An access control model for a South African National Electronic Health Record System

Tsegaye, Tamir Asrat

Title: An access control model for a South African National Electronic Health Record System
Creator: Tsegaye, Tamir Asrat
ThesisAdvisor: Flowerday, Stephen
ThesisAdvisor: Wright, Graham
Subject: Medical records -- Data processing
Subject: Medical records -- Data processing -- Safety measures
Subject: Medical records -- Data processing -- South Africa
Subject: Medical records -- Data processing -- Access control
Subject: Medical informatics
Subject: Medical records -- Management -- South Africa
Subject: Health services administration -- South Africa
Date: 2019
Type: text
Type: Thesis
Type: Masters
Type: MCom
Identifier: http://hdl.handle.net/10962/97046
Identifier: vital:31390
Description: Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review.
Format: 220 pages, pdf
Publisher: Rhodes University, Faculty of Commerce, Information Systems
Language: English
Rights: Tsegaye, Tamir Asrat

Hits: 4108
Visitors: 4506
Downloads: 570

Collections

RU Department of Information Systems

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE1	TSEGAYE-MCom-TR19-162.pdf	5 MB	Adobe Acrobat PDF	View Details Download