Information systems are employed by organizations for the collection, filtering, processing, creation and distribution of data. In healthcare delivery, patients are required to share information with certain categories of health personnel to facilitate correct diagnosis and to determine appropriate treatment. There have been cases of unauthorized access to patient information by health personnel. Some of these personnel eventually cause great harm to the patient by divulging sensitive information. The existing Data Privacy Preservation (DPP) models are designed for Clinical Decision Support Systems with inadequate information available for DPP in Health Information Systems (HIS) in Nigeria. This research, therefore focused on the development of a model for Data Privacy Preservation (DPP) in HIS to address this inadequacy.

A model for DPP in HIS was developed using the iterative design technique. The model developed comprises a local database that contains the health information of patients, the Random Forest Decision Tree (RFDT) algorithm, an attribute blocking module that employs the RFDT algorithm, an attribute unblocking module which also uses the RFDT algorithm and a module for the computation of time elapsed in unblocking attributes. Mandatory Role-based Access Control was used to restrict the access health professionals have to patient data; each category of health worker can only view the attribute(s) needed for them to provide the service required to fulfill their role. An application based on the RFDT algorithm, was developed to instantiate the model following the Waterfall Software Development Life Cycle. Netbeans Integrated Development Environment, MySQL server, Java Development Kit 8, Scenebuilder 2.0, and Navicat 8 query editor constitute the programming environment. The application was evaluated against the machine learning approach to DPP that employed the classification technique, by comparing its efficiency with the Waikato Environment for Knowledge Analysis (WEKA) version 3.8 software in ensuring DPP using the RFDT algorithm.

    The model developed in this study provides a generic framework for DPP in HIS that reveals the necessary components. This model provides a template that could be adapted for use in studies on DPP in HIS. The application provides the health personnel with Graphical User Interfaces that depict the professional’s access to the patient database while restricting access to attributes not allowed for such category of health workers. The use of the RFDT algorithm in WEKA for DPP gave an efficiency of 73.77% while the approach that employed the application gave an efficiency of 78.32%.

The model presented in this study wouldhelp preserve sensitive patient data from being accessed by health workers who are not authorized to do so. The study showed that the application is more efficient than the WEKA software in ensuring DPP using the RFDT algorithm.The DPP model proposed in this study could also be employed in other domains outside the health sector to curb the challenges resulting from weak DPP.

Keywords:     Health Information System, Machine Learning, Data Privacy Preservation Model, Software Development Life Cycle, Random Forest Decision Tree



1.1 Background to the Study

Health Information Systems(HIS) provide the bedrock for decision-making and has four key

functions: data generation, compilation, analysis and synthesis, and communication and use. The HIS gathers data from the health sector and other relevant sectors, analyzes the data and ensures their overall relevance, quality, and timeliness, and converts data into information for health-related decision-making.In addition to being essential for monitoring and evaluation, the information system also providesearly warning capability,supports patient and health facility management, facilitate planning, supports and stimulatesresearch, permits health situation and trends analysis, supports global reporting, andunderpins communication of health challenges to diverse users (WHO, 2009).

To improve the quality of medical care around the globe,efforts are being made to increase the practice of evidence-based medicinethrough the use of an HIS called Clinical Decision Support Systems (CDSS). Clinical Decision Support provides clinicians, patients, or caregivers with clinical knowledge and patient-specific information to help them reach decisions that enhance patient care (Osheroff, Teich & Middleton, 2011). The patient’s information is matched to a clinical knowledge base, and patient-specific appraisals are then communicated effectively at appropriate times during patient care. Some CDSS include forms and templates for entering and documenting patient information, and alerts, reminders, and order sets for providing suggestions and other support. The use of CDSS comes with many potential benefits. Importantly, CDSS can increase adherence to evidence-based medical knowledge and can reduce unnecessary variation in clinical practice. CDSS can also assist with information management to support the physicians’ decision making abilities, reduce their mental workload, and improve clinical workflows (Karsh et al., 2010). When well designed and implemented, CDSS have prospects that can improve health care quality, and also to increase efficiency and reduce health care costs (Berner, 2010).

Despite the promise of CDSS, there are several barriers that can hinder their development and implementation. Till date, Medical knowledge base is incomplete in part because of insufficient clinical evidence (Englander & Carraccio, 2014). Moreover, methodologies are still being designed to convert the knowledge base into computable code, and interventions for conveying the knowledge to clinicians in a way they can easily usein practice are in the nascent stages of development. Low clinician demand for Clinical Decision Support is another encumbrance to broader CDSS adoption. Clinicians’ lack of motivation to use CDSS appears to be related to usability issues with the Clinical Decision Support intervention, its lack of integration into the clinical workflow, concerns about autonomy, and the legal and ethical implications of adhering to or overriding recommendations made by the CDSS (Berner, 2010). In addition, in many cases, acceptance and use of CDSS are hinged uponthe adoption of electronic medical records (EMRs), because EMRs can include Clinical Decision Support applications as part of Computerized Provider Order Entry (CPOE) and electronic prescribing systems.