OpenMRS Security Assessment 2
|Description||Students interview members of the OpenMRS community to gather information for the security assessment.|
|Source||Steven P. Crain|
|Prerequisite Knowledge||Students must have had a broad exposure to computer security, including Confidentiality-Integrity-Availability, Authentication-Authorization-Auditing, security design principles, database-specific security considerations and the risk assessment process.|
|Estimated Time to Completion||10 hours|
|Rights||This activity is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.|
|Turn In||Students make specified edits on a common Wiki page.|
OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with Department of Health and Human Services regulations authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)
Before beginning this assignment, students should be familiar with the material in a computer security textbook on risk assessment. We used Stallings and Brown, Computer Security: Principles and Practice, 3rd ed., Prentice Hall, 2015, chapter 14.
In this assignment, students use a Wiki to organize the questions they created in OpenMRS Security Assessment 1, in preparation for interviewing members of the OpenMRS community in OpenMRS Security Assessment 3. Wikis are commonly used by Free and Open Source Software projects for their documentation, so this assignment provides valuable experience with this tool.
The interviews themselves are conducted using Internet Relay Chat (IRC), a tool that enables open source developers all over the world communicate instantly, even if they have very low Internet bandwidth.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License