ELECTRONIC HEALTH RECORD (EHR) ENCRYPTION SYSTEM
1.1 Background of The Study
Paper-based health records are rapidly becoming outdated. They are
easily lost, are subject to wear and tear, are costly to handle, cannot
be transferred electronically, may be difficult to interpret, and are
inefficient. These fundamental drawbacks are driving a transition across
the globe towards Electronic Health Records (EHRs).
Patience in the hospital are been diagnosed and treated, this
diagnostics and treatment are been recorded for future purposes in the
electronic health record system (EHR) of the hospital. This record
should be protected at all cost from a third party.
This master’s thesis offers a practical solution using cryptography
to protect these sensitive electronic records of patients and staff in
Federal Medical Center (FMC) Makurdi, Benue State and gives them privacy
control over who views their treatment and symptoms, and every other
sensitive information in other units of the hospital.
1.2 Statement of the Problem
Most people in the society, are been discriminated or been treated
wrongly, in their various environment because of the nature of their ill
health which was been exposed by the third party.
In the 21st century where most patient medical records are stored
electronically and most medical institutions have their electronic
health record system running on a network (local or internet), these
network may not be fully secured for such sensitive medical information
considering the increase rate of cyber crime and information theft.
It will be imperative to use a security measure where even if the
third party get hold of these sensitive health record, the content
especially the treatment and symptoms will be scrambled and unreadable.
Using a cryptographic method to secure this patients electronic record
will be best to achieve the desired result (i.e scrambled or unreadable)
and will give the patient full privacy control over his/hers medical
record with a given key and decided who views their record.
Federal Medical Center (FMC) Makurdi needs to have a system that will
secure not just patients sensitive data but also other very important
data about various units and their staff in the hospital.
1.3. Objectives of the Study
The general aims of this project work are to design a system that can:
1. Authenticate and provide access to right users.
2. Introduce a higher level of security (the use of a
cryptographic “Secret Key”) where patients and medical staff are in
charge of sensitive record in their unit rather than just the normal
Login and Password.
3. Add patient’s records and equally encrypt sensitive information about them.
4. Append the diagnosis records and secure.
5. Capture the basic data in the following basic unit of Federal
Medical Center (FMC) Makurdi: card and record unit, consultant unit,
pharmacy unit, laboratory unit, bursary /accounting unit and provide an
area where patient can view their file.
6. Protect sensitive information at the various unit using user
login security and triple DES encryption method there by assigning
unique decryption key for each user which works when there is a right
login credential and secret key combination for that particular logged
7. Encrypting sensitive data by default using the logged in user’s secret key which is only known by the logged in user.
8. Providing a flexible means of changing login password if it is been compromised.
9. Providing a flexible means of allowing users to change their
secret key, by providing a security question and answer which was
provided when they created the account and the old key if key has been
Providing a security emergency rule called “glass breaking rule”
where only the admin staff can use patient id and his own secret key to
get patient secret key to enable doctors see patient record.
11. Finally, to design a system this will help to
overcome the problem of stigmatization on patients living with a
1.4 Scope of the Study
The main focus of the project is the implementation of data
encryption and decryption on patient’s privacy in E-records. The system
will be secured in cases where only the authorized person has the needed
cryptographic key to decipher the message. The system does not provide
any security where an unauthorized user has knowledge of the encryption
It also offers a practical solution to the sharing of medical data
where privacy and security are robust and where the records can be
trusted as being unaltered and unchanged as they pass between providers
in the following units in the hospital, these include:
1. Card and record unit
2. Consultant unit
3. Pharmacy unit
4. Laboratory unit
5. Bursary /accounting unit
Federal Medical Center Makurdi, Benue State, will be used as case study for this work.
1.5 Significance of the Study
This project, allows patients have right over their secret key and
allows them to give an authorization secret to any of the medical
personnel through different communication channels (e.g. phone or as a
paper code). This token allows them to access the patient's E-record
data while the patient does not need to be present at the time of access
as he does not need to enter a PIN for authorization.
This approach provides more flexibility and retains the security and
privacy properties of patient-controlled E-record encryption.
1.6 Limitations of the Study
This system applies to only hospitals where patient’s records are
stored electronically. The project isn’t concern about building a full
hospital management system but trying to demonstrate how encryption
method of security can be combined with the normal logging in to protect
sensitive information. Other cryptosystem weren’t used in this research
due to its research nature and time, the algorithms used became
limited. Also financial constraints and time, limited further research
on this study.