Analysis of data security for hospital management using data transparent encryption and role based access control

  • Authors

    • Dr. Kamalakannan Machap Asia Pacific University of Technology and Innovation,Technology park University,57000- Bukit Jalil, Kuala Lumpur,Malaysia.
    • Dr. Mohamed Shabbir Hamza Abdulnabi Asia Pacific University of Technology and Innovation,Technology park University,57000- Bukit Jalil, Kuala Lumpur,Malaysia.
    • Thiyagu Ravichandran Asia Pacific University of Technology and Innovation,Technology park University,57000- Bukit Jalil, Kuala Lumpur,Malaysia.
    2019-03-12
    https://doi.org/10.14419/ijet.v7i4.25223
  • Transparent Data Encryption, RBAC, MD5, Discretionary Access Control, M-RBAC, M-Patient-Centric-ABAC.
  • Abstract

    Currently, the issue of security is a key concern for organizations, especially those operating within the healthcare sector. The authors thus propose to enhance the integrity of existing healthcare systems through the incorporation of an essential security layer that involves encryption techniques to avoid data leakage or misuse by third parties. Unlike other sectors, a number of healthcare organizations are still reliant upon traditional paper based systems, although the use of electronic patient record systems is steadily growing. The benefits provided by computerized online patient records is offset by the increased risk of unauthorized access to the personal information of the patients. The encryption technique proposed aims to ensure patient medical data is encrypted and safe in the event the storage media or data file is stolen. Furthermore, the developer has used Role Based Authentication Control (RBAC) to assign permissions to roles and roles to users. These roles correspond to positions in an organization and align with the duties of a particular position. In addition, other than encryption techniques the developer has used the MD5 hashing technique to hash and store username and passwords in a hexadecimal character. This increases adds an extra level of difficultly for an authorized individual to access the information in the database. The authors have also implemented additional security features during the login process, thus access to the system is contingent upon the user successfully passing through all of the security procedures.

     

     

  • References

    1. [1] Andrew. (2017). Rational Unified Process. Retrieved from airbrake. PP. 15-19.

      [1] Anwar, A. (2014). A Review of RUP (Rational Unified Process). International Journal of Software Engineering.pp.1-17.

      [2] Carpenter, M. E. (2017). Pocket Sense. Retrieved from pocketsense.com: https://pocketsense.com/advantages-and-disadvantages-of-electronic-claims-and-patient-files.

      [3] Diachenko, B. (2017, October 10). Mackeeper Security Research Centre.pp. 54-68.

      [4] Fuchs, L. (2010). Methodology for Hybrid Role Development.pp.16-21.

      [5] Fund, R. L. (2018). Literature reviews.pp.27-34.

      [6] Mario Sicuranza, A. E. (2013). Access Control Model for easy management of patient privacy in EHR system.pp.8-12.

      [7] Martell, M. (2017). Always Encrypted (Database Engine).pp. 24-33.

      [8] Mudit_Agarwal. (2008), Security Features Analysis for ASP.NET.pp7-9.

      [9] ORACLE. (2018). Database Advanced Security Guide.pp.4-8.

      [10] Practo Technologies. (2016). Insta Hospital and Clinic Management.

      [11] Røstad, L. (2009). Access Control in Healthcare. Trondheim: NTNU.pp.54-63.

      [12] Saikumar, I. (2017). DES- Data Encryption Standard. International Research Journal of Engineering and Technology (IRJET), 6.

      [13] Tiptop Security. (2014, December 15). Tiptop Security. Retrieved from what is a Cryptographic.pp. 6-9.

      [14] Wavemaker. (2018). Rapid Application Development vs. Traditional SDLC.

  • Downloads

  • How to Cite

    Kamalakannan Machap, D., Mohamed Shabbir Hamza Abdulnabi, D., & Ravichandran, T. (2019). Analysis of data security for hospital management using data transparent encryption and role based access control. International Journal of Engineering & Technology, 7(4), 5105-5107. https://doi.org/10.14419/ijet.v7i4.25223

    Received date: 2019-01-02

    Accepted date: 2019-01-13

    Published date: 2019-03-12