Abstract
Healthcare services are dependent on health information systems (HIS), which enable health data collection and storage with improved management of healthcare service provision. However, several data security weaknesses in HIS have been identified by various studies in Tanzania. The majority are on data and information exchange leading to breaches of system security. In order to reduce security threats and accomplish security objectives (i.e., confidentiality, integrity, availability), disruptive technologies like blockchain must be used to address security breaches, attacks, and vulnerabilities of HISs. In this chapter, a problem-solving technique with digital innovative solutions for addressing real-world problems was used to arrive at the problem's solution. This chapter then shows how the data security weakness of HISs can be improved using the hyper-ledger blockchain. The system was virtually integrated with an existing HIS. Data storage security was attained through private data collection to meet security goals.
TopIntroduction
Health Information System (HIS) plays a vital role in health care service delivery, control, and management. The system has facilitated quality service delivery with the provision of health data collection, and storage, increased revenue collection, improved health care facilities management, and lessened their control. This has greatly increased the adoption of HIS due to improved productivity, quality, and efficiency of health services.
However, HIS are facing a lot of challenges such as security threats, attacks, information tampering, unauthorized data access, identity tracking and theft and many other security vulnerabilities. All these have threatened the integrity, confidentiality, and availability (CIA triad) of HISs (Chuma & Ngoepe, 2021). These security issues of HISs can be tackled through integration of HIS with blockchain technology to mitigate security threats, hence achieving system security goals (Javed et al., 2020).
Several studies conducted in Tanzania reveals the challenges of the existing HISs. Among them are security challenges in information and data sharing (Kajirunga & Kalegele, 2015; Kombe, 2020; Nehemiah, 2014). (Kombe, Dida, & Sam, 2018; Mtebe & Nakaka, 2018; Mtey & Dida, 2019). Mtey & Dida (2019) indicated that this has resulted in a breach of transparency, accountability, integrity, and privacy of patients’ data. These challenges are based on centralized HIS architecture, which is also known as client-server network environment encouraging all clients of respective HIS to access data from central storage.
Centralized data sources have limitations including loss of data in case of a natural disaster but more significantly, creating a target for malicious attack (Kombe et al., 2018). Data security challenges become difficult to handle due to either the centralized nature or third-party management of HIS (Kombe et al., 2018; Mahore, Aggarwal, Andola, & Venkatesan, 2019; Nagasubramanian et al., 2020). Therefore; security breaches, attacks, and vulnerabilities of HISs can be addressed through integration of HIS with secured technologies such as blockchain.
The Use of Blockchain-Based HIS
Blockchain technology is an immutable digital public ledger with a distributed database secured by means of cryptography. Information is stored in blocks of data structures with data encryption. The blocks contain time stamp which shows transaction occurrence time, in a distributed consensus (H. Wang & Zhang, 2019). Blockchain key security characteristic features are decentralization, immutability, privacy, verifiability, transparency and auditability (Sun et al., 2019). These led to its gradual adoption for innovative solution to information system security challenges (Sun et al., 2019; Tsoulias, Palaiokrassas, Fragkos, Litke, & Varvarigou, 2020; H. Wang & Zhang, 2019).
Blockchain technology is a disruptive trending technology with remarkable impacts on information systems’ security improvements. The technology can be integrated with HISs to leverage its security capabilities. The integration of blockchain technology with HIS leads to the security improvement of information sharing and exchange in a decentralized peer-to-peer network environment. The use of this technology leads to the assured HIS’s data privacy, availability and controlled access to HIS’s data (Khatoon, 2020). Integration of HIS’s with blockchain technology has led to improved information sharing and data exchange security due to data immutability, transparency, and decentralization. Much consideration of the technology is on its integrity verification and decentralized environment of blockchain. A decentralized peer-to-peer network environment has facilitated information exchange without a central authority. This has addressed problems of data storage security for centralized HISs (Khatoon, 2020; H. Wang & Zhang, 2019).
Key Terms in this Chapter
Information System: This is a collection of multiple hardware peripherals and software that collects data, process, store, and disseminate information.
Centralized System Architecture: This is a conceptual layout of an information system where there all users are connected to a central system that stores all data and information of the network.
Software Process Model: This is a logical abstraction of a software development process that defines various phases of the development of an information system.
Data Security: Refers to all the processes employed to protect digital information and ensure Confidentiality, Integrity, and Availability of such information is guaranteed to authorized users only.
System Architecture: This is a technical layout defining the structure, behavior, and views of an information system.
Confidentiality: An act of preserving authorized access and disclosure of data and information with the main goal of protecting subjects’ privacy and proprietary information.
Transaction: This is a unit of work or query that is executed in a database management system against a database.
Blockchain: This is a shared database that promotes data storage in form of blocks. Each data block is stored in all the nodes in the network.
Natural Disaster: This is an impact that results from natural hazards and results in community harm and/or destruction.
De-Centralized System Architecture: This is a conceptual layout of an information system where several peer-to-peer user groups are formed and there is a local server for each user group to store all data and information relevant to the user group.
Application Programming Interface: This is software developed and deployed to allow two or more applications to exchange data and information.
Availability: An act of ensuring that in information system and its related data is made available to the authorized users.
Integrity: An act of preserving a system and its data from unauthorized modification; In other terms, data that is transferred across a network should reach its recipient as it was sent.
Health Information System: This is a collection of multiple hardware peripherals and software that is dedicated to the collection, processing, storage, and dissemination of health-related information.