MIS in Healthcare Management

8/12/2019 MIS in Healthcare Management

1/23

MIS in HealthcareManagement

Submitted to: Submitted by:

Prof. S. Kannan Umang Ugra

Bhawana Goel

Hitesh Mehta

Prateek Singh Bapna

Sakshi Garg

G


2/23

Article Referred

Title: HEALTHCAREDATA MANAGEMENT ISSUES AND THE ECERT SOLUTION

Authors:

Lisha Chen-Wilson, Xin Wang, Gary B Wills and David Argles

School of Electronic and Computer Science,University of Southampton, United Kingdom

Charles Shoniregun

Infonomics Society, United Kingdom

Published in 2011 (IEEE)


3/23

Introduction

Large no. of organizations are converting their paper data into eformat.

Concerns about storage & transmission of data are increasing

Prevention of unauthorized modification and loss of records is vcrucial in healthcare sector

Besides human error, there is a concern for maintain theconfidentiality of patient data

The paper presents a method of protecting system against misuby outside attackers and illegitimate users


4/23

Introduction (Contd.)

Patients should be given opportunity to chose whether or not thhealthcare information be collected & recorded.

Patients should also be given the control of how the data isaccessed and modified.

To address these problem, the eCert project has developed a uscentric eDocument transmission protocol.

The eCert protocol enables users to share their data whilstmaintaining a measure of control over its visibility.


5/23


6/23

Challenges faced by Current HealthcareInformation System

How to make the data available according to only those who ne

Preventing data transmission to illegitimate organizations

Competing Aims: CONFLICT PARADOX

1. Availability of data in case of emergency

2. Ensuring restrictions on visibility of sensitive information


7/23

Healthcare Scenario

A. Sharing healthcare records eDocument validation is essential, but

Confidentiality should not be violated

Embarrassing private information should not be forwarded.

B. Loss of Healthcare records Data corruption will lead to wrong diagnosis, endangering life of the pat


8/23

Underlying Technologies

eCertificate System enables the eCertificate owners to have usage control over their docume

before distributing to the reviewers, prevent unauthorized modification distribution

Mobile eID to explore the issues that arise in implementing the eCert protocol withi

mobile platform to provide certified, certifiable, and protected identityinformation.


9/23

Underlying Technologies (Contd.)

eCert as a policy for the signing and keymanagementThe eCert approach defines a secured and signed document thatenables the user to determine what a reviewer is allowed to seeand for how long.

File Structure: Metadata, text content, supported file outputs

Signing Method: Optional files will be signed individually using detached signature

Their signature values and the reference URI will then be embedded witthe main content under the corresponding display conditions

The document will then be signed using enveloped signature, and encrypbefore distributed


10/23

Underlying Technologies (Contd.)

Keys management: The system will use the issuer's private key to sign the document, and us

the system's default public key, or the receiver's public key to encrypt thdocument, depend on the applied situations.

System structure: All supported systems will be installed locally in registered institutions,

link to the eCert central server.

Usage control: User has the option to set the access rights.


11/23

Features of eCert Protocol

Secure

User-centric

Lifetime Validation

Verifiable distributed data


12/23

Benefits and Drawbacks of eCert inHealthcare

Provides a unique, secure, reliable system for data managemen

Has a secure user-centric approach

Currently there is no known drawback of eCert protocol in

Healthcare


13/23

Proposed eHealthcare

Use case: Three stakeholders: Issuer, Patient and Reviewer

eHealthcare use case Record healthcare histo


14/23

eHealthcare use case - Record healthcare histoDescription A healthcare sector staff wishes to record a patient's healthcare informatio

treatment

Actors Patient Healthcare sector staff

Scenario 1. Patient requires treatment and provide related information2. Healthcare sector staff retrieves the patient's healthcare history from PRS, a3. Patient receives treatment

4. Healthcare sector staff record the treatment process and result in PRS

Variations If the patient has no record in the PRS yet, the healthcare sector staff can staaccount

Benefits Patient: all treatment history is in record, no need to memorize them s

medical terms. Healthcare sector: maintain patients healthcare history can provide efficie

informed decision, and therefore, better treatment result

Issues Records in PRS have risks: e.g. unauthorized modification, human errors, and da Incorrect record will lead to wrong treatments Lost of record or a whole database will affect the efficient of assessments

It is not easy for a patient to find out what is being held about them in the syste

information for any personal purposes (e.g. forward it to a private healthcare pr


15/23

Proposed eHealthcare (Contd.)

Comparison of eHealthcare with eCertificate and eID in terms o

1. File Structure


16/23


2. Technical Skills:

Unlike the case of eCertificate and elD, the information owners in theeHealthcare case are patients, which can be any

age, may be new to computing technologies, or may have no

capability of managing their own documents.

3. Usage Controla. eCertificate and eID: Further transfer of the eDocument from thrreviewer is prevented.

b. eHealthcare: Not only the owner, but all stakeholders, should

have the usage control of the document


17/23



18/23


Design An eHealth-eCert will follow the eCert user-centric approach, and will b

secured to ensure confidentiality, integrity and availability during its issudistribution, management, and verification processes


19/23

Use of eHealthcare System Keys

Signing and Verifying Process

Signing Key Issuer Private Key

Verifying Key Issuer Public Key

Encrypt and decrypt on Issuing Process

Issuing Path Option Encrypt Key Decrypt Key

Within Healthcare Sector Receiver Public Key Receiver Private Key

Healthcare sector topatient with open access

System default public key System default private ke

Healthcare sector topatient with controlledaccess

Patient public key Patient private key


20/23

Use of eHealthcare System Keys

Encrypt and decrypt on access control process for further transfer

Transfer path options Encrypt Key Decrypt Key

Within healthcare sector Receiver Public Key Receiver Private Key

Healthcare Sector toPatient

System default public key System default private ke

Patient to any reviewers(Open Access) System default public key System default private ke

Patient to already knownreceiver

Receiver Public Key Receiver Private Key

Patient to unknownspecified receiver

Newly generated unique

private key

The unique correspondin

public key


21/23

Issues

On one hand, the patients' data is considered as highly sensitiverequired high level of security

On the other hand, the information need to be available inemergency events without any trapdoors

The eHealthcare approach is suitable or not, could become the

main security argument


22/23

Conclusion

By employing the eCert protocol, the eHealth-eCert document cbe used standalone or in parallel with the PRS, as a secured andindependently verifiable backup to the existing system

Advantageous over the exiting system, as it satisfies theinformation ownership right, and enables the owner to have

control of their data The design IS independent of any particular implementation


23/23

Thank You!

Documents

MIS in Healthcare Management