A Novel Privacy by Design Developed Framework for Electronic Health Records Management

  • Farida Habib Semantha

    Student thesis: Doctor of Philosophy (PhD) - CDU


    Privacy in Electronic Health Records (EHR) has become a significant concern
    in today’s rapidly changing world, particularly for personal and sensitive user
    data. The sheer volume and sensitive nature of patient records require
    healthcare providers to exercise an intense quantity of caution during EHR
    implementation. In recent years, various healthcare providers were hit by
    ransomware and distributed denial of service attacks, halting many emergency
    services during COVID-19. Personal data breaches are becoming more
    common day by day and privacy concerns are often raised when sharing data
    across a network, mainly due to transparency and security issues.

    To tackle this problem, various researchers have proposed privacy-preserving
    solutions for EHR. However, most solutions did not extensively use Privacy by
    Design (PbD), distributed data storage and sharing when designing their
    frameworks, which is the emphasis of this study. To design a framework on
    privacy by design in electronic health records that can preserve the privacy of
    patients during data collection, storage, access and sharing, we have analysed
    fundamental principles of privacy by design, privacy design strategies, and
    compatibility of our proposed healthcare principles with Privacy Impact
    Assessment (PIA), Australian Privacy Principles (APPs) and General Data
    Protection Regulation (GDPR).

    To demonstrate the comprehensive framework, we have implemented Patient
    Record Management System (PRMS) to create interfaces for patients and
    healthcare providers. And to provide transparency and security for sharing
    patients’ medical files with various healthcare providers, we have implemented
    a distributed file system and blockchain networks using the InterPlanetary File
    System (IPFS) and Ethereum blockchain. The developed framework is tested
    and evaluated to ensure user performance, effectiveness, and security. The
    complete solution is expected to provide progressive resistance in the aspect of
    continuous data breaches in the patient information domain.
    Date of Award2023
    Original languageEnglish
    SupervisorSami Azam (Supervisor), Bharanidharan Shanmugam (Supervisor) & Charles Yeo (Supervisor)

    Cite this