OpenMRS Security Assessment 2

From Foss2Serve
Revision as of 20:04, 17 August 2015 by Scrain (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Description Students interview members of the OpenMRS community to gather information for the security assessment.
Source Steven P. Crain
Prerequisite Knowledge Students must have had a broad exposure to computer security, including Confidentiality-Integrity-Availability, Authentication-Authorization-Auditing, security design principles, database-specific security considerations and the risk assessment process.
Estimated Time to Completion 10 hours
Learning Objectives
  1. Students gain familiarity with editing documents in a wiki, which is commonly used for HFOSS documentation.
  2. Students become familiar with the range of information for security assessment that can be acquired through interviews.
  3. Students learn to make interview questions valuable and meaningful.
  4. Students learn to be aware of the social aspects of appropriate interviewing.
  5. Students learn how OpenMRS uses Inernet Relay Chat (IRC) to communicate.
  6. Students learn how to use IRC properly for HFOSS projects.
  7. Students gain experience conducting interviews for security assessments.
  1. The instructor needs to create or otherwise provide access to a Wiki that the students can edit. Create a base page for this series of assignments, possibly based on the OpenMRS Security Assessment Wiki Template, and then create a page for this specific assignment, OpenMRS Security Assessment Wiki Interview Questions Template.
  2. Students need an IRC client, such as ChatZilla.
Rights Creativecommons-by-nc-sa-40.png This activity is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Turn In Students make specified edits on a common Wiki page.


OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with Department of Health and Human Services regulations authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)

Before beginning this assignment, students should be familiar with the material in a computer security textbook on risk assessment. We used Stallings and Brown, Computer Security: Principles and Practice, 3rd ed., Prentice Hall, 2015, chapter 14.

In this assignment, students use a Wiki to organize the questions they created in OpenMRS Security Assessment 1, in preparation for interviewing members of the OpenMRS community in OpenMRS Security Assessment 3. Wikis are commonly used by Free and Open Source Software projects for their documentation, so this assignment provides valuable experience with this tool.

The interviews themselves are conducted using Internet Relay Chat (IRC), a tool that enables open source developers all over the world communicate instantly, even if they have very low Internet bandwidth.


This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License


Personal tools
Learning Resources
HFOSS Projects