You are on page 1of 23

MIS in Healthcare Management

Submitted to: Submitted by:

Group 9
Umang Ugra
Bhawana Goel Hitesh Mehta

Prof. S. Kannan

Prateek Singh Bapna Sakshi Garg

Article Referred
Title: HEALTHCARE DATA MANAGEMENT ISSUES AND THE ECERT SOLUTION

Authors:

Lisha Chen-Wilson, Xin Wang, Gary B Wills and David Argles


School of Electronic and Computer Science, University of Southampton, United Kingdom Charles Shoniregun Infonomics Society, United Kingdom Published in 2011 (IEEE)

Introduction
Large no. of organizations are converting their paper data into eformat. Concerns about storage & transmission of data are increasing

Prevention of unauthorized modification and loss of records is very crucial in healthcare sector Besides human error, there is a concern for maintain the confidentiality of patient data The paper presents a method of protecting system against misuse by outside attackers and illegitimate users

Introduction (Contd.)
Patients should be given opportunity to chose whether or not their healthcare information be collected & recorded. Patients should also be given the control of how the data is accessed and modified. To address these problem, the eCert project has developed a usercentric eDocument transmission protocol. The eCert protocol enables users to share their data whilst maintaining a measure of control over its visibility.

Current Healthcare Information System


Data collection on paper, which is prone to loss and damages. Levels of communication in Healthcare system:
National level across communities Regional level across organizations Enterprise level with healthcare organizations Global information reach

Challenges faced by Current Healthcare Information System


How to make the data available according to only those who need Preventing data transmission to illegitimate organizations

Competing Aims: CONFLICT PARADOX


1. Availability of data in case of emergency 2. Ensuring restrictions on visibility of sensitive information

Healthcare Scenario
A. Sharing healthcare records
eDocument validation is essential, but
Confidentiality should not be violated Embarrassing private information should not be forwarded.

B. Loss of Healthcare records


Data corruption will lead to wrong diagnosis, endangering life of the patient

Underlying Technologies
eCertificate System
enables the eCertificate owners to have usage control over their documents before distributing to the reviewers, prevent unauthorized modification and distribution

Mobile eID
to explore the issues that arise in implementing the eCert protocol within a mobile platform to provide certified, certifiable, and protected identity information.

Underlying Technologies (Contd.)


eCert as a policy for the signing and key management
The eCert approach defines a secured and signed document that enables the user to determine what a reviewer is allowed to see and for how long. File Structure: Metadata, text content, supported file outputs Signing Method:
Optional files will be signed individually using detached signature Their signature values and the reference URI will then be embedded within the main content under the corresponding display conditions The document will then be signed using enveloped signature, and encrypted before distributed

Underlying Technologies (Contd.)


Keys management:
The system will use the issuer's private key to sign the document, and use the system's default public key, or the receiver's public key to encrypt the document, depend on the applied situations.

System structure:
All supported systems will be installed locally in registered institutions, and link to the eCert central server.

Usage control:
User has the option to set the access rights.

Features of eCert Protocol


Secure User-centric Lifetime Validation Verifiable distributed data

Benefits and Drawbacks of eCert in Healthcare


Provides a unique, secure, reliable system for data management Has a secure user-centric approach

Currently there is no known drawback of eCert protocol in Healthcare

Proposed eHealthcare
Use case:
Three stakeholders: Issuer, Patient and Reviewer

eHealthcare use case - Record healthcare history


Description Actors Scenario A healthcare sector staff wishes to record a patient's healthcare information after providing the treatment Patient Healthcare sector staff 1. 2. 3. 4. Patient requires treatment and provide related information Healthcare sector staff retrieves the patient's healthcare history from PRS, and assess the patient Patient receives treatment Healthcare sector staff record the treatment process and result in PRS

Variations Benefits

If the patient has no record in the PRS yet, the healthcare sector staff can start from creating a new account Patient: all treatment history is in record, no need to memorize them specially the details in medical terms. Healthcare sector: maintain patients healthcare history can provide efficient assessment, enable informed decision, and therefore, better treatment result

Issues

Records in PRS have risks: e.g. unauthorized modification, human errors, and database attacks. Incorrect record will lead to wrong treatments Lost of record or a whole database will affect the efficient of assessments It is not easy for a patient to find out what is being held about them in the system, or to retrieve the information for any personal purposes (e.g. forward it to a private healthcare provider)

Proposed eHealthcare (Contd.)


Comparison of eHealthcare with eCertificate and eID in terms of:
1. File Structure

Proposed eHealthcare (Contd.)


2. Technical Skills: Unlike the case of eCertificate and elD, the information owners in the eHealthcare case are patients, which can be any age, may be new to computing technologies, or may have no capability of managing their own documents. 3. Usage Control a. eCertificate and eID: Further transfer of the eDocument from thr reviewer is prevented. b. eHealthcare: Not only the owner, but all stakeholders, should have the usage control of the document

Proposed eHealthcare (Contd.)

Proposed eHealthcare (Contd.)


Design
An eHealth-eCert will follow the eCert user-centric approach, and will be secured to ensure confidentiality, integrity and availability during its issue, distribution, management, and verification processes

Use of eHealthcare System Keys


Signing and Verifying Process

Signing Key Verifying Key


Encrypt and decrypt on Issuing Process

Issuer Private Key Issuer Public Key Encrypt Key Receiver Public Key
System default public key Patient public key

Issuing Path Option Within Healthcare Sector


Healthcare sector to patient with open access Healthcare sector to patient with controlled access

Decrypt Key Receiver Private Key


System default private key Patient private key

Use of eHealthcare System Keys


Encrypt and decrypt on access control process for further transfer Transfer path options Within healthcare sector Healthcare Sector to Patient Patient to any reviewers (Open Access) Patient to already known receiver Encrypt Key Receiver Public Key System default public key System default public key Receiver Public Key Decrypt Key Receiver Private Key System default private key System default private key Receiver Private Key

Patient to unknown specified receiver

Newly generated unique private key

The unique corresponding public key

Issues
On one hand, the patients' data is considered as highly sensitive, required high level of security On the other hand, the information need to be available in emergency events without any trapdoors The eHealthcare approach is suitable or not, could become the main security argument

Conclusion
By employing the eCert protocol, the eHealth-eCert document can be used standalone or in parallel with the PRS, as a secured and independently verifiable backup to the existing system Advantageous over the exiting system, as it satisfies the information ownership right, and enables the owner to have control of their data The design IS independent of any particular implementation

Thank You!

You might also like