Applying blockchain technology to aspects of electronic health records in South Africa: lessons learnt

The purpose of this study was to explore the applicability of blockchain technology as a viable alternative for the secure storage and distribution of electronic health records in a South African context. The adoption of electronic health records (EHRs) has grown over recent years. Electronic health records (EHRs) can be seen as electronic versions of patients’ medical history. EHRs promise benefits such as improving the quality of care, reducing medical errors, reducing costs, saving time, and enhancing the availability and sharing of medical records. Blockchain, in simple terms, could be seen as a distributed database controlled by a group of individuals. Blockchain technology differs from other distributed ledger technology by bundling unrelated data into blocks that are chained together in a linked-list manner, hence the name blockchain. Blockchain technology strives to provide desirable features, such as decentralization, immutability, audibility, and transparency. EHRs are traditionally constructed with a cloud-based infrastructure to promote the storing and distribution of medical records. These medical records are commonly stored in a centralized architecture, such as a relational database. The centralized architecture employed by EHRs may present a single point of failure. These kinds of failures may lead to data-breaches. The cloud-based infrastructure is effective and efficient from an availability standpoint. The increased availability of electronic health records has brought forth challenges related to the security and privacy of the patient’s medical records. The sensitive nature of EHRs attracts the attention of cyber-criminals. There has been a rise in the number of data breaches related to electronic health records. The traditional infrastructure used by electronic health records can no longer ensure the privacy and security of patient’s medical records. To determine whether blockchain is a viable alternative to these approaches, the main objective of this study was to compile a technical report on the applicability of aspects of blockchain technology to the secure storage and distribution of electronic health records. The study first conducted a literature review to gather background on the current state of electronic health records and blockchain technology. The results of the literature review were used to compile an initial report. Experiments were conducted with various aspects of blockchain technology to build a technical baseline and to ultimately validate the initial report. The insights gained from the experiments served to refine the initial report into a final technical report. The final deliverable of this study was to devise a technical report. The technical report serves as a generalized overview of the applicability of blockchain technology as a secure storage and distribution mechanism for electronic health records. The main topics covered by the technical report to outline the applicability of blockchain technology to EHRs are as follows: authentication, authorization, audit log, storage and transactions. The insights gained from the study illustrate that permissioned blockchain technology can enhance the traditional AAA security scheme employed by traditional EHRs. The AAA security scheme entails the use of certificate-based authentication and attributebased access control for authorization. Audit logs can be stored in a semi-decentralized architecture that can enhance the security and privacy of audit logs. Using blockchain technology for storing electronic health records might not be a viable alternative to traditional EHRs architecture. Blockchain technology violates certain privacy regulations as information is stored in a permanent manner. Furthermore, blockchain technology is not optimized for dealing with large volumes of data. However, blockchain technology could be used to store a cryptographic hash of electronic health records to ensure the integrity of records. Permissioned blockchain technology can enhance the EHRs transaction process by transacting health records in a peer-to-peer infrastructure. In doing so, the above-mentioned AAA security scheme can enhance the security, confidentiality, and integrity of electronic health records shared across organizational bounds

Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms

Evaluating tools to support a new practical classification of diabetes: excellent control may represent misdiagnosis and omission from disease registers is associated with worse control.

To conduct a service evaluation of usability and utility on-line clinical audit tools developed as part of a UK Classification of Diabetes project to improve the categorisation and ultimately management of diabetes

The NPFIT strategy for information security of care record service

The National Programme for IT in England doesn’t have a one-document strategy for its information security of the Care Records Service, which is the national EHR system. This paper provides a comprehensive understanding of the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulations documents

Adapting structuration theory to understand the role of reflexivity: Problematization, clinical audit and information systems

This paper is an exploratory account of the further development and application of a hybrid framework, StructurANTion, that is based on Structuration Theory and Actor Network Theory (ANT). The use of social theories in general and their use in information systems (IS) research in particular is explored leading to the use of the framework to examine the concept of what are termed humanchine networks in the context of clinical audit, within a healthcare Primary Care Trust (PCT). A particular focus is on the manner in which information systems-based reflexivity contributes to both entrenching a networks’ structurated order as well as contributing to its emancipatory change. The case study compares clinic-centric and patientcentric audit and seeks to further extend the understanding of the role of information and information systems within structurated humanchine activity systems. Conclusions indicate that the use of more socially informed IS methods and approaches can incorporate more emancipatory ideals and lead to greater adoption and usage of more relevant and useful clinical information systems and practices

Tracking Report 2011 Nike, India 36033206DV

This document is part of a digital collection provided by the Martin P. Catherwood Library, ILR School, Cornell University, pertaining to the effects of globalization on the workplace worldwide. Special emphasis is placed on labor rights, working conditions, labor market changes, and union organizing.FLA_2011_Nike_TR_India_36033206DV.pdf: 40 downloads, before Oct. 1, 2020

Semi-Annual Report to Congress for the Period of October 1, 2002 to March 31, 2003

[Excerpt] It is a privilege to transmit this Semiannual Report to the Congress covering the period October 1, 2002, through March 31, 2003, summarizing the significant audit and investigative activities of the Office of Inspector General (OIG), U.S. Department of Labor (DOL). Moreover, I am pleased to introduce a new format for our report that makes use of advances in information technology and moves the OIG forward in the e-government environment. Readers will now receive a “Highlights” summary that emphasizes key audits and investigations conducted by the OIG. The Highlights contains information on how to visit our website and download the complete report. Our goal is to allow you to review snapshots of our work and quickly access those issues of most interest to you. Of special note during this reporting period was the inclusion of statutory law enforcement authority for our investigators in the Homeland Security Act of 2002 (P.L. 107-296). This authority enhances our ability to investigate labor racketeering and fraud against pension plans, which has become increasingly important as other Federal law enforcement agencies redirect their resources toward homeland security activities. Among our significant investigative accomplishments during this period was the indictment of 42 individuals including members and associates of the Genovese and Colombo La Cosa Nostra (LCN) organized crime families and Locals 14 and 15 of the Operating Engineers, for unlawful labor payments as well as other charges. Another investigation led to guilty pleas by associates of the Gambino LCN Family. In total, during this reporting period, our investigative work resulted in 337 indictments, 191 convictions, and over $55.6 million in monetary accomplishments. From an audit perspective, we issued a series of reports during this period related to the Workforce Investment Act (WIA) including youth training programs, individual training accounts, and the amount of WIA funding available to states. We hope these reports and recommendations will offer valuable information as the Congress considers WIA reauthorization. We also reported the results of our work with respect to Florida’s closeout of its job training grants, which identified significant discrepancies between the State\u27s financial status reports and its official accounting records. Also significant this period was our follow-up audit of overcharges by the Internal Revenue Service to the Unemployment Trust Fund that totaled$174 million for fiscal years 1999–2002. This targeted work, as well as other audit work, identified nearly $184 million in questioned costs. I am proud of the work of all OIG employees and their continued commitment to serving American workers and taxpayers. My staff and I look forward to continuing to work constructively with the Secretary and the DOL team to further our common goal of ensuring the effectiveness, efficiency, and integrity of the programs that serve and protect the rights and benefits of American workers and retirees