PROJECT TITLE: SECURE ROLE BASED HEALTHCARE CLOUD BASED SYSTEM

STUDENT NAMES:

1. AZHARUDDIN MOHAMMED (MIT170760)

2. MOHAMMED AMER UDDIN (MIT161765)

3. VIJAY KUMAR NAMPALLY (MIT170942)

4. TELAKAPALLY PRAVALLIKA (MIT162463)

5. PAVAN REDDY ANUGU (MIT170491)

ACKNOWLEDGEMENT

First of all, we want to acknowledge the efforts of our Project supervisor DR. MANSOOR RAZA, who has been with us over the course of last few weeks and helped us in every possible way. He has very vast knowledge about the web based applications and all the software and tools required for building a website for a commercial as well as private purpose.

We are immensely grateful to our Project’s Industry Client, DR. ARMEN KOCHARYAN, for all his support and valuable guidance offered to us towards our project.

Additionally, we also earnestly appreciate Assistant ProfessorSAVITRI BEVINAKOPPA, for giving us timely and whole hearted support to do this project and by organizing weekly classes as project workshop, which was very helpful too.

Finally, we thank our team members for their collective efforts and vast research towards the betterment of the project.

ABSTRACT

With the rapid advancement of the cloud-based systems, there has been an emerging trend of high adoption of cloud storage. Due to the increased public knowledge of the benefits of cloud storage, many organization including healthcare systems are now moving their Electronic Health Records (HER) to cloud storage system. However, this mass movement to cloud storage has raised concerns on the relevance of security issues on protection and orientation of unauthorized access of Electronic Health Records reserved in the public cloud storage system. Several tactics have been proposed by healthcare researchers with the intention of protecting the security of the health record to the public.

In this paper, there will be a comprehensive overview of a Secured Role-Based Healthcare Cloud-Based System to develop a secure and personality control of health records. The paper’s objective is to specify implementation characteristics, concerns, web integration, and confidentiality of patient data in the use of Health information system. Based on the finding as well as the assessment based on the previous research on healthcare information system, cloud-based storage needs to have access from authorized persons. The paper includes the identification of the research questions and investigation of various scholarly articles and journal related to the improvement of healthcare cloud-based system. The paper proposes five methodologies with 20 literature reviews on cloud-based storage of electronic health records [14] [15].

TABLE OF CONTENTS

CONTENTS PAGE NUMBER

ABSTRACT 3

INTORUCTION 4

PROBLEM DOMAIN AND RESEARCH QUESTION 7

RESEARCH QUESTIONS 7

BACKGROUND AND PROJECT OBJECTIVE 8

SUMMARY OF LITERATURE REVIEW 9

PROJECT REQUIREMENTS ANALYSIS AND SPECIFICATION 10

PROJECT PLAN AND PRELIMINARY DESIGN 11

METHODLOGY 14

KALMAN FILTER ALGORITHM 14

ROLE BASED ACCESS CONTROL SYSTEM 15

RULE DICTIONARY 16

ACCESS CONTROL LIST 17

PROFILES 18

WORK BREAK DOWN STRUCTURE 19

GANTT CHART 20

WEEKLY ACTIVITIES OF TEAM MEMBERS 21

ROLES AND RESPONSIBILITIES 24

PROJECT BUDGET 25

RESEARCH METHODS FOR MN692 26

PLANNED WEEKLY ACTIVITIES 26

ROLES AND RESPONSIBILITIES 27

WBS AND GANTT CHART OF MN692 28

RESEARCH DESIGN 29

CONCLUSION AND LIMITATIONS 31

REFERENCES 32

APPENDICES 34

1. INTRODUCTION

Currently, there has been an increasing trend for the most organisation to store their data in the cloud bases system due to the dramatic increase in the digital information especially with customer’s personal data or advanced company wanting to back up their data to prevent loss in case of fire outbreak or cyber-attacks. A cloud-based storage system, in particular, has drowned the attention of most large organizations with large storage needs. Also, the cloud-based storage offers extensive storage at an inexpensive rate in the long-run. By outsourcing, customer data to the cloud storage, companies can concentrate on other factors like improving design function to advance user experience without worrying about the loss of information due to the high level of trust in the cloud-based storage. Cloud-based system also offers on-demand storage which leads to the reduced maintenance costs for the organizations. Moreover, Cloud storage system offers a flexible and convenient way for an individual to access their information from any location and on any device [1].

However, according to the recent survey indicate that 88% of potential cloud system customers are worried about the security of their private data. Security of the cloud system is the major issue hindering its adoption rate. The cloud-based system includes different types of infrastructures. A public cloud system is one which is allocated to the general public and allocation or resource is a pay-as-you-go type. A private cloud system is an internal cloud storage designed and operated by a specific organization [1]. The company has a full controlled of their private cloud hence it cannot be accessed by an external party. Therefore, many people claim that a private cloud system is more secure and can be trusted when it comes to privacy of information. According to the recent survey, more than 43% of companies have confessed to using private cloud system with about 37% claiming to adopt private cloud in the next two years.

This paper will address issues associated with security of the data with cloud storage. a public cloud storage system is formed by a single or a variety of data centres often distributed to different geographical locations. The user may have no idea of where the data is store and there is a common perception that the various cloud users may lose control of their data after uploading to a public cloud system.

In order to manage and control access and control of public clouds, there is a need for organizations to develop mechanisms and access control policies. Such control policies need to restrict the access of data specified to those authorized by the organization. But the cloud system is supposed to implement such policies for them to be an operation to various organizations. But in current healthcare public cloud system, patients have to assume that their records are in the safe hands or those authorized to access their data [2].

In a Role-Based Healthcare Cloud-Based System model, roles are drawn to access and upload permission while the authorized personnel are mapped with appropriate roles. To illustrate, users have tasked membership to the cloud roles according to their responsibilities as well as professionalism. Access permits are granted to qualified individuals rather than any individual staff. Furthermore, Role-Based Healthcare Cloud-Based System, a responsibility can gain permission from other functions hence the health organization can design a hierarchal structure of various roles [2].

In traditional access management systems, execution is done by trusted personnel which in normally the service provider. In a public cloud data system, data can be reserved in distributed data centres. In other words, it may lack a single control panel for data control and distribution. To protect the privacy of the data, there is need to have a specified role-based access control system hence only authorized staffs are allowed to access the data as a specification from the policies. The authorized personnel who satisfy the implemented role-based access will be able to access the data using their personal keys. Hence, the problem of managing public cloud data will be transformed from the management to individual management of access keys according to the implemented cloud data policies.

This paper presents the design of a Secure Role-Based Healthcare Cloud-Based System where the access control procedures are enforced by the new role-based system. The policy grants permission only to the users who are experts in their roles and can also revoke the permission from the current user in case of any malpractice. The cloud storage provides will be able to view the content of the data in case the user is not given the appropriate role. In the new Secure Role-Based Healthcare Cloud-Based System, revocation of a user for malpractice will have an effect on another user in the healthcare setting. The paper will also address several data security issues such as data transfer privileges between on healthcare provider to another.

The paper will also address the advantages of Secure Role-Based Healthcare Cloud-Based System web integration such as reduced cost, improved privacy, reduced medical errors etc. the role-based security of the cloud system will include the security requirements for access, overview, and limitation of the current approaches, role-based key structure and privacy/security analysis. Moreover, there will be a comprehensive analysis of the confidentiality of patient data via healthcare records, information privacy, and disclosure of health information. Finally, the paper will have a comprehensive view of the project requirement as well as analysis and specifications [2].

2. PROBLEM DOMAIN AND RESEARCH QUESTIONS

There has been an increase in concerns over the privacy and security of electronic driven healthcare system that handles many of electronic health information. These concerns have revolved around two areas, which are; information released in an inappropriate way and issues on how information flows in a system. Information released inappropriately has been linked to authorized users manipulating their right to access information intentionally or unintentionally and sharing that information. Other relates to the system where it openly disclosed a patient’s identifiable health data.

RESEARCH QUESTIONS

1. Does connectivity, a quality of a securely based system impact on the performance of the healthcare providers?

2. How does the use of a secure cloud-based system reduce the cost of operating an electronic healthcare system?

3. Does this secure cloud-based system have measures to ensure security and privacy?

4. Do the healthcare providers or fraternity consider a secure cloud-based healthcare system as efficient and reliable?

JUSTIFICATION OF THE STUDY

A number of healthcare organizations have made efforts to implementing mobile devices, and diversifying their digital storage options, which has made it a need for the healthcare industry to consider cloud computing security [5].

The push by the healthcare industry to diversify their digital storage options and improve data security of their customers has seen rising considerations to adopt a cloud-based security system. The complexity of this industry is evident in the vast amount of patient data that is prone to attacks and there is need to have it secured [9].

The adoption of electronic health records saw the industry transformed for the better in terms of patient care and efficiency and for once, the industry had come across a powerful way to store its gigantic health records but forgot to check on security and privacy issues that have increased over the recent years [5].

The replacement of medical systems by healthcare organizations is costly for them and there is a growing need to cut down on the budgetary allocations on the purchase of systems that are cost-effective in terms of management and replacement [4].

The fraternity has for a long time ignored the cybersecurity risks that are aimed at their computers and servers which could cripple these organizations if such an attack occurs. The growing data breach and loss of data by these healthcare organizations has shown the need for them to consider a proactive risk mitigation in order to cut costs of data management and uphold reputation and goodwill [9].

Inter-connectivity of the healthcare industry which makes small targets (small hospitals) an easy way for hackers to infiltrate into systems of larger organizations. This may lead to massive attacks on healthcare data that is valuable like credit card and bank account numbers which might be sold to other people [4].

3. BACKGROUD AND PROJECT OBJECTIVE

· The main objective is to assess the role of a secure cloud-based system in ensuring privacy and security in the healthcare sector.

· To establish if a cloud-based system quality of connectivity has any impact on the performance of healthcare providers.

· To assess if a secure cloud-based system can reduce the cost of operating an electronic healthcare system.

· To assess the measures applied by this system to ensure security and privacy is maintained.

· To establish if a secure cloud-based system is considered efficient and reliable by healthcare providers.

3.1 SUMMARY OF LITERATURE REVIEW

A number of healthcare organizations have made efforts to implementing mobile devices, and diversifying their digital storage options, which has made it a need for the healthcare industry to consider cloud computing security [5].

The push by the healthcare industry to diversify their digital storage options and improve data security of their customers has seen rising considerations to adopt a cloud-based security system. The complexity of this industry is evident in the vast amount of patient data that is prone to attacks and there is need to have it secured [9].

The adoption of electronic health records saw the industry transformed for the better in terms of patient care and efficiency and for once, the industry had come across a powerful way to store its gigantic health records but forgot to check on security and privacy issues that have increased over the recent years [5].

The replacement of medical systems by healthcare organizations is costly for them and there is a growing need to cut down on the budgetary allocations on the purchase of systems that are cost-effective in terms of management and replacement [4].

The fraternity has for a long time ignored the cyber security risks that are aimed at their computers and servers which could cripple these organizations if such an attack occurs. The growing data breach and loss of data by these healthcare organizations has shown the need for them to consider a proactive risk mitigation in order to cut costs of data management and uphold reputation and goodwill [9].

Inter-connectivity of the healthcare industry which makes small targets (small hospitals) an easy way for hackers to infiltrate into systems of larger organizations. This may lead to massive attacks on healthcare data that is valuable like credit card and bank account numbers which might be sold to other people [4].

4. PROJECT REQUIREMENTS ANALYSIS AND SPECIFICATION

The paper includes a comprehensive understanding of the exact needs to develop a role-based cloud access infrastructure. Both healthcare institution and the cloud service provider need to have a successful development and implementation of cloud services that will be the source of their IT operation for years. The architect for the Secure Role-Based Access Control Cloud system will require both the hardware and software components of development of the cloud infrastructure. This section will have an overview of the hardware and software requirements with analysis and specifications of the project as well as the project budget [5].

OPERATING SYSTEM:

Healthcare Computer system needs to have an operating system that allows diversified cloud computing to allow implementation of a Secured Role-Based Healthcare Cloud-Based System in which the application and data live and run on the internet rather than external or internal storage. Cloud storage can be installed and integrated with other operating systems depending on the computer specs used. Sometimes, the cloud can act as a stand-alone OS although it has a low hardware requirement. Healthcare organization need to build a data centers with redundancies and fault tolerance to implement cloud models to make it available for various apps [5].

HETEROGENEOUS SYSTEM SUPPORT:

Cloud management solution requires the latest hardware, software, virtualization and support data center for the current infrastructures. Early cloud migration included the basing of the solution to commodity and open sources; the current requirements include both commodity and proprietary system. In other words, the intended cloud management provision needs to be integrated with the traditional system in order to achieve the objectives of the Secured Role-Based Healthcare Cloud-Based System. Therefore, healthcare institutions that do not support technologies like NetApp, Microsoft, Cisco, and Red Hat may fall short of this project [9].

SERVICE MANAGEMENT

To produce the functionality of a Secured Role-Based Healthcare Cloud-Based System, it is necessary that the healthcare administration own a simple tool for metering and defining service offered. A service offering can be viewed as a quantified set of application and services that the final user can consume via the cloud provider- whether public or private cloud. For this project to function effectively, service providers should include other factors such as resource management, billing cycles, resource guarantee and metering rules. The functionality of the service management should reciprocate factors of both software and hardware requirements [9].

INTEGRATION OF DATA CENTER MANAGEMENT TOOLS

Many compositions of the traditional cloud data management require some level of integration with other software in order to achieve the objectives of Secured Role-Based Healthcare Cloud-Based System as the best way of healthcare organization consuming IT. Within an integrated data centers, various tools are utilized in the provision, user care, system management, directory as well as security. Since the main objective of the paper is to improve the security of the cloud computing by having authorized people to access cloud data, it is important for the integration of Application Program Interface that will facilitate the filtering of users on the online storage [9].

5. Project plan and preliminary design

In a Role-Based Healthcare Cloud-Based System model, roles are drawn to access and upload permission while the authorized personnel are mapped with appropriate roles. To illustrate, users have tasked membership to the cloud roles according to their responsibilities as well as professionalism. Access permits are granted to qualified individuals rather than any individual staff. Furthermore, Role-Based Healthcare Cloud-Based System, a responsibility can gain permission from other functions hence the health organization can design a hierarchal structure of various roles [14].

Figure 1.Network Design

This paper presents the design of a Secure Role-Based Healthcare Cloud-Based System where the access control procedures are enforced by the new role-based system. The policy grants permission only to the users who are experts in their roles and can also revoke the permission from the current user in case of any malpractice. The cloud storage provides will be able to view the content of the data in case the user is not given the appropriate role. In the new Secure Role-Based Healthcare Cloud-Based System, revocation of a user for malpractice will have an effect on another user in the healthcare setting. The paper will also address several data security issues such as data transfer privileges between on healthcare provider to another. The paper will also address the advantages of Secure Role-Based Healthcare Cloud-Based System web integration such as reduced cost, improved privacy, reduced medical errors etc. the role-based security of the cloud system will include the security requirements for access, overview and limitation of the current approaches, role-based key structure and privacy/security analysis [14].

The paper includes a comprehensive understanding of the exact needs to develop a role-based cloud access infrastructure. Both healthcare institution and the cloud service provider need to have a successful development and implementation of cloud services that will be the source of their IT operation for years. The architect for the Secure Role-Based Access Control Cloud system will require both the hardware and software components of development of the cloud infrastructure. This section will have an overview of the hardware and software requirements with analysis and specifications of the project as well as the project budget [5].

6. METHODOLOGY

6.1. KALMAN FILTER ALGORITHM

Figure 2.Kalman Filter Algorithm

The early studies related to early states of cloud computing load forecasting contributed to the current improved state of clouding world. Such studies such as Kalman Filtering included not the only prediction of algorithms but also utilized linear regression prediction as well as neutral network prediction. In other words, the health cloud storage provider can successfully predict the next phase of task loads. Secure Role-Based Healthcare Cloud-Based System proposes the forecasting algorithm especially for the user who accesses the public cloud storage for the health records. The procedure will result in a more accurate and reflective cloud computing curve. The establishment of the role as well as profile login will provide more predictive and secure health records. In other words, the Kalman filtering will only allow specific or authorized personnel to access the health records hence having a predictive and secured health records. The Kalman filtering will trace and verify the ability of the health organisation to have a secured role-based access to the health record through the prediction of accuracy [2].

6.2. ROLE-BASED ACCESS CONTROL SYSTEM

To secure the privacy of health records, the paper proposes a role-based access control techniques according to the idea of access control list. Traditionally, various factors were used to filter several incoming traffic so that to block unauthorized access to the cloud system. In this solution, there will be an incorporation of the role of the users and the identity attributes to have an approval for access credentials. In other words, the role-based access system will not only have personal keys but also identity verification for the approval of the access. The rule identifier point for this methodology will include creating, verify, retrieve and delete operation on each role of the user. The cloud provider will have the role to create, verify, retrieve or even delete the role-based access credentials for the user. Once, the user role and profile is validated, the cloud system then generates access token to the specific cloud user and share it to the individual as well as the service provider. This mechanism will help reduce Authentication issues that lead to the loss of privacy and security of healthcare cloud storage [2].

Figure 3.Role based accesses control system

6.3. RULE DICTIONARY

Rule dictionary methodology is proposed to describe the security policy of this projected system. The rule dictionary will explain the access privileges offered to the role-based user credentials. In this healthcare cloud storage solution, a rule identifier is defined then stored against each profile and role. The identifier views the rule dictionary and implements the security policy defined by each role in the verification of the public record access. The advantage of this mechanism is that it would allow the system managers to update any changes of policies regarding the access verification based on the roles of the user. This will not only minimize the management and implementation cost of the new techniques but also guarantees safety of patient records. In addition, the rule dictionary for the Secured Role-Based Healthcare Cloud-Based System can describe the access policies for various deployment models which contribute to the access credentials of various cloud networks [2].

Image result for rule dictionary for accessing cloud records

Figure4. Rule Dictionary

6.4. ACCESS CONTROL LIST

The Access Control List mechanism will include the opposition of access lists in different parts, unlike the traditional methods that include one big list of roles. The proposed access control list for Secure Role-Based Healthcare Cloud-Based System will offer the healthcare providers with the advantages of reduction composition as well as minimization of administration costs. The new proposed version is also simple to implement in cloud storage setting where rules are offered in form of services. In other words, the paper presents a new role-based access control strategy. The management of Secure Role-Based Healthcare Cloud-Based System will require fewer management efforts and minimal complexity compared to the previous traditional styles. Furthermore, this solution provides a reduced role-based access data time done in an authentication way. That is if the user accessing the health records fails to perform a task in the cloud task in one minute, the system will automatically log off the individual. This is a great step in ensuring that personal information of patients is at top attention [3].

a. Role-based access control list

a. Rule Dictionary

6.5. PROFILES

User personalization isn’t a new concept in the cloud computing world. Today, personalization concept is widely used in the technological aspects in the customize content to improve the user experience. In this cloud record security solution, the paper develops a role-profile based access control system. The user profile is seen as an entity that contains predefined freedoms to access the cloud service. When an individual accesses the cloud computing service by inputting login keys as well as personal identification, the authentication system approves the user credentials and validates the user profile. Consequently, the access token will be granted to the cloud user according to their role assigned to the specific user. This will inhibit user form recurrent access to each authorized service. Furthermore, it will improve the overall security since specific services will be matched with the user role as well as their profiles. Considering the hierarchal structure of health organizations, the profile-role based access control list best fits its necessities [3].

Image result for profile based access control cloud storage

Figure 5.A role-profile based access control system

7. WORK BREAK DOWN STRUCTURE (WBS) OF MN691

Figure 6.Work Breakdown Structure

8. GANTT CHART OF MN691

Figure 7 Gantt chart

9. WEEKLY ACTIVITIES OF TEAM MEMBERS

WEEK AZHARUDDIN MOHAMMED MOHAMMED AMER UDDIN VIJAY NAMPALLY PAVAN REDDY AENUGU TELAKAPELLY PRAVALLIKA
Week 1 Met with A/Prof Savitri Bevinakoppa and selected Quantum IT Enterprise web design and implementation from the available options. Meeting with the supervisor, Industry Client and selection of the project. Meeting with the supervisor, Industry Client and selection of the project. Meeting with the supervisor, Industry Client and selection of the project. Conducted meeting with the first lecture met with Savitri mam and discussed about the group members and understood the process of selecting industry based project marking.
Week 2 Researched about the selected project, learnt the proposal of project and met with industry client and project supervisor. Studied on the basics of Web designing and the importance of a website to any industry. We looked on web designing and implementation to the project scope. Introduced to project and told what it looks like and researched about it. Great impact to meeting with the supervisor and industry client meeting ,talked about the different topics finally concluded the topic that is Quantum IT Enterprises Web Designing &Implementation.
Week 3 Researched two journals about the business requirements for developing a website, and process of securing it. Researched about the software and other components required for the web designing. We found the website requirements, outcomes, functional and nonfunctional website recovery. Researched about the project details how a web site is designed its ways of designing. We learned about the about the how website can done. What the section can be marketing field.
Week 4 Researched and learnt how to write literature review by collecting data online. Researched on similar journals online and collected information. We looked about the researched questions and found the effective articles. Getting information of web designing by referring papers and other materials. We searched many other journals, conferences, articles related to our scope and qualified our researched questions.
Week 5 Tested a mock website created by industry client and contributed information security issues under his supervision. Used a mock website created by our industry client to get some more valuable information. We had a mock website to got some effective results to found the what the main key features and structure of website Worked on website outline a sample outline creation and research the ways of outline formats. We have a mock website created by a industry client we got more information to the key elements, how the website build.

Week Azharuddin Mohammed Mohammed Amer Uddin Pravallika Vijay Pavan
Week 6 Received feedback from the Project coordinator A.Prof Savitri Bevinakoppa and learnt about the topics to be included in the Project. Submitted assignment 1 and got feedback from A.Prof Savitri Bevinakoppa and made changes to the project as advised. We had a workshop with an industrial professional and discuss the project management concepts and how to face interview also , discussed possible questions we faced when you start work in an industry. I came forward with some of the strategies and designs (Planning’s), along with architecture and user interface design. And showed it to our tutor where he has given us some major corrections and add-ons. In this we had project workshop and also working on assignment and also had some research question findings.
Week 7 Researched online on the new topics and aspects of the project and the work was divided as per the roles of the group members. Researched on the new topics to be included in the assignment and the work was organized and divided among the group members. Discussed about the project plan , figured out the some project management methodologies discussed about the main points:

Future ways of working,

Job search organization,

Project management issues.

In this Week we have finalized a web design. Started designing our website as well. The project workshop continues in this week and preparing the slides for presentation and the research methodologies and assignment.
Week 8 As an administrator of the project, I have learnt online on how to manage and select the ideal software and hardware required. As a developer, selected software according to the requirement of the website and learnt how to develop it. We had a presentation and every team had a new concepts in different subject scope. We had a meeting with savitri mam we need to change some requirements about the assignment 2 . In this week All the group members has given our project presentation in the class and shown how we are planning to design our website. In this week we gave presentation and savathri mam asked meet and change the assignment and to add more topics to it.
Week 9 Included all the aspects told by A.Prof Savitri and tested the output and the working of the project. Everything required was covered and design was created. Covered all the aspects of the project as advised to meet the requirement of MIT. Developed and programmed using appropriate tools. Worked with assignment 2 and following some new requirements we are sharing some tasks

Web integration tasks, Clinical administrative tasks, Reduced medical errors, Patient data security, and Healthcare process integration.

We have started working on assignment and as per my role in the project I did some design and architecture works in the assignment. In this week we are working on assignment and I took responsibility for hardware devices and fixing the hardware faults.
Week10 Working on project report Working on project report Working on project report Working on project report Working on project report
Week11 Preparing for presentation and next stage methods Preparing for presentation and next stage methods Preparing for presentation and next stage methods Preparing for presentation and next stage methods Preparing for presentation and next stage methods

10. Role and Responsibilities of Team Members

Team Member Respective Role
Azharuddin Mohammed Administrator: Responsible for assembly of more information on cloud computing, Project requirement collecting.
Pravallika Analysing the project and testing in real time.
Mohammed Amer uddin Developer

Responsible for Project methodology analysis and implement the kalman filtering based algorithm and filtering process.

Vijay Operator

Responsible for planning and design of the project. Assess the system in an actual situation.

Pavan Responsible for hardware device buying according to the project requirement and also responsible for categorizing hardware faults and fixing errors.

11. PROJECT BUDGET

PROJECT TASK TOTAL PER TASK
Project Design
Progress of detailed design specification $1,000
Development of approval test plan $2,150
Development of purposeful provisions $500
Subtotal $3,650
Project Development
Developments of mechanisms $1,500
Procurement Software $1,000
procure hardware $1,000
development of approval test packages $1,200
Unit integration examination $430
Subtotal $5,130
Project Delivery
Train consumers $2,200
execute acceptance test $500
perform post project assessment $1,000
Subtotal $3,700
Subtotals $12,480
Contingency $1500
Total (Scheduled) $13,980

12. RESEARCH METHODS TO BE USED FOR THE NEXT STAGE OF PROJECT

12.1. MN692 (NEXT PART OF THE CAPSTONE PROJECT) TABLE OF PLANNED WEEKLY ACTIVITIES.

WEEK TASKS/IMPLEMENTATION STAGES
WEEK 1 Determining the Research Questions
WEEK 2 Initial review of Literature
WEEK 3 Collecting study to a researchable problem
WEEK 4 Continued review of Literature
WEEK 5 Formulation of Hypothesis
WEEK 6 Determining the basic research approach
WEEK 7 Identifying the total number of Samples
WEEK 8 Designing the Data collection Plan
WEEK 9 Selecting Data collection Instruments
WEEK 10 Choosing the Method of Data Analysis
WEEK 11 Implementing the Research Plan
WEEK 12 Interpreting the Results

12.2. ROLES AND RESPONIBILTIES OF EACH TEAM MEMBERS

Team Member Respective Role
Azharuddin Mohammed Administrator: Responsible for assembly of more information on cloud computing, Project requirement collecting.
Pravallika Analysing the project and testing in real time.
Mohammed Amer uddin Developer

Responsible for Project methodology analysis and implement the kalman filtering based algorithm and filtering process.

Vijay Operator

Responsible for planning and design of the project. Assess the system in an actual situation.

Pavan Responsible for hardware device buying according to the project requirement and also responsible for categorizing hardware faults and fixing errors.

12.3. WORK BREAKDOWN STRUCTURE OF MN692

Task start date duration (days)
Project Analysis 1-May 31
Project Requirement 15-May 60
purchasing of Physical Devices 15-Jul 30
Projection and Planning 30-Jul 92
The implication of the design 30-Aug 30
Unit Testing 30-Nov 90

12.4. GANTT CHART OF MN692

12.5. RESEARCH DESIGN

This study used a descriptive research design. A descriptive study attempts to describe or define a subject, often by creating a profile of a group of problems, people, or events, through the collection of data and tabulation of the frequencies on research variables or their interaction, descriptive design method will provide quantitative data from the respondents. The data collected answered questions concerning the current status of the subject under study.

RESEARCH METHODS TO BE USED FOR THE NEXT STAGE OF THE PROJECT

The next stage, MN692 will be the implementation phase of a Secure Role Based Cloud Storage to Health institution. For a successful implementation, a practical research will be done including both qualitative and quantitative analysis of the current security status of cloud computing in Health Care. The selection of the sampling technique in this stage will be Stratified Random Sampling. On the other hand, primary data collection will be through questionnaire and Interviews of both healthcare staff and the administration.

12.5.1. SAMPLING TECHNIQUE

The research in MN692 will use stratified random sampling to select 30% of the MSE’s for the sample of this study from the target Healthcare institution. Thus the sample size 30/100x 147=44; that is 44 MSE’s formed the sample size of the study recommended 30% of a small target population to be representative sample size for a study. The manager or administrator of each of the selected MSE’s will be interviewed. Therefore, 44 MSE’s formed the sample size of the study.  Each location will form a stratum. The sizes of the samples from the different strata will be kept proportional to the sizes of the strata. This method will help improve the representation of each stratum within the population, as well as ensure that these strata are not over-represented. Each Healthcare organization will be given a number out of which 44 will be picked randomly using Microsoft Office Excel. A random sample is preferential because it is free from bias as each unit has an equal chance to be included in the sample.

12.5.2. PRIMARY DATA

Primary data on the need for improved security on cloud storage will be collected using a questionnaire that was administered by the researcher. A questionnaire enables the researcher to get first-hand information about the problem. It also provided the opportunity for anonymity to promote a high response rate. The researcher will also interview the respondents in order to get greater insight into the subject under investigation. A certain degree of flexibility was permitted to allow the respondents ask questions and raise issues as this enriched in trying to solve the problem.

DATA BASE SERVER WEB SERVERIMPLEMENTATION STRATEGY

Privileged access/ Limited Users

FRONT END CLIENT

Website created and published online find it on: www.cbdhealthcarecentre.tk

CONCLUSION

This paper describes the security issues that the healthcare cloud storage system. Various studies have been advocated with the aim of improving the security of data in a public cloud storage system. The current traditional cloud computing security solution does not guarantee the safety of private data. In an effort of improving the traditional healthcare cloud storage, this paper describes the new secure role-based healthcare cloud-based system. The proposed cloud system presents a role-based access control where only those with expertise skills and credentials are authorized to access the cloud storage. The proposed system also presents the concept of role as well as a profile that defines the security of medical institutions. This approach will contribute to client satisfaction when it comes to ensuring data safety and privacy. The approach is expected to build the reputation of healthcare organization since there will be a minimal leakage of private data to the public due to the advanced policies of a secure role-based healthcare cloud-based system.

LIMITATION OF THE RESEARCH

Knowing the lines of responsibility:

It is necessary to be mindful of the service provided by the host before introducing the role-based access system. Just because the cloud provider provides particular software doesn’t mean that it will be compatible with the research on improving the security via the role-based factor. Therefore, health providers need to evaluate the service they are paying for to determine whether they are compatible with the new system.

Although cloud providers are aware of the malware and virus attack on their consumer system, they assume that they have a critical role in providing a solution to secure the cloud storage system. Cloud provider may not be willing propose solutions on preventing an adverse attack on the cloud system. The reluctance of the cloud providers could hinder the project from improving the security of the health system.

REFERENCES

[1]Chang, V., Kuo, Y. H., & Ramachandran, M. (2016). Cloud computing adoption framework: A security framework for business clouds. Future Generation Computer Systems57, 24-41.

[2] Kavuri, S. K., Kancherla, G. R., & Bobba, B. R. (2014, September). Data authentication and integrity verification techniques for trusted/untrusted cloud servers. In Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on (pp. 2590-2596). IEEE.

[3]Lee, A., & Fu, C. (2013). U.S. Patent No. 8,387,136. Washington, DC: U.S. Patent and Trademark Office.

[4]Liu, J. K., Liang, K., Susilo, W., Liu, J., & Xiang, Y. (2016). Two-factor data security protection mechanism for cloud storage system. IEEE Transactions on Computers65(6), 1992-2004.

[5]Mon, E. E., & Naing, T. T. (2011, October). The privacy-aware access control system using attribute-and role-based access control in private cloud. In Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference on (pp. 447-451). IEEE.

[6]Namasudra, S., Nath, S., & Majumder, A. (2014, March). Profile based access control model in cloud computing environment. In Green Computing Communication and Electrical Engineering (ICGCCEE), 2014 International Conference on (pp. 1-5).

[7]Park, N. (2011). Secure data access control scheme using type-based re-encryption in cloud environment. In Semantic methods for knowledge management and communication (pp. 319-327). Springer, Berlin, Heidelberg.

[8]Wang, G., Liu, Q., & Wu, J. (2010, October). Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 735-737). ACM.

[9]Wang, Q., Wang, C., Li, J., Ren, K., & Lou, W. (2009, September). Enabling public verifiability and data dynamics for storage security in cloud computing. In European symposium on research in computer security (pp. 355-370). Springer, Berlin, Heidelberg.

[10]Yang, J., Qiu, J., & Li, Y. (2009, September). A profile-based approach to just-in-time scalability for cloud applications. In Cloud Computing, 2009. CLOUD’09. IEEE International Conference on (pp. 9-16). IEEE.

[11]Yang, K., & Jia, X. (2014). DAC-MACS: Effective data access control for multi-authority cloud storage systems. In Security for Cloud Storage Systems (pp. 59-83). Springer, New York, NY.

[12]Yang, K., Jia, X., & Ren, K. (2013, May). Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (pp. 523-528). ACM.

[13]Yu, Y., Au, M. H., Ateniese, G., Huang, X., Susilo, W., Dai, Y., & Min, G. (2017). Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Transactions on Information Forensics and Security12(4), 767-778.

[14]Zhou, L., Varadharajan, V., & Hitchens, M. (2011). Enforcing role-based access control for secure data storage in the cloud. The Computer Journal54(10), 1675-1687.

[15]Zhou, L., Varadharajan, V., & Hitchens, M. (2013). Achieving secure role-based access control on encrypted data in cloud storage. IEEE transactions on information forensics and security8(12), 1947-1960.

APPENDICES

APPENDIX I

We have entered the project MN691 and chosen topic WEB DESIGNING AND IMPLEMENTATION. We have submitted assignment – 1 on week – 5 and we got feedback from our supervisor and Savitri. We had been through the feedback which based on research question, project objective and project requirements.

We made some changes in implementing the project to next level. Savitri madam conducted the group presentation on week 8.Our group planned many effective research questions for week 8 presentation. We analyzed our presentation and equally divided slides among the team members and presented well.

Savitri madam gave feedback on our presentation which suggests our project is not up to master’s level. Because, for researched based project we need high level requirements to implement the MN692. So, this is the main reason we changed our project with some new requirements.

They are as follows:

Clinical administrative tasks

· Reduced medical errors

· Reduced cost

· Patient data security

· Healthcare process integration

· Confidentiality of patient data => 2 members

· Healthcare records

· Information privacy

· Confidentiality obligations in healthcare

· Disclosure of health information.

· Utilization of valuable legacy

Role based security

· Security and privacy requirements for her access

· Background and limitations of existing approaches

· Role based key structure

· Security analysis

· Privacy analysis

Confidentiality of patient data

· Healthcare records

· Information privacy

· Confidentiality obligations in healthcare

· Disclosure of health information

APPENDIX II

LITERATURE REVIEW

A literature review is a process of systematically identifying, locating, and further analyzing past research works (documents) that have information related to the research problem being investigated. It is a process that forms kind of a framework on which the research findings will be interpreted and if there are similarities they are also drawn with the existing body of knowledge. This chapter will be tasked to review relevant literature to this research [13].

HOW CLOUD COMPUTING SYSTEMS WORK

Cloud computing is basically the sharing of resources, information and software using a network (internet) that acts like a virtual space which connects users all around the world bulked with information and allows this information to be shared through networks.

Data and information are stored in virtual or even physical servers maintained and operated by a cloud computing provider. This allows an individual referred to as a cloud user to access his information on the cloud through the internet medium [13].

WEB INTEGRATION AND CONTINUOUS INTEGRATION

Web integration (connectivity) with healthcare systems like CRM (Customer relationship management) and other systems like cloud computing systems is vital for instant access to updated data and other associated benefits which include:

REDUCED COSTS

Integration of web with the secure cloud-based system is a way out for healthcare providers to cut costs as their operating expenses are rising alongside struggles to have rising infrastructure, administrative and pharmaceutical costs in check. Government demands to improve on the quality of healthcare and standardize quality across the industry is also another problem that they face which can be solved by the adoption of a secure cloud-based healthcare system [13].

Cloud solutions enable the sharing of large data files conveniently, which consequently helps in reducing the overall healthcare costs and parallel to it, efficiency is achieved. Healthcare providers need to take advantage of this technology to help them in regulating rates and costs. A powerful system that is cloud-based can manage, store and share data with millions of customers and avoid the chances of data loss or the loss of sensitive information [13].

CLINICAL ADMINISTRATIVE TASKS

Electronic health records (EHRs) that applies the cloud computing technology in managing medical records can come along with many benefits. This cloud-based system has made it possible for administration, personnel and other staff members to timely access medical records. Cloud solutions are responsible for simplifying operations which in-turn makes administrative tasks more efficient and cost-effective [15].

Cloud-based systems come with on-demand computing to help in the access, deployment and use of networked information, resources and applications. It saves the administration from having multiple computers in various sections and departments all in need of specific hardware, software, and connection to the internet to enable storage and retrieval of medical information.

Non-clinical applications and healthcare management applications that use cloud technology can effectively and efficiently handle issues of revenue cycle and its management. Patient management has also undergone a revolution under this technology effectively and efficiently manage billings and handling of claims by customers. This is made possible as information related to a particular patient can be securely transferred and related data shared to the respective departments

REDUCED MEDICAL ERRORS

Errors are a nightmare in the medical fraternity as it is said to be the third most causer of deaths in the United States, after heart disease and cancer. Some of the medical errors come as a result of differing information between different systems and devices. According to a survey carried out by the Independent Gary and Mary West Health Institute, 60 percent of the nurses interviewed responded that fewer cases of medical errors could be witnessed if the medical equipment was integrated completely with similar information instead of relying on manual transcription [15].

Medical errors are not only issues of consumer safety but also come with costly expenses, according to the West Health Institute’s argument, total savings achievable as a result of an integrated healthcare infrastructure could hit $30.

Cloud-based systems have the capability to reduce mistakes that are common in healthcare settings. This system provides consistency to the data and facilitates remote and swift access to knowledge and skill of renowned doctors by other upcoming doctors.

This technology creates a pool of medical knowledge that is provided by seasoned professional opinion on different treatments. Availability of such pool of knowledge and skills on different treatments are capable of minimizing the number of errors caused by the medical fraternity [15].

PATIENT DATA SECURITY

Patient (customer) data security should be any healthcare institution’s priority despite the need to have information stored offsite and improve the accessibility of information from multiple locations.

Healthcare organizations are adopting cloud-based systems which have security advantages, as physical records are difficult to track or replace in case of theft. Cloud computing can assist healthcare organizations to improve the protection of data by positioning the patient’s information in a virtual desktop infrastructure server [15].

This system ensures that information is secure because positioning the client’s information in a virtual desktop (space) makes the authorized user of the information to rely on the storage and processing power capabilities of cloud and avoiding sensitive data from being stored in local devices.

There have been notable improvements to fill security gaps within cloud-based systems by ensuring that there is a provision for authentication, authorization and access control within the virtualized space network; this has greatly improved patient’s data security [15].

HEALTHCARE PROCESS INTEGRATION

Connectivity of hospital information systems assists in the support of quality improvement by sharing of information through cutting-edge applications. Healthcare processes are brought together through the application of cloud computing by extending the functionality of existing information [11].

UTILIZATION OF VALUABLE LEGACY

Cloud-based systems come with many positive advantages; these positive advantages to the healthcare sector translate to goodwill. An improvement in goodwill, in terms of privacy, security, and storage of data is treated as a good outcome from the cloud-based system as in generally improves how clients see the healthcare institutions [11].

ROLE BASED SECURITY

SECURITY AND PRIVACY REQUIREMENTS FOR HER ACCESS

Cloud-based systems also have challenges of security and privacy issues, others are; abuse of cloud services, cyber-attacks and malicious insider. Web integration alongside cloud-based systems requires access control as a measure to avoid security and privacy breaches from within or outside the healthcare institution. Access control is a requirement that is used to avoid unauthorized access to systems and protect the organization’s assets [11].

BACKGROUND AND LIMITATIONS OF EXISTING APPROACHES

Security focus is aimed at protecting information within the healthcare institutions, some of the approaches used in security are:

AUTHENTICATION

This approach is used in verification of the user identity, to curb breach of information. The following are some of the most common methods used in an authentication system:

PASSWORDS AND PINS BASED AUTHENTICATION

These are the most commonly used in knowledge-based authentication method if the password is longer it is then considered stronger. Strong passwords are encouraged by combining numbers, symbols, and mixed cases and for the password to be protected, during transmission processes the Transport layer security (TLS) or secure socket layer (SSL) features should be enabled to create an encrypted channel for data sharing and exchange [15].

PUBLIC-KEY AUTHENTICATION

Public-key cryptography has an authentication method that utilizes a key pair, a private key and a public key. The private key is the user’s knowledge and it’s not advised to be shared with any other server or user. The public key, on the other hand, is different from the private key for it is recognized by a public-key certificate, a certificate offered by a certification authority and is public [11].

Its implementation can be undertaken as a hardware or software token depending on situations. In soft token authentication, the private key is stored in the key store of the operating system (OS) or an encrypted file [15].

SMS BASED AUTHENTICATION

This form of authentication is used as a delivery channel for a single use password generated by the information system. The system sends the password to the user and then he types back the password as received by phone, to complete the authentication [11].

SMS can also be used to protect against attacks from the man-in-the-middle (MITM) who may use a fake website on the internet to intercept crucial information and use it to confirm the authentication or transactional information. This form of authentication has the advantage that the user is not required to carry extra portable devices as compared to other authentication devices that require possession [15].

SYMMETRIC-KEY AUTHENTICATION

In this authentication, the user is expected to share a unique, secret key, embedded in a hard token in most cases with an authentication server. The user is allowed to send a randomly generated message alongside his/her username in order to be authenticated. The randomly generated message is encrypted by the secret key and where the server succeeds in matching the encrypted message received, it automatically confirms that the user has been authenticated [15].

BIOMETRIC AUTHENTICATION

This method utilizes an individual’s measurements of a physiological or behavioural feature through digitalization. This method verifies the claimed identity of a user and compares it with a stored value of the biometric characteristic in question. The most common biometric include fingerprint/palm print, hand geometry, retina scan, iris scan, signature dynamics, keyboard dynamics, voice print, and facial scan [8].

ACCESS CONTROL

This is a security technique used in ensuring security in information systems, it basically regulates who or what can view or use what kind of data in a computing environment. This technique has two main types of access control: Logical and physical [8].

The physical access control technique is responsible for controlling limits access to campuses, rooms and other physical IT needs while the logical access control limits connections to computer networks, data and system files.

There are four main categories of access control: mandatory access control, discretionary access control, role-based access control, and role-based access control. Access control systems are tasked with authorization identification, authentication, approval, and accountability of entities via login specifics like password, PINS, biometric scan etc.

AUDIT TRAILS

Audit trails keep records for system activities (system and application) by the user who leaves activity trails. Audit trails alongside other tools of security can assist in detecting security violations, problems related to performance, and any application flaws.

A series of computer events are recorded in the system, the recording is based on different activities. This auditing analyses management, operations and technical controls. These audits are important for providing a means to help in accomplishing a number of security-related objectives like accountability and reconstruction of events [8].

Physical security of external communication links and access this process involves a five-step process;

· Availability where assurance follow-ups are done to ensure that there is accurate and updated information required at any particular time.

· Accountability, this approach is aimed at ensuring that the healthcare institutions, in-charge of providing healthcare facilities are responsible for their access to and utilize data (information).

· Perimeter identification, this is an approach that monitors the boundaries (that should be known) of trusted access to the system, logically and physically.

· Controlling access, this approach restricts healthcare institutions to information that is considered essential to the performance of their jobs and limiting them from an unauthorized access to information.

· Comprehensibility and control is responsible for ensuring record owners, data stewards and customers have knowledge and control over information privacy [12].

THE PRACTICE OF SOFTWARE DISCIPLINE ACROSS THE ORGANIZATION

This approach involves a culture that combines software engineering and management excellence. It focuses on setting sensible goals for the improvement of processes in relation to the system. In mature software organizations, the software process is communicated to the entire staff and work is done according to the planned process Stand-by backups for systems and disaster recovery procedures.

In today’s approach to backup, data backup software can capture production data change more often and it is highly integrated with hardware responsible for backup. Some hardware products have the ability to backup and replicate application data, thereby removing the need to have the separate software.

ROLE-BASED KEY STRUCTURE

Cloud computing deploys models in relation to a location; the following are the structures and the different deployment types:

Public cloud is a structure that involves hosting where cloud services are delivered through a network to the public for use. This structure restricts users from having control over the location of the infrastructure. Its’ cost is shared by all users, and they may be free or come in the form of a license policy (pay per user). Public clouds are considered the best for organizations that are in need of managing the host application and the various applications used by users [6].

A private cloud, on the other hand, is a structure or a cloud makeup that is only used by one organization. This structure gives organizations transfers greater responsibilities of control over security and data to the organization; this is often protected by a firewall that is internally managed by the organization. This structure can be hosted internally or externally and an organization can use it to interact with customers while protecting their data through a private cloud user [6].

A community cloud is another structure that is mutually shared among organizations that are identifiable with a known/certain community. The members of the community share on the privacy, performance and security issues just like the organization. A community cloud can be managed and hosted from the inside or using a third party in managing and hosting of this structure.

This cloud is favorable for an organization that participates in joint ventures and require centralizes structure of cloud computing able to effectively assist in management, building and executing projects.

SECURITY AND PRIVACY ANALYSIS

An analysis of the security of cloud-based systems shows some common cloud computing security risks:

Distributed denial-of-service attacks, these attacks have increased with the advent of computing systems like phones as it was hard to launch such attacks back then as the sheer amount of cloud computing resources made it hard for attacks to be initiated.

Shared computing services, cloud hosting solutions and cloud computing services do not necessarily have to be equal. The solutions do not give the necessary security that is required between two clients, which results in sharing of resources, systems, and applications.

The sharing of systems, applications, and general resources can create a situation where threats can come from for example clients with these services and these threats may be aimed at one client which may consequently impact other clients [7].

Employee negligence and mistakes are also cloud’s security threats and remain the biggest security issue for the system. Employees may access their data by logging in through their home tablets, phones, and home desktop PCs which exposes the system to numerous outside threats.

Data loss and inadequate data backups is a threat that hits cloud computing and not forgetting that the improper syncing of data is what has led to many healthcare systems to be exposed to ransom ware. Ransom ware is a security threat that locks the company’s data away in encrypted files and preventing them from accessing the data until the ransom is paid.

Phishing and social engineering attacks may result from the openness of the cloud computing system. Phishing and social engineering attacks are as common as small confidential information can be used by attackers to break into a system with ease; this is possible because of the system’s availability. Healthcare institutions should always keep their employees informed in matters of phishing and social engineering in order to avoid such kind of attacks [7].

System vulnerabilities in networks that have a complex makeup and a number of third-party platforms vulnerability that comes to the knowledge of an attacker through the third-party’s system; it can be used easily against these healthcare organizations. This can be fought through proper patching and upgrading of protocols and the monitoring of the network.

CONFIDENTIALITY OF PATIENT DATA &HEALTHCARE RECORDS

Cloud allows medical practitioners to access and manage data and easily integrate medical records. This facilitates the access of relevant information by the medical fraternity and improves the process of data transmission.

A cloud-based and a patient-centered personal health record structure can efficiently help patients in the management of their health information concerning treatment and appointments with the doctor and it also gives them a complete understanding of their own health conditions.

A secure system is able to assist patients in making their own informed decisions, it also helps reduce the costs and improve on the pool of information and confidentiality for the customer and the healthcare institution [7].

INFORMATION PRIVACY

There have been numerous privacy violations outside the realm of cloud-based computing therefore when it comes to data ownership, privacy and confidentiality cloud-based computing is sensitive to such issues. Cloud computing applies multifactor authentication. This service is considered to be much more secure than the usual traditional username and password authentication pattern. This service combines the password with the hard token and a biometric to ensure an effective and security conscious authentication.

Security patching involves the application of security patches and testing of these patches to ensure that they were correctly applied. Physical security involves the hosting of systems by computing vendors in facilities that are considered to have stronger physical security controls with certifications.

Security certifications, compliance with privacy certification may be expensive, despite this, cloud vendors assist in providing access to systems and facilities that are approved to be certified.

CONFIDENTIALITY OBLIGATIONS IN HEALTHCARE

In the area of records management, the people in-charge in this department should be aware of their roles for the purpose of confidentiality of these records. Therefore employees should only have access to information required to carry out their role.

Information that is given in situations where it is expected that confidentiality applies, that information must not be disclosed without the information provider’s consent. Information regarding the patient be it held on paper, computer, audio recorded or visually must not be disclosed unless with the patient’s consent.

There are three circumstances under which making a disclosure on the patient’s information is lawful are: The patient himself/herself has agreed to the sharing of his/her information; when the disclosure is aimed at safeguarding the patient or others as a result of this information; and when it is required by law to so, for example, a court order.

There are codes that offer guidance ton confidentiality obligations, they include: Protecting confidential information and not disclosing or hinting on it to anyone. Sharing this information will be against the obligations expected by the health fraternity. Service users should be informed when their information is being used by ant member of the medical fraternity, this helps in upholding ethics of honesty and respect for the client. The users of this cloud-based service should be offered with appropriate choices on the uses of their personal information by the medical staff at any point in time.

If there are circumstances in which the confidential information is to be used or shared by the medical team. In the case of death, there are no binding legal obligations of confidentiality that apply to the diseased. Despite this, the health and medical councils have a common consensus that there still exists an ethical obligation that rests confidentiality obligations to continuation even after the event of death [7].

DISCLOSURE OF HEALTH INFORMATION

Disclosure of health information about a consumer is not to be disclosed by the following people: the health service provider; any staff member or former member of a service provider; any individual who happened to be a contractor of the health service provider; a volunteer or a former one at the service provider; and any member of the board of a health service provider.

The health information may be disclosed if the individual to whom the information relates to agrees to the disclosure. It may also be disclosed if the individual to whom the information relates is dead and the next of kin consents to its disclosure.

Health privacy principle permits the disclosure of a patient’s information for the purposes of activities relating to funding, monitoring, management, quality assurance or some kind of evaluation of health services. Any identified information on a patient that has been disclosed in the above circumstances must not be published in a publication that is considered to be publicly available.

Health privacy principle allows for the disclosure of information with intention to lessen or prevent the following: a serious threat to an individual’s health, life, welfare or safety; a threat to public health; a potential life-threatening situation resulting to a serious illness; infection threat that could affect another person with a disability or lead to death; and an emergency following an accident which places a person’s life in danger without a timely decision or action [7].

start date Project Analysis Project Requirement purchasing of physical Devices Projection and Planning Implication of the design Unit Testing 43221 43235 43296 43311 43342 43434 duration (days) Project Analysis Project Requirement purchasing of physical Devices Projection and Planning Implication of the design Unit Testing 31 60 30 92 30 90

1

Web Integration

Role Based Security

Clinical

Administration

task

Healthcare Process

Integration

Utilization of

Valuable Legacy

Security Analysis

Privacy Analysis

Confidentiality of

Patient Data

Healthcare Records

Information

Privacy

Disclosure of

Health care

Information

Cloud Storage

Patient/Doctor

Access

Clinical Administration task Disclosure of Health care Information Healthcare Records Confidentiality of Patient Data Role Based Security Web Integration

Healthcare Process Integration

Cloud Storage Patient/Doctor Access Privacy Analysis Security Analysis Utilization of Valuable Legacy Information Privacy