Chapter 5: Discussion & Conclusion



Similar documents
IMPLEMENTATION OF SECURE MEDICAL RECORD USING SMARTCARD TECHNOLOGY

Chapter 1: Introduction

1. Introduction to ehealth:

360 Takes Transcription to the Next Level... 2 Web-Based Services... 3 Traditional Services... 4 Best of Both Worlds 360 s EHR Solution...

etoken TMS (Token Management System) Frequently Asked Questions

CHAPTER 1 INTRODUCTION

Chapter 3: Data Mining Driven Learning Apprentice System for Medical Billing Compliance

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Introduction to Enterprise Project Management

G R E E N W I C H S C H O O L O F M A N A G E M E N T. management. programmes

Project estimation with Use Case Points using Enterprise Architect (EA)

CTI Higher Certificate in Information Systems (Engineering)

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

CHAPTER 1 INTRODUCTION

Telecommunication (120 ЕCTS)

INTEGRATED STAFF ATTENDANCE SYSTEM (ISAS) WEE PEK LING

A Case Study on Model-Driven and Conventional Software Development: The Palladio Editor

INTEGRATION GUIDE MS OUTLOOK 2003 VERSION 2.0

Chapter 3 Research Methodology

IGI Portal architecture and interaction with a CA- online

Requirements engineering

5053A: Designing a Messaging Infrastructure Using Microsoft Exchange Server 2007

MEng, BSc Applied Computer Science

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

CHAPTER 1 INTRODUCTION

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

City University of Hong Kong. Information on a Course offered by Department of Computer Science with effect from Semester A in 2014 / 2015

A Proven Approach for Successful Systems Integration

Table of Contents. Preface CPSA Position How EMRs and Alberta Netcare are Changing Practice Evolving Standards of Care...

Bachelor of Information Technology (Network Security)

Introducing etoken. What is etoken?

Longmai Mobile PKI Solution

Common Questions and Concerns About Documentum at NEF

MEng, BSc Computer Science with Artificial Intelligence

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support

Protecting systems and patient privacy

Master s Program in Information Systems

Middleware- Driven Mobile Applications

10972B: Administering the Web Server (IIS) Role of Windows Server

m Commerce Working Group

HIT Workflow & Redesign Specialist: Curriculum Overview

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

SYSTEMS APPROACH FOR BETTER EDUCATION RESULTS SABER. August Education Management Information Systems Data Collection Instrument Training Manual

More effective protection for your access control system with end-to-end security

Bellevue University Cybersecurity Programs & Courses

A Mind Map Based Framework for Automated Software Log File Analysis

All Rights Reserved Index No. SCHOOL OF ACCOUNTING AND BUSINESS BSc. (APPLIED ACCOUNTING) GENERAL / SPECIAL DEGREE PROGRAMME

Cyber Security and Privacy - Program 183

Microsoft Solutions for Security. Delivering the Windows Server 2003 Security Guide

USE OF INFORMATION SOURCES AMONGST POSTGRADUATE STUDENTS IN COMPUTER SCIENCE AND SOFTWARE ENGINEERING A CITATION ANALYSIS YIP SUMIN

Design with Reuse. Building software from reusable components. Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 14 Slide 1

Using Web-based Tools to Enhance Student Learning and Practice in Data Structures Course

- Table of Contents -

The Encryption Anywhere Data Protection Platform

11 Tips to make the requirements definition process more effective and results more usable

Canadian Technology Accreditation Criteria (CTAC) INFORMATION TECHNOLOGY - TECHNOLOGIST Technology Accreditation Canada (TAC)

Study Plan for the Bachelor Degree in Computer Information Systems

Agile Master Data Management A Better Approach than Trial and Error

Agent vs. Agent-less auditing

INTRODUCTION TO JAVA PROGRAMMING LANGUAGE

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

CipherShare Features and Benefits

Course Outline. ttttttt

Contact Center Security: Moving to the True Cloud

JAVA Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

Ensuring the security of your mobile business intelligence

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

A Pluggable Security Framework for Message Oriented Middleware

Baltimore UniCERT. the world s leading PKI. global e security

RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment. Carolin Latze University of Berne

Table of Contents. CHAPTER 1 Web-Based Systems 1. CHAPTER 2 Web Engineering 12. CHAPTER 3 A Web Engineering Process 24

Preparing your network for the mobile onslaught

CHAPTER_3 SOFTWARE ENGINEERING (PROCESS MODELS)

Generating Aspect Code from UML Models

MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES

CHAPTER 1 INTRODUCTION

Issues in Smart Card Development

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma CpE /24/2016

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES

DATA COLLECTION TECHNIQUES

Transcription:

Chapter 5: Discussion & Conclusion

5.1 INTRODUCTION The outcome of this research is analyzed to check if it meets the objectives outlined in chapter one. In chapter one, for each objective, a set of research questions was formulated to help in achieving the stipulated objectives. In this chapter, the questions will be revisited to check if they have been answered. There would be scenarios where the question was eliminated; the justification of this elimination would be presented in the upcoming discussion. One of the research outcomes is to produce a prototype application to show the viability of this research topic. The pitfalls in the development processes will be discussed as the problems and limitations faced in this dissertation; however some recommendations for future enhancement of the prototype application will be outlined at the end to conclude this research. 5.2 RESEARCH OUTCOMES & DISCUSSION Two outcomes have been achieved at the end of this research. Firstly a prototype is developed to demonstrate the implementation of secure medical record using smartcard technology. The next outcome is the review of the study in two major subject domains of the research, Electronic Medical Record (EMR) and Smartcard Technology. Although the main expected research outcome stated in this chapter has been achieved, the validity and limitation of the achieved outcomes would only be considered successful if the research 145

questions to achieve the objectives are clearly answered. The discussion below attempts to measure the achievement of the research in accordance to the research questions for each objective. 5.2.1 Objective 1: To evaluate the significance of Electronic Medical Record (EMR) in healthcare institutions The outcome of this objective is to be able to understand the significance of EMR and to implement the concept in this research. To achieve this objective a literature review was carried out. The outcome of the study on what is an EMR, the different terminologies in EMR study, the importance and the emergence of the field, the adoption of EMR in healthcare industry and the issues and concerns of records security have been summarized as EMR is one of most fast growing bioinformatics field and more and more countries and healthcare organizations are moving towards implementing it to improve their service level to their patients. EMR also reduces operational cost in healthcare organization. The research questions formulated earlier for this objective are as follows: What are the different terms and definitions of EMR in healthcare? What are the strengths and limitations of an EMR based system? What are major concerns of EMR adoption? What are the threats to EMR? What are the EMR security concerns? There were many different definitions for electronic medical records by different authors and from different type of information it carries, however the definition stated in the 146

literature review is best described to suit the scope of the project. Although EMR offers many benefits and strength, the major concern of EMR implementation is the threats it poses from various parts of the system. Patient s concern over security, privacy and confidentiality of their EMR were also identified as the major barrier in adopting EMR systems. The acceptance level of EMR in most parts of the world is still low and this clearly reflected by the total number of implementations and the adoption rate of EMR among the healthcare service providers. All five questions were addressed in detail in the literature review study and this certainly implies that this research has managed to achieve its first objective successfully. 5.2.2 Objective 2: To study how the smartcard technology is used to secure electronic medical information The next study objective in the literature review is about the smartcard technology and its capabilities to support the implementation of a secure medical record. The conclusion from the study is that smartcards contain the technical ability to hold medical records and its best suited with all required technical architecture to protect the EMR. However, there is still the gap of implementing EMR on smartcards. Research questions for this objective as stated earlier are as follows: What is the architecture and components of a smartcard? What are the different types of smartcards adopted currently? What are the international and industrial standards used for smartcards? How smartcard is being utilized in healthcare industry? How smartcard can be used to secure health information? 147

In conclusion from the study done in the literature review, smartcards have the full capability to hold electronic medical records securely by adopting some standards and other security measures efficiently. 5.2.3 Objective 3: To develop a prototype application to support secure implementation of EMR using smartcard Chapter 3 explains in detail what the security concerns of EMR are and how a secure implementation of EMR can be achieved using smartcard technology. File System API commands and Security API commands where implemented to provide the entire system architecture a 4-level security option. The outcome of this objective was the successful implementation of the 4-level security model using smartcard. As stated in 1.7.3, the research question for objective three are: What are the smartcard protocols and standards to be adopted? What are the technical measures taken to secure the EMR on the smartcard? What is the software development methodology to be used for the implementation? Does the prototype application demonstrate sufficient security measures for the medical records on a smartcard? Do the general security test, compliance test and performance evaluation results of the developed prototype validate the secure implementation of EMR Smartcard? 148

In Chapter 3, first three questions were answered and with the technical measures and methodological approaches clearly defined. An object-oriented approach was adopted, in the form of UML methodology, for the analysis and design part. Chapter 4 answers the last two questions by justifying the development platform and gives a detailed and systematic test procedure to analyze the results of the secure medical record smartcard prototype. The expected research outcome and the final research outcome do vary in different degrees based on the objective itself. As a result of not having questionnaires for the study analysis, the outcomes only depict the compilation of other research work done in the similar area. However, the study conducted in the literature review provided all the information required for the two technical fields involved, the EMR and smartcard technology. The limitation and the challenges faced to reach the outcome will be discussed in the next section. 5.2.4 SUMMARY OF ACHIEVEMENTS The achievements in this research are as below: Thorough understanding of the different definitions of electronic medical records Thorough understanding of the distinct difference between smartcard technologies and how they can be implied in software applications. Successful in using the unified software development methodology to design and develop the tool. A 4-level security model was successfully created and tested for EMR smartcard application. 149

Successfully developed the clinic management system with secure electronic medical record prototype implemented. Successfully compared the results from various test procedures to justify the success of the Secure EMR implementation using smartcard technology. 5.3 CHALLENGES The challenges faced in this research are mostly from two sources. Firstly, the research done in the area of smartcard-based electronic medical record is scarce. Although there are number of researches done on the field of electronic medical record, not many implementations have the smartcard component as a topic. Most of researches are focusing on implementation of EMR using database-related or web-based system architecture. This restricts the availability of study material to gain more information on the related topics. Secondly, the development of smartcard applications is made complicated with choice of smartcard platforms or frameworks available. There are many smartcard operating systems available in the market, but every smartcard manufacturer has implemented the Security API in different ways although the final outcome would be similar. The familiarization process with the smartcard technology requires quite substantial amount time, which restricts from analyzing all available smartcard operating systems for comparison. A long duration of time was spent in understanding the methods, functions and how the prototype application works for the integration. Some built-in classes could not be understood, and 150

hence, an alternative method was taken to design and implement classes to support the features mentioned as in the user requirement. 5.4 LIMITATION Limitation of this research will be explained in two sections. Firstly the limitation will be addressing the lack of information on the study of EMR adoption in Malaysia. Initially this research intended to provide significant information and analyzing the implementation of EMR in Malaysia. However due to limitation of resources of published information on the Telehealth project, this section was only narrated on what and how it was implemented currently in a very small scope. Further explanation and implementation methodology of this national project was not available for public access, therefore this research could only present the information and study based on available information published in yearly reports and newspaper articles. This has also made the comparison of implementation on EMR systems impossible to be presented. The second area of limitation is more towards the architecture and study of the smartcard technology. There were many smartcard technology available in the market, however analysis the characteristic, strength and limitations was impossible within the short time span. Moreover, the scope of this research was to enhance the security aspect therefore the concentration of the study on smartcard was on the architecture details. Apart from this the other constraint is the limitation of the architecture of the card. The memory and storage limitation limit the idea of having large amount of health information stored within the 151

card. Therefore what is to be stored in the smartcard will be determined by the memory allocation of the card and this makes it quite impossible for health cards to have historical information. 5.5 FUTURE ENHANCEMENTS The implementation of a smartcard-based secure medical record can be further improved by applying more features of the smartcard technology to improve the following areas: Memory management: A well-defined memory mapping of the card EEPROM will significantly improve the memory efficiency. Windows-like folder architecture with suitable file type can be adopted for this purpose. In the current research, a Variable Length Record File was used to store medical records. By adopting Dynamic Length Record File, memory usage will be reduced and more data can be stored. Use of Public Key Infrastructure (PKI): The current implementation of 4-level security model relies on internal and external key management architecture and encryption of data using industrial standard triple DES algorithm. Using PKI, a more robust, efficient and secure key handling method can be implemented with the use of a more sophisticated cryptography technology. All records in the current EMR smartcard is written in an encrypted format, but have not been compressed. This was not a part of the current research, but would 152

definitely improve other aspects of a smartcard application, i.e transmission time, memory management and data retrieval process, if implemented wisely. Adopting Open Source card architecture such as JavaCard (OpenCard Framework) would give more space for manufacturer-independent development environment. The current research utilizes PC/SC standards for smartcard from Microsoft and ACOS, a vendor-specific card operating system. Healthcare industry-specific standard (HL7) incorporation on the EMR Smartcard records. On the other hand, another recommendation for future work would be a localized survey and study of the EMR in Malaysian environment. As the government envisions implementing the national Telehealth Plan, it would be greatly beneficial if a localized study conducted with more detailed medical records retrieved from our available Total Hospital Information System. 5.6 SUMMARY Patients in the modern world are more concerned about the use of their medical records to receive better healthcare anywhere they go. The emergence of the need to keep and carry such highly confidential data is significantly rising over the past decade. As the infusion of 153

information technology is growing in fast phase, more and more hospitals or medical institutions are moving forward to implement a complete hospital information system. Although such systems provide a mechanism for the care providers to share the medical records among them, the real need of the patient to hold their own records in the wallet is not being achieved. Patients want their medical records stored in a media that they can easily and securely access as and when they need. Smartcard technology promises a secure means for such data, but the issues and concerns surrounding the technology have to be address effectively. This research has clearly outlined the significance of the two major components, EMR and smartcard technology, and has derived a method for the implementation of secure medical record using the smartcard technology. As conclusion in this study, an in-depth understanding of the related fields and concepts in securing electronic medical record were achieved. To illustrate the research idea, a prototype application was developed and tested. The user testing of application shows the aim of the research has been fulfilled. However, with the limitation of the implementation, the flaws of smartcard security handling are to be noted for further improvement. 154

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information