The Repository @ St. Cloud State

Open Access Knowledge and Scholarship

Date of Award


Culminating Project Type


Degree Name

Information Assurance: M.S.


Information Assurance and Information Systems


Herberger School of Business

First Advisor

Dennis Guster

Second Advisor

Jim Chen

Third Advisor

Balsy Kasi

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.


The growing concerns for patient privacy, maintaining recordkeeping integrity and ensuring confidentiality have all significantly increased in health care. There is more attention than ever before given to health care systems that store very sensitive personal information for millions of individuals. As it is, information security professionals in the health care industry must carefully balance the fine line that exists between providing medical staff the critical access to health records they need to care for patients while at the same time protecting against malicious acts or unintentional misuse originating from people having inappropriate access to data. The following proposed conceptual model would provide the health care industry a solution to this problem by allowing medical professionals access to only the pertinent data needed to perform a given task without compromising patient care. Additionally, the privacy and confidentiality of patient records are greatly enhanced by this model, which in turn increases regulatory compliance and industry innovation. This proposed concept model is also a perfect blend of role-based access control and process based access control mechanisms. Numerous hours of research and testing of this proposed concept model have revealed significant promise of success by clearly limiting access of information to only authorized individuals.

The enormous depth of knowledge that it takes for an IT professional to fully understand the intricacies of healthcare systems is often overlooked. However, in order to truly secure these types of systems, developers in particular need to achieve greater sophistication with the software code that operates within these systems especially when it comes to access controls. At the same time, funding for the healthcare industry is often a wavering challenge so this proposed conceptual model also seeks to leverage existing role models without the expensive overhead of a costly and extravagant third-party solution. It goes without saying that patients being admitted into a hospital are often in serious health situations and that presents a unique information security challenge because in no way should technology interfere in the welfare of an individual. Consequently, implementing access controls must not contradict with the necessary treatment from medical professionals. This proposed concept model will enable the necessary staff to see all data, but only when provided with a reason and this reason will be forwarded to the patient, making it hard to unnecessary information. Furthermore, the proposed conceptual model is smart enough to know what information is relevant and what is not.


I would like to express my deep gratitude to my advisor Dr. Dennis Guster for guidance and direction of my thesis, my committee members Dr. Jim Chen and Dr. Balsy Kasi for their suggestions and proposed changes. They taught me how to think technically. Without these people, completing this project would not have been possible.

I would also like to thank Dr. Susantha Herath for being patient with me and helping me overcome the roadblocks in my study.

I want to thank all my family and friends for trusting and supporting me all the time. Especially, Brahma Reddy for patiently testing my project. Your encouragement was very helpful in allowing me to finish my project.

This would not have been possible without all of you. Thank you for being patient with me all the time.