Professional Documents
Culture Documents
Kaitlin Perkins
Michael Soto
Nicholas Wicker
Table of Contents
Overview.........................................................................................................................................2
Discussion........................................................................................................................................3
Purpose............................................................................................................................................4
Entities............................................................................................................................................5
System.....................................................................................................................................................5
Stakeholders...........................................................................................................................................5
Environment..........................................................................................................................................6
System Concerns....................................................................................................................................6
Distributed Architecture Description...................................................................................................7
Architecture...........................................................................................................................................7
Management Directive..........................................................................................................................7
Compliance Certification and Accreditation.......................................................................................8
HIPAA.................................................................................................................................................8
PCI-DSS..............................................................................................................................................8
Quality Control......................................................................................................................................8
Diagram........................................................................................................................................10
2
........................................................................................................................................................12
References.....................................................................................................................................13
Overview
3
G5 Health Care (G5HC) is currently seeking a software development design for their new
facility. The complexity includes an enterprise software solution that will consider software
distribution, scalability, fault tolerance, and compatibility with the deployment of connected
devices, such as the Internet of Things (IoT). Since G5HC operates in the healthcare sector, data
that traverses must follow strict standards and guidelines such as the Health Insurance Portability
and Accountability Act (HIPAA). G5HC will also allow users to pay for the health services that
they receive for fees such as their co-payments, which also requires that we follow strict
standards as required by the Payment Card Industry Data Security Standard (PCI-DSS).
Therefore, network access, which includes IoT, must identify, for example, the need for secure
availability, accessibility, and encryption, which are just a few of the challenges as part of the
defense-in-depth design.
Discussion
As healthcare moves out of the hospital and into the communities, data needs to be stored
around the patient. Current systems, which were built for institutions, store data in proprietary
formats. This creates silos, preventing data fluidity and making the routine use of data difficult
(Gornick, 2021). As one of the emerging strategic information technologies, cloud computing is
promising due to its cost efficiency and its potential to provide quality information services in
the healthcare industry. Cloud computing features three main types of service: Infrastructure-as-
includes an OS, development tools, and runtime tools; and Software-as-a-Service (SaaS), which
SaaS would be the ideal architecture as this allows cloud providers to install, manage, and
operate software applications, leading to lower operation costs and high provisioning to the end
4
user. There are various aspects of cloud-based medical healthcare systems, such as infrastructure
and dynamic scalability, information sharing, availability, and cloud monitoring tools (Oh, Cha,
Ji, Kang, Kim, Heo, Han, Kang, Chae, Hwang, & Yoo, 2015). When using cloud-based
resources, network managers need to understand which controls and measures are accountable to
both the cloud vendor and the organization utilizing the services.
The scope of the design is to allow both healthcare providers and their staff to connect
with their clients remotely and around the clock for support. Additionally, clients should be able
to access their information and records from a secure database from multiple form factors. The
system boundaries need to include both physical and logical access parameters such as two-
factor authentication, which will challenge user credentials and verify permissions. Healthcare
resources are vulnerable to attacks due to the sensitivity of personal information making them an
Purpose
Healthcare relies on health information systems (HISs) to support various care processes
and receive reimbursement for the care provided. Unfortunately, current HISs still has some
drawbacks. For example, studies on HISs reported problems with poor interface design, poor
security, missing features, lack of professional support, limited use, and low data quality. Most
of these problems occur when relevant standards, procedures, and guidelines are not followed
effectively (Tummers, Tobi, Catal, & Tekinerdogan, 2021). Our system will provide a product
that can improve on these known issues and deliver improved service to healthcare providers and
patients.
5
Entities
System
This proposed health information system provides an opportunity for healthcare providers
to make personal health information more accessible to their patients in a secure way. This
would allow healthcare providers to upload health records, lab results, or any other information
relating to their patient’s healthcare. Through this system or application, patients can also access
their personal health information, schedule appointments, and even pay for their healthcare
services.
Stakeholders
There are various stakeholders invested in the development and eventual launch of the
proposed system. The three categories we have divided our stakeholders into are Executive,
Executive stakeholders include the chief executive officer (CEO), chief financial officer
(CFO), chief operations officer (COO), and chief information officer (CIO). Executive
stakeholders prioritize that the overall software development is aligned with the enterprise’s
vision and legal requirements. The service that the enterprise will be providing must operate well
within budget and have a worthwhile return on investment (ROI), where operations run
Primary stakeholders consist of healthcare providers and their staff, which include
doctors, nurses, and medical technicians. These members require privileged access to the system
to perform daily operations such as logging patients’ medical records, communicating with
outside network entities, access medical tools and devices during patient visits. We consider
6
these features for primary stakeholders because of the permissions granted that allow them to
companies, pharmacists, laboratories, caregivers, and patients. These stakeholders require access
to information stored on the system to fill prescriptions, exchange patient information for
referrals, send and receive information to specialized medical centers or labs to run diagnostics,
Environment
This system will be operating within medical, technical, legal, and regulatory
environments. The information being stored and transmitted across this system is sensitive due to
being associated with the healthcare industry. The importance of confidentiality, integrity, and
availability of protected health information (PHI) are critical to the security of patient data, so the
System Concerns
The core concerns associated with our system include functionality, structure, cost,
Functionality: will the system meet the requirements established at the contextual
Structure: will the system comply with HIPAA and PCI-DSS standards and ensure
Cost: what will the system cost and what will the associated costs with training,
Supportability: what is the expected learning curve to use the system, will there be
Interoperability: will the system operate among all stakeholders, between the physical
The network will deploy various system components that all communicate with each
other but are also able to function on their own. In this design, there is a centralized network
controller that communicates both internally and externally with devices outside of the network
boundary. This distributed network architecture offers scalability and reliability. Components on
the distributed network can differ in size, and some could have a high volume of devices
attached to the network while some might communicate with a limited set.
Architecture
concepts or properties of a system in its environment embodied in its elements, relationships, and
in the principles of its design and evolution” (ISO, 2017). Our proposed system can be defined as
a distributed system, due to multiple users accessing health information stored on it from a
variety of locations and devices. Each user will only be authorized access to their data using this
distributed system.
Management Directive
ensure that the system is fulfilling its purpose in a safe, secure, effective, and efficient manner.
These management directives are implemented to comply with privacy laws, security standards,
8
for ensuring our system follows all federal and local regulations.
HIPAA
Per the HIPAA Security Rule, the proposed system must:
protect against any reasonably anticipated threats and hazards to the security or
of such information that are not permitted by the Privacy Rule” (NIST, 2008, p.
6).
PCI-DSS
Per the PCI Security Standard (PCI DSS), the proposed system will also be
handling payment information for clients when conducting financial transactions for
healthcare services. The PCI DSS v4.0 is the current standard which is defined as, “The
PCI Data Security Standard is a global standard that provides a baseline of technical and
operational requirements designated to protect payment data. PCI DSS v4.0 is the next
Quality Control
In addition to meeting functional requirements, we also want to ensure that the proposed
implementing the quality-in-use model and the product quality model defined in ISO/IEC
25010:2011. According to ISO/IEC 25010:2011, “quality in use is the degree to which a product
9
or system can be used by specific users to meet their needs to achieve specific goals” and uses
effectiveness, efficiency, freedom from risk, and satisfaction as the measured metrics, as seen in
Figure 1 (ISO, 2017). The product quality model uses eight characteristics to categorize the
Figure 1
Figure 1. Effectiveness, efficiency, satisfaction, freedom from risk and context coverage are the five
properties used to describe the quality in use. Adapted from “Systems and software engineering —
Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality
Figure 2
Figure 2. Categories are used in the product quality model to characterize the quality of products.
Adapted from “Systems and software engineering — Systems and software Quality Requirements and
Diagram
Below in Figure 3, we have included a UML class diagram for our system architecture
design. As part of this section, there is an assumption that the reader understands how to read
UML diagrams and understands the basic relationships depicted on a UML diagram. The
previous section defined each entity, and the diagram shows the relationships between them as
11
noted above the relationship lines and with the arrows depicting the direction. For simplicity, the
names of each entity are listed, and the previous section includes the details for each entity. The
diagram is best understood if read starting with the stakeholders on the left and continuing to the
right.
The Stakeholders have an interest in the system, and the purpose pertains to the system
concerns which addresses the interests that stakeholders have in the system. Quality control is
based on the system once it is created, and it is in an environment. The system exhibits the
architecture, and the management directives ensure that compliance certification and
architecture description expresses the architecture, and as mentioned in the previous section, the
Figure 3
References
Gornik, T. (2021, March 4). Re-thinking the Architecture of Healthcare IT. Retrieved May 11,
1:v1:en
ISO. (2017). Systems and software engineering — Systems and software Quality Requirements
1:v1:en
NIST. (2008). An Introductory Resource Guide for Implementing the Health Insurance
Portability and Accountability Act (HIPAA) Security Rule. Special Publication (NIST SP)
66r1.pdf
Oh, S., Cha, J., Ji, M., Kang, H., Kim, S., Heo, E., Han, J. S., Kang, H., Chae, H., Hwang, H., &
for Cloud-Based Clinical Decision Support Service. Retrieved May 11, 2022, from
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4434058/
PCI Security Standards Council®. (2022, March). Official PCI Security Standards Council Site -
Verify PCI compliance, Download Data Security, and credit card security standards. PCI
https://www.pcisecuritystandards.org/documents/PCI-DSS-v4-0-At-A-Glance.pdf?
agreement=true&time=1652651200036
14
Tummers, J., Tobi, H., Catal, C., Tekinerdogan, B. (2021). Designing a reference architecture
https://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/s12911-021-01570-