ELECTRONIC HEALTH RECORD (EHR) ENCRYPTION SYSTEM

1.3.    Objectives of the Study

The general aims of this project work are to design a system that can:

1.     Authenticate and provide access to right users.

2.      Introduce a higher level of security (the use of a cryptographic "Secret Key") where patients and medical staff are in charge of sensitive record in their unit rather than just the normal Login and Password.

3.     Add patient's records and equally encrypt sensitive information about them.

4.     Append the diagnosis records and secure.

5.     Capture the basic data in the following basic unit of Federal Medical Center (FMC) Makurdi: card and record unit, consultant unit, pharmacy unit, laboratory unit, bursary /accounting unit and provide an area where patient can view their file.

6.     Protect sensitive information at the various unit using user login security and triple DES encryption method there by assigning unique decryption key for each user which works when there is a right login credential and secret key combination for that particular logged in person.

7.     Encrypting sensitive data by default using the logged in user's secret key which is only known by the logged in user.

8.     Providing a flexible means of changing login password if it is been compromised.

9.     Providing a flexible means of allowing users to change their secret key, by providing a security question and answer which was provided when they created the account and the old key if key has been compromised.

10.                                                                                                                                 Providing  a security emergency  rule called "glass breaking rule" where only the admin staff can use patient id and his own secret key to get patient secret key to enable doctors see patient record.

11.                     Finally, to design a system this will help to overcome the problem of stigmatization on patients living with a particular ailment.

1.4     Scope of the Study

The main focus of the project is the implementation of data encryption and decryption on patient's privacy in E-records. The system will be secured in cases where only the authorized person has the needed cryptographic key to decipher the message. The system does not provide any security where an unauthorized user has knowledge of the encryption key.

 It also offers a practical solution to the sharing of medical data where privacy and security are robust and where the records can be trusted as being unaltered and unchanged as they pass between providers in the following units in the hospital, these include:

1.     Card and record unit

2.     Consultant unit

3.     Pharmacy unit

4.     Laboratory unit

5.     Bursary /accounting unit

 Federal Medical Center Makurdi, Benue State, will be used as case study for this work.

1.5     Significance of the Study

This project, allows patients have right over their secret key and allows them to give an authorization secret to any of the medical personnel through different communication channels (e.g. phone or as a paper code). This token allows them to access the patient's E-record data while the patient does not need to be present at the time of access as he does not need to enter a PIN for authorization.

This approach provides more flexibility and retains the security and privacy properties of patient-controlled E-record encryption.

 1.6     Limitations of the Study

This system applies to only hospitals where patient's records are stored electronically. The project isn't concern about building a full hospital management system but trying to demonstrate how encryption method of security can be combined with the normal logging in to protect sensitive information. Other cryptosystem weren't used in this research due to its research nature and time, the algorithms used became limited. Also financial constraints and time, limited further research on this study