Designing an Architecture for Secure Sharing of Personal Health Records - A Case of Developing Countries

Abstract

While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: “Can personal health records be stored securely and usefully on mobile phones?” In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access. The research question was addressed through a systematic review of healthcare systems, a survey of healthcare consumers and providers, and usability experimentation. The review of health systems was conducted to refine the problem. A survey of end-users (patients and healthcare givers) was carried out, and the findings were useful in understanding the current state of practice of personal health records, understanding patients’ needs and requirements, and deciding on the components of the PHR system to be implemented. The design, development, implementation and evaluation of the PHR system were achieved through a Patient-Centred Design (PCD) approach and Human Access Points (HAP) technique. Data security was implemented by incorporating in addition, an Identity-Based Encryption (IBE) architecture. The laboratory evaluation results of the mobile phone-based PHR system demonstrate that the proposed IBE can be extended to mobile phones to secure PHRs beyond the hospital’s server domain. Additionally, the usability evaluation results reveal that the system is useful to patients in: supporting their memory; confirming personal health records and accuracy; learning about their conditions regularly; and minimising medical jargons. Moreover, none of the medical practitioners reported any concern. Instead, the medical practitioners recalled their experience with the system in a positive light: supports medical-decision making; improves relationship with their patients; xvi and provides continuity of patients’ care when the healthcare server is offline due to frequent power outages and/or unreliable Internet connections.