Paper-based health records are
rapidly becoming outdated. They are easily lost, are subject to wear and tear,
are costly to handle, cannot be transferred electronically, may be difficult to
interpret, and are inefficient. These fundamental drawbacks are driving a
transition across the globe towards Electronic Health Records (EHRs).
Patience in the hospital are
been diagnosed and treated, this diagnostics and treatment are been recorded
for future purposes in the electronic health record system (EHR) of the
hospital. This record should be protected at all cost from a third party.
This master’s thesis offers a
practical solution using cryptography to protect these sensitive electronic
records of patients and staff in Federal Medical Center (FMC) Makurdi, Benue
State and gives them privacy control over who views their treatment and symptoms,
and every other sensitive information in other units of the hospital.
Statement of the Problem
Most people in the society, are
been discriminated or been treated wrongly, in their various environment
because of the nature of their ill health which was been exposed by the third
In the 21st century where most
patient medical records are stored electronically and most medical institutions
have their electronic health record system running on a network (local or
internet), these network may not be fully secured for such sensitive medical
information considering the increase rate of cyber crime and information theft.
It will be imperative to use a
security measure where even if the third party get hold of these sensitive
health record, the content especially the treatment and symptoms will be
scrambled and unreadable. Using a cryptographic method to secure this patients
electronic record will be best to achieve the desired result (i.e scrambled or
unreadable) and will give the patient full privacy control over his/hers
medical record with a given key and decided who views their record.
Federal Medical Center (FMC)
Makurdi needs to have a system that will secure not just patients sensitive
data but also other very important data about various units and their staff in
1.3. Objectives of the Study
The general aims of this
project work are to design a system that can:
Authenticate and provide access to right users.
Introduce a higher level of security (the use of a cryptographic “Secret
Key”) where patients and medical staff are in charge of sensitive record in
their unit rather than just the normal Login and Password.
patient’s records and equally encrypt sensitive information about them.
Append the diagnosis records and secure.
Capture the basic data in the following basic unit of Federal Medical Center
(FMC) Makurdi: card and record unit, consultant unit, pharmacy unit, laboratory
unit, bursary /accounting unit and provide an area where patient can view their
Protect sensitive information at the various unit using user login security and
triple DES encryption method there by assigning unique decryption key for each
user which works when there is a right login credential and secret key
combination for that particular logged in person.
Encrypting sensitive data by default using the logged in user’s secret key
which is only known by the logged in user.
Providing a flexible means of changing login password if it is been
Providing a flexible means of allowing users to change their secret key, by
providing a security question and answer which was provided when they created
the account and the old key if key has been compromised.
Providing a security emergency rule called “glass breaking rule”
where only the admin staff can use patient id and his own secret key to get
patient secret key to enable doctors see patient record.
Finally, to design a system this will help to overcome the problem of
stigmatization on patients living with a particular ailment.
1.4 Scope of the Study
The main focus of the project
is the implementation of data encryption and decryption on patient’s privacy in
E-records. The system will be secured in cases where only the authorized person
has the needed cryptographic key to decipher the message. The system does not
provide any security where an unauthorized user has knowledge of the encryption
It also offers a
practical solution to the sharing of medical data where privacy and security
are robust and where the records can be trusted as being unaltered and
unchanged as they pass between providers in the following units in the
hospital, these include:
and record unit
Bursary /accounting unit
Federal Medical Center
Makurdi, Benue State, will be used as case study for this work.
1.5 Significance of the Study
This project, allows patients
have right over their secret key and allows them to give an authorization
secret to any of the medical personnel through different communication channels
(e.g. phone or as a paper code). This token allows them to access the patient's
E-record data while the patient does not need to be present at the time of
access as he does not need to enter a PIN for authorization.
This approach provides more
flexibility and retains the security and privacy properties of
patient-controlled E-record encryption.
Limitations of the Study
This system applies to only
hospitals where patient’s records are stored electronically. The project isn’t
concern about building a full hospital management system but trying to
demonstrate how encryption method of security can be combined with the normal
logging in to protect sensitive information. Other cryptosystem weren’t used in
this research due to its research nature and time, the algorithms used became
limited. Also financial constraints and time, limited further research on this
TERMS AND CONDITIONS APPLY
For more informations on project materials and more