ELECTRONIC HEALTH RECORD (EHR) ENCRYPTION SYSTEM FOR FEDERAL MEDICAL CENTER MAKURDI, BENUE STATE ABSTRACT In the 21st century, every aspect of life has become digitalized, virtually everything is been done through the use of computers. In the medical sector the record system has upgraded from contemporary paper file record system to the electronic record system which most times runs on the open internet a web where cyber crime and information theft is on the increase daily. It will be of great importance to protect the privacy of patience and protect sensitive medical electronic information at different unit in the federal hospital running an online hospital management or online hospital portal. Cryptography seems to be the best way where this sensitive information can be protected by combining cryptography and the logged in credentials of the logged in user. Scrambling and making them human unreadable until the right key combination for the logged in user is been used to decrypt where the key will be managed solely by the owner of the information. TABLE OF CONTENT CHAPTER ONE INTRODUCTION Background of Study Statement of The Problem Objectives of The Study Scope of The Study Significance of The Study Limitation of The study CHAPTER TWO LITERATURE REVIEW Overview of Electronic Health Record 2.1.1 Electronic Health Record System: Past, Present and Future Types of Health Information/ Record Systems Paper-Based Electronic Device-Based Web-Based History of Medical Records Paper Medical Records The Users of EHR Patients Health Worker Insurance Relations and Demands on EHR Content of the EHR Personal Overview Patient Part Storage Central Database Chipcard Online Storage Decentral Storage Patient Privacy and Security in Electronic Health Records Privacy and Confidentiality Privacy-Enhancing Technologies Privacy-respecting security technologies Controlling who can learn what Personal Health Records Controlling who owns what Information Security Security Requirements Confidentiality Integrity Availability Authenticity Non-repudiation Rights of Patient An Overview of Cryptography Cryptographic Functions Authentication Non-Repudiation Confidentiality Integrity Cryptographic Algorithms Symmetric Cryptography Symmetric-Key Cryptography Asymmetric Cryptography Asymmetric-Key Cryptography Hash Functions Encryption and Cryptography Cryptographic Security Technologies in EHR Public Key Infrastructure Privilege Management Infrastructure Pseudonymization CHAPTER THREE SYSTEM ANALYSIS AND METHODOLOGY Methodology Structured System Analysis and Design Methodology (SSADM) Object-Oriented Analysis and Design Methodology (OOADM Prototyping Expert Systems Methodology Selecting a Design Methodology The Hospital and Its Environment Demographic Variable System Analysis Analysis of the Present System Weakness of the Present System Exiting Cryptographic System (Smartcard Cryptographic System). Setbacks of Exiting Cryptographic System High Level Model for the Proposed System CHAPTER FOUR SYSTEM DESIGN AND IMPLEMENTATION The Objective of the Design Encryption Flowchart Decryption Flowchart Control Center Patient’s Unit Card/Record Unit Consultant Unit Pharmacy Unit Laboratory Unit Bursary Unit Admin Unit Database Specification Bursary Unit Card Unit Consultancy Unit Patient Unit Pharmacy Unit Staff_account Unit Lab_Unit Data Dictionary Implementation and Testing Parallel adoption How it Works System Specification Server Side System Specification Client Side System Requirements Input/ Output Specification Patient’s Registration Area Staff Registration Form Login Form Pharmacy Unit Stock Form Pharmacy unit Drugs Table Bursary / Accountancy unit Pay slip Form Patient Consultation Sheet Patient Lab Form Prescription Sheet Pharmacy Unit Card Unit Bursary Unit Staff List and Monthly Salary Choice and Justification of Programming Language CHAPTER FIVE SUMMARY, CONCLUSION AND RECOMMENDATION Summary Conculsion Recommendation REFERENCE CHAPTER ONE 1.0 INTRODUCTION 1.1 Background of The Study Paper-based health records are rapidly becoming outdated. They are easily lost, are subject to wear and tear, are costly to handle, cannot be transferred electronically, may be difficult to interpret, and are inefficient. These fundamental drawbacks are driving a transition across the globe towards Electronic Health Records (EHRs). Patience in the hospital are been diagnosed and treated, this diagnostics and treatment are been recorded for future purposes in the electronic health record system (EHR) of the hospital. This record should be protected at all cost from a third party. This master’s thesis offers a practical solution using cryptography to protect these sensitive electronic records of patients and staff in Federal Medical Center (FMC) Makurdi, Benue State and gives them privacy control over who views their treatment and symptoms, and every other sensitive information in other units of the hospital. 1.2 Statement of the Problem Most people in the society, are been discriminated or been treated wrongly, in their various environment because of the nature of their ill health which was been exposed by the third party. In the 21st century where most patient medical records are stored electronically and most medical institutions have their electronic health record system running on a network (local or internet), these network may not be fully secured for such sensitive medical information considering the increase rate of cyber crime and information theft. It will be imperative to use a security measure where even if the third party get hold of these sensitive health record, the content especially the treatment and symptoms will be scrambled and unreadable. Using a cryptographic method to secure this patients electronic record will be best to achieve the desired result (i.e scrambled or unreadable) and will give the patient full privacy control over his/hers medical record with a given key and decided who views their record. Federal Medical Center (FMC) Makurdi needs to have a system that will secure not just patients sensitive data but also other very important data about various units and their staff in the hospital. 1.3. Objectives of the Study The general aims of this project work are to design a system that can: 1. Authenticate and provide access to right users. 2. Introduce a higher level of security (the use of a cryptographic “Secret Key”) where patients and medical staff are in charge of sensitive record in their unit rather than just the normal Login and Password. 3. Add patient’s records and equally encrypt sensitive information about them. 4. Append the diagnosis records and secure. 5. Capture the basic data in the following basic unit of Federal Medical Center (FMC) Makurdi: card and record unit, consultant unit, pharmacy unit, laboratory unit, bursary /accounting unit and provide an area where patient can view their file. 6. Protect sensitive information at the various unit using user login security and triple DES encryption method there by assigning unique decryption key for each user which works when there is a right login credential and secret key combination for that particular logged in person. 7. Encrypting sensitive data by default using the logged in user’s secret key which is only known by the logged in user. 8. Providing a flexible means of changing login password if it is been compromised. 9. Providing a flexible means of allowing users to change their secret key, by providing a security question and answer which was provided when they created the account and the old key if key has been compromised. 10. Providing a security emergency rule called “glass breaking rule” where only the admin staff can use patient id and his own secret key to get patient secret key to enable doctors see patient record. 11. Finally, to design a system this will help to overcome the problem of stigmatization on patients living with a particular ailment. 1.4 Scope of the Study The main focus of the project is the implementation of data encryption and decryption on patient’s privacy in E-records. The system will be secured in cases where only the authorized person has the needed cryptographic key to decipher the message. The system does not provide any security where an unauthorized user has knowledge of the encryption key. It also offers a practical solution to the sharing of medical data where privacy and security are robust and where the records can be trusted as being unaltered and unchanged as they pass between providers in the following units in the hospital, these include: 1. Card and record unit 2. Consultant unit 3. Pharmacy unit 4. Laboratory unit 5. Bursary /accounting unit Federal Medical Center Makurdi, Benue State, will be used as case study for this work. 1.5 Significance of the Study This project, allows patients have right over their secret key and allows them to give an authorization secret to any of the medical personnel through different communication channels (e.g. phone or as a paper code). This token allows them to access the patient's E-record data while the patient does not need to be present at the time of access as he does not need to enter a PIN for authorization. This approach provides more flexibility and retains the security and privacy properties of patient-controlled E-record encryption. 1.6 Limitations of the Study This system applies to only hospitals where patient’s records are stored electronically. The project isn’t concern about building a full hospital management system but trying to demonstrate how encryption method of security can be combined with the normal logging in to protect sensitive information. Other cryptosystem weren’t used in this research due to its research nature and time, the algorithms used became limited. Also financial constraints and time, limited further research on this study.
ELECTRONIC HEALTH RECORD (EHR) ENCRYPTION SYSTEM FOR FEDERAL MEDICAL CENTER MAKURDI, BENUE STATE
ABSTRACT In the 21st century, every aspect of life has become digitalized, virtually everything is been done through the use of computers. In the medical sector the record system has upgraded from contemporary paper file record system to the electronic... Continue Reading
FOR FEDERAL MEDICAL CENTER MAKURDI, BENUE STATE CHAPTER ONE 1.0 INTRODUCTION 1.1 Background of The Study Paper-based health records are rapidly becoming outdated. They are easily lost, are subject to wear and tear, are costly to handle, cannot be transferred... Continue Reading
ABSTRACT The adoption and promotion of Information and Communication Technology (ICT), including Electronic Health Records (EHR) system, in healthcare delivery is growing rapidly in most developing countries including Nigeria. The aim of this study is to evaluates the attitude, perception and barrier of implemented EHR at Lagos state university... Continue Reading
ABSTRACT The adoption and promotion of Information and Communication Technology (ICT), including Electronic Health Records (EHR) system, in healthcare delivery is growing rapidly in most developing countries including Nigeria. The aim of this study is to evaluates the attitude, perception and barrier of implemented EHR at Lagos state university... Continue Reading
ABSTRACT The adoption and promotion of Information and Communication Technology (ICT), including Electronic Health Records (EHR) system, in healthcare delivery is growing rapidly in most developing countries including Nigeria. The aim of this study is to evaluates the attitude, perception and barrier of implemented EHR at Lagos state university... Continue Reading
Computer and data have become an integral part of every enterprise and business today. Accurate data which is transformed to information is required for any industry to perform at optimal level as such is used in decisive management and decision making processes. This therefore makes such organisations critically dependent on the use of a database... Continue Reading
Computer and data have become an integral part of every enterprise and business today. Accurate data which is transformed to information is required for any industry to perform at optimal level as such is used in decisive management and decision making processes. This therefore makes such organisations critically dependent on the use of a database... Continue Reading
Version:0.9 StartHTML:0000000105 EndHTML:0000005387 StartFragment:0000000141 EndFragment:0000005347 The rate of maternal mortality in the recent time is so alarming due to weak health systems, poor doctor-patient relationship, and non-existence of e-health management system to efficiently maintain, handle the patient’s record and schedule... Continue Reading
Abstract This study the role of the media in the management of environmental health issues in makurdi Benue state, was designed to assess the role of the media in management of environmental health issues in Benue state. Relevant literature were reviewed on Solid Waste, Public Health, Attitude Change and Media. The survey research design was... Continue Reading
Abstract This study the role of the media in the management of environmental health issues in makurdi Benue state, was designed to assess the role of the media in management of environmental health issues in Benue state. Relevant literature were reviewed on Solid Waste, Public Health, Attitude Change and Media. The survey research design was... Continue Reading