DESIGN AND MANAGEMENT OF A SECURE PATIENT DATA MANAGEMENT SYSTEM
ABSTRACT
A secure and distributed framework for the management of patients’ information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area.Patient records constitute the bulk of the medical records of almost all the health care centers all over the world; The existing system of medical record keeping used in most hospitals in general are predominantly paper-based and it is associated with problems such as misplacement of patients’ record, unnecessary duplication of patients’ record as well as lack of effective back up facilities. In an attempt to address the problems associated with paperbased medical record, this project aimed at automating the whole processes by designing a hybrid web-based application to minimize the cost of procuring stationery materials needed for paperbased record keeping and enhancing the integrity and security of the patients’ medical records. The proposed system uses the following security tools to prevent unauthorized users from gaining access to the system resources: Another security tool used is the encryption of user’s password on the login tables using the SHA encryption algorithm, once a user submits a new user account details during the sign up processes, the user’s password will be posted to the login table in an encrypted format. DES_ENCRYPT function (DES: – Data Encryption Standard algorithm) was also used for encrypting all strings stored in the database. To achieve these objectives, the technologies used in the development of this automated system were: JAVA as the Scripting languages, MySQL as the database engine. The system grants different users privileges based on their statutory functions in the clinic which allow the clinical staff (users) the view and perform actions strictly within the domain of their official duties.
CHAPTER ONE: INTRODUCTION
1.1. BACKGROUND OF THE STUDY
The patient medical record is a detailed account of patient’s health and disease after he/she has sought medical help from a health care center; usually, the notes in the record are made by nurses, laboratory technicians or the physicians. The patient’s record contains findings, considerations, test results and treatment information related to the disease that the patient might be suffering from. Medical records are usually kept confidential in an attempt to protect the patient’s privacy.
Presently the medical record facilities at the most hospitals involve the use of a paper-based patient folder that contains all the relevant medical data about a particular patient; the manual or paper based record management system is associated with problems which include but not limited to inefficiency, inaccuracy, time consumption, inconveniency, laborious and sluggish. It is against this background that the need for automating the existing manual systems arises.
The Secure Patient Data Management System (SPDMS) may contain some elements of paper record for example, in the event that a doctor wanted to refer a patient to another clinic or a hospital, the diagnostic information and clinical notes needs to be printed or handwriting on a paper and then sent to the new doctor to be involved for further analysis and examination. In the present era of globalization and advancement in information and communication technology, the need for efficient record keeping increases because of its importance in decision making which makes life better for man; health they say is wealth, therefore there is a need for improving the quality of healthcare delivery. In a recent study on design and implementation of hospital management system, pointed out that, the advancement in technology and globalization remains an active ingredient that enhances the quality of healthcare delivery provided by medical institutions as a result of improvement in the quality of medical services rendered by the various medical institutions all over the world.
The emergence of computer technology has affected the medical institutions, like most other industries all over the world. The application of computers on the delivery of health care services has become a common place practice. In some cases, it involves applying certain technologies to convert the existing paper documents into an electronic format. In others, it is a transition towards the use of the SPDMS. The SPDMS is designed to replace the paper record as the primary format of record keeping in the various healthcare centers across the globe.
1.2. STATEMENT OF THE PROBLEM
It has been observed that to receive medical treatment in most general hospitals in Nigeria, the patients queue up for several hours from one unit of the hospital to another starting from obtaining a new hospital folder, or retrieving an old one before consulting a doctor, to the laboratory unit for lab test then to the pharmacy to get the prescribed drugs and so on.
With the manual processes involved in handling the patient most of them waste the whole day in the hospital and most importantly, the patient’s data is not secured as every attendant at the hospital will have easy access to the patient’s file. Very often, patient’s information is kept in their folders which are stored in the hospital data center and can be retrieved by anyone with access to the room.
This situation is discouraging to most patients and sometimes forces them to turn to nonprofessionals or even resort to self-medication for quick recovery and privacy.
Moreover, the volume of work for the hospital personnel is much. Patients outnumber the doctors, nurses and other medical personnel that too much are required from them. In this regard, for a doctor to examine all his patients for the day the doctor hurries over his work without adequate attention and expertise to his clients. Still, at the end of the day he is exhausted.
In addition to this, the diagnosis and prescription depend on the doctor’s memory and drug of choice. Their brains are often loaded with different diseases, signs and symptoms, complications and various drugs for their treatment and so on. Some of which are very similar. To remember and process this huge information in his clinical work is very tasking. For this reason, accurate diagnosis and prescription may not always be obtained.
The keeping and retrieval of accurate and secured records on patients are poorly carried out in most of our hospitals. Files may be misplaced; the record in them may be wrongly filled or carelessly kept. Hence, it is not easy to obtain accurate, timely and secured information or data.
This is also the case with obtaining other medical information and data especially when new folders and numbers are obtained each year.
1.3. OBJECTIVES OF THE STUDY
This study is centered on the following objectives.
- To examine the current procedures employed in our hospitals with regards to patients data.
- To examine the associated problem(s) or flaws in the current system with relation to patients’ data and security.
- To improve on the already existing system by designing an efficient secured patient data software, this is aimed at an accurate, faster, reliable and secured patient’s information system.
1.4. SCOPE OF THE STUDY
This research work is limited to securing patient’s data information system including treatments, diagnosis, bills and payments. The software developed uses JAVA as the programming language and MySQL to manage the database.
1.5. LIMITATIONS
This project covers all aspect of Medical system with regards to patient’s information. Due to time and financial constraint, the software developed excluded laboratory units.
TABLE 1: PROJECT LIMITATION
| Limitation(s) | Possible solution(s) |
| Inability to carry out research due to loss of hardware/software resources. | Be aware of and observe school security procedures. |
| Loss of work due to equipment failure/loss. | Weekly data backup. |
| Unwillingness to pass sensitive information/business model. | Non-disclosure agreement signing. |
| Inadequate supervision. | Report to a higher authority like the HOD. |
| Health related issues. | Report to the project management team. |
1.6. SIGNIFICANCE OF THE STUDY
Several possible advantages to a secure patient data management system over paper records have been proposed which includes:
Reduction of cost
A vast amount of funds is allocated towards the health care sector by the various tiers of government. The computerized system reduces personnel cost.
Improve quality of care
The implementation of Secured Patient Data Management System (SPDMS) can help lessen patient sufferance due to medical errors and the inability of analysts to assess quality.
Promote evidence-based medicine
Computerized medical record provides access to unprecedented amounts of clinical data for research that can accelerate the level of knowledge of effective medical practices. Realistically, these benefits may only be realized if the systems are interoperable and wide spread (for example, national or regional level) so that various systems can easily share information.
Record keeping and mobility
SPDMS have the advantage of being able to connect to many electronic medical record systems. In the current global medical environment, patients are shopping for their procedures.
1.7. DEFINITION OF TERMS
Electronic Health Record – An electronic health record (EHR) (also electronic patient record (EPR) or computerized patient record) is an evolving concept defined as a systematic collection of electronic health information about individual patients or populations.
INFORMATION – Information is data, or raw facts, shaped into useful form for human use.
SYSTEM – A system is a combination or arrangement of parts to form an integrated whole, working together to achieve specific tasks. A system includes an orderly arrangement according to some common principles or rules.
SUBSYSTEM – A complex system is difficult to comprehend when considered as a whole. Therefore, the system is decomposed or factored into subsystems. Subsystems constitute the entire system. They are complete systems on their own but exit in another system called the complex system. Subsystems can be further decomposed into smaller subsystems until the smallest subsystems are of manageable size. The subsystems resulting from this process generally form hierarchical structures. In the hierarchy, a subsystem is one of a supra-system (the system above it).
EXPERT SYSTEM – is software that uses a knowledge base of human expertise for problem solving, or clarify uncertainties where normally one or more human experts would need to be consulted.
HOSPITAL INFORMATION SYSTEM (HIS) – variously also called clinical information system (CIS) is a comprehensive, integrated information system designed to manage the administrative, financial and clinical aspects of a hospital. This encompasses paper-based information processing as well as data processing machines.
MIS – Management Information System is the system that stores and retrieves information and data, process them, and present them to the management as information to be used in making decision. It can also be defined as an integrated machine system that provides information to support the planning and control functions of managers in all organizations. By these definitions, MIS must serve the basic functions of management, which include planning, organizing, staffing, directing and controlling. Information systems that only support operations and do not have managerial decision making significance is not part of MIS.
MCS – Management Control system is a form of Information System used by the management of an organization to analyze each application of information system in terms of input, storage, processing and output. The MCS has functional subsystems such as the hardware system, the operating system, the communication system and the database system. Management control systems are human artifacts. This means that MCS exits only because human beings design and build them.
DESIGN AND MANAGEMENT OF A SECURE PATIENT DATA MANAGEMENT SYSTEM