View
230
Download
0
Category
Preview:
Citation preview
8/12/2019 MIS in Healthcare Management
1/23
MIS in HealthcareManagement
Submitted to: Submitted by:
Prof. S. Kannan Umang Ugra
Bhawana Goel
Hitesh Mehta
Prateek Singh Bapna
Sakshi Garg
G
8/12/2019 MIS in Healthcare Management
2/23
Article Referred
Title: HEALTHCAREDATA MANAGEMENT ISSUES AND THE ECERT SOLUTION
Authors:
Lisha Chen-Wilson, Xin Wang, Gary B Wills and David Argles
School of Electronic and Computer Science,University of Southampton, United Kingdom
Charles Shoniregun
Infonomics Society, United Kingdom
Published in 2011 (IEEE)
8/12/2019 MIS in Healthcare Management
3/23
Introduction
Large no. of organizations are converting their paper data into eformat.
Concerns about storage & transmission of data are increasing
Prevention of unauthorized modification and loss of records is vcrucial in healthcare sector
Besides human error, there is a concern for maintain theconfidentiality of patient data
The paper presents a method of protecting system against misuby outside attackers and illegitimate users
8/12/2019 MIS in Healthcare Management
4/23
Introduction (Contd.)
Patients should be given opportunity to chose whether or not thhealthcare information be collected & recorded.
Patients should also be given the control of how the data isaccessed and modified.
To address these problem, the eCert project has developed a uscentric eDocument transmission protocol.
The eCert protocol enables users to share their data whilstmaintaining a measure of control over its visibility.
8/12/2019 MIS in Healthcare Management
5/23
8/12/2019 MIS in Healthcare Management
6/23
Challenges faced by Current HealthcareInformation System
How to make the data available according to only those who ne
Preventing data transmission to illegitimate organizations
Competing Aims: CONFLICT PARADOX
1. Availability of data in case of emergency
2. Ensuring restrictions on visibility of sensitive information
8/12/2019 MIS in Healthcare Management
7/23
Healthcare Scenario
A. Sharing healthcare records eDocument validation is essential, but
Confidentiality should not be violated
Embarrassing private information should not be forwarded.
B. Loss of Healthcare records Data corruption will lead to wrong diagnosis, endangering life of the pat
8/12/2019 MIS in Healthcare Management
8/23
Underlying Technologies
eCertificate System enables the eCertificate owners to have usage control over their docume
before distributing to the reviewers, prevent unauthorized modification distribution
Mobile eID to explore the issues that arise in implementing the eCert protocol withi
mobile platform to provide certified, certifiable, and protected identityinformation.
8/12/2019 MIS in Healthcare Management
9/23
Underlying Technologies (Contd.)
eCert as a policy for the signing and keymanagementThe eCert approach defines a secured and signed document thatenables the user to determine what a reviewer is allowed to seeand for how long.
File Structure: Metadata, text content, supported file outputs
Signing Method: Optional files will be signed individually using detached signature
Their signature values and the reference URI will then be embedded witthe main content under the corresponding display conditions
The document will then be signed using enveloped signature, and encrypbefore distributed
8/12/2019 MIS in Healthcare Management
10/23
Underlying Technologies (Contd.)
Keys management: The system will use the issuer's private key to sign the document, and us
the system's default public key, or the receiver's public key to encrypt thdocument, depend on the applied situations.
System structure: All supported systems will be installed locally in registered institutions,
link to the eCert central server.
Usage control: User has the option to set the access rights.
8/12/2019 MIS in Healthcare Management
11/23
Features of eCert Protocol
Secure
User-centric
Lifetime Validation
Verifiable distributed data
8/12/2019 MIS in Healthcare Management
12/23
Benefits and Drawbacks of eCert inHealthcare
Provides a unique, secure, reliable system for data managemen
Has a secure user-centric approach
Currently there is no known drawback of eCert protocol in
Healthcare
8/12/2019 MIS in Healthcare Management
13/23
Proposed eHealthcare
Use case: Three stakeholders: Issuer, Patient and Reviewer
eHealthcare use case Record healthcare histo
8/12/2019 MIS in Healthcare Management
14/23
eHealthcare use case - Record healthcare histoDescription A healthcare sector staff wishes to record a patient's healthcare informatio
treatment
Actors Patient Healthcare sector staff
Scenario 1. Patient requires treatment and provide related information2. Healthcare sector staff retrieves the patient's healthcare history from PRS, a3. Patient receives treatment
4. Healthcare sector staff record the treatment process and result in PRS
Variations If the patient has no record in the PRS yet, the healthcare sector staff can staaccount
Benefits Patient: all treatment history is in record, no need to memorize them s
medical terms. Healthcare sector: maintain patients healthcare history can provide efficie
informed decision, and therefore, better treatment result
Issues Records in PRS have risks: e.g. unauthorized modification, human errors, and da Incorrect record will lead to wrong treatments Lost of record or a whole database will affect the efficient of assessments
It is not easy for a patient to find out what is being held about them in the syste
information for any personal purposes (e.g. forward it to a private healthcare pr
8/12/2019 MIS in Healthcare Management
15/23
Proposed eHealthcare (Contd.)
Comparison of eHealthcare with eCertificate and eID in terms o
1. File Structure
8/12/2019 MIS in Healthcare Management
16/23
Proposed eHealthcare (Contd.)
2. Technical Skills:
Unlike the case of eCertificate and elD, the information owners in theeHealthcare case are patients, which can be any
age, may be new to computing technologies, or may have no
capability of managing their own documents.
3. Usage Controla. eCertificate and eID: Further transfer of the eDocument from thrreviewer is prevented.
b. eHealthcare: Not only the owner, but all stakeholders, should
have the usage control of the document
8/12/2019 MIS in Healthcare Management
17/23
Proposed eHealthcare (Contd.)
8/12/2019 MIS in Healthcare Management
18/23
Proposed eHealthcare (Contd.)
Design An eHealth-eCert will follow the eCert user-centric approach, and will b
secured to ensure confidentiality, integrity and availability during its issudistribution, management, and verification processes
8/12/2019 MIS in Healthcare Management
19/23
Use of eHealthcare System Keys
Signing and Verifying Process
Signing Key Issuer Private Key
Verifying Key Issuer Public Key
Encrypt and decrypt on Issuing Process
Issuing Path Option Encrypt Key Decrypt Key
Within Healthcare Sector Receiver Public Key Receiver Private Key
Healthcare sector topatient with open access
System default public key System default private ke
Healthcare sector topatient with controlledaccess
Patient public key Patient private key
8/12/2019 MIS in Healthcare Management
20/23
Use of eHealthcare System Keys
Encrypt and decrypt on access control process for further transfer
Transfer path options Encrypt Key Decrypt Key
Within healthcare sector Receiver Public Key Receiver Private Key
Healthcare Sector toPatient
System default public key System default private ke
Patient to any reviewers(Open Access) System default public key System default private ke
Patient to already knownreceiver
Receiver Public Key Receiver Private Key
Patient to unknownspecified receiver
Newly generated unique
private key
The unique correspondin
public key
8/12/2019 MIS in Healthcare Management
21/23
Issues
On one hand, the patients' data is considered as highly sensitiverequired high level of security
On the other hand, the information need to be available inemergency events without any trapdoors
The eHealthcare approach is suitable or not, could become the
main security argument
8/12/2019 MIS in Healthcare Management
22/23
Conclusion
By employing the eCert protocol, the eHealth-eCert document cbe used standalone or in parallel with the PRS, as a secured andindependently verifiable backup to the existing system
Advantageous over the exiting system, as it satisfies theinformation ownership right, and enables the owner to have
control of their data The design IS independent of any particular implementation
8/12/2019 MIS in Healthcare Management
23/23
Thank You!
Recommended