the patient needs fast accessibility and data confidentiality, but the aspect of information security must be given high priority. As this research attempts to read information across platforms the integrity and security of sensitive health data might be at high risk. Information security includes the processes and mechanism used to control the disclosure of electronic data from unauthorized destruction or modification (Kurtz, 1999). Patients electronic health data should be protected right from accessing the system, transferring or carrying the information and storing the data on any reliable media. 10
With the discussion above, the defined problems to be addressed in this research are the security concerns of electronic medical records that to be implemented on a smartcard from various levels of its implementation: System level, where the access control and audit trial on system and database need to be protected. Transmission level, where the data transmission need to be secured from external tampering between card reader and smartcard. Smartcard level, where the smartcard s memory need to be secured from vulnerability and unauthorized access. Electronic Data level, where the individual health records protected from being read, altered and deleted without proper authorization. 1.7 OBJECTIVES The aim of this research is to study security aspects of electronic medical records and the technical capabilities of smartcards to support the incorporation or encoding of such records onto them. This research also aims to provide a user friendly interface solution to the medical practitioners and patients to provide quality, secure and fast retrieval of healthcare information anywhere at any time. The objectives of this research are as follows. 11
1.7.1 To evaluate the significance of Electronic Medical Record (EMR) in healthcare institutions Development of any system should begin by analyzing the strengths and weaknesses of the existing practices with the domain of the study. To understand perfectly on the score of the EMR in the healthcare institutions, the current usage of the EMR and domain of its applicability needs to be analyzed. This analysis will give an insight on the shortcomings of its implementation as well as the advantages it has brought to the medical world. The evaluation would start from understanding the different meanings and definition given to the term EMR. Once this has been completed, the discussion would then elaborate on how EMR is utilized in the medical world. Next the security concern in the EMR adoption will be discussed to understand how far the adoption has been successful. The contributions of this evaluation will be distributed into the following areas: Terms and definitions of the EMR The significance and of the EMR The adoption of EMR The issues and concerns of EMR Security Below are the research questions expected to be addressed to achieve this objective: What are the different terms and definitions of EMR in healthcare? What are the strengths and limitations of an EMR based system? What are major concerns of EMR adoption? What are the threats to EMR? What are the EMR security concerns? 12
1.7.2 To study how the smartcard technology can used to secure electronic medical information Smartcard claims to provide portability and security of data contained within. However issue of the level of security and portability of the information is still debatable. This area of study firstly, will examine different architectures of the smartcards along with the advantages and disadvantages. The next part of the discussion will be evaluating the few implementations of smartcards in healthcare industry. Thirdly the security aspects of smartcards will be analyzed in detail to understand the level of data protection it provides and how to utilize those features in the EMR field. The significance of this study is to recognize the contribution of smartcard technology and how the underlying architecture of these cards can be used to hold the electronic health records in a secure mode. This objective will address the following questions: What is the architecture and components of a smartcard? How smartcard is being utilized in healthcare industry? How smartcard can be used to secure health information? What are the security breaches in current healthcare systems? How the use of smartcards can prevent the security breaches in current healthcare systems? 13
1.7.3 To develop a prototype application that demonstrates a secure implementation of EMR using smartcard The EMR systems have gained tremendous support over the years with the rapid growth of information technology. However survey shows the adaptability of the systems among the medical practitioners and patients is still low. This was due to various reasons, mainly concerning security and privacy issues (Dennis, 2005). In this study, an analysis of data privacy and information security will be conducted before creating a prototype application to evaluate the implication of smartcards in the EMR field. The following areas will be addressed for the development of the tool. What are the smartcard protocols and standards to be adopted? What are the technical measures taken to secure the EMR on the smartcard? What is the development platform to be used? What is the software development methodology to be used for the implementation? Does the prototype application demonstrate sufficient security measures for the medical records on a smartcard? Do the general security test, compliance test and performance evaluation results of the developed prototype validate the secure implementation of EMR Smartcard? 14
1.8 SCOPE AND LIMITATIONS The main objective of this research study is to identify a secure way to implement EMR using smartcard technology. Based on the detailed study of smartcard technology, there are many types of smartcard platforms available at present and inclusion of every smartcard technology in this research is out of reach. Therefore, this research was narrowed down to investigate only the major smartcard platform that supports multiple security option: Microprocessor (MyCOS 16Kb). The other card technologies such as Memory Card, Contactless Card and JavaCard (Open Card Framework) will only be tackled on a conceptual level and for comparison purposes. Another major limitation of this research is the type of EMR recorded onto the card. EMR consists of patient s health information, prescription history, lab results, x-ray images and scans and many other related information. As this research focuses mainly on the security of EMR on smartcard rather the type of information EMR provides, content of the smartcard herein will be restricted to a patient s personal information, emergency health information, allergy information, primary care information and limited past medical/prescription histories. Due to the limitation of resources and available number of Total Hospital Information Systems in Malaysia, a detailed survey in the Malaysian environment was unable to be achieved at the time this research was conducted. Since there was no implementation of smartcard-based EMR system in Malaysia, the basis of the thesis will be dependent on case 15
studies carried out by foreign attempts and examples. The research has tried to filter out foreign culture from these studies and extract only the principles that may have played a major part in determining the success or failure of such attempts. 1.9 RESEARCH METHODOLOGY The key methodologies used to obtain the research outcome in this study include a review of relevant literature, a technical analysis of key components and their modeling techniques and development and testing of the platform prototype. Firstly, the problem statements and objectives of this research were identified and outlined. Existing literature on relevant subject matter and the related technical components, such as EMR and Smartcard Technology were reviewed subsequently. The technical architecture of various smartcard platforms were analyzed to gather in-depth understanding and knowledge on how they work. Based on these reviews, requirements for a prototype captured and analyzed and at the same time other related modeling techniques were identified to incorporate the technical capabilities of smartcards into EMR systems. This was followed by the development of secure EMR encoding and decoding procedure for the selected smartcard platform. The procedure was then translated into software coding and then embedded to a prototype interface application. Compliance testing, comparisons and performance testing were done to verify the precision of the procedure and prototype output. Finally, conclusion and some recommendation for future enhancement were drawn based on the results and findings. 16
The research methodology for this dissertation is illustrated in Figure 1.2. Identify Problem Statements and Objectives Review relevant literature Review technical aspects of EMR and Smartcard Identify EMR Practices & Implementation Models Identify Modeling Technique for EMR Smartcard Requirement Capturing, Modeling & Analysis Develop Software Modeling Technique Develop, Test and Validate precision of the result Conclude the research and Recommend future Figure 1.2: Research Methodology 1.10 EXPECTED RESEARCH OUTCOME Based on the reviews on existing literatures, and the outcome from the studies on both available smartcard technologies and methods to secure the data on the smartcard, this 17
research finally attempts to provide a tool that encodes and decodes patient s electronic medical information securely on a smartcard platform. The summary of expected outcome of this study is categorized in Table 1.1: Table 1.1: Research Outcome Summary Research Outcome (Summary) Electronic Medical Record (EMR) Clarification and scrutiny of the terms and definition used in healthcare Significance of EMR in healthcare Global adoption trends in EMR Security concerns of EMR Smartcard Technology Comparison of different smartcard platforms Global implementation of smartcard in healthcare Contribution and concerns of smartcard in healthcare Smartcard design, standards and protocol to enhance security 4-Level security architecture model Prototype Tool Clinic Information System for EMR smartcard integration EMR Smartcard interface tool Secure EMR smartcard encoding and decoding tool Test Results General Security Test results and analysis Compliance Test results and analysis EMR Smartcard Performance Results and analysis 18
1.11 ORGANIZATION OF DISSERTATION Below is the outline of the dissertation: 1.11.1 Chapter One Introduction This chapter gives an insight about the motivation behind this research, project aim, objectives and the scope of the research. Each objective is supported by research questions that will be answered in detail in the other chapters. The scope of the research is also defined in terms of limitation and up to what extent this research will cover due to different constraints. The next issue described here is on how the research will be carried out to meet the expected outcome defined for this research. The expected outcome will be tested again in the results and findings chapter. 1.11.2 Chapter Two Literature Review This chapter includes a review of the research carried out by other researchers in the same field. A detailed overview of EMR and its benefits are discussed, followed by a discussion on the EMR adoption and highlights of the security concerns of the stakeholder. Subsequently, an analysis on available smartcard technologies was presented. The analysis started with the study on the different types of smartcards. The architecture of the smartcard was analyzed closely to understand how the operations are executed and how enhancement to these operations can be implemented. Apart from that, other factors affecting smartcard based EMR, such as security, privacy and accessibility were the major part of discussion within this chapter. The study also identifies the current researches in the related area by others, before summarizing all the findings from those reviews. 19
1.11.3 Chapter Three Research Methodology In this chapter the key methodological approaches and modeling techniques were introduced and described in detail. This followed by the discussion on requirements for the system development. Major components of the working model are identified and the basic functionality as well as integration is described. Apart from that, the core to this research, the 4-level security implementation architecture was introduced and the related smartcard encoding commands also presented in this chapter. It also discusses some flows within the healthcare smartcard implementation and describes the general types of security and privacy concerns that must be addressed within the problem domain. Finally a procedure to securely encode and decode an EMR smartcard was put forward with description and test procedures to validate them in the implementation of the output prototype application was presented. 1.11.4 Chapter Four Development & Testing This chapter explains about the development of the prototype tool. This chapter also elaborates on how the prototype application was integrated and tested on a clinic information system. The adopted testing methodologies and the results of the testing were discussed in this section as well. 1.11.5 Chapter Five Discussion & Conclusion This chapter concludes the dissertation with the summary of work. It highlights some limitations of the current research and also includes several suggestions for the future 20
improvements. Finally, a summary of achievements were drafted to justify all objectives of this research were met. 21