Interactive web based e-health record management

Ministry of Higher Education And Scientific Research University of Technology Computer Science Department

Interactive web based e-health record management system A Dissertation Submitted to the Department of Computer Science ofthe University of Technology in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Computer Science

BY:

Suhiar M.Zeki Abdul Alsammed

Supervised By Prof.Dr.Abdul Monem S.Rahma

2018

‫انا فتحنا لك فتحا مبينا ليغفر لك هللا ما تقدم من ذنبك‬ ‫وما تأخر ويتم نعمته عليك ويهديك صراطا مستقيما‬ ‫وينصرك هللا نصرا عزيزا‬

‫سورة الفتح ﴿ اآلية ‪﴾3-1‬‬

DEDICATION Success is two wings

My mom and I I do not like the night except with your thankfulness and the daytime to your obedience. To those who reached the message and led the Secret to the Prophet of mercy and light of the worlds... Prophet Muhammad peace is upon himtariat. To my angel in life... to the meaning of love and to the meaning of compassion and dedication... To the smile of life and the secret of existence To whom were the secret of my success and the tenderness of surgical balm to the most my love

Dear Mother To all who have God with prestige and dignity... To those who taught I tender without waiting... To whom I carry his name with all pride... I ask God to extend in your age to see the fruit has come harvested after a long waiting and will remain your stars Stars I promise today and tomorrow and forever...

My dear father

Suhiar 2018

Acknowledgements First of all, thanks for "Allah" who enabled me to achieve this thesis and who has given me greatest pride to carry out my research under the supervision of Prof.Dr. Abdul Monem S.Rahma for his valuable advice, guidance, cooperation, support of my PhD study and related research, for his, motivation, and immense knowledge. Also to express gratitude to Ass.prof Dr. khuder shukr Instructor of Brain and Neurosurgery at the Faculty of Medicine / Mustansiriya University for his support and guidance. Many thanks and gratitude to my dear mother and father for encouraging me to continue my path of success and to draw strength from them.

Suhiar mohammed zeki abdul sammad 2018

Abstract

E-health is a large domain of research and applications of Information and Communication Technologies (ICT), not only in Medicine, but in the broad field of healthcare, including homecare and personalized health. E-health can be broadly defined as the application of information and communication technology (ICT) to health and healthcare. A web application typically comprises of front end (web pages) and a backend (database) with which user interact through the browser.

Therefore, in this project, interactive web-based E-health record management system was designed to serve the citizens in the first instance and the second-class doctor and to organize an electronic card for each citizen, including information about the patient and when using the system, access to the site of the health center electronically and contact the doctor concerned. The sick citizen can also book an appointment to visit the doctor surgical procedures or the date of examination through electronic medical devices and also the possibility of contacting ambulances and to know the numbers of phones in the event of emergency and urgent situations.

In the system that was designed, KDD, data warehouse and OLAP were used to achieve an individual medical analysis and then a community analysis for community health management to be processed scientifically and accurately using modern communication devices to establish communication between the patient

and the doctors and the workers in health sector to provide time and effort for remote and rural areas. Also, in order to provide correct access to the records of the patient and the proposed system data and information, suggestion of authentication method is presented. The proposed authentication method uses MD5 hash function, triple DEC encryption method and mathematical calculation.

List of Contents Chapter One: General Introduction

Page

1.1 Introduction

1

1.2 Related Work

2

1.3 The Problem Statement

6

1.3 Aim of the dissertation

7

1.4 Dissertation Layout

7

Chapter Two: Theoretical Background

Page

2.1 Introduction

8

2.2 Electronic Health Care

8

2.2.1 Aim of the EHRs

14

2.2.2 From the Paper Based Patient Record to the HER

15

2.2.3 Health Information Exchange

16

2.2.4 Data Protection, Security and Traceability

17

2.2.5 Decision Support

17

2.2.6 Secondary Reuse of the Patient Data

18

2.2.7 Teaching Activities

18

2.2.8 Accreditation, Certification

18

2.2.9 Typology of EHRs

20

A. EHRs in Primary Care Facilities

20

B. EHRs in the Hospital Information System

20

C. Shared EHRs and Personal Health Records (PHRs)

20

D. Pharmaceutical Record

21

2.3 Knowledge Discovery in Database

22

2.4 Data Mining

25

2.4. 1 Data mining parameters

25

2.4.2 Data mining tools and techniques

26

2.4.3 Benefits of data mining

27

2.4.4 Issues in Data Mining

28 28

2.5 Data Warehouse 29 2.6 OLAP

2.6.1 Advantages of OLAP 2.6.2 OLAP for Multidimensional Analysis 2.6.3 Implementing an OLAP Solution

30 31 32

2.7 Data Security

33

2.7.1 Cryptography

33

2.7.1.1 Symmetric-key Algorithms

34

A) Data Encryption Standard (DES)

35

B) Double DES

36

C) Triple or 3DES

36

2.7.1.2 Public-key Algorithms

38

2.7.2 Hashing

39

2.8 Web Application

42

Chapter Three : The Proposed System

Page

3.1 Introduction

44

3.2 Definition of the Proposed System

44

3.2.1 Healthcare system main users

45

3.3 Healthcare management

46

3.4 The Proposed System

51

3.4.1 The Proposed System Tools

53

3.4.1.1 KDD

53

3.4.1.2 Data warehouse

53

3.4.1.3 OLAP

54

3.4.1.4 The Proposed Authentication Method

54

3.5 The Proposed System Work Procedure

56

3.5.1 The patient case

57

3.5.2 The Doctor Case

58

3.5.3 The administrator case

59

3.6 The Proposed System Services

60

Chapter Four : Implementation and results

Page

4.1 Introduction

63

4.2 Description of the proposed system Software

63

4.3 Proposed System Requirements

71

4.3.1 System inputs within system requirements

71

4.3.2 Inputs of health services in the system

71

4.4 Interfaces of the Implemented Proposed System

71

4.4.1 Home page

72

4.4.2 Patient pages

76

4.4.3 Doctor pages

85

4.4.4 The administrator pages

93

4.5 Quality of the proposed healthcare system

81 82

4.5.1 Measurement the quality of healthcare system with 6-sigma 4.5.1.1 Quality management (before and after the proposed

103

system)

4.5.1.2 Questionnaire about the proposed system

4.5.2 Security

4.6 Comparisons

104

105

106

Chapter Five : Conclusions and Recommendations for Future Work 5.1 Conclusions

Page 109

5.2 Recommendations

110

References

111

List of Abbreviations Abbreviation

Full Words

E-Health

Electronic health

IT

Information technology

IS

Information System

OLAP

On-line transaction processing

EHR

Electronic Health Record

DB

Data base

SQL

Structured query language

HDDB

Health distributed data base

HAMS

Health and management system

HIT

Health information technology

HIM

Health information management

HI

Health informatics

DW

Data warehouse

ETL

Extraction transformation loading

EHR

Electronic health record

DSS

Decision support system

KDD

Knowledge data base

3D

Three dimension

4V

Four (volume, verity, velocity, veracity)

ICT

Information clinical technology

MIS

Management information system

QOS

Quality of system

X-Ray

X radiation

RX

recipe

APP

Application

CSS

Cross site scripting

DES

Data encryption standard

JQuery

Java query

OS

Operating system

MVC

Model view controller

OLTP

On-line transaction presses

CSRF

Cross site request forgery

WIFI

Wireless fidelity

List of Algorithms Algorithm No. 3.1

Title The proposed Authentication method

Page 55

(Registration Case) 3.2

The proposed Authentication Method (Login

55

Case) 3.3

The patient case

57

3.4

Doctor Case

58

3.5

The administrator case

60

List of Figures Figure No. 2.1 2.2 2.3

Title Telemedicine Platform Telemedicine System Workflow Copy Screen Of An EHR

Page 10 11 13

Medical Information Exchanged In A Variety Of 2.4

Environments-Battlefield, Research Facility,

17

Emergency Scene 2.5 2.6 2.7 3.1

The Steps Of The KDD Data Mining Phases Md5 Hashing Healthcare Devices

22 26 42 44

3.2

Healthcare Management

48

3.3

General Architecture Of The Proposed System

52

3.4 3.5 4.1 4.2 4.3

The Data Warehouse

54

The Propose System Main Users CSS And HTML

57

Language Library

65

Web Application

64

66

4.4 4.5 4.6

Model View Controller Database Diagram Main Interface Of The Proposed Method

67 70 72

The First Option Of The Main Proposed System 4.7

4.8

Interface And It’s Suboptions. Blog Interface

73

74

4.9

Medicine Interface

74

4.10

Contact Interface

75

4.11

Contact Interface

75

4.12

The Determining Of The Login Page.

76

4.13

The Login Page.

77

4.14

Patient Login Information (User Name And Password).

77

4.15

Shows The Home Page.

78

The Second Option Of The Main Patient Pages 4.16

Of The Proposed System Interface And It’s

79

Suboptions. 4.17

The Blog Page

79

4.18

Shows The Medicine Page.

80

4.19

The Contact Page.

80

4.20

The Patient Options.

81

4.21

Patient Information.

81

4.22

Patient Appointments.

82

4.23 4.24 4.25 4.26 4.27 4.28 4.29 4.30

Appointments Information Registration Sentinel Doctors. Sentinel Pharmacy. X-Ray Information. RX Information. Main Page The Determining Of Login Page The Login Page.

82 83 83 84 84 85 86 86

Doctor Login Information (User Name And 4.31

Password).

78

4.32

The Home Page.

87

The Second Option Of The Doctor Page Of The 4.33

4.34

Proposed System Interface And It’s Suboptions. The Blog Page Of The Doctor Main Pages.

88

89

4.35

The Medicine Page Of The Doctor Main Pages.

89

4.37

The Contact Page Of The Doctor Main Pages.

90

4.38

Shows The Doctor Page.

90

4.39

Doctor Information.

91

4.40 4.41

Appointments Information. Sentinel Doctors Page

91 92

4.42

Sentinel Pharmacy

92

4.43

. The Home Page.

93

4.44 4.45 4.46 4.47 4.48 4.49 4.50

The Login In The Proposed System The Login In The Proposed System Page. The Home Services Page. The Home Blog Page. The Home Medicine Page. The Home Medicine Page. The Admin Area Page.

94 94 95 95 96 96 97

4.51 (a)

The Statics Information

97

4.51 (b)

The Statics Information

98

4.52

The Doctor’s Information.

98

4.53 4.54

The Families Information. The Patient’s Information

99 99

4.55

The Appointments Choosing

100

4.56

The Sentinel Doctors.

100

4.57

The Sentinel Doctors.

101

4.58 4.59 4.60

The RX.

101

The X-RAX.

102

The Home Page.

102

List of Tables Table No. 2.1 4.1 4.2

4.3

4.4

Heading Compares advantages and drawbacks between paper-based PR and EHR. quality measurement of health care System

Healthcare quality before the proposed system

Healthcare quality after the proposed system The accepted by medical professionals, including doctors, nurses and health technicians

Page 14 103 103

104

104

4.5

Comparison result of the related works with the proposed system.

106

Chapter one

General Introduction Chapter one General Introduction

1.1 Introduction

A data warehouse is a kind of management technique that collect business data from different stations of the enterprise network, so that it can provide efficient data analysis to decision makers [1]. The data warehouse (DW) technology was developed to integrate heterogeneous information sources for analysis purposes. Information sources are more and more autonomous and they often change their content due to perpetual transactions (data changes) and may change their structure due to continual users' requirements evolving (schema changes). Handling properly all type of changes is a must. In fact, the DW which is considered as the core component of the modern decision support systems has to be update according to different type of evolution of information sources to reflect the real world subject to analysis [2].

Moreover, data warehouses provide online analytical processing (OLAP) tools for the interactive analysis of multidimensional data of varied granularities, which facilitates effective data generalization and data mining. OLAP: On-Line Analytic Processing Starts with “summarizing” the data before it is possible to execute the queries (to receive a report) , this is building “the cube” , this can take a long time , both more efficient response for analysis queries, Data (summarization) is presented as cubes and sub cubes [3].

1

Chapter one

General Introduction

E-Health is a recent concept that facilitates delivering information and services using the Internet technology and other technological tools [4]. The e-Health term is widely used by many academic institutions, individuals, funding organizations, and professionals. E-Health can improve the traditional services delivery and channels of communication for the aim of providing individuals with all services they need [5]. Additionally, e-Health systems encourage patients to be involved in making accurate health decisions, and also empower the communication between patients and physicians [6].

In the proposed system data warehouse, OLAP will be used to design E-health management system. Since the properties of the DW and OLAP will be used to make the proposed system efficient in making most of the E-health needs.

1.2 Related Work In the following, some proposals have been drawn from the scientific literature for the implementation of E-health related to this dissertation objective: 1. A. Jalal-Karim , et al ., “Storing, Searching and Viewing Electronic Patient Segments using Multidimensional Data Model”, 2008. They introduced virtual approach system which builds a suitable solution for integration and get benefit of high volumes of complex healthcare data through congregate and use of both OLTP and OLAP systems in order to create and capacitate the integration

of

heterogeneous

healthcare

data

source

into

a

centralized data warehouse. The Data Warehouse utilize and support 2

Chapter one


creation of multifarious kind of reports that facilitate clinicians to maximize the views of different measurements of Patient Care Records in order to make the right diagnosis, as well as support medical decisionmaking process [7].

2. Guillermo Riva , et al.,” Low level communication management for e-health systems “,2011. In this work they propose taking advantage of actual data processing and communications technologies available in the country for mobile e-health applications. Special emphasis is put on efficient use of constrained resources through low level communication management. They demonstrate the viability of this approach through simulations of the target hardware platform [8].

3. Sikder, et al.,” Electronic health record system for human disease prediction and healthcare improvement in Bangladesh”,2013. They new

designed

approach

that

user-friendly is

phenotypic

EHR term

system binding,

with which

a help

physicians predict the disease and as well improve facilities of healthcare. This application allows patients to register, access EHR system to do some functionality, such as view personal data, alter data when needed, and so on. The health worker also plays a significant role in this system. On the other hand, the physician

is the most important part that uses a new

concept appears in this system that is phenotypic term binding that

retrieves

phenotype

that

physicians

disease [9]. 3

use

to

predict

the

Chapter one


4. Antonios D. , et al.,” Towards a Prototype Medical System for Devices Vigilance and Patient Safety”, 2014. In this paper they presented the core components of the MEDEVIPAS prototype system for medical devices vigilance and patient safety. The proposed system matches data regarding reports of adverse events against medical devices inserted by the healthcare providers. They presented an entity matching algorithm that also provides

provisions

for

alternative

namings

of

entities

(i.e.,

manufacturers) that can also assist the vigilance process in multilingual systems, as well as briefly described the capabilities of our web interface [10].

5. Ali Abdullrahim, et al.,” A Framework of E-Health Systems Adoption and Telemedicine Readiness in Developing Countries”, 2016. A conceptual framework was developed with the factors contributing to TR and e-health systems adoption at an organizational level to adopt and utilize telemedicine technologies in order to provide healthcare to service users in developing countries. Research integrity depends on the accuracy of the measures used. The results of the validity testing on the survey questionnaire in this study indicated that it is an accurate measure of TR. The processes used to validate the survey questionnaire were thorough and suitable. Additionally, demographic variables and their relationships and influences on TR in Libya were also examined [11].

4

Chapter one


6. W. Liu, et al.,” Advanced Block-Chain Architecture for e-Health Systems”, 2017. They describe block chain architecture as a new system solution to supply a reliable mechanism for secure and efficient medical record exchanges. The Advanced Block-Chain (ABC) approach was designed to meet the demands in healthcare growth as well as in the new form of social interactive norms. It is going to revolutionize the eHealth industry with greater efficiency by eliminating many of the intermediates [12].

7. Kumari Nidhi Lal , et al.,” E-Health Application using Network Coding based Caching for Information-centric Networking (ICN)”, 2017. They proposed Information-centric networking based framework over WBAN as the primary enabler for E-health applications. If users of wireless body area network (WBAN) use IP network, they face many issues such as packet loss, security etc. So, Information-centric network (ICN) is proposed to solve such problems with exploitation many advantages like efficient resource management, scalability, reduction of traffic and security. ICN router has the caching capability to cache the contents. In this way, users of ICN-based WBAN do not need to directly connect with the hospital server to access patient data. Further, they propose a protocol for ICNWBAN to provide a secure, efficient and reliable E-health application services to meet the required needs of the current IP protocol stack and devices [13].

5

Chapter one


8. Raafat Aburukba,et al., “Remote Patient Health Monitoring Cloud Brokering Services”, 2017. This work proposes a healthcare brokering services that enables the integration with existing cloud platforms to capture the data from the patient’s devices. Moreover, the work also presents a way to model the patient’s health condition to be remotely monitored and takes right decision at the right time. This work is validated by a prototype implementation [14].

1.3 The Problem Statement The problems which need the designing the proposed system can be categorized as following points: 1. The management of the E-health information doesn’t have accuracy which makes it not useful to use it. 2. Asynchronous between hospitals parts which are doctors, administrators, ambulance and so on. 3. The need to provide general overview about the available medical information and resources which are sentinel doctors, sentinel pharmacy, ambulance, medicine and so on. 4. The need to perform statics about diseases to provide the required doctors, medicine. 5. Provide statics about the blood types to provide the hospitals with the required blood types.

6

Chapter one


1.4 Aim of the dissertation The main aim of this dissertation is to: 1. Providing accuracy to the E-health management information to be useful. 2. Synchronous between the hospitals parts (doctors, mangers, ambulance). 3. Providing general overview about the available medical information and resources which are sentinel doctors, sentinel pharmacy, ambulance cars, and medicine and so on. 4. Performing Statics about diseases to provide the required doctors and medicine. 5. Providing statics about the blood types to provide the hospitals with the required blood types. 6. Easy Performing appointment reservation. 7. Providing intermediate environment between the doctors and patients under the control of the system administrator. 1.5 Dissertation Layout In addition to chapter one which gave an introduction to the dissertation, the other chapters will be:  Chapter two presents the theoretical background of proposed system.  Chapter three presents the proposed system design.  Chapter four the presents the proposed system implementation and

result.  Chapter five provides conclusions and future work for the proposed

system.

7

Chapter Two

Theoretical Background Chapter Two Theoretical Background

2.1 Introduction This chapter is structured as theoretical background associated with the proposed system. It contains E-health, KDD, data mining, data warehouse, OLAP, data security, and web application.

2.2 Electronic Health Care E-health may be identified as the application of information and communication technology (ICT) to health and healthcare (Telemedicine 2010, report from the WHO). The World Health Organization (WHO) has stated recently that the term “health” isn’t just bound by the absence of illness (whether acute or chronic) but also corresponds to a “state of complete physical, mental and social well-being”. Therefore, the definition of E-Health by WHO is “a cost-effective and secure use of information and communication technologies in support of health and health-related areas, which includes health-care services, health surveillance, health literature, and health education, knowledge and research”. The word “health” is also related to activity limitations and participation restrictions in life in society (in other words, the disabilities). One more definition of E-Health has been presented by the European Union that defines E-Health as comprising of 4 interrelated classes of applications which are [15]: • Clinical information systems. • Tele-medicine and homecare. • Integrated health information networks and distributed shared-access

8

Chapter Two

Theoretical Background

health databases. • NCSC Non-clinical systems. The last category includes education for health-care specialists, health education, and health promotion for patients and the general public (like the information portals) and decision support. It also includes care management systems. Currently, the definition of E-Health includes much of medical informatics (Blum and Duncan 1990) however tends to prioritize delivering clinical data, care and services instead of the function of technologies. Unfortunately, no consensus and all-encompassing definition of E-Health is available (Fatehi 2012). The area of E-Health spills over from informatics via the integration of every aspect of telecommunications, video and the Internet and via taking account of organizational and human aspects. Thus, the improvement of E-Health services is tightly coupled with the specific environment; for instance, tele-consultation has grown more quickly in the Australian desert and in the north of Norway than in Northern France where no one lives farther than 20 kilometers from a hospital. The E-Health may be considered comprising 2 complementary areas [15]: (a) Telehealth which is including: • Tele-medicine which covers the collection of methods and applications that make the physicians and health-care professionals capable of remotely establishing diagnosing, initiating treatment, providing follow-up and support and monitoring coordinated care [15]. Figure (2.1) shows telemedicine platform and figure (2.2) shows telemedicine system workflow

9

Chapter Two


Figure (2.1): telemedicine platform

10

Chapter Two


Figure (2.2): telemedicine system workflow • Tele-care in daily life and for social welfare, via providing support and monitoring senior citizens, disabled and dependent patients and compensation for the loss of personal autonomy. These services were extend far beyond medical care and thus encompass social care. Moreover, this growing area includes the way of some people call phealth (i.e. personal health), where the patient utilizes ICT directly. Personal health includes all the health information available on the Internet (in case that it’s produced by companies, governments, charities 11

Chapter Two


or individuals). The web is a wide source of data for patients and their families. The effect of these web-sites on public health merits careful analyzing. In addition, personal health includes tele-consultations and tele-pharmacy for prescribing drugs and some aspects of home assistance. In other words, the entire area of ICT with respect to the general public, patients and their families and friends. This area will probably have a great commercial effect soon [15].

(b) Using of information systems in health and health-care (and not limited to medicine,) that include approaches and methodologies for the exploiting and analysis of data [15].

An Electronic Health Record (EHR) is a collection of various medical records that get generated during any clinical encounter or events. With rise of self-care and homecare devices and systems, nowadays meaningful healthcare data get generated 24x7 and also have long-term clinical relevance. The purpose of collecting medical records, as much as possible, are manifold – better and evidence based care, increasingly accurate and faster diagnosis that translates into better treatment at lower costs of care, avoid repeating unnecessary investigations, robust analytics including predictive analytics to support personalized care, improved health policy decisions based on better understanding of the underlying issues, etc., all translating into improved personal and public health [16]. Figure (2.3) shows copy screen of an HER.

12

Chapter Two


Figure (2.3): Copy screen of an EHR

Demographic information including a unique identifier is necessary in a health record system in order to capture identifying information as well as identifiers for linking other medical artifacts logically as well as physically [16]. The objectives of an EHR are to [15]: • Decrease the access and the delivery time • Share the data between actors involved in the care process 13

Chapter Two


• Meet the needs of security, audit trail, and avoid the medical errors • Provide data for biomedical or public health research, for teaching purpose or for management. Table (2.1) compares advantages and drawbacks between paper-based PR and EHR.

Table (2.1): compares advantages and drawbacks between paperbased PR and EHR.

2.2.1 Aim of the EHRs The patient record is a collection of documents that provides an account of each episode in which a patient visited or sought treatment and received care or a referral for care from a health care facility. According 14

Chapter Two


to F. Roger France (Roger et al. 1978), the patient record (PR) is “the written memory of all information about a patient, continuously updated, and its utilization is both individual and collective.” The PR is an indispensable tool for the medical practice. It is intrinsically linked to the health care process. PR allows the written collecting on a physical medium (paper) of the data generated during this process all along the patient’s life. It reflects the medical state of each patient, and the diagnostic and the therapeutic actions taken. The PR contains different kinds of data coming from different origins (administrative data, medical data, paramedics data), produced, inferred and collected by all the actors involved in the health care process. These data are the relevant facts corresponding to the different decisions and actions that have been taken to treat the patient. The administrative part of a PR provides the information for his/her identification and the socio-demographic data are continuously updated during the patient’s life (identity, health insurance status, employers, etc.). The quantity and the complexity of the data contained in the PR are constantly increasing with the development of the medical specialties and their technicalities. Designing a single PR meeting all the needs of the whole healthcare actors is still an issue. Even for a same profession, the needs could be very different from a medical specialty to another: e.g. a specialist in allergy collects the allergy history of a patient with an extreme precision, while an orthopedist does not usually need this level of details [15].

2.2.2 From the Paper Based Patient Record to the HER According to the International Organization for Standardization (ISO) definition, an EHR is a “repository of patient data in digital form, stored and exchanged securely, and accessible by multiple authorized users” .It 15

Chapter Two


contains retrospective, concurrent and prospective information and its primary purpose is to support continuing, efficient and quality integrated health. Electronic patient records are used both in hospitals and in general practice. Most of the time, the computerization of the patient record is a complex and a progressive process. Some of the EHR contain only the main relevant documents such as discharge letters, post-operative reports, histologic observations, etc. As the HER is a container, progressively more information can be integrated, such as therapeutic prescriptions, lab data, daily clinical charts or radiologic data. Cohabitation with the paper based PR is often unavoidable, at least during the first years of the HER deployment [15].

2.2.3 Health Information Exchange With the EHR, patient data are immediately available, in real time, at the bedside and also remotely (for instance at the doctor’s home). The data are also available for the other components of the information system. For example, the integration of the information flow between the EHR and the laboratory management system improves the speed of the data processing (transmission of the orders from the bedside to the laboratory and reception of the results in real time). The electronic data can be shared at large scale, beyond a single hospital, for instance at regional, national or international scales. By improving the data sharing, the EHR supports the continuity of care and provides a better security for the patients (e.g. sharing patient history or allergies data) [15]. Figure (2.4) shows the medical information exchanged in a variety of environments-battlefield, research facility, emergency scene.

16

Chapter Two


Figure (2.4): Medical Information exchanged in a variety of environments-Battlefield, research facility, emergency scene

2.2.4 Data Protection, Security and Traceability The EHR provides better data traceability and the activities around the patient. All the actions of the users are stored (e.g. the access to the record). Moreover, each data entry is time stamped and signed.

2.2.5 Decision Support A national report, published in 2000, by the American Institute of Medicine (Kohn et al. 2000) had estimated that around 100,000 American citizens died each year of medical errors. These errors are due from a great part of them, either to a lack of information, or wrong data in the patient record. Decision support systems connected to the EHR can help the physician by generating reminders and alerts (e.g. to detect drug 17

Chapter Two


adverse effects) or by suggesting, from the patient data, a diagnosis or a therapeutic strategy. Using an EHR avoids typing or capture data errors. Data are captured once for all, from the source, if necessary with some entry controls. The data are then re-used and shared all along the process of care. For instance, when a physician types the drug prescriptions, this information is automatically re-used for the nurse care plan, for the pharmacy department, for the billing system, etc. Moreover the readability of computerized data is much better than the handwritten data [15].

2.2.6 Secondary Reuse of the Patient Data The EHR is source of information for management, evaluation and research purposes. Compared to the paper-based version, computerized data makes easier the secondary re-use of the data. Data extraction and statistical analysis can be carried out for studies or to provide indicators and dashboards for different domains, like for instance clinical research (e.g.: to find eligible patient for clinical trial), epidemiologic survey (e.g. for infectious diseases) or evaluation of professional practices: (e.g. adequacy to clinical guidelines) (Jensen et al. 2013; Meystre 2007)[15].

2.2.7 Teaching Activities The EHR is also a tool for teaching and training students. Patient data can be extracted to create pedagogical resources. The functionalities of the EHR can be used to teach how to collect systematically clinical facts for optimizing the diagnostic and therapeutic strategies [15].

4.2.8 Accreditation, Certification The EHR is a key element for health care, supporting some critical processes that might jeopardize the patient life (e.g. drug prescription). 18

Chapter Two


Therefore, health care organizations must ensure the quality and reliability of their EHR. As in the 4 Representation of Patient Data in Health Information Systems and. . . 69 aeronautic sector, some initiatives exist to deliver a software certification or accreditation. Certification refers to the confirmation of certain characteristics of an object, person, or organization. This confirmation is often, but not always, provided by some form of external review, education, assessment or audit. The accreditation is a specific organization’s process of certification. From the vendors’ point of view, obtaining such label is usually considered as one of the best way to promote their products. Two relevant initiatives exist in this domain: The European Institute for Health Records or EuroRec Institute (Eurorec 2013) is a non-profit organization founded in 2002 as part of the ProRec initiative. The institute is involved in the promotion of high quality EHR systems in the European Union. One of the main missions of the institute is to support, as the European authorized certification body, EHRs certification development, testing and assessment by defining functional and other criteria. The HL7 EHR System Functional Model provides a reference list of functions that may be present in an EHR. The function list is described from a user perspective with the intent to enable consistent expression of system functionality. This EHRS Functional Model, through the creation of Functional Profiles for care settings and realms, enables a standardized description and common understanding of functions sought or available in a given setting (e.g., intensive care, cardiology, office practice in one country and primary care in another country).

19

Chapter Two


2.2.9 Typology of EHRs There are different categories of EHRs can distinguish (ISO 2004):

A. EHRs in Primary Care Facilities

In primary care, General Practioners (GP) use EHR for managing their activities, for exchanging or sharing data with healthcare networks or for transmitting information to the billing system of health care insurance. The barriers to adoption of EHR systems by primary care physicians can be attributed to the complex workflows that exist in primary care physician offices, leading to no standardized workflow structures and practices (Ramaiah et al. 2012).

B. EHRs in the Hospital Information System

EHR have been recently and widely adopted by private and academic hospitals. Indeed, the functional coverage of the HIS concerned initially the administration, the support departments, and laboratories or imaging departments. Deploying an EHR in clinical wards has a strong impact on the organization and on the care process. Most of the countries, for instance in Europe, have developed an active incentive politic based on large funds and regulation to encourage hospitals to use EHRs.

C. Shared EHRs and Personal Health Records (PHRs)

Sharing and exchanging information between health professionals, beyond a hospital or a GP surgery becomes a critical stake. Most of countries in the world are developing initiatives to support healthcare networks with IT infrastructures. For instance, in United State, Regional 20

Chapter Two


Health Information Organizations (RHIO), also called a Health Information Exchange Organization, are a multi stakeholder organization created to facilitate a health information exchange (HIE) – the transfer of healthcare information electronically across organizations – among stakeholders of that region’s healthcare system. The ultimate objective is to improve the safety, quality, and efficiency of healthcare as well as access to healthcare through the efficient application of health information technology. Beside EHRs for providers, personal health records (PHR) for patients have been developed. PHR is a longitudinal record, containing patient medical history and critical data to support it. While the EHR is created and maintained by healthcare professionals, the patient is responsible of the access and the content management of his/her own PHR (Evans and Kalra 2005).

D. Pharmaceutical Record

In some countries, pharmaceutical records are developed in order to secure drug prescription and dispensation. The pharmaceutical record gives to the pharmacists an access to the history of the drugs delivered to the same person in the whole of the dispensaries during a given period of time, in order to avoid the drug interactions and/or redundant prescriptions. It is created upon request and consent of the individuals involved and information is disclosed only to those authorized by the owners.

21

Chapter Two


2.3 Knowledge Discovery in Database The term Knowledge Discovery in Databases, or KDD for short, refers to the broad process of finding knowledge in data, and emphasizes the "high-level" application of particular data mining methods. It is of interest to researchers in machine learning, pattern recognition, databases, statistics, artificial intelligence, knowledge acquisition for expert systems, and data visualization. The unifying goal of the KDD process is to extract knowledge from data in the context of large databases. It does this by using data mining methods (algorithms) to extract (identify) what is deemed knowledge, according to the specifications of measures and thresholds, using a database along with any required preprocessing, subsampling, and transformations of that database. An Outline of the Steps of the KDD Process is illustrated in figure (2.5).

Figure (2.5): The Steps of the KDD 22

Chapter Two


The overall process of finding and interpreting patterns from data involves the repeated application of the following steps:

1) Developing an understanding of 

the application domain



the relevant prior knowledge



the goals of the end-user

2) Creating a target data set: selecting a data set, or focusing on a subset of variables, or data samples, on which discovery is to be performed. 3) Data cleaning and preprocessing. 

Removal of noise or outliers.



Collecting necessary information to model or account for noise.



Strategies for handling missing data fields.



Accounting for time sequence information and known changes.

4) Data reduction and projection. 

Finding useful features to represent the data depending on the goal of the task.



Using dimensionality reduction or transformation methods to reduce the effective number of variables under consideration or to find invariant representations for the data.

5) Choosing the data mining task. 

Deciding whether the goal of the KDD process is classification, regression, clustering, etc.

23

Chapter Two


6) Choosing the data mining algorithm(s). 

Selecting method(s) to be used for searching for patterns in the data.



Deciding which models and parameters may be appropriate.



Matching a particular data mining method with the overall criteria of the KDD process.

7) Data mining. 

Searching for patterns of interest in a particular representational form or a set of such representations as classification rules or trees, regression, clustering, and so forth.

8) Interpreting mined patterns. 9) Consolidating discovered knowledge.

The

terms knowledge

discovery and data

mining are

distinct.

KDD refers to the overall process of discovering useful knowledge from data. It involves the evaluation and possibly interpretation of the patterns to make the decision of what qualifies as knowledge. It also includes the choice of encoding schemes, preprocessing, sampling, and projections of the data prior to the data mining step. Data mining refers to the application of algorithms for extracting patterns from data without the additional steps of the KDD process. Knowledge discovery in databases is the non-trivial process of identifying valid, novel, potentially useful, and ultimately understandable patterns in data [17].

24

Chapter Two


2.4 Data Mining Data mining is the process of sorting through large data sets to identify patterns and establish relationships to solve problems through data analysis. Data mining tools allow enterprises to predict future trends [18].

2.4. 1 Data mining parameters In data mining, association rules are created by analyzing data for frequent if/then patterns, then using the support and confidence criteria to locate the most important relationships within the data. Support is how frequently the items appear in the database, while confidence is the number of times if/then statements are accurate. Other

data

mining parameters include

Sequence

or

Path

Analysis, Classification, Clustering and Forecasting. Sequence or Path Analysis parameters look for patterns where one event leads to another later event. A Sequence is an ordered list of sets of items, and it is a common type of data structure found in many databases. A Classification parameter looks for new patterns, and might result in a change in the way the data is organized. Classification algorithms predict variables based on other factors within the database [18]. Figure (2.6) shows Data Mining Phases

25

Chapter Two


Figure (2.6): Data Mining Phases Clustering parameters find and visually document groups of facts that were previously unknown. Clustering groups a set of objects and aggregates them based on how similar they are to each other. There are different ways a user can implement the cluster, which differentiate between each clustering model. Fostering parameters within data mining can discover patterns in data that can lead to reasonable predictions about the future, also known as predictive analysis. 2.4.2 Data mining tools and techniques Data mining techniques are used in many research areas, including mathematics, cybernetics, genetics and marketing. While data mining techniques are a means to drive efficiencies and predict customer behavior, if used correctly, a business can set itself apart from its competition through the use of predictive analysis. 26

Chapter Two


Web mining, a type of data mining used in customer relationship management, integrates information gathered by traditional data mining methods and techniques over the web. Web mining aims to understand customer behavior and to evaluate how effective a particular website is. Other data mining techniques include network approaches based on multitask learning for classifying patterns, ensuring parallel and scalable execution of data mining algorithms, the mining of large databases, the handling of relational and complex data types, and machine learning. Machine learning is a type of data mining tool that designs specific algorithms from which to learn and predict. 2.4.3 Benefits of data mining In general, the benefits of data mining come from the ability to uncover hidden patterns and relationships in data that can be used to make predictions that impact businesses. Specific data mining benefits vary depending on the goal and the industry. Sales and marketing departments can mine customer data to improve

lead

conversion

rates

or

to

create one-to-one

marketing campaigns. Data mining information on historical sales patterns and customer behaviors can be used to build prediction models for future sales, new products and services. Companies in the financial industry use data mining tools to build risk models and detect fraud. The manufacturing industry uses data mining tools to improve product safety, identify quality issues, manage the supply chain and improve operations [18].

27

Chapter Two


2.4.4 Issues in Data Mining Issues that need to be addressed by any serious data mining package are: i. Uncertainty Handling ii. Dealing with Missing Values ii. Dealing with Noisy data iv. The efficiency of algorithms v. Constraining Knowledge Discovered to only Useful vi. Incorporating Domain Knowledge vii. Size and Complexity of Data viii. Data Selection ix. Understandability of Discovered Knowledge: Consistency between Data and Discovered Knowledge 2.5 Data Warehouse Data warehouse is a repository of data and related information whose purpose is to allow the extraction, reconciliation and the re-organization of data stored in traditional operational databases. Bill Inmon [19] stated that “A source of data that is subject-oriented, integrated, nonvolatile and time-variant for the purpose of management’s decision process is called data warehouse”. A data warehouse is obtained by defining its architecture and mapping by which source data are extracted, filtered, integrated and stored into the defined structure [20]. Data warehousing emphasizes the capture of data from diverse sources for useful analysis and access, but does not generally start from the point-of-view of the end user who may need access to specialized, sometimes local databases. The latter idea is known as the data mart [21]. 28

Chapter Two


There are two approaches to data warehousing, top down and bottom up. The top down approach spins off data marts for specific groups of users after the complete data warehouse has been created. The bottom up approach builds the data marts first and then combines them into a single, all-encompassing data warehouse [21]. Typically, a data warehouse is housed on enterprise mainframe server or increasingly, in the cloud. Data from various online transaction processing (OLTP) applications and other sources is selectively extracted for use by analytical applications and user queries [21]. Data warehouses use a different design from standard operational databases. The latter are optimized to maintain strict accuracy of data in the moment by rapidly updating real-time data. Data warehouses, by contrast, are designed to give a long-range view of data over time. They trade off transaction volume and instead specialize in data aggregation [22]. 2.6 OLAP OLAP (Online Analytical Processing) is the technology behind many Business Intelligence (BI) applications. OLAP is a powerful technology for data discovery, including capabilities for limitless report viewing, complex analytical calculations, and predictive “what if” scenario (budget, forecast) planning [23]. OLAP is an acronym for Online Analytical Processing. OLAP performs multidimensional analysis of business data and provides the capability for complex calculations, trend analysis, and sophisticated data modeling. It is the foundation for many kinds of business applications for 29

Chapter Two


Business Performance Management, Planning, Budgeting, Forecasting, Financial

Reporting,

Analysis,

Simulation

Models,

Knowledge

Discovery, and Data Warehouse Reporting. OLAP enables end-users to perform ad hoc analysis of data in multiple dimensions, thereby providing the insight and understanding they need for better decision making [23].

2.6.1 Advantages of OLAP Knowledge is the foundation of all successful decisions. Successful businesses continuously plan, analyze and report on sales and operational activities in order to maximize efficiency, reduce expenditures and gain greater market share. Statisticians will tell you that the more sample data you have, the more likely the resulting statistic will be true. Naturally, the more data a company can access about a specific activity, the more likely that the plan to improve that activity will be effective. All businesses collect data using many different systems, and the challenge remains: how to get all the data together to create accurate, reliable, fast information about the business. A company that can take advantage and turn it into shared knowledge, accurately and quickly, will surely be better positioned to make successful business decisions and rise above the competition [23]. OLAP technology has been defined as the ability to achieve “fast access to

shared multidimensional information.”

Given

OLAP

technology’s ability to create very fast aggregations and calculations of underlying data sets, one can understand its usefulness in helping business leaders make better, quicker “informed” decisions [23].

30

Chapter Two


2.6.2 OLAP for Multidimensional Analysis Business is a multidimensional activity and businesses are run on decisions based on multiple dimensions. Businesses track their activities by considering many variables. When these variables are tracked on a spreadsheet, they are set on axes (x and y) where each axis represents a logical grouping of variables in a category. For example, sales in units or dollars may be tracked over one year’s time, by month, where the sales measures might logically be displayed on the y axis and the months might occupy the x axis (i.e., sales measures are rows and months are columns).To analyze and report on the health of a business and plan future activity, many variable groups or parameters must be tracked on a continuous basis—which is beyond the scope of any number of linked spreadsheets. These variable groups or parameters are called Dimensions in the On-Line Analytical Processing (OLAP) environment. Nowadays, many spreadsheet users have heard about OLAP technology, but it is not clear to them what OLAP means. Unlike relational databases, OLAP tools do not store individual transaction records in two-dimensional, rowby-column format, like a worksheet, but instead use multidimensional database structures—known as Cubes in OLAP terminology—to store arrays of consolidated information. The data and formulas are stored in an optimized multidimensional database, while views of the data are created on demand. Analysts can take any view, or Slice, of a Cube to produce a worksheet-like view of points of interest. Rather than simply working with two dimensions (standard spreadsheet) or three dimensions (for example, a workbook with tabs of the same report, by one variables), companies have many dimensions to track—-for example, a business that distributes goods from more than a single facility will have at least the following Dimensions to consider: Accounts, Locations, Periods, 31

Chapter Two


Salespeople and Products. These Dimensions comprise a base for the company’s planning, analysis and reporting activities. Together they represent the “whole” business picture, providing the foundation for all business planning, analysis and reporting activities. The capability to perform

the

most

sophisticated

analyses—-specifically,

the

multidimensional analysis provided by OLAP technology—is an organizational imperative. Analysts need to view and manipulate data along the multiple dimensions that define an enterprise—essentially, the dimensions necessary for the creation of an effective business model [23].

2.6.3 Implementing an OLAP Solution OLAP technology implementations depend not only on the type of software, but also on underlying data sources and the intended business objective(s). Each industry or business area is specific and requires some degree of customized modeling to create multidimensional “cubes” for data loading and reporting building, at minimum. An OLAP solution might be intended for dynamic reporting for finance professionals, with source data originating in an ERP system. Or a solution might address a medical institution’s activities as concerns patient analysis. All of which is to say that customers need to have clear objectives in mind for an intended solution, and start to consider product selection on that basis. Another factor to consider in an OLAP implementation is the delivery to end users: does the initial user base want to adopt a new front end, or is there a preference for utilizing a dashboard? Or perhaps users are better served by a dynamic spreadsheet “delivery” system to achieve, for example, a collaborative budgeting and forecasting solution [23].

32

Chapter Two


2.7 Data Security Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification [24]. The methods to provide the data security can be divided into three types which are cryptography, authentication, and hashing. 2.7.1 Cryptography Cryptography is a process of transforming original information into a format such that it is only read by the desired recipient. It is used to protect

information

from

other

people

for

security

purpose

[25].Cryptography involves the study of mathematical techniques that allow the practitioner to achieve or provide the following objectives or services [25]:  Confidentiality. It is a service that is utilized for keeping the contents of information accessible to just the people who are authorized to possess it. This service includes both protecting the entire user data that is exchanged between a couple of points over some time in addition to protecting traffic flow from analysis.  Integrity. It is a service which requires the computer system assets and transmitted data being able to modify only by authorized users. Modification includes writing, altering, changing the status, deleting, creation, and the delay or replay of transferred messages. It’s important pointing out the fact that integrity relates to active attacks and thus it is connected to detecting instead of preventing. In addition, integrity may be given with or with no recovery where the 1st option is the more attractive alternative.

33

Chapter Two


 Authentication. This is a service concerned with assuring that the origin of a message is properly defined. That is, data that is delivered via a channel has to be authenticated as to the origin, date of origin, data content, time sent, and so on. For these reasons, this service is subdivided into 2 main categories: entity authentication and data origin authentication. It is important to note the fact that the second class of authentication implicitly offers data integrity.  Non-repudiation is a service preventing each of the senders and the recipient of a transfer from denying previous commitments or activities. These security services are supplied with the use of cryptographic algorithms. There are two main categories of algorithms in cryptography which are private-key or symmetrical-key algorithms and public-key algorithms.

2.7.1.1 Symmetric-key Algorithms Private-key or Symmetrical-key algorithms are algorithms in which the encryption and decryption keys are identical or in which the decryption key may easily be computed from the encryption key and vice versa. The basic function of these algorithms, which are called secret-key algorithms as well, is encryption of data that is typically at high speed. Secret-key algorithms oblige the sender and the recipient to be in agreement concerning the key before communication happens. The security of secret-key algorithms lies in the key and exposing the key means that anybody is capable of the encryption and decryption of messages. Thus, as long as the connection needs to stay private, the key has to stay private. There are 2 kinds of symmetrical-key algorithms that are typically distinguished which are: block ciphers and stream ciphers. Block ciphers are encryption methods where the message is split into strings (known as 34

Chapter Two


blocks) of fixed lengths and ciphered a single block at a time. Examples include the Data Encryption Standard (DES), International Encryption Standard (IDEA) , and Advanced Encryption Standard (AES) [26].

A) Data Encryption Standard (DES)

On May 15, 1973, the Data Encryption Standard (DES) was developed at IBM as an improvement on an older system called LUCIFER. DES was designed to work better in hardware than software and is an algorithm which encrypts text in 64-bit blocks with a 56-bit key. The algorithm is applied in three stages. First of all, the plaintext is constructed by permuting the bits of the text χ based on initial permutation IP which is applied as: x 0 = IP ( x ) = L 0 R 0 …………Eq(2.1) where L 0 is the first 32 bits and R 0 is the last 32 bits. Secondly, sixteen iterations of a specific function that includes permutation and substitution phases are applied. The following equation can be written: Lᵢ= Rᵢ– ı Rᵢ = Lᵢ – ı XOR f (Rᵢ – ı , Kᵢ )……..Eq(2.2) Where K is the key and f is the function. Finally, an inverse permutation IPˉ¹ to the sixteen bit string R and L to obtain the ciphertext using the following formula:

y = IP -1 ( R 16 L 16 )…….Eq(2.3)

It might seem to be an extremely complicated scheme and the decryption using DES would require a completely different approach, but it might be a surprise to discover that the same algorithm would work to decrypt the same text, the only difference being that the process in 35

Chapter Two


decryption is applied in reverse. Since the time DES was adopted in 1977, backdoor DES crackers have been developed that can decode DES messages in less than a week. For instance, a “brute force” attack tries as many keys as possible to decrypt ciphertext into plaintext by attaching a special parallel computer using a million chips that try a million keys each per second [27].

B) Double DES Because DES has already proved that a very competent algorithm can be considered highly insecure and unreliable, methods were sought to reuse it by making it stronger and more secure, rather than writing a totally new algorithm. Two main improvements have resulted in Double DES and Triple DES or 3DES. Double DES essentially does twice what DES does with two keys uses in one encryption process. If the attempt to crack the key in DES is 2⁵⁶, then the attempts to crack two different keys consisting of n bits is 2²ⁿ. However, that is not quite true since the concept of the meet-in-the-middle attack has been introduced which involves encryption from one end and decryption from the other and matching the outputs in the middle [27]. C) Triple or 3DES With the idea that Double DES may not be strong enough to prevent a meet-in-the middle attack has led to the development of 3DES, which was developed in 1999 by IBM by a team led by Walter Tuchman [27]. This type of attack is one of the main reasons why double DES was replaced by Triple DES or 3DES, which is DES with three different keys. It is essential to avoid having the same key for the encryption steps since the output will only be a slower version of DES. 3DES has two 36

Chapter Two


forms, one requiring three completely different keys and the other only two completely different keys. The first method uses three keys to encrypt the plaintext, firstly using key k1, followed by encryption with key k2, and lastly a third encryption is carried out with key k3. The following

operation

is

performed

to

encrypt

the

plaintext

C = EK3(EK2(EK1(P))) …….Eq(2.4). and P = DK3(DK2( DK1(C)))……Eq(2.5) For the decryption. PGP and S/MIME are examples of products that use the three keys 3DES. Even though 3DES uses three keys to provide a high level of security, it still has a drawback since its required 56 * 3 = 168 bits for the keys, which can be difficult to make work in practical situations. Because of this, the method of 3DES using two keys has arisen. In 3DES with two keys, encryption is applied using key k1, the output of the previous step is decrypted using key k2. Finally, encryption of the output of step 2 is encrypted again using key k1. The following operation is performed to encrypt the plaintext C = EK1(DK2(EK1(P))) …….Eq(2.6) and P = DK1(EK2(DK3(C)))…..…Eq(2.7) for decryption. This method is also referred to as Encrypt- Decrypt- Encrypt (EDE) [28]. 3DES has advantages over previous algorithms in that it is easy to implement and more secure, but may still not be completely secure. 37

Chapter Two


Another advantage is that 3DES can perform single DES encryption if k3= k2= k1, which is sometimes desired in implementations which also support single DES for legacy reasons. 3DES is very efficient in hardware but not particularly in software. It is popular in financial systems as well as for protecting biometric information in electronic passports [29]. However, when addressing security, 3DES has a flaw. With three independent keys, an overall key length of 168 bits is generated, which is a summation of three 56 bit keys that can face a meetin-the-middle attack. For 3DES with two independent keys, the overall key length is reduced to 112 bits, which might not be sufficient. Nevertheless, this vulnerability will only come into effect with chosen plaintext or known plaintext attacks. In addition, another vulnerability exists that could give an opportunity to a hacker to retrieve a key and reduce the length of it, subsequently reducing the amount of time needed to crack the key. Attacks on two key 3DES have been documented but the required data made it impractical due to the strong interdependency between the keys [30, 31]. It is still possible to make a successful attack only if the keys are secure enough and a connection between the security of the keys and the text can be made. Besides, 3DES is not practical when used to encrypt large messages, and there is the issue of unsafe key transmission between the users [27]. 2.7.1.2 Public-key Algorithms Public-key (PK) encryption depends on the concept of the separation of the key that is utilized for encrypting a message from the one utilized for decrypting. Anyone who wants to send a message to side A is capable of encrypting that message with the use of A’s public key but only A is capable of decrypting the message with the use of their secret key. In the implementation of the public-key cryptographic system, it is understood 38

Chapter Two


that A’s secret key has always to be kept private. Moreover, even though A’s public key is publicly available to everybody, including A’s adversaries, it is impossible for anybody but A deriving the secret key or at least doing this in any reasonable period of time. Generally, the user is capable of dividing practical public-key algorithms into 3 families [26]:  Algorithms that are based on the integer factorizing problem: given a positive integer n, find its prime factor. RSA, the most common publickey cryptographic algorithm, depends on the difficulty of problem solution.  Algorithms that are dependent on the discrete logarithm problem: given α and β find x such that β = αx mod p. The Diffie-Hellman key exchange algorithm depends on this problem alike several of other algorithms which includes the Digital Signature Algorithm (DSA).  Algorithms that are based on elliptic curves. Elliptic curve cryptographic systems are the newest family of practical public-key protocols, but are quickly getting acceptance. Because of their reduced processing requirements, elliptic curves are especially attractive for embedded implementations [26]. 2.7.2 Hashing It is utilized for the representation of a digital file, message or any entity into a shorter, fixed length and unique stream of characters in such a way that the hash is calculated for the digital entity will always be the same and it is impossible to retrieve the original digital entity from its hash string [32]. Cryptographic hash functions map strings (i.e. messages) of almost random length to streams of a predetermined, short length, usually in a range of 128 – 512 bits [33]. Many various terms have been utilized for the output string. Amongst these terms are hash, hash value, and message digest. A hash function is expected to be highly sufficient. Various 39

Chapter Two


applications expect various features of the hash function, but some features are always expected [32]. 1. A hash function H is typically expected to be one-way which indicates that a given arbitrary selected image y where it is difficult (in other words, impossible in practice) to find a message x in a way that F(x)= y. Attacks attempting to break this feature of a hash are termed as pre-image attacks. 2. The hash of a message taken from a hash function has to be equivalent to a digital finger-print, in a way that 2 different messages have various hash values as well. Attacks attempting to break this feature of a hash are called hash collision attacks. 3. Theoretically, it is possible for two different messages to generate the same hash due to the nature of limited output space; but the hash function should compute the hash in such a manner that it is practically infeasible to find such messages [34]. SHA-2 is a cryptographic hash algorithm developed by the NSA. It has 2 variations which are SHA-256 and SHA-512[35]. The main difference between the two types is the size of the utilized words. While SHA-256 implements 32-bit words, SHA- 512 utilizes 64-bit words. Even though, neither SHA-256 nor SHA-512 have shown flaws where they are still not desired for integrity verification as they aren’t as sufficient as SHA-1 in terms of time complexities. In addition, as SHA-2 is derived from SHA-1 that is based on the Merkle-Damgård model which has been exploited to break the SHA-1 cryptographic hash algorithm, therefore in theory, SHA2 may be broken as well[35]. MD5 is a type of algorithm that is known as a cryptographic hash algorithm. MD5 produces a hash value in a hexadecimal format. This competes with other designs where hash functions take in a certain piece 40

Chapter Two


of data, and change it to provide a key or value that can be used in place of the original value [36]. Message digests, also known as hash functions, are one-way functions; they accept a message of any size as input, and produce as output a fixed-length message digest. MD5 is the third message digest algorithm created by Rivest. All three (the others are MD2and MD4) have similar structures, but MD2 was optimized for 8-bit machines, in comparison with the two later formulas, which are optimized for 32-bit machines. The MD5 algorithm is an extension of MD4, which the critical review found to be fast, but possibly not absolutely secure. In comparison, MD5 is not quite as fast as the MD4 algorithm, but offered much more assurance of data security. The MD5 message digest hashing algorithm processes data in 512-bit blocks, broken down into 16 words composed of 32 bits each. The output from MD5 is a 128-bit message digest value [37]. Computation of the MD5 digest value is performed in separate stages that process each 512-bit block of data along with the value computed in the preceding stage. The first stage begins with the message digest values initialized using consecutive hexadecimal numerical values. Each stage includes four message digest passes which manipulate values in the current data block and values processed from the previous block. The final value computed from the last block becomes the MD5 digest for that block [37]. Figure (2.7) shows MD5 Hashing

41

Chapter Two


Figure (2.7): MD5 Hashing

2.8 Web Application A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface [38]. There has been a remarkable growth in the usage of Web applications in our daily lives since the creation of the World Wide Web in the early 1990s [39]. The World Wide Web considers as the main aspect of the world of computing. The web has recognized as a powerful source for delivering software services over the Internet [40]. Now day’s web applications are used in every field of life such as education, business, government, entertainment, industry and daily social life [40]–[44]. Web application can handle tasks that were handled with desktop applications 42

Chapter Two


before such as image editing or spreadsheet creation [45]. A web application typically comprises of front end (web pages) and a backend (database) with which user interact through the browser [39], [46]. There are two types of web applications; one is static in which users only view web pages while other is dynamic in which user can interact through input and modify content of web page [47], [48]. Web applications provide many advantages over desktop applications like: Cross platform nature, No need of installation [40, [49], accessibility around the world at same time [40], [49], [50], automatic up gradation with new features [40], [50]. Web applications are more useful as compared to desktop applications, but these advantages introduce new challenges for their quality

assurance

and

testing.

These

challenges

include:

1) Distributed nature of web application such as client/server architecture [49]. 2) Dynamic nature which introduces several problems such as frequent technology change, changing nature of user requirement, testing methods and tools. 3) Heterogeneity; that these applications are developed in different programming language (HTML, JavaScript, CSS) for client side and (RUBY, PHP, Java) for server side [51]. 4) Multiple user access [52].

43

Chapter Three

The Proposed System Chapter Three The Proposed System

3.1 Introduction In this chapter all the details about the proposed system including the proposed system description, the proposed system flowcharts, algorithms are discussed.

3.2 Definition of the Proposed System The proposed healthcare system is designed to introduce a service to human health and doctors depending on new technologies. The healthcare system was built using web application, In order to access this system by using any type of devices whether smart phones, tablets, computers and by using any kind of operating systems (windows OS, mac, Linux, android, IOS, etc ..) (Multi-Platform Or Cross-Platform), because web application run inside the web browser and today all devices and operating systems have web browsers. Figure (3.1) shows healthcare devices

Figure (3.1) healthcare devices 44

Chapter Three

The Proposed System

3.2.1 Healthcare system main users Healthcare system depends on main three users in the system, each of them has its own permission and responsibilities. 1-Patient: the patient is the main user in healthcare system and main statistics and analysis make on it, first of all this user should have family that he recorded in the system if patient don’t have family was recorded in the system, must make a request to system administrator to register a family and then can add patient in the system by system administrator only, this user have his own permission:  access to his own profile  edit his information  take appointment with a doctor  make a contact with a doctor  access his own rx from doctor  access his own x-ray 2-Doctor: the second user is a doctor, first of all the doctor should have account and record ID in healthcare system. In the case patient wants to contact or make appointment or emergency thing, the doctor will be informed via the system, the doctors also have their own permission:  Access his own profile.  Access to profile of the patient.  Edit his information.  Access his own appointment with his patients only.  Receive messages from a patient  Add rx to patient.  Add x-ray to patient.  Add articles to blog of the system.

45

Chapter Three

The Proposed System

3- System administrator: the administrator have all permission to do in the system such as need to change the workflow or take decision or make analysis or watch analysis and reporting, some of permission:  Add new patient to the system.  Add family to the patient in the system.  Edit, Delete patient.  Edit, Delete Family.  Have access to all patient profile page.  Have access to all doctor profile page.  Add, edit, and delete articles in the blog of the system.  Add, edit, delete in the medicine page.  Add, edit, and delete all sections in the service department.  Have access to all doctor appointment.  Add, edit, delete in the tip of the day section.  Analysis and reporting.

3.3 Healthcare management Management is a process of predicting, planning, organizing, leading and controlling the organization's resources to achieve efficient performance and achieving goals. When employing the administration in the health sector and when employing the administration in the health sector, the public administration functions are passed and applied in the health field. Concepts in the management of health care are efficiency, and equity to achieve successful health management and exploitation of resources available in the right way to provide effort and cost and to facilitate the delivery of services to citizens. In the health sector, the aim is to provide high quality health care by the team of managers, nurses, health workers and administrators, who are 46

Chapter Three

The Proposed System

able to achieve their goals and transfer the health sector to its goals. In addition, the state has to achieve the concept of e-government to create environment between the government and the citizen to obtain an electronic health management. This proposal aims to equip an electronic health system between the citizen and health centers between the patient and his private doctor can be linked to the Iraqi Ministry of Health and the achievement of e-government to serve the A citizen in Iraq, especially in rural and remote areas .This is in addition to the need to guide the citizen healthily. In terms of efficiency or effectiveness is a measure of the benefit of the health sector of the resources available to achieve this main objective is the health of the community and the meaning of efficiency is the way to manage and understand things correctly and without losses and use of resources available. The wisdom, very few losses and lack of available resources of justice and equity are also part of the Department of Health. In some rural and remote areas, disparities in health, health services, inequitable and equitable distribution of health centers and low income levels have led to underserved areas, thus depriving them of access to health services. Access to health services quickly and easily within a health system and service to the simple citizen. Figure (3.2) healthcare management.

47

Chapter Three

The Proposed System

Figure (3.2): healthcare management

The success of the health management depends primarily on the health care team because the success of the health management is the team's effort and its important role in the success of the health management and the proposed health system and members of the health care team consisting of doctors and assistants of doctors, nurses, technicians, administrators and health workers in community medicine, Health care by role, function and roles and functions from doctors (clinical decision makers) or technical experts Technical staff, health service providers, information coordinator and resource manager. The 48

Chapter Three

The Proposed System

management team consists of technology, operations and data management. In addition to the staff and working as a team, there must be a strong relationship between administrative and medical practice and results related to the success of the project and the entire system team, competitiveness, skills, size, independence, type of ownership and key to improved management. The important element is the citizen and his access to better health care services using an easy-to-use electronic health system. This has been was suggested and addressed in this study. And taking into account several things including the acceptance of citizens and training on how to use and apply. Medical management is a term used for the use of information technology in the health, care and emergency management sector as well as the ability to design strategies to build medical management to modify and ensure the behavior of the citizen, provider and health services to improve the results and quality of primary health care. The proposed system provides a flexible and manageable electronic health system in terms of employment management and work within a team of medical management and highly qualified health professionals licensed with extensive experience in clinical and medical management but this is done using nationally recognized and to provide services to Iraqi citizens and protect them from unnecessary financial expenses and to provide an effort to find nearby health centers. The Medical Department works to organize medical data, analyze data to make use of it, make effective and optimal use of health care, enhance predictability and future costs, and create synergies between health data and the health care environment. It is made by fully utilizing the properties of large data and is called 3V (volume, velocity, variety). 49

Chapter Three

The Proposed System

Volume means taking advantage of its large size and turning it into valuable information, velocity is the frequency at which data are transferred and shared, where the speed of transmission and exchange of information and data are important in the health sector. Variety in the forms of health data include structured and unstructured data and the variety of health data can be electronic records or images of radiation or video or other electronic and digital data and here highlights the role of large health data in the administration in terms of promising large data in the field of health care to turn the task of difficult to simple through controlling and analyzing these data in artificial intelligence and computer learning methods. The characteristic of these properties supports this tasking

the first property gives a statistical feature of

significant and the second property gives the promise of processing the large data through real-time predictive analyzes. The third characteristic enhances the use of different patterns such as video, images and digital data in various forms to bring different evidence for certain analytical systems. The management of the medical case means a process that facilitates the treatment to ensure the provision of medical care to citizens or persons with special needs or war-wounded. It includes the planning, organization and coordination of appropriate health care services for the purpose of granting medical rehabilitation and ultimately contributes to the evaluation of the quality of health care through the development and integration of health care plans with the team and then evaluates the results of treatments. This is also done by assessing the type of medical condition and then raising a plan for care and then coordinating the medical resources available in the health center or the hospital and referral and use in the 50

Chapter Three

The Proposed System

health system and the benefit of the health system in terms of cost of any coordination of medical cases with available resources and then merged with the electronic health system. The aim of the medical case management is to facilitate the optimal medical recovery of the demands and perfect the work. This is achieved through all participants in the process of providing services (doctor, nurses, administrators and technicians). The main focus of the directors of medical cases is the service of sick and injured citizens. The responsibilities may vary  Develop a care and service plan.  Initial evaluation after injury for diagnosis of disease (nursing and primary care).  Assistance with the health center - Provision of emergency services.  Contact the medical service team.  Reporting and communications. There are two main benefits to managing medical conditions: quality of care and low cost and the quality of care is provided through a team of workers in the health center entirely within the treatment of contemporary medical director of the current medical surveillance and monitor any problems or concerns in terms of treatment so that the care systems received by the patient and can reduce the costs in certain percentages.

3.4 The Proposed System The proposed system is designed based the using of KDD, data warehouse, and OLAP to design interactive web based E-health record management system. Figure (3.3) shows general overview of the proposed system. 51

Chapter Three

The Proposed System

Interactive Web Page

Proposed Authentication Method

Proposed Authentication Method

KDD Developing an understanding

Creating a target data set Data reduction and projection

Choosing the data mining task

Data mining

Association Rule

Interpreting mined patterns.

Data Warehouse OLAP

Consolidating discovered knowledge

Figure (3.3): General Architecture of the Proposed System

52

Chapter Three

The Proposed System

3.4.1 The Proposed System Tools In the proposed system there are three main tools are used which are KDD, data warehouse, and OLAP to provide interactive web based Ehealth record management system.

3.4.1.1 KDD It is the first tool which is used in the proposed system. At the beginning the data will be collected, then this data set will be checked, cleaned, preprocessed, transformed, after that data mining algorithm which is used in the propose system is association rule is used in order to produce the required data patterns which will be stored in the data warehouse, after the interpretation, visualization, testing, verification. The using of KDD is for the 3 reasons as follow:1) If the Interactive web E-health record management system has data to be stored. 2) If the interactive web E-health record management system requires specified information. 3) If the interactive web E-health record system requires specified statics.

3.4.1.2 Data warehouse The second tool in the proposed system is the data warehouse since the proposed system needs all the history of the data, so the data warehouse is used since it keeps a history of data in dimensional tables (meaning, in a star schema with fact tables and dimensional tables). Figure (3.4) shows the data warehouse.

53

Chapter Three

The Proposed System

Data

Data warehouse

Data in a dimensional structure

History of Data Figure (3.4): The Data warehouse 3.4.1.3 OLAP It is the third tool which is used in the proposed system, its job is to read the data warehouse of the proposed system and it will pre-aggregate some data, to speed up query performance. The main reasons to use the OLAP are to easily slice and dice through the data.

3.4.1.4 The Proposed Authentication Method After the storing of the patient records, and in order to allow right and secure access to these records, proposed authentication method is proposed, the proposed authentication method consists of MD5, Triple DES and mathematical calculations. Algorithm (3.1) and Algorithm (3.2) show the proposed authentication method.

54

Chapter Three

The Proposed System

Algorithm (3.1) : The proposed Authentication method (Registration Case) Input: Password Output: Calculate hash value and store it. Begin Step1: Read password. Step2: Generate hash of the password using MD5. Step3: Encrypt the hash value using triple DES. Step4: Apply mathematical calculations to the ripple DES result. Step5: Store the result in the database of passwords. End

Algorithm (3.2): The proposed Authentication Method (Login Case) Input: user name and password. Output: Allowing access or not to medical records.

55

Chapter Three

The Proposed System

Begin Step1: Read password. Step2: Generate hash of the password using MD5. Step3: Encrypt the hash value using triple DES. Step4: Apply mathematical calculations to the ripple DES result. Step5: Search about the result in the database of passwords. Step6: If the value is found then Allow Access. Step7: Else reject the Access. End

After the registration in the proposed system from the patients, doctors, and administrator for the first time, the system will first calculate the hash value of the password, then encrypt the hash value of the password using triple DES, after that mathematical calculation will be applied to the result and the result will be stored in the database of the usernames and passwords.

When the user wants to log in the proposed system, he/she will write the password, then the proposed system will calculate the hash value of the password, encrypt it using triple DES and apply mathematical equation to it, after that the result will be compared with the database of

56

Chapter Three

The Proposed System

password if there is matching then the access authorized otherwise the access is not authorized.

3.5 The Proposed System Work Procedure The proposed system main users cases are three which are: patient case, doctor case, and administrator case. Figure (3.5) shows the proposed system main users.

Data

Data

Data

Data

Figure (3.5): The propose system main users 3.5.1 The patient case At the beginning the patient needs to provide the necessary data to record it and store it in the system in order to provide full control access to these data from the doctors and system administrator. Algorithm (3.3) shows the patient case.

Algorithm (3.3): The patient case Input: Patient data. Output: Patient account with authentication access control to this account.

57

Chapter Three

The Proposed System

Begin Step1: Check if the patient has account in the system. 1.1 If the patient doesn’t have account in the system then 1.1.1 Make request to the system administrator to make account and give authentication. 1.1.2 Process Authentication for the patient. 1.2 Else if the patient doesn’t have family information in the system then 1.2.1 Register family account. 1.3 Else perform authentication checking to the patient and give him complete access to his account to perform the required action(appointment, read X-Ray,……). End

3.5.2 The Doctor Case The second user of the proposed system is the doctor who needs to access to specified data and also need to have account like the patient case.

Algorithm(3.4): Doctor Case Input: Doctor data Output: Doctor account with authentication access control to this account.

58

Chapter Three

The Proposed System

Begin Step1: Check if the doctor have account in the system 1.1 If the doctor doesn’t have account in the system then 1.1.1 Make request to the system administrator to make account and give authentication. 1.1.2 Process authentication for the doctor. 1.2 Else if the doctor have account in the system 1.2.1 Give authentication to the doctor. 1.2.2 Perform required action. End

3.5.3 The administrator Case The third user of the proposed system is the administrator which he/she responsible about the following jobs: 1) Create patients and doctors accounts. 2) Administration on all the proposed system authentication accessing. 3) Administration on all the proposed system data and information. 4) Making reports. 5) Making statistics. 6) Providing knowledge to patients and doctors. 7) Making update to the proposed system data and information (patients, doctors, and other information).

Algorithm (3.5) shows the proposed system administrator work. 59

Chapter Three

The Proposed System

Algorithm (3.5): The administrator case Input: Data and information, passwords Output: Perform specified action. Begin Step1: Open the proposed system. Step2: Get full control of the proposed system and information. Step3: Read required Action. Step4: Perform required action to the proposed system. End

3.6 The Proposed System Services There are a lot of services which are provided by the proposed system based on the type of the system user, since there are three types of system users so three types of services are categorized which are as following:

1) Patient web page services which include: A) Recording urgent actions. B) Appointments reservation. C) Knowledge of the sentinel doctors. D) Knowledge of the sentinel pharmacy. E) Knowledge of the medicine. F) Knowledge of all the appointments. G) Knowledge of the medical information which include (RX, XRay,…..). 60

Chapter Three

The Proposed System

2) Doctor web page services which include: A) Recording urgent actions (ambulance, home accidents, and road accidents). B) Knowledge of the appointments. C) Knowledge of the sentinel doctors. D) Knowledge of the sentinel pharmacy. E) Knowledge of the available medicine.

3) Administrator web page services which include: A) Urgent actions (ambulance, home accidents, road accidents). B) Appointment management. C) Sentinel doctors recording. D) Sentinel pharmacy recording. E) Medicine recording. F) Perform statistics related to patients ,doctors , appointments, number of patients will allergies, blood types recording, diseases, patient data (RX, X-Ray,….).

The proposed system is programmed as web application because the web application has the following benefits:

1) Web applications run on multiple platforms regardless of OS or device as long as the browser is compatible. 2) All the access the same version, eliminating any compatibility issues. 3) There are not illustrated on hand device thus eliminating spec limitations. 61

Chapter Three

The Proposed System

4) They reduce software privacy in subscription

based web

application 5) The reduced costs for the business and end user as there is less support and maintenance required by the business and lower requirements for the end user’s computer.

62

Chapter Four

Implementation and results Chapter Four Implementation and results

4.1 Introduction In this chapter the details of these components are presented, description of the proposed system software, proposed system requirements, interfaces of the implemented proposed system, evaluation result of the proposed system in addition to the comparisons.

4.2 Description of the proposed system Software This section describes the software which used in the proposed Ehealth system. It was designed using HTML , CSS , JQuery and the responsive design has been adopted, so the design of the system will be responsive and work properly and suitable for all devices whether smartphones, tablets and computers. HTML: refers to Hypertext Markup Language ,it is the language of web design, which is the first language used in the design of web pages and there is no relation with the programming of web site, HTML has it’s code and syntax like any other computer language, consists of a chain of short code that can type in a text file this is called a tags, then this text file saves as html extension and can be view by using internet browser, the browser read the file and then translates the short code into a form of website The definition of HTML is Hypertext Markup Language:  Hypertext: Is a special-text called a hyperlinks that allows to move around inside the website and move from page to page and goes anywhere on the internet.  Markup: is a HTML tag for example . 63

Chapter Four

Implementation and results

Benefit of using html HTML is the language spoken by any Internet browser in the world. Without html code can't perform any web page. You can, through HTML, create a web site that allows you to access any page to any other page with ease and ease. Html from forming, dividing and coloring web page. CSS: refers to Cascading Style Sheet which is a design language that defines the shape of an HTML document, CSS is one of the most powerful tools a web to design a web site that effect entire website appearance, so can updated quickly, easy and without needing to change in HTML. CSS deals with fonts, colors, margin, width and height, background image of the site, spaces and many other styling things, and supported from all browsers. What is the difference between CSS and HTML? HTML is used to create a structure of the website, and CSS is used to add design and aesthetic to the content. Figure (4.1) shows CSS and HTML

Figure (4.1) CSS and HTML

64

Chapter Four


JQuery: JQuery is a JavaScript library designed to ease the clientside scripting of HTML. It is fast, concise and very flexible, Query is not a language, and it is very compact and well written JavaScript code. Figure (4.2) shows the language library

Figure (4.2) language library

Healthcare system was built by the web application and using c# programming language and asp.net MVC. The main reason to use web application is to make access by patients or doctors is easy and available in any place and time so access this system by using any type of devices whether smart phones, tablets, computers and by using any kind of operating systems (windows OS, mac, Linux, android, IOS, etc..) (MultiPlatform Or Cross-Platform), because web application run inside the web browser and today all devices and operating systems have web browsers. Figure (4.3) shows the web application

65

Chapter Four


Figure (4.3): web application

As previously mentioned, the Web application was programmed using the C# programming language was designed to be simple and easy to use. Since C# is a high level language, it reads somewhat closer to English, C# fast because as a statically typed language, C# is faster than dynamically typed languages because things are more clearly defined. Thus, when the app is running, the machine's resources will not be wasted on checking the definition of something in the code. also c# easy to maintain because statically-typed language, which means the code will be checked for errors before it gets built into an app. Errors will be easier to track down, and since statically-typed languages are also more strict with how the code something, the codebase in general will be more consistent and thus easier to maintain as it grows in size and complexity. So this web application was built using c# and asp.net MVC framework, ASP.NET MVC is a server-side framework developed by Microsoft that is used to build web pages and web applications using C #, ASP.NET supports three types of development methods:  web pages  Web forms  MVC (Model View Controller) 66

Chapter Four


The health care system is used MVC pattern (Model View Controller)  Model: It is part of the application that handles Logic application data typically, model objects retrieve data (and store data) from the database.  View: This is the part that handles the process of displaying the data and has inside the design code and the template in HTML, CSS.  Controller: A part of the application that handles user interactions Controllers usually read data from the View, control user input, and send data to the Model. Figure (4.4) shows the Model View Controller

Figure (4.4) Model View Controller Separating MVC in this way helps managing complex applications, to make focus on one side each time. For example, you can focus on view without relying on Business Logic. It also makes it easy to test the application.

67

Chapter Four


MVC separation also facilitates the process of group development or what is known as the team work. As an example, developers can work on View, Controller, and Business Logic in parallel. Healthcare system has sixteen controllers: 1. Patient Controller: control and manage the patient account, profile, add, update, delete, search, encrypt and decrypt the password of patient account. 2. Family Controller: manage family account, add new family, update their information, delete by system administrator. 3. Doctor Controller: manage doctor account, doctor profile, add doctor, update, delete, search, encrypt and decrypt the password of doctor account. 4. Login Controller: Responsible for login to the system whether patient, doctor, system administrator. 5. Home Controller: Responsible for main page of the system. 6. Appointment Controller: Responsible for arranging the appointment between patient and doctor. 7. Blog Controller: manage the blog page, add articles, update, and delete. 8. Medicine Controller: manage the medicine page, add new medicine, update, and delete. 9. X-RAY Controller: this controller is responsible for adding x-ray to patient by doctor. 10. RX Controller: responsible for adding rx by the doctor. 11. Sentinel Doctor: responsible for add, update, delete sentinel doctor by the system administrator. 12. Pharmacy Doctor: responsible for add, update, delete sentinel pharmacy by the system administrator.

68

Chapter Four


13. Ambulances Controller: responsible for add new ambulance car and its information, and what car is available and busy. 14. Home Accident: responsible for add, update, delete home accident and emergency status by system administrator and then can access it by patient and the guest of the system. 15. Road Accident: responsible for add, update, delete road accident and what is required and not required by system administrator and then can access it by patient and the guest of the system. 16. Tip Of the day Controller: responsible for add, update, delete health tips to the patient and guest of the system by system administrator.

In the health care system data are stored in SQL Server databases are a database program produced by Microsoft and the SQL query language, SQL stands for Structured Query Language, what can do in SQL Server:  execute commands on database  retrieve, insert, update, delete on tables in database  set permission on database and tables  relationships, views As previously mentioned, the MVC pattern was used in healthcare system, the letter “M” refers to MODEL. It is responsible for dealing with databases, in healthcare system using sixteen models, each model represents a table in the database, entity framework has been used to handle the database .Entity Framework is an object relational mapper that enables to work with relational data using objects. Clearly reduces writing the code of data-access that usually need to write, some feature of entity framework:  Open source.  Works with any relational database. 69

Chapter Four


 Insert, update and delete command generation.  Support stored procedure.  Track changes to in-memory objects.  No longer depend on .net release cycle. Figure (4.5) shows the Database Diagram of the proposed system

Figure (4.5): Database Diagram 70

Chapter Four


4.3 Proposed System Requirements To apply like healthcare system using Web Application the following environment are needed :  Stable internet communication.  Information security.  Awareness.  Providing workers and trained personnel.  Provides smart phone for patient.

4.3.1 System inputs within system requirements 1. The social component is (individuals and family). 2. Professional component (doctors and nurses). 3. Administrative Component (Administrators). 4. Organizational Component (Managers). 5. Operational component (technicians and service workers).

4.3.2 Inputs of health services in the system 1. Medical Devices (Radiology, ECG & Dental Clinics). 2. Medical treatment supplies (drugs, gauze and vaccines). 3. Support equipment (computers and mobile devices, medicine storage devices). 4. Pharmaceutical. 5. Transportation (Ambulances & Emergency). 4.4 Interfaces of the Implemented Proposed System The main part responsible for displaying pages (interfaces) to the users is the view, the view component is used to view all UI in web application, the view includes all html tags like text boxes, dropdown list,

71

Chapter Four


etc, the view component display data using model to the user and also enables them to insert, update, and delete the data.

4.4.1 Home page The main interface of the proposed method is as in figure (4.6) , which shows the main options and sub options of the proposed method.

Figure (4.6): Main interface of the proposed method

72

Chapter Four


The first option of the main interface is the sevices option which include sub options [Urgent Actions(Ambulance, Home Accedent, and Road accidents), Take appointement , Sentienl doctors, and Sentienl pharamacy ].Figure (4.7) shows the first option of the main proposed system interface and it’s suboptions.

Figure (4.7) : The first option of the main proposed system interface and it’s suboptions.

73

Chapter Four


The second option of the proposed system is the Blog option, When it’s pressed figure(4.8) is the result.

Figure (4.8): Blog Interface The third option of the proposed system is the medcine option, When it’s pressed figure(4.9) is the result.

Figure (4.9): Medicine Interface

74

Chapter Four


The forth option of the proposed system is the contact option, When it’s pressed figure(4.10) is the result.

Figure (4.10): Contact Interface The fifth option of the proposed system is the memebers option, when it’s pressed figure(4.11) is the result.

Figure (4.11): Contact Interface 75

Chapter Four


4.4.2 Patient pages The patient is the first main user of the proposed system, the following interfaces show how the patient working on the proposed system.s At the beginning the patient will determine the access account type (which may be as patient or as doctor). Figure (4.12) shows the determining of login page and figure (4.13) shows the login page.

Figure (4.12): the determining of the login page.

76

Chapter Four


Figure (4.13): the login page. After that the patient will write the determined user name and the password. Figure (4.14) patient login information (user name and password).

Figure (4.14): patient login information (user name and password).

77

Chapter Four


The first option of the patient pages is the home page.Figure (4.15) shows the home page.

Figure (4.15) shows the home page. The second option of the main patient pages is the sevices option which include sub options [Urgent Actions(Ambulance, Home Accedent, and Road accidents), Take appointement , Sentienl doctors, and Sentienl pharamacy ].Figure (4.16) shows the second option of the patient page of the proposed system interface and it’s suboptions.

78

Chapter Four


Figure (4.16): The second option of the main patient pages of the proposed system interface and it’s suboptions. The third option of the main patient pages is the blog page. Figure (4.17) shows the Blog page.

Figure (4.17) : the Blog page.

79

Chapter Four


The forth option of the main patient pages is the medicine page. Figure (4.18) shows the Medicine page.

.Figure (4.18) shows the Medicine page

The fifthe option of the main patient pages is the contact page. Figure (4.19) shows the Contact page.

Figure (4.19) : the Contact page.

80

Chapter Four


The sixth option of the main patient pages is the list of patient options. Figure (4.20) shows the patient options.

Figure (4.20): the patient options. When the patient chooses the first option (patient profile) the page of all the patient information is displayed. Figure (4.21) patient information.

Figure (4.21): patient information.

81

Chapter Four


When the patient chooses the second option (my appointments) the page of all the appointments information is displayed. Figure (4.22) patient appointments.

Figure (4.22): patient appointments. When the patient chooses the third option (take appointments) the page of appointments information registration is displayed. Figure (4.23) shows appointments information registration

Figure (4.23) :Appointments information registration 82

Chapter Four


When the patient chooses the forth option (sentinel doctors) the page of all the sentinel doctors is displayed. Figure (4.24) shows sentinel doctors.

Figure (4.24): sentinel doctors. When the patient chooses the fifth option (sentinel pharmacy) the page of all the sentinel pharmacy is displayed. Figure (4.25) shows sentinel pharmacy.

Figure (4.25): sentinel pharmacy. 83

Chapter Four


When the patient chooses the sixth option (X-Ray information) the page of all the X-Ray is displayed. Figure (4.26) shows X-Ray information.

Figure (4.26): X-Ray information. When the patient chooses the seventh option (RX information) the page of all the RX is displayed. Figure (4.27) shows RX information.

Figure (4.27): RX information.

84

Chapter Four


When the patient chooses the last option (logout) the page patient will be closed and the main page is the result. Figure (4.28) shows main page.

Figure (4.28): main page.

4.4.3 Doctor pages The doctor is the second main user of the proposed system; the following interfaces show how the doctor works on the proposed system. At the beginning the doctor will determine the access account type (which may be as patient or as doctor). Figure (4.29) shows the determining of login page and figure (4.30) shows the login page.

85

Chapter Four


Figure (4.29): the determining of login page

Figure (4.30): the login page.

86

Chapter Four


After that the doctor will write the determined user name and the password. Figure (4.31) shows doctor login information (user name and password).

Figure (4.31): doctor login information (user name and password). After the login to the doctor account the home page will be the result. Figure (4.32) the home page.

Figure (4.32): the home page. 87

Chapter Four


The second option of the main doctor pages is the sevices option which includes sub options [Urgent Actions(Ambulance, Home Accedent, and Road accidents), Take appointement , Sentienl doctors, and Sentienl pharamacy ].Figure (4.33) shows the second option of the doctor page of the proposed system interface and it’s suboptions.

Figure (4.33) : the second option of the doctor page of the proposed system interface and it’s suboptions.

The third option of the doctor main page is the blog page. Figure (4.34) show the blog page of the doctor main pages.

88

Chapter Four


Figure (4.34: the blog page of the doctor main pages. The fourth option of the doctor main page is the medicine. Figure (4.35) show the medicine page of the doctor main pages.

Figure (4.35): the medicine page of the doctor main pages.

89

Chapter Four


The fifth option of the doctor main page is the contact page. Figure (4.37) show the contact page of the doctor main pages.

Figure (4.37): the contact page of the doctor main pages. The sixth option of the doctor main page is the doctor options page. Figure (4.38) shows the doctor page.

Figure (4.38) shows the doctor page.

90

Chapter Four


When the patient chooses the first option (doctor profile) the page of all the doctor information is displayed. Figure (4.39) shows doctor information.

Figure (4.39): doctor information. When the patient chooses the second option (appointment) the page of all the appointments information is displayed. Figure (4.40) shows appointments information.

Figure (4.40): appointments information. 91

Chapter Four


When the patient chooses the third option (sentinel doctors) the page of all the sentinel doctors’ information is displayed. Figure (4.41) shows sentinel doctors’.

Figure (4.41): sentinel doctors page When the patient chooses the third option (sentinel pharmacy) the page of all the sentinel doctors’ information is displayed. Figure (4.42) shows sentinel pharmacy.

Figure (4.42): sentinel pharmacy 92

Chapter Four


After the logout of the doctor account the home page will be the result. Figure (4.43) shows the home page.

. Figure (4.43): the home page. 4.4.4 The administrator pages The administrator is the third main user of the proposed system; the following interfaces show how the administrator works on the proposed system. At the beginning the administrator login to the proposed system using his/her user name and password. Figure (4.44) shows the login in the proposed system page.

93

Chapter Four


Figure (4.44): the login in the proposed system page.

After login in to the proposed system, the home page will be the main page. Figure (4.45) show the main page.

Figure (4.45): the login in the proposed system page. 94

Chapter Four


The first page of the user’s pages is the services page. Figure (4.46) shows the home services page.

Figure (4.46) :the home services page. The second page of the user’s pages is the blog page. Figure (4.47) shows the home blog page.

Figure (4.47): the home blog page.

95

Chapter Four


The third page of the user’s pages is the medicine page. Figure (4.48) shows the home medicine page.

Figure (4.48): the home medicine page. The fourth page of the user’s pages is the contact page. Figure (4.49) shows the home medicine page.

Figure (4.49): the home medicine page. 96

Chapter Four


The fifth page of the user’s pages is the admin area page. Figure (4.50) shows the admin area page.

Figure (4.50): the admin area page. When the admin chooses the first option (dashboard) the page of all the statics information is displayed. Figure (4.51 (a)) and Figure (4.51(b)) show the statics information.

Figure (4.51 (a)): the statics information

97

Chapter Four


Figure (4.51 (b)): the statics information When the admin chooses the second option (doctors) the page of all the doctors is displayed. Figure (4.52) shows the doctors information.

Figure (4.52): the doctor’s information.

98

Chapter Four


When the admin chooses the third option (families) the page of all the families is displayed. Figure (4.53) shows the families information.

Figure (4.53): the families information. When the admin chooses the fourth option (patients) the page of all the patients is displayed. Figure (4.54) shows the patients information.

Figure (4.54): the patient’s information 99

Chapter Four


When the admin chooses the fifth option (appointments) the page of all the appointments is displayed. Figure (4.55) shows the appointments information.

Figure (4.55): the appointments choosing When the admin chooses the sixth option (sentinel doctors) the page of all the sentinel doctors is displayed. Figure (4.56) shows the sentinel doctors.

Figure (4.56): the sentinel doctors. 100

Chapter Four


When the admin chooses the seventh option (sentinel pharmacy) the page of all the sentinel pharmacy is displayed. Figure (4.57) shows the sentinel doctors.

Figure (4.57): the sentinel doctors. When the admin chooses the eighth option (RX) the page of all the RX is displayed. Figure (4.58) shows the RX.

Figure (4.58): the RX. 101

Chapter Four


When the admin chooses the X-RAY, the page of all the X-RAX information is displayed. Figure (4.59) shows the RX.

Figure (4.59): the X-RAX. After the logout of the admin account the home page will be the result. Figure (4.60) shows the home page.

Figure (4.60): the home page. 102

Chapter Four


4.5.1 Measurement the quality of healthcare system with 6-sigma The measurement was carried out through the results of information and the structure of health institutions in Iraq. Table (4.1) shows the quality measurement of health care System

Table (4.1): quality measurement of health care System Six Domains of Health Care Quality

valuation

Percentages

Timely

v.good

95%

Safe

good

94%

Effective

good

80%

Efficient

good

90%

Patient-Centered

v.good

98%

Equitable

good

83%

4.5.1.1 Quality management (before and after the proposed system) This table reviews some of the options that registered for gathering quality data on health plans, hospitals, medical groups, clinicians, and other health care providers (before the proposed system). Table (4.2) healthcare quality before the proposed system. Table (4.2): healthcare quality before the proposed system Options Quality Measures

of

valuation quality

for

healthcare

providers

Middle

Measures of hospital Quality

Worse

Measures of health plan quality

Middle

Measures of physicians quality

Worse

103

Chapter Four


As this table reviews some of the options that registered for gathering quality data on health plans, hospitals, medical groups, clinicians, and other health care providers (after the proposed system). Table (4.3) shows the healthcare quality after the proposed system.

Table (4.3): healthcare quality after the proposed system Options Quality

valuation

Measures of quality for healthcare providers

Very good

Measures of hospital Quality

good

Measures of health plan quality

good

Measures of physicians quality

very good

4.5.1.2 Questionnaire about the proposed system The following table shows a questionnaire on the extent to which the proposed system is accepted by medical professionals, including doctors, nurses and health technicians. Table (4.4) the accepted by medical professionals, including doctors, nurses and health technicians.

Table (4.4): the accepted by medical professionals, including doctors, nurses and health technicians Questionnaire Information

Satisfied

Meditate

Not

Satisfied

satisfied

5%

5%

Quality of information available on the system (information is adequate and

90%

accurate)

104

Chapter Four System Quality (System Response Speed( Easy access to all electronic services System security and privacy Has e- health services been used effectively?

Implementation and results 88%

10%

2%

93%

5%

2%

80%

15%

5%

90%

5%

5%

So any study or proposal of any system needs to know the opinion of the people who will use this system and receive the services it contains. Therefore, a simple questionnaire was designed to determine the acceptability of the proposed new system including paragraphs on the extent to which they accept the application of such systems, as well as the existence of paragraphs on the most important goals that can be achieved by the system to benefit the citizen from it and its services and facilities. About 100 forms were distributed in some public places where different people's age, social and cultural categories. 4.5.2 Security The web application on the internet has many challenges, especially with health care information .This information security in this area is very important, and any process of attack on the system or manipulation on patient data leads to malfunction and delay in action and reduce the efficiency that required and it can lead to the death of patients. Security is the process of protecting web application, application and online services against security attack and threats that will lead to exploit vulnerabilities in system. Healthcare system has been secured

105

Chapter Four


from most common vulnerabilities. Figure (4.17) shows electronic health care

Figure (4.17) : electronic health care

In the proposed system the security is provided using proposed authentication method which consists of MD5, triple DES, and mathematical equations.

4.6 Comparisons In this section, comparison is made between the proposed system modified methods with traditional methods. Table (4.5) shows the comparison result of the related works with the proposed system.

Table (4.5): the comparison result of the related works with the proposed system. Related Works

KDD Data

Data

OLAP Authentication

Mining Warehouse 1. “Storing,

No

No

Searching and 106

Yes

Yes

No

Chapter Four


Viewing Electronic Patient Segments using Multidimensional Data Model”, 2008.[7]

” Low level

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

communication management for ehealth systems “,2011.[8] ” Electronic health record system for human disease prediction and healthcare improvement in Bangladesh”,2013.[9] ” Towards a Prototype Medical System for Devices Vigilance and Patient Safety”, 2014.[10] ” A Framework of EHealth Systems Adoption and

107

Chapter Four


Telemedicine Readiness in Developing Countries”, 2016.[11]

” Advanced Block-

No

No

No

No

Yes

No

No

No

No

Yes

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Chain Architecture for e-Health Systems”, 2017.[12] ” E-Health Application using Network Coding based Caching for Information-centric Networking (ICN)”, 2017.[13] “Remote Patient Health Monitoring Cloud Brokering Services”, 2017.[14]

The Proposed System

108

Chapter Five

Conclusions and Recommendations Chapter Five

Conclusions and Recommendations for Future Work 5.1 Conclusions This dissertation submits some conclusions that can be listed as follows:

1) The proposed system can be used to provide history medical record of the patients and their families.

2) The proposed system provides accurate results about blood, sentinel doctors, sentinel pharmacy.

3) The proposed system has good authentication method using MD5 hash function, Triple DES, and mathematical calculations.

4) The proposed system provides the ability to make appointments and make updates to these appointments.

5) Providing statics about blood types, diseases, medicine, and other information. 6) The main users of the proposed system are three who are patient, doctor, and the administrator of the proposed system.

109

Chapter Five

Conclusions and Recommendations

5.2 Recommendations Here are several recommendations and suggestions for the future work that can be adopted for the researches and projects which can be subdivided as follows: 1) Providing the proposed system with database of available blood types in the hospitals. 2) Providing the proposed system with alert if there are not enough sentinel doctors, sentinel pharmacy, ambulance cars, and available medicine. 3) Providing statics about the database inheritance diseases.

110

References [1] Muhammad Arif, 1Ghulam Mujtaba,” A Survey: Data Warehouse Architecture”, International Journal of Hybrid Information Technology Vol.8, No. 5 (2015), pp. 349-356. [2] Wided Oueslati1 and Jalel Akaichi2,” A Survey on Data Warehouse Evolution”, International Journal of Database Management Systems (IJDMS), Vol.2, No.4, November 2010. [3] P.Kavitha, Dr.G.N.K.Suresh babu,” A Survey of Data Warehouse and OLAP Technology”, International Journal of Latest Trends in Engineering and Technology (IJLTET), 2013. [4] G. Eysenbach, “What is e-health?” Journal of medical Internet research, vol. 3, no. 2, 2001. [5] K. M. Nazi, “The journey to e-health: VA healthcare network upstate New York (VISN 2),” Journal of Medical Systems, vol. 27, no. 1, pp. 35–45, 2003. [6] Abdel Nasser H.

Zaied,

Mohammed

Elmogy,

Seham

Abd

Elkader,”Electronic Health Records: Applications, Techniques and Challenges”, International Journal of Computer Applications (0975 – 8887) Volume 119 – No.14, June 2015 [7] A. Jalal-Karim, W. Balachandran and M. AL Nabhan,” Storing, Searching and Viewing Electronic Patient Records Segments using Multidimensional Data Model”, 2008 PGNet. [8] Guillermo Riva, Carlos Zerbini, Javier Voos, Carlos Centeno, Eduardo Gonz´alez,” Low level communication management for e-health systems”, Journal of Physics: Conference Series 332 (2011) 012052. [9] M. K. A. Sikder, A. N. Chy, and M. H. Seddiqui, “Electronic health record system for human disease prediction and healthcare improvement in Bangladesh,” in Informatics, Electronics & Vision (ICIEV), 2013 International Conference on, 2013, pp. 1–5. 111

[10] Antonios Deligiannakis, Nikos Giatrakos, Nicolas Pallikarakis,” Towards a Prototype Medical System for Devices Vigilance and Patient Safety”, 2014 IEEE. [11] Ali Abdullrahim1 and Rebecca De Coster2,” A Framework of E-Health Systems Adoption and Telemedicine Readiness in Developing Countries”, International Conference on Information Society (i-Society 2016). [12] W. Liu, S.S. Zhu, T. Mundie, U. Krieger,” Advanced Block-Chain Architecture for e-Health Systems”, 2017 19th International Conference on E-health Networking, Application & Services (HealthCom): The 2nd IEEE International [13] Kumari N., Anoj K.,” E-Health Application using Network Coding based Caching for Information-centric Networking (ICN)”, 2017 6th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 20-22, 2017, [14] Raafat A., Assim S., Mohammed E.,” Remote Patient Health Monitoring Cloud Brokering Services”, 2017 IEEE 19th International Conference on e-Health Networking, Applications and Services (Healthcom). [15] Alain V., Anita B., Catherine Q.,” Medical Informatics, e-Health Fundamentals and Applications”, Springer-Verlag France 2014. [16] Jitendra Arora,” Electronic Health Record (EHR) Standards for India”, 2016. [17] Available at: http://www2.cs.uregina.ca/~dbd/cs831/notes/kdd/1_kdd.html [18] Available at: https://searchsqlserver.techtarget.com/definition/data-mining [19] W.H. Inmon, DW 2.0 Architecture for the Next Generation of Data Warehousing, DM Review, Vol. 16 Issue 4, 8-25, Apr 2006.

112

[20] Rajiv

S.,

D.Anil

Kumar,”

Architecture”,International

A

Journal

Survey of

on

Data

Innovative

Warehouse

Research

in

Computerand Communication Engineering, Vol. 2, Issue 8, August 2014. [21] Available at: https://searchsqlserver.techtarget.com/definition/data-warehouse [22] Available at: https://www.informatica.com/services-and-training/glossary-ofterms/data-warehousing-definition.html#fbid=norjTIw51fT [23] Available at: http://olap.com/olap-definition/ [24] Dorothy E.,ling D.,” Cryptography and Data Security “ [25] Thomas W., Jorge G., and Christof P.,” Cryptography in Embedded Systems: An Overview”. [26] Rizwan Shaikh, Shreyas Siddh, Tushar Ravekar, Sanket Sugaonkar,” Visual Cryptography Survey”, International Journal of Computer Applications (0975 – 8887) Volume 134 – No.2, January 2016. [27] Noura A.,,” A Comparison of the 3DES and AES Encryption Standards”, International Journal of Security and Its Applications Vol.9, No.7 (2015), pp.241-246 [28] A. Kahate, “Cryptography and network security”, The Tata McGraw-Hill publishing company limited, New Delhi, (2003). [29] C. Paar, J. Pelzl and B. Preneel, “Understanding Cryptography: A Textbook for Students and Practitioners”, Springer Heidelberg Dordrecht, Bochum, (2010). [30] R. C. Merkel and M. E. Hellman, “On the Security of Multiple Encryption”, Communications of the ACM, vol. 24, no. 7, (1981). [31] P. Van Oorschot and M. J. Wiener, “A Known-Plaintext Attack on TwoKey Triple Encryption”, Springer- Verlag, Berlin Heidelberg New York, (1990).

113

[32] Ankit K., Rohit J., Puru J.,,” Survey of Cryptographic Hashing Algorithms for Message Signing”, JCST Vol. 8, ISSue 2, AprIl - June 2017. [33] Preneel, Bart.,"Cryptographic hash functions", European Transactions on Telecommunications 5.4, pp. 431-448, 1994. [34] Wang, Xiaoyun, et al.,"Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD", IACR Cryptology ePrint Archive 2004 (2004): 199. [35] NIST. Secure Hash Standard, FIPS PUB 180-2, 2002. [36] Available at: https://www.techopedia.com/definition/4022/md5 [37] Available at: https://searchsecurity.techtarget.com/definition/MD5 [38] Available at: https://searchsoftwarequality.techtarget.com/definition/Web-applicationWeb-app [39] Li, Y. F., Das, P. K., & Dowe, D. L. (2014). Two decades of Web application testing — A survey of recent advances. Information Systems, 43, 20-54. [40] Dogan, S., Betin-Can, A., & Garousi, V. (2014). Web application testing: A systematic literature review. Journal of Systems and Software, 91, 174201. [41] Miao, H. K., Chen, S. B., & Zeng, H. W. (2011). Model-based testing for Web applications. Jisuanji Xuebao(Chinese Journal of Computers), 34(6), 1012-1028. [42] Dyreson, C., Andrews, A., Bryce, R., & Mallery, C. (2009). Building test cases and oracles to automate the testing of web database applications. Information and Software Technology, 51(2), 460-477.

114

[43] Xu, X., Jin, H., Wu, S., Tang, L., & Wang, Y. (2014). URMG: Enhanced CBMG-based method for automatically testing web applications in the cloud. Tsinghua Science and Technology, 19(1), 65-75. [44] Takagi, H., Saito, S., Fukuda, K., & Asakawa, C. (2007). Analysis of navigability of web applications for improving blind usability. ACM Transactions on Computer-Human Interaction (TOCHI), 14(3), 13. [45] Nabuco, M., & Paiva, A. C. (2014). Model-based test case generation for web applications. In Computational Science and Its Applications–ICCSA 2014 (pp. 248-262). Springer International Publishing. [46] Hossen, K., Groz, R., Oriat, C., & Richier, J. L. (2014, March). Automatic model inference of web applications for security testing . Proceedings of the Software Testing, Verification and Validation Workshops (ICSTW), 2014 IEEE Seventh International Conference on (pp. 22-23). [47] Hajiabadi, H., & Kahani, M. (2011, September). An automated model based approach to test web application using ontology. Proceedings of the 2011 IEEE Conference on Open Systems (ICOS) (pp.348-353). [48] Wang, X., Zhou, B., & Li, W. (2013). Model-based load testing of web applications. Journal of the Chinese Institute of Engineers, 36(1), 74-86. [49] Di, L. G. A., & Fasolino, A. R. (2006). Testing web-based applications: The state of the art and future trends. Information and Software Technology, 48(12), 1172-1186. [50] Büchler, M., Oudinet, J., & Pretschner, A. (2012, June). Semi-automatic security testing of web applications from a secure model. Proceedings of the 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE) (pp. 253-262). [51] Andrews, A. A., Offutt, J., Dyreson, C., Mallery, C. J., Jerath, K., & Alexander, R. (2010). Scalability issues with using FSMWeb to test web applications. Information and Software Technology, 52(1), 52-66.

115

[52] Hasan J., Nasir M.,*, Ansar A., Farhad Muhammad Riaz,” Model Based Testing for Web Applications: A Literature Survey Presented”, Journal of Software, Volume 11, Number 4, April 2016.

116

PUBLICATIONS 1. Suhiar M.Zeki Abdul sammed,Abdul Monem S. Rahma," Healthcare system technology using smart phones And web apps (case study Iraqi environment)",I.J.Engineering and Manufacturing,2017 in MECS ,DOI:10.5815/ijem.PRESS.Modren Education and Computer Scince 2. Suhiar M.Zeki Abdul sammed,Abdul Monem S. Rahma, “Big Data” Creates New Opportunities to Close the Healthcare Gap,International Jornal Of Science :Basic and Applied Researh (IJSBAR) ISSN 23074531,2017 3. Suhiar M.Zeki Abdul sammed,Abdul Monem S. Rahma," Applied future of big data in Iraqi healthcare sector, International Jornal Of Science :Basic and Applied Researh (IJSBAR) ISSN 2307,2017 4. Suhiar M.Zeki Abdul sammed,Abdul Monem S. Rahma,"Mapping a New Future for GIS Healthcare in Iraq (Case Study), International Jornal Of Science :Basic and Applied Researh (IJSBAR) ISSN 2307,2017. 5. Suhiar

M.Zeki

Abdul

sammed,Abdul

Monem

S.

Rahma,"

AproposedClinical Decision Support System based on Virtual Telemedicine (Case study Iraqi rural areas), (IJSBAR) International Journal of Science: Basic and Applied Research (IJSBAR) ISSN 2307, 2017. 6. Suhiar M.Zeki Abdul sammed,Abdul Monem S. Rahma,"Healthcare Delivery for Armed forces using telemedicine (Iraq case study),AlTurath University College Journal , ISSN 23,2017.

Appendix A

Concept of organization

1. Basic concept of organization 1.1 Basic Definition of organization (vision, mission, value) An organization in its simplest form (and not necessarily a legal entity, it is a person or group of people intentionally organized to accomplish an overall, common goal or set of goals. Business organizations can range in size from one person to tens of thousands. There are several important aspects to consider about the goal of the business organization. These features are explicit (deliberate and recognized) or implicit (operating unrecognized, "behind the scenes"). Ideally, these features are carefully considered and established, usually during the strategic planning process. (Later, we'll consider dimensions and concepts that are common to organizations.) Vision Members of the organization often have some image in their minds about how the organization should be working, how it should appear when things are going well. Mission An organization operates according to an overall purpose, or mission. Values All organizations operate according to overall values, or priorities in the nature of how they carry out their activities. These values are the personality, or culture, of the organization. Strategic Goals Organizational

members

often

work

to

achieve

several

overall

accomplishments, or goals, as they work toward their mission. Strategies Organizations usually follow several overall general approaches to reach their goals.

1

Appendix A


1.2 Organization as a System It helps to think of organizations as systems. Simply put, a system is an organized collection of parts that are highly integrated in order to accomplish an overall goal. The system has various inputs which are processed to produce certain outputs that together, accomplish the overall goal desired by the organization. There is ongoing feedback among these various parts to ensure they remain aligned to accomplish the overall goal of the organization. There are several classes of systems, ranging from very simple frameworks all the way to social systems, which are the most complex. Organizations are, of course, social systems. Systems

have

inputs,

processes,

outputs

and

outcomes.

To

explain, inputs to the system include resources such as raw materials, money, technologies and people. These inputs go through a process where they're aligned, moved along and carefully coordinated, ultimately to achieve the goals set for the system. Outputs are tangible results produced by processes in the system, such as products or services for consumers. Another kind of result is outcomes, or benefits for consumers, e.g., jobs for workers, enhanced quality of life for customers, etc. Systems can be the entire organization, or its departments, groups, processes, etc. 1.2.1 Types of organization Organizations wholly owned or operated by the national or local government  Their main aim is to provide a service to the whole community rather than to make a profit.  The BBC, the armed services, schools, parks, museums, libraries, hospitals, etc.

2

Appendix A


Advantages:  More social objectives.  Ensures provision of particular goods and services to the community.  Ensure continuation of employment.  Any profits can be used to provide other services. Disadvantages:  Investment by the government can be too low, this means a drop in standards and efficiency.  Any change in government policy may lead to poor management and a lack of commitment from the employees.  Absence of competition may result in lowering standards and disregard for the customer. A business owned by 1 person.  An entrepreneur has an idea that can make money.  Usually small.  Examples include hairdressers, plumbers, landscape gardeners, window cleaners. Advantages:  Rapid decision making Financial benefits no formal rule or administrative costs to pay confidentiality.  Close to customers respond quickly to changes. Disadvantages:  Decision making burden of failure unlimited liability (you are treated the same as business, can lose all personal poses) limited sources of finance) prices.  Long hours no economies of scales (the larger the business gets, the cheaper the prices might be).

3

Appendix A


Figure (1.appendix A) types of organizations 1.2.2 Sectors of activity in organizations 

Banking, investment



Chemicals



Construction, engineering



Consumer products & retail



Education



Energy, resources, utilities, metals, mining



Environment



Food & agriculture, food & beverage processing



Freight, shipping, logistics, transport



Government, public, social and community services



Healthcare



Humanitarian, charity, disaster relief, philanthropy



Industrial electronics & electrical equipment



Insurance



International or world organizations



Manufacturing, aerospace, defense, automotive



Pharmaceuticals & life sciences



Professional, business, legal services

4

Appendix A


1.3 simple healthcare organization (hospitals) structures C: Caregiving – they offer some of the nation’s best medical care and social services A: Advocacy – they speak up to protect patients R: Research – they are finding cures to the illnesses that affect of patients E: Education – they are teaching citizens, sharing what they learn and training others to care for patients

Figure (2.appendixA) hospitals structures

5

Appendix B

Quality Measures

2. Types of Quality Measures Measures used to assess and compare the quality of health care organizations are classified as either a structure, process, or outcome measure. This classification system was named after the physician and researcher who formulated it. Structural Measures Structural measures give consumers a sense of a health care provider’s capacity, systems, and processes to provide high-quality care. For example:  Whether the health care organization uses electronic medical records or medication order entry systems.  The number or proportion of board-certified physicians.  The ratio of providers to patients. 2.1 Process Measures Process measures indicate what a provider does to maintain or improve health, either for healthy people or for those diagnosed with a health care condition. These measures typically reflect generally accepted recommendations for clinical practice. For example:  The percentage of people receiving preventive services (such as mammograms or immunizations).  The percentage of people with diabetes who had their blood sugar tested and controlled. Process measures can inform consumers about medical care they may expect to receive for a given condition or disease, and can contribute toward improving health outcomes. The majority of health care quality measures used for public reporting are process measures.

2.2 Outcome Measures Outcome measures reflect the impact of the health care service or intervention on the health status of patients. For example:

1

Appendix B

Quality Measures

 The percentage of patients who died as a result of surgery (surgical mortality rates).  The rate of surgical complications or hospital-acquired infections. Outcome measures may seem to represent the “gold standard” in measuring quality, but an outcome is the result of numerous factors, many beyond providers’ control. Risk-adjustment methods—mathematical models that correct for differing characteristics within a population, such as patient health status—can help account for these factors. However, the science of risk adjustment is still evolving. Experts acknowledge that better risk-adjustment methods are needed to minimize the reporting of misleading or even inaccurate information about health care quality.

Figure 1 appendix B (quality management)

2

Concept of security

Appendix C

3. Basic concept of security 3.1 security concept Security field is contains the following concepts Authentication: is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. Authorization: is the process of an administrator granting rights and the process of checking user account permissions for access to resources. Threat: is method of triggering a risk event that is dangerous. Assurance: is that the levels of guarantee that a security system will behave good. Risk: is possible event which cause aloes. Confidentiality: Providing confidentiality of data guarantees that only authorized users can view sensitive information. Integrity: Providing integrity of data guarantees that only authorized users can change sensitive information and provides a way to detect whether data has been tampered with during transmission; this might also guarantee the authenticity of data. Availability of systems and data: System and data availability provides uninterrupted access by authorized users to important computing resources and data.

3.1 net work security awareness: When designing network security, a designer must be aware of the following:  The threats (possible attacks) that could compromise security  The associated risks of the threats (that is, how relevant those threats are for a particular system)  The cost to implement the proper security countermeasures for a threat  A cost versus benefit analysis to determine whether it is worthwhile to implement the security countermeasures. 1

‫الخالصة‬

‫الصحة اإللكترونية هي مجال واسع من البحوث وتطبيقات تكنولوجيا المعلومات واالتصاالت )‪، (ICT‬‬ ‫ليس فقط في الطب ‪ ،‬ولكن في مجال الرعاية الصحية الواسع ‪ ،‬بما في ذلك الرعاية المنزلية والصحة‬ ‫الشخصية‪ .‬يمكن تعريف الصحة اإللكترونية على نطاق واسع على أنها تطبيق تكنولوجيا المعلومات‬ ‫واالتصاالت )‪ (ICT‬على الصحة والرعاية الصحية‪ .‬يتألف تطبيق الويب عادة من واجهة أمامية (صفحات‬ ‫ويب) وخلفية (قاعدة بيانات) يتفاعل معها المستخدم من خالل المتصفح‪.‬‬ ‫لذلك ‪ ،‬في هذا المشروع ‪ ،‬تم تصميم نظام إدارة السجالت الصحية اإللكترونية القائمة على الويب لخدمة‬ ‫المواطنين في المقام األول والطبيب بالدرجة الثانية وتنظيم بطاقة إلكترونية لكل مواطن ‪ ،‬بما في ذلك‬ ‫معلومات عن المريض عند استخدام النظام ‪ ،‬والوصول إلى موقع المركز الصحي إلكترونيا واالتصال‬ ‫بالطبيب المعني‪ .‬كما يمكن للمواطن المريض حجز موعد لزيارة الطبيب أو إجراء العمليات الجراحية أو‬ ‫تاريخ الفحص من خالل األجهزة الطبية اإللكترونية وكذلك إمكانية االتصال بسيارات اإلسعاف ومعرفة أرقام‬ ‫الهواتف في حاالت الطوارئ والظروف العاجلة‪.‬‬ ‫في النظام الذي تم تصميمه ‪ ،‬تم استخدام ‪ KDD‬ومستودع البيانات و ‪ OLAP‬لتحقيق تحليل طبي فردي‬ ‫ومن ثم يتم معالجة تحليل المجتمع إلدارة صحة المجتمع بطريقة علمية ودقيقة باستخدام أجهزة االتصاالت‬ ‫الحديثة إلقامة اتصال بين المريض واألطباء و العمال في القطاع الصحي لتوفير الوقت والجهد للمناطق‬ ‫النائية والريفية‪.‬‬ ‫أيضا ‪ ،‬من أجل ت وفير الوصول الصحيح إلى سجالت المريض وبيانات النظام المقترحة والمعلومات ‪،‬‬ ‫يتم تقديم اقتراح طريقة للتخويل‪ .‬تستخدم طريقة التخويل المقترحة دالة تجزئة ‪ ، MD5‬وطريقة تشفير ‪DEC‬‬ ‫ثالثية وحسابات رياضية‪.‬‬

‫جمهوريًة العراق‬ ‫وزارة التعليم العالي والبحث العلمي‬ ‫الجامعة التكنولوجية‬ ‫قسم علوم الحاسوب‬

‫أطروحه مقدمة‬

‫اىل جملس قسم علوم احلاسوب يف اجلامعه التكنولوجيه وهي جزء من‬ ‫متطلبات نيل شهادة الدكتوراه يف علوم احلاسوب‬

‫من قبل‬

‫أشراف‬

‫‪2018‬‬

Interactive web based e-health record management

Interactive web based e-health record management

Suggest Documents

interactive web based learning - CiteSeerX

Interactive Web-Based eCommerce Learning

Web-based Interactive Writing Environment

Web-Based Interactive IoT Management with Deep Visual ... - MDPI

Web based Interactive 3D Learning Objects for Learning Management

ScrumTutor: A Web-based Interactive Tutorial For ... - ASU Interactive

eHealth Interoperability with Web-based Medical Terminology Services

Towards an Interactive Web-based Multimedia Playground

INTERACTIVE WEB-BASED C TUTOR LODZ

Incorporating Interactive Mathematical Content into Web-Based ...

An interactive web-based Pseudomonas aeruginosa ... - CiteSeerX

Interactive Voice Response and web-based ... - CiteSeerX

Web-Based Interactive Visualization of Data Cubes

interactive web-based calculation of atomic

Integrated Component Web-Based Interactive ... - Semantic Scholar

Design of Web-based Lightweight Interactive

development of web-based interactive multimedia for

Clinical Study Integrating Interactive Web-Based ... - BioMedSearch

webteach: interactive web-based teaching - CiteSeerX

Interdisciplinary, Web-Based, Self-Study, Interactive ... - CiteSeerX

Towards an Interactive Web-based Multimedia Playground

Interactive, Web-Based Workshops on ... - IWBW PROJECT

Web-Based Interactive Computer-Aided Learning ... - CiteSeerX

Development of interactive web-based tutorials for