IMPLEMENTATION OF SECURE MEDICAL RECORD USING SMARTCARD TECHNOLOGY



Similar documents
Chapter 5: Discussion & Conclusion

The performance of an E-commerce application relies on various aspects. Apart from the

Chapter 1: Introduction

INTEGRATED STAFF ATTENDANCE SYSTEM (ISAS) WEE PEK LING

Universiti Teknologi MARA. Requirement Analysis Using UML Approach for Research Management System (RMS)

Laboratory Information Management and Process Control Software for Microbiological Laboratories of the Government Hospitals

Factors Influencing the Adoption of Biometric Authentication in Mobile Government Security

DISTRIBUTED ARCHITECTURE FOR ELECTRONIC HEALTH REFERRAL SYSTEM UTILIZING COMPUTATIONAL INTELLIGENCE FOR CLINICAL DECISION SUPPORT

TABLE OF CONTENTS ABSTRACT ACKNOWLEDGEMENT LIST OF FIGURES LIST OF TABLES

Electronic Student Academic System (E-SAS) For Secondary School

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

C015 Certification Report

Health Information Management Systems Technology and Analysis (HIMSTA) Domains, Competencies and Modules. The Curriculum.

Secure USB Flash Drive. Biometric & Professional Drives

SUCCESSION PLANNING AND MANAGEMENT PRACTICES AMONG PRIVATE SECTOR FIRMS IN MALAYSIA KRISHNA NAIDU S/O D. SUPPIAH

T141 Computer Systems Technician MTCU Code Program Learning Outcomes

REGULATIONS FOR THE DEGREE OF MASTER OF SCIENCE IN COMPUTER SCIENCE (MSc[CompSc])

Should you have any questions, please feel free to contact Velante directly as they are leading EMR delivery on our behalf.

REGULATIONS FOR THE DEGREE OF MASTER OF SCIENCE IN COMPUTER SCIENCE (MSc[CompSc])

RFP for Documentation and Development of Governance Process for Services Oriented Architecture

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

Fahad H.Alshammari, Rami Alnaqeib, M.A.Zaidan, Ali K.Hmood, B.B.Zaidan, A.A.Zaidan

Use Cases for Argonaut Project. Version 1.1

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

THE CASE FOR VALUE MANAGEMENT TO BE INCLUDED IN EVERY CONSTRUCTION PROJECT DESIGN PROCESS

1. Introduction to ehealth:

Overview of ehr Development. Slide - 1

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

C033 Certification Report

Master of Science in Cyber Security and Management

TABLE OF CONTENT CHAPTER TITLE PAGE TITLE DECLARATION DEDICATION ACKNOWLEDGEMENTS ABSTRACT ABSTRAK

USE OF INFORMATION SOURCES AMONGST POSTGRADUATE STUDENTS IN COMPUTER SCIENCE AND SOFTWARE ENGINEERING A CITATION ANALYSIS YIP SUMIN

Comprehensive Network Security Approach: Security Breaches at Retail company- A Case Study

Applying Information Lifecycle Management Strategies Enables Healthcare Providers to Accelerate Clinical Workflow

LDAP Authentication Configuration Appendix

ABSTRACT I. INTRODUCTION

UNIVERSITY OF MANITOBA PROCEDURE

e-consent design and implementation issues for health information managers

LIABILITY FOR CLOUD COMPUTING UNDER COPYRIGHT LAW

White Paper. Document Security and Compliance. April Enterprise Challenges and Opportunities. Comments or Questions?

A system is a set of integrated components interacting with each other to serve a common purpose.

The Unified Software Development Process

5054A: Designing a High Availability Messaging Solution Using Microsoft Exchange Server 2007

ACKNOWLEDGMENT. I would like to thank Allah for giving me the patience to work hard and overcome all the

A STUDY ON SOTWARE PRODUCT DEVELOPMENT APPROACHES IN THE SRI LANKAN SOFTWARE INDUSTRY

OpenHRE Security Architecture. (DRAFT v0.5)

More effective protection for your access control system with end-to-end security

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

INFORMATION TECHNOLOGY

Student Guide to Neehr Perfect Go!

Other Required Courses (14-18 hours)

HIT Workflow & Redesign Specialist: Curriculum Overview

Chapter 1: Introduction

Voice Documentation in HIPAA Compliance

Appendix 2-A. Application and System Development Requirements

Private vs. Public Cloud Solutions

ENHANCED DEPOT LEVEL MAINTENANCE OF DEFENSE AEROSPACE ASSETS THROUGH SUPPLY CHAIN MANAGEMENT TRANSFORMATION

Name of pattern types 1 Process control patterns 2 Logic architectural patterns 3 Organizational patterns 4 Analytic patterns 5 Design patterns 6

4.7 Website Privacy Policy

VoIP Logic HIPAA/SSAE SOC II Compliance Overview for Service Providers

IF2261 Software Engineering. Introduction. What is software? What is software? What is software? Failure Curve. Software Applications Type

How To Write A Health Care Security Rule For A University

Design of a University Portal with Biometric Lecture Attendance Monitoring System

What is a life cycle model?

Business Administration specializing in Marketing

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Master of Science Service Oriented Architecture for Enterprise. Courses description

B.Sc (Computer Science) Database Management Systems UNIT-V

Review Your Thesis or Dissertation

Recent Advances in Automatic Control, Information and Communications

Dr. Pat Mirenda. Software Design Specification Document

This Version Not For Distribution EMR/EHR

Neehr Perfect Educational EHR STUDENT GUIDE

Personal Data & Privacy Policy Statement

on the transfer of personal data from the European Union

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

Cesario Di Sarno. Security Information and Event Management in Critical Infrastructures

COMPARISON OF PROBLEM BANK IDENTIFICATION, INTERVENTION AND RESOLUTION IN THE SEACEN COUNTRIES

Medical Informatics An Overview Saudi Board For Community Medicine

MS Information Security (MSIS)

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

CHIS, Inc. Privacy General Guidelines

POSITION DESCRIPTION #

Polish Financial Supervision Authority. Guidelines

AUTOMATION OF HEALTH RECORD MANAGEMENT USING SOME SELECTED HOSPITALS IN SOUTH WESTERN NIGERIA AS CASE STUDY

Version: January 2008 ASTM E-31: EHR and Informatics Standards Education For Health Professional Disciplines. Background

FACTORS THAT INFLUENCE JOB TURNOVER OF SOCIAL WORKERS IN THE DIRECTORATE OF DEVELOPMENTAL SOCIAL WELFARE SERVICES (DDSWS) IN NAMIBIA

The Development of Mobile Device Management Framework on Android Platform for Devices Security and Applications

Installation Guide: Delta Module Manager Launcher

Transcription:

IMPLEMENTATION OF SECURE MEDICAL RECORD USING SMARTCARD TECHNOLOGY JOTHI PRAKASH A/L MURUGAN DISSERTATION SUBMITTED IN FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF COMPUTER SCIENCE FACULTY OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY UNIVERSITY MALAYA KUALA LUMPUR July 2009

ABSTRACT Patients medical histories are documented within their medical records and these records must accompany them over the course of their lifetimes. Until recently, the majority of medical records were handwritten or printed on paper and kept in a paper folder. Healthcare institutions are now moving away from traditional paper-based records to electronic versions; patients entire medical histories are recreated in a digital format as the healthcare field incorporates more technology into its daily practices. Although many healthcare institutions have adopted electronic medical record (EMR) systems, the goals of comprehensive, continuous and patient-centered care have not occurred due to lack of mechanisms that provide practitioners timely and efficient access to the patient's complete health history. Thus, to be able to retrieve patient s health record timely and efficiently, smartcard technology was adopted into EMR systems. Although substantial benefits were expected from smartcard-based EMR systems to solve those primary issues, privacy and confidentiality of EMRs are obviously at risk if the implementations of such EMR systems are not made secured. This research effort addresses two major areas. Firstly is to analyze and scrutinize the implementation of EMR-based systems in healthcare sector. The second area is to attempt to manage EMRs in a secure smartcard platform. Crucial factors affecting a smartcard-based EMR, such as security, privacy and implementation methodology is presented in detail in the first part of this research. Subsequently a four-level security authentication model has been introduced in an attempt to secure the EMR smartcard which complies with international standards for smartcard. The software methodology used in this research area is Unified Modeling Language (UML), an object oriented modeling technique. The significant contribution of this study is to present an implementation model for a secure smartcard-based EMR system. A patient-centered EMR smartcard interface prototype is developed to prove its integration viability. Testing results from the prototype demonstrates that the idea of using smartcard technology to secure EMR is viable. Further enhancement to safeguard the EMR on smartcard has been presented in the research which would greatly benefits the healthcare industry in general and the patients in particular. ii

ACKNOWLEDGEMENTS I wish to express my heartiest gratitude to all the people who have helped me in completing this dissertation especially to my supervisor Dr. Rosli bin Salleh, for his encouragement, patience and invaluable guidance throughout the process of writing this dissertation. Special thanks to Ms. Devi and Mr. Mathura for proof reading my dissertation and their helpful comments and moral support that they gave. I m also greatly thankful to my friends and colleagues, who have given me ideas and constant inspiration for the continuation and completion of this dissertation. Last but not least, I dedicate this dissertation to all my family members who have always been there to support me in all my endeavors, especially my mother and demised father who had sacrificed their lifetime for my success. iii

TABLE OF CONTENTS Abstract Acknowledgement Table of Contents List of Figures List of Tables ii iii iv vi viii Chapter 1: Introduction 1.1 Background And Motivation 1 1.2 Advancement of Medical Informatics in Malaysia 2 1.3 Changes in Medical Record Keeping Trend 3 1.4 The Electronic Medical Record 4 1.5 The Emergence of Smartcards in Healthcare 8 1.6 Problem Statement 8 1.7 Objectives 11 1.8 Scope and Limitations 15 1.9 Research Methodology 16 1.10 Expected Research Outcome 17 1.11 Organization Of Dissertation 19 Chapter 2: Literature Review 2.1 Introduction 22 2.2 Definition and Terminologies 23 2.3 An Analysis On Medical Record Terminologies 25 2.4 Capabilities of EMR 33 2.5 EMR Adoption Model 36 2.6 Healthcare in Malaysia 38 2.7 Security, Privacy and Confidentiality of EMR 42 2.8 Case Study On Security Breaches in EMR Systems 45 2.9 Technical Review of Smartcard Technology 53 2.10 Smartcards in Healthcare 54 2.11 An Analysis Of Previous Healthcare Smartcard Implementations 60 2.12 Current Researches in EMR Smartcard 63 2.13 Summary of Related Literature 65 Chapter 3: Research Methodology 3.1 Key Methodological Approaches 67 3.2 Identify The Modeling Technique for EMR Smartcard 70 3.3 Software Development Methodology 84 3.4 Requirement Capturing and Modeling 89 3.5 Requirement Analysis 97 3.6 Analysis and Design 102 3.7 A Systematic Test Procedure 104 iv

Chapter 4: Development & Testing 4.1 Introduction 113 4.2 System Overview 113 4.3 Objective Of The Software 114 4.4 Software And Hardware Technology Consideration 114 4.5 System Architecture 115 4.6 Graphical User Interface 122 4.7 Implementation 123 4.8 Using The Tool 128 4.9 Test Results And Discussion 134 4.10 System Limitation 142 4.11 Summary 144 Chapter 5: Discussion And Conclusion 5.1 Introduction 145 5.2 Research Outcomes and Discussion 145 5.3 Challenges 150 5.4 Limitation 151 5.5 Future Enhancements 151 5.6 Summary 153 APPENDIX A The Smartcard Protocols: ISO/IEC 7816-PART4 155 APPENDIX B EMRSmartcard Source Code 183 REFERENCES 227 v

LIST OF FIGURES Figure 1.1 The Four Components of Malaysian Telehealth Application 3 Figure 1.2 Research Methodology 17 Figure 2.1 Popularity of Terminologies used in Medical Software 24 Figure 2.2 Sources of EMR 27 Figure 2.3 EMR Adoption Model 36 Figure 2.4 The different types of insider threats to information 45 Figure 2.5 Level of vulnerability exploitation 47 Figure 2.6 Level of vulnerability severity 48 Figure 2.7 Vulnerability duration 48 Figure 2.8 Level of protection against vulnerability 52 Figure 3.1 Methodology Approaches of this research 69 Figure 3.2 File Base Modeling Sample for Smartcard 71 Figure 3.3 A 3DES Encryption/Decryption Procedure 80 Figure 3.4 Memory Mapping of EMR Smartcard 83 Figure 3.5 Unified Process disciplines and phases 87 Figure 3.6 Abstract Use Cases 94 Figure 3.7 Use Case Diagram for Secure medical record clinic management system Figure 3.8 Use Case Diagram for Smartcard 97 Figure 3.9 Use Case Realization for Add Patient Record Use Case 99 Figure 3.10 Collaboration diagram for Add Patient Record Use Case 99 Figure 3.11 Write Medical Record Use Case realization 100 Figure 3.12 Write Medical Record Collaboration Diagram 100 Figure 3.13 Read Medical Record Use Case realization 101 Figure 3.14 Read Medical Record Collaboration Diagram 101 Figure 3.15 Add Patient Record sequence diagram 102 Figure 3.16 Layered security model 106 Figure 4.1 Architecture Diagram 115 Figure 4.2 4-Level Security Implementation Architecture 117 Figure 4.3 Protecting Access to EMR using smartcard 118 Fugue 4.4 Protecting Access to Smartcard 119 96 vi

Figure 4.5 Protecting Health Records on a Smartcard 120 Figure 4.6 Basic Frame for the GUI of EMRSmartcard 122 Figure 4.7 File Creation with Secure Messaging 124 Figure 4.8 Key Creation with Secure Messaging 124 Figure 4.9 User Login to EMRSmartcard Application 128 Figure 4.10 Select Patient Registration submenu from Main Menu 129 Figure 4.11 Enter New Patient Details 130 Figure 4.12 Completed Patient Registration Form 131 Figure 4.13 EMRSmartcard Read/Write Interface 132 Figure 4.14 Search Patient Record Using EMRSmartcard 133 Figure 4.15 Implementation of Transmission Level Security 143 Figure 4.16 Implementation of Card Level Security 143 vii

LIST OF TABLES Table 1.1 Research Outcome Summary 18 Table 2.1 EMR and EHR Comparison 32 Table 2.2 Different Smartcard Implementation and Description 61 Table 2.3 Implementation of Smartcard and its benefits 62 Table 3.1 File Organization for EMRSmartcard 82 Table 3.2 Activities and Deliverables for phases in USDP 88 Table 3.3 Abstract Healthcare Domain Use Case 94 Table 3.4 Use Case Description 95 Table 3.5 Security Services Security Mechanisms Test Plan 107 Table 3.6 Compliance Test Plan 108 Table 3.7 Performance Test Plan #1 110 Table 3.8 Performance Test Plan #2 110 Table 3.9 Performance Test Plan #3 111 Table 3.10 Performance Test Plan #4 112 Table 3.11 Performance Test Plan #5 112 Table 4.1 Initial Requirements and Respective Interface Modules 121 Table 4.2 List of Administration and Security Command Set 125 Table 4.3 List of Response Code 127 Table 4.4 Security Services Security Mechanisms Test Result 134 Table 4.5 Compliance Test Result 136 Table 4.6 Performance Test Result #1 137 Table 4.7 Performance Test Result #2 138 Table 4.8 Performance Test Result #3 139 Table 4.9 Performance Test Result #4 139 Table 4.10 Performance Test Result #5 140 viii

ix

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information