Download Designing an Architecture for Secure Sharing of Personal Health Records PDF

TitleDesigning an Architecture for Secure Sharing of Personal Health Records
LanguageEnglish
File Size5.3 MB
Total Pages250
Document Text Contents
Page 1

Un
ive

rsi
ty

of
Ca

pe
T

ow
n

Designing an Architecture for Secure Sharing of Personal
Health Records - A Case of Developing Countries





RICHARD SSEMBATYA

MSc. Computer Science (MUK), BSc. Computer Science (Hons) (MUST)



Thesis



Submitted in Fulfilment of the Requirements for the Degree of

DOCTOR OF PHILOSOPHY

Department of Computer Science, Faculty of Science

UNIVERSITY OF CAPE TOWN










Supervised by: Dr. Anne V.D.M. Kayem & Prof. Gary Marsden






August 2014

Page 2

The copyright of this thesis vests in the author. No
quotation from it or information derived from it is to be
published without full acknowledgement of the source.
The thesis is to be used for private study or non-
commercial research purposes only.



Published by the University of Cape Town (UCT) in terms
of the non-exclusive license granted to UCT by the author.

Page 125

108


“Predictions are always perilous;

the best way to predict the future is to create it"

- Peter Drucker



This chapter picks up from chapter five – conceptual and participatory designs. In this chapter,

we present the design of ACOF based on end-users’ requirements, mobile phone-based PHR

components, and technology gaps identified in chapter two. The chapter describes the

interaction of ACOF modules, and the implementation of the PHR system called M-Health

App system to support offline access of personal health records. Thus, the chapter makes two

main contributions to the thesis;

1. The design of an access control framework called ACOF that protects personal health

records on mobile phones. Contrary to other approaches, the framework supports secure

sharing of personal records even when the hospital servers are offline.

2. The design and implementation of the PHR system that provides self-protecting

Personal Health Records (PHRs) on the mobile phone. The system enables end-users

to securely download and update their medical records using an Identity-Based

Encryption (IBE) architecture.



ACOF, as the name suggests, is an access control framework that protects patients’ health

records beyond the hospital’s trust boundaries. To achieve this, the framework considers the

following issues;

One of the most important requirements of

ACOF architecture is to empower patients securely own their medical records. As discussed in

chapter three, previously published research relating to the protection of PHRs by individual

users has been limited in developed countries due to developed infrastructure.

Page 126

109


Traditionally, access control in EHR systems is

accomplished by storing health information in a centralised location such as the hospital server.

However, when the server fails or become unavailable, for example due to frequent power

outages and/or unstable Internet connections that is common in developing countries, access

control decisions cannot be made, making EHR systems unusable. The daily power outages

and unreliable Internet connections mandate that patients be given offline access to support

their healthcare.

There are number of approaches that support offline access of electronic health records (Li et

al., 2013; Dmitrienko et al., 2013; Akinyele et al., 2011). Among these approaches is the use

of mobile phones to provide instant access of personal information when the hospital servers

are offline (Akinyele et al., 2011). However, for end-users, such as healthcare professionals

and patients to successfully utilise PHR services through mobile phones, security must be

guaranteed (Zheng, 2011; Wang et al., 2012).



Similar to desktop-based PHR systems, mobile phone-based PHRs must provide the following

functions to the user: confidentiality and integrity of data, user authentication, and none

repudiation (Avancha et al., 2012; Dmitrienko et al., 2013). Technologies that apply these

security elements to mobile phones must be able to provide end-users with the same level of

security as with desktop computers (Schwingenschlögl et al., 2006).

Many security protocols on desktop PCs and most security applications for PHRs are based on

public key cryptography (Zheng, 2011; Hsieh & Chen, 2012; Hupperich et al., 2012; Li et al.,

2013). The Public Key Infrastructure (PKI) applies a public key cryptographic method to

transmit a user’s public key in a secure and reliable channel (Housley, Polk, Ford, & Solo,

2002; Lee, Lee, & Song, 2007). However, it is difficult to apply PKI protocols for security in

mobile phones (Sax et al., 2005; Lee et al., 2007). First, mobile phones have major limitations

of performance such as less memory and less powerful Central Processing Unit (CPU).

Similarly, because mobile phones form part of the wireless environment, they present a

constrained communication due to less bandwidth (Lee et al., 2007). For a PKI protocol to

work successfully, a mobile phone must generate a public key pair and compute a digital

signature using the key. A public key certificate is then issued to the mobile through a wireless

Internet connection. The public key certificate provides a method to bind the public key and its

owner (Lee et al., 2007). Using the certificate, the mobile entity must authenticate itself and

Page 249

232


Strongly Agree Strongly disagree Not Applicable
1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....


11. I liked using the interfaces of this system
Strongly Agree Strongly disagree Not Applicable

1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....



12. The organisation of information on the system screens was clear
Strongly Agree Strongly disagree Not Applicable

1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....


13. The system gave error messages that clearly told me how to fix problems
Strongly Agree Strongly disagree Not Applicable

1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....


14. Whenever I made a mistake using the system, I could recover easily and quickly.
Strongly Agree Strongly disagree Not Applicable

1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....


15. It was easy to find information I needed.
Strongly Agree Strongly disagree Not Applicable

1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....


16. The information provided for by the system was easy to understand
Strongly Agree Strongly disagree Not Applicable

1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....


17. The information was effective in helping me complete the tasks and scenarios.
Strongly Agree Strongly disagree Not Applicable

1 2 3 4 5 6 7 N/A
Comments: ………………………………………………………….....

Page 250

233


APPENDIX 7.5: INFORMED CONSENT AGREEMENT


This is to certify that I
____________________________________________________________
Have agreed to work with Richard Ssembatya on a research project he is conducting

under the University of Cape Town in conjunction with . I

agree to receive from the project a Google IDEOS handset that will be used to give me

access to my personal health information. I understand that what is expected of me in

this project is to give my opinions on the system. I hereby grant him the permission to

publish these opinions and other observations in his research papers and thesis. He may

use my pictures in his thesis and publications. I am aware that I have the right to opt out

of this research at any time. I promise to return the handset any time it is needed.


Signature: ___________________________ Date: _______________________

Similer Documents