My Health Record System - Non-Functional Requirements And Cloud-based Essay Solutions.

Please refer to the marking guide when preparing your response to see what criteria and standards will be used to assess your work and your progress.
 
Non-Functional Requirements
This sets out the critical system qualities, system interfaces, user interface requirements, and system constraints.
Use to ‘FURPS+’ acronym as reference, and ensure you at cover the non-functional aspects of the acronym, Usability, Reliability, Performance and Security.

System Quality

In the year 2012, July 1^st, Australian government has launched an electronic system called My Health Record system which is operated under My Health Records Act 2012 (Pearce & Bainbridge, 2014). This act establishes the following key roles:

1. It has a registration framework for every individual and also has an entity that provides healthcare organizations also enable the organizations to participate and help the customers with the system (My Health Record, 2016).
2. It contains a privacy framework which comes under Privacy Act 1988 which specifies that the entities can have the access to the information but illegal use of the information should have to pay penalties to the entity and to the government.
3. Having unauthorized information or having unauthorized access to the collection of data or disclosure or use of any information in and from the My Health Record system or any Healthcare Identifiers Services is considered to be as civil and criminal penalties. This is one of the key changes that have been done in the Act (My Health Record, 2016).
4. If a user or a participant who doesn’t include healthcare providers takes away My Health Record’s information abroad of Australia, then he/she will be subjected to criminal penalties.

My Personal Record has been designed in such a way that it allows enabling sharing of any health related information about a participant with the healthcare organizations or with any personnel by granting them access to the health care information. Design of the system is made with the help of stakeholder’s consultation with detailed requirements which is then followed with clinical design assurance (Pearce & Bainbridge, 2014).

Since My Health Record has been developed to empower the patients or participant’s medical decisions by themselves. It has to be noted that the large amount of data generally comes from clinical departments, patients or their guardians should take care of tracking the medical data such as symptoms of the patient on a disease and then make the data available to the records. For further clinical decisions to make on a particular disease of a patient there is need of medical history in which case there will be less error-prone of making decision by healthcare systems. Generally maintaining personal health care conditions are neglected by each and every individual but this system will provide an effective way of maintaining one’s clinical data safely (Song, Hong, & Park, 2015).

By using My Health Record system, healthcare organizations need not worry about guessing patient’s history because all the information related to the medical history of the patient will be enrolled in patient’s database and the information can be viewed if the file is shared with respective healthcare organization and it will be a smooth transition between taking healthcare organization and the patient. With the help of patient’s information, doctors too will suggest or provide services to the patient which is evidence based and avoid unnecessary measures that arise with limited information of the patient (Gliklich, Dreyer, & Leavy, 2014).

System interface refers to how the data is shared between the two entities and User interface refers how the user gets interacted with the application or the machine and how the gets transferred between the user and the machine (Armijo, McDonnell, & Werner, 2009). These two are the most important parts of the application because the data that is shared between the two entities has to be secured first because one can use the data that is out for public and can damage entities health which is a great concern and on the other hand, the application has to provide a simple go through process to interact with the user so that the application doesn’t get complicated and user finds it difficult to use the application and the data being secured comes next and if this happens then there is no point of launching the application  nationwide.

For better access of the healthcare information that has been stored in database of the system, first the data has to be available online so that the data gets easily accessible to the user or to the authorized user or to the doctors and hospitals (PwC, 2015). Without the data being online which is a constraint to the user, it gets really difficult if the server gets down because of various reasons which are called as bottleneck situations of server.

System and User Interfaces

With the data which is online, next is what measures has the government taken so that the data which is out online is reliable on how far the government is trustworthy because organizations sometimes leak the data which is a serious threat to the user. With the data being online, how fast can the application perform so that the data is loaded to the user within no-time? Since time is a big factor for every user and the application, data flow has to be maintained so that the user data waits hours for the data to be loaded.

Security is a very big concern for any organization. The data that is stored in the database should be maintained and authorized. Each and every bit of data which is related to the user should be encrypted and then stored in the database. Without enough security, allowing data breaches will cause losing trustworthiness on the application and hence on the government (My Health Record, 2016).

Cloud architecture has three types of models which are:

1. Public cloud – this deployment model provides information to all the users that are online (White, 2017; Rouse, 2017).
2. Private cloud – this deployment mode will only provide access to those users who have access to the information that has been stored on cloud and it is not public. The data is more secured and organization will maintain and provide security to the data.
3. Hybrid cloud – this model is the combination of public and private cloud and sometimes the data that has been stored, has to be public, for example- for providing service to all the users and sometimes the data has to be private, for example- data that has to be accessible to those users who have access to it (Harris, 2016).

For My Health Record system, where the data is of utmost priority, deploying Private cloud in the application and moving data to cloud will be a better approach. Since private cloud provides utmost security by asking the user to login to the application before accessing the data, this will help in protecting one’s data and can be trustworthy. It is well known fact that even cloud face issues with protecting data, it shall be discussed and briefly examined before it’s been used.

Cloud also focuses on what matters most such as maintenance, deployment strategies and procurement etc. There are three types of cloud services which are present such as: SaaS, IaaS and PaaS (Amazon Web Services, 2017).

1. The data can be leaked if the insider of the organization allows unauthorized access or allows unauthorized access to the information.
2. Since the cloud is of open platform, there can be malicious attacks on the cloud servers.
3. Although there are acts which are out there, theft of data is still an issue.
4. Deployment, configuration and data migration issues with the organization.
5. Not understanding the cloud services that have been provided by the third party (Myerson, 2013).

Traditional approach of access control

There have been many access control policies that have been over such as role-based, attribute based control systems etc. In this type of access systems, depending on the privileges that the user has been assigned to. Attribute bases access control system is built on extending role based system and this system is related to attributes, entities and to the environment. Attribute based system is more flexible when compared to the role based system.

Cryptographically enforced approach

With the help of cryptographic techniques, one can know which part of data is being accessed by which entity and this can be done in fine-grained way (Habib, 2016). With the help of symmetric key cryptography, the data which has been outsourced that relies on semi-trusted servers can be more secured. But encrypting each block of data is also an overhead and that has to be kept in mind when private cloud deployment model is chosen because in private cloud, cost factor comes into picture more frequently. So to deploy a secure model system, the proposal goes as discussed in the below sections:

• Suppose let’s say that the pharmacy person needs access to patient’s clinical health information before providing patient’s drug that has been asked. For this purpose, users have to first access the information and then share the information with the pharmacy. With the help of patient-centric privacy, user requests the server over cloud that the files related has to be secure and shouldn’t allow unauthorized access. For that the objectives were:
  • User will allow the people with reading and writing access so that the data can be viewed and written if it is needed. This should be handled with accountability (Li, Yu, Ren, & Lou, 2010).
  • User can revoke one’s access control whenever the user wishes to.
  • Data access systems should be flexible so that the data can be available in urgency.
  • System should be more scalable for detecting keys which are not in use which comes under key management and also keep track of users who try to access information illegally.

To secure the data more efficiently, there is a two-step process that can be maintained well and they are:

1. Lowering the complexity for encryption – with the user provided data, if each block of data is being encrypted, that will be an overhead and also cost will be too high to maintain. So to mitigate this, data has been classified into attributes such as roles and data types. User will encrypt the data with the help of certain encrypted tools and sets a decryption attribute. So if any user has to access the data, decryption has to be done to either view or write the data (Li, Yu, Ren, & Lou, 2010).
2. Dividing the users – users will be divided into multiple security domains such as public domain and personal domain. Owner of the file will have the authority to maintain every domain and can add attributes or users based on the privileges. Owner has options to show some part of data as public and some part of data as private and this can be easily maintained by the public and personal domains.

With the help of above discussed points, SDLC approach will be as follows:

• Requirement analysis – the data that is present on cloud doesn’t have full security and the sharing environment is not proper. So the requirement is to build a framework or a platform so that the data is of more secure and also can be shared effectively.
• Designing of the framework -  with the help of encrypting techniques and also with the help attribute based access control systems, this can be managed effectively by the owner of the files itself without moving the security to the cloud deployment model and accuse of high costs to maintain and manage the architecture.
• Implementation – by re-designing the application so that the user or the owner will be able to encrypt the data that has to be made private with the help of encrypting techniques and also make some part of data as public that can be viewed without any decrypting keys.
• Operations and maintenance – since the framework is completely user based servers that are built for running the application fast so that the data flows fluently without delays. The data that has been saved should be made available on cloud and this will help in accessing the data from any part and not relying on the data centers that are present at a particular location.

References

Amazon Web Services. (2017). Types of Cloud Computing. Retrieved from https://aws.amazon.com/what-is-cloud-computing/

Armijo, D., McDonnell, C., & Werner, K. (2009, October). Clectronic Health Record Usability. Retrieved from https://healthit.ahrq.gov/sites/default/files/docs/citation/09-10-0091-2-EF.pdf

Gliklich, R. E., Dreyer, N. A., & Leavy, M. B. (2014). Registries for Evaluating Patient Outcomes: A User's Guide (3rd ed.). Rockville: Agency for Healthcare Research and Quality (US).

Habib, R. (2016, April 11). My Health Record and the road to digital health.

Harris, T. (2016). Cloud Computing - an overview. Retrieved from https://www.thbs.com/downloads/Cloud-Computing-Overview.pdf

Li, M., Yu, S., Ren, K., & Lou, W. (2010). Securing Personal Health Records in Cloud Computing: Patient-centric and fine-grained data access control in multi-owner settings. SecureComm, (pp. 89–106).

My Health Record. (2016, April 03). Benefits of having a My Health Record. Retrieved May 2017, from Myhealthrecord.gov.au: https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/find-out-benefits

My Health Record. (2016, April 30). Legislation and governance. Retrieved May 2017, from Myhealthrecord.gov.au: https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/legislation

Myerson, J. M. (2013, January 07). Best practices to develope SLAs for cloud computing.

Pearce, C., & Bainbridge, M. (2014, March 20). A personally controlled electronic health record for Australia. Retrieved May 2017, from Ncbi.nlm.nih.gov: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4078271/

PwC. (2015, December). Sixth Clinical Safety Review of the My Health Record System. Retrieved from https://www.safetyandquality.gov.au/wp-content/uploads/2016/05/Sixth-Clinical-Safety-Review-of-the-My-Health-Record-System.pdf

Rouse, M. (2017). What is a Public Cloud? Retrieved from Tech Target: https://searchcloudcomputing.techtarget.com/definition/public-cloud

Song, Y.-T., Hong, S., & Park, J. (2015, August 06). Empowering patients using cloud based personal health record system. Retrieved May 2017, from ieeexplorer.iee.org: https://ieeexplore.ieee.org/document/7176216/

White, J. (2017). Private Vs. Public Cloud: What's the Difference? Retrieved from https://www.expedient.com/blog/private-vs-public-cloud-whats-difference/