Browsing by Author "Ssembatya, Richard"

Now showing 1 - 5 of 5
  • Thumbnail Image
    Item
    An access control framework for protecting personal electronic health records
    (The MAURICON 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), 2018) Izaara, Ambrose Atiheire; Ssembatya, Richard; Kaggwa, Fred
    The increasing expansion of wireless systems and the extensive popularity and usage of mobile devices such as mobile phones and wireless tablets represents a great opportunity to use mobile devices as widespread health data access tools. Unfortunately, some problems impeding the general acceptance of mhealth such as privacy protection, limitation of wireless networks and handheld devices are still common. Challenges such as unreliable data repositories and limited connection speeds in resource-limited environments are also evident. The inadequate capabilities of hand-held devices and wireless systems make these Public Key Cryptography based frameworks unsuitable for mobile networks. Moreover, these protocols were designed to preserve the customary flow of health data, which is vulnerable to attack and increase the user’s risk. This research drew its foundations from literature and theoretical review and used qualitative approaches. In this paper, the researchers build on existing concepts of Medical Information Systems and use of Symmetric Key Infrastructure to design a framework for secure access to personal electronic health records. The framework provides identity protection for a patient from all forms of unauthorised data access. The framework not only reduces the computational operations between the engaging parties, but also achieves privacy protection for the user. Validation results from ICT experts demonstrate that the designed framework is applicable to secure access to personal medical health records in resource-limited settings.
  • Thumbnail Image
    Item
    Issues of Adoption: Can Health Services Designed for Developed Countries be adopted in Developing Countries?
    (Proceedings of the Tenth International Network Conference (INC2014), 2014-07) Ssembatya, Richard; Zawedde, Sylvia
    Electronic health record (EHR) systems are a popular mechanism for accessing health records in the developed world and have contributed towards improved and cost-effective health care management. However, the development of appropriate and scalable EHR systems in developing countries has been difficult to achieve because of certain limitations inherent in the technological infrastructure. For instance, bandwidth limitations and power outages make it difficult to guarantee dependability in terms of accessibility to the data. This paper presents a comparative study of 19 EHR systems in terms of the security and usability of these systems within the context of the developing world. The evaluation is based on a number of dimensions such as development environment, system platform, type and access control standards found in the National Institute for Standard and Technology (NIST) and Certification Commission for Health Information Technology (CCHIT). Our research indicates that all the systems evaluated require online access control decisions. Access to data on a central server is controlled by a mechanism that verifies/authenticates users or parties wanting to view/modify/edit patient records. However, solely relying on an online access control system is limiting, particularly in developing countries where access to the server can be disrupted by a number of disastrous events. Additionally, literature also reveals that all the evaluated tools were developed with the user contexts in the developed World and therefore do not represent the needs of the patients and medical practitioners in the developing countries.
  • Thumbnail Image
    Item
    On the challenge of adopting standard EHR systems in developing countries
    (Association for Computing Machinery (ACM), 2013) Ssembatya, Richard; Kayem, Anne V.D.M.; Mardsen, Gary
    Electronic health record (EHR) systems are a popular mechanism for accessing health records in the developed world and have contributed towards improved and cost-effective health care management. However, the development of appropriate and scalable EHR systems in developing countries has been difficult to achieve because of certain limitations inherent in the technological infrastructure. In this paper, we present a comparative study of 19 EHR systems in terms of the security and usability of these systems within the context of the developing world. Our aim was to investigate whether online health services designed for developed countries can be adopted for EHR systems in developing countries. The investigation was based on a number of dimensions such as development environment, system platform, type and access control standards found in the National Institute for Standard and Technology (NIST) and Certification Commission for Health Information Technology (CCHIT). Our research indicates that all the systems evaluated require online access control decisions. Solely relying on an online access control system is limiting, particularly in developing countries where access to the server can be disrupted by a number of disastrous events.
  • Thumbnail Image
    Item
    Secure and efficient mobile personal data sharing in resource constrained environments
    (IEEE 29th International Conference on Advanced Information Networking and Applications Workshop (WAINA), 2015) Ssembatya, Richard; Kayem, Anne V.D.M.
    Although personal health record (PHR) systems are widely used in the developed world, little has been done to explore the utility of these PHR systems in the developing world. One of the key reasons behind this is the fact that a lot of areas in the developing world suffer from technological impediments that are a result of poor infrastructure, low literacy, intermittent power connectivity, and unstable bandwidth connectivity. In technological resource constrained environments such as these, deploying standard PHR systems is challenging and so it makes sense to redesign these systems to cope with the environmental limitations in order to offer users a usable and reliable platform. Furthermore, healthcare data is inherently privacy and security sensitive so, in re-designing the PHR system the security and privacy requirements need also be taken into consideration. The idea in this case, is to opt for security mechanisms that offer the same levels of security as is the case in the standard PHR systems that are used in the developed world, but that are also lightweight in terms of performance and storage overhead. In this paper, based on the observation that mobile phone use is widely proliferated in developing countries, we propose an access control framework supported by identity-based encryption for a secure Mobile-PHR system. Results from our prototype evaluation (laboratory and field studies) indicate that the proposed IBE scheme effectively secures PHRs beyond the healthcare provider's security domain and is efficient performance-wise.
  • Thumbnail Image
    Item
    Using particpatory design technique in the design of the mobile phone-based health application for patients: a case from Uganda
    (2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), 2018) Ssembatya, Richard
    Mobile health represents a relatively new trend in the field of health and involves the use of mobile devices to support healthcare. Despite this, there are still open challenges with respect to design, functionality and implementation aspects. The aim of this paper is to illustrate how to involve patients in the design and testing of the mobile phone-based Personal Health Record (PHR) system called M-Health App, and report our two-hour participatory design sessions with patients at Allan Galpin Health Centre - Uganda. The paper further presents insightful results from our formative evaluations, which will be used in the further implementation of M-Health App.