Question

1. Consider the following ER scenario at a hospital; feel free to improvise the scenario with added information.

   The waiting room at the ER shares a common space with the admission window. A patient or  patient's representative initially have a conversation with the admission clerk. If the patient's condition is ER appropriate, the patient/patient's representative completes a paper form. Information from that form are entered and saved into the hospital computer systems by a hospital clerk, and the forms are disposed in a trash. While patients' name, SSN, address and telephone number are saved in a local desktop that any hospital employee can access, patients' SSN, health and insurance related information are transmitted using https protocol to a remote server that only the doctors, hospital administrators, billing personnel and insurance companies can access. A copy of the health records are made available to the medical researchers after removing patients' SSNs. Since SSNs are removed, patients are not informed about this sharing of their data.

   Based on the above (or improvised) description, draw an annotated DFD. Identify the possible leakage points and associated breaches of requirements. Also rrecommend their remedy.            

Answer 1

tthe leakage points are d1 where the data which is available to hospital clerk and any other employee which he can misuse and d2 point where if the security of servers is not secure the information can be retrieved and the paperform which is thrown in trash it is source of patients information. the solutions for these breaches are that :

1) The information should be directly typed in computer no paper should be used

2)any personnel other than doctor or the nurses treating the patient should not be given the patients information

3)the local computers where the patients data is entered should be highly secure

4)the servers where they upload the data should have multi layer protection

5)the data which is handover to medical researchers should be filtered or checked for patients credentials by a computer software

6)and doctors should always follow doctor-patient confidentiality