Please see project.docx first.
Then complete the work according to the following requirements.
1?Analyze the threat/object/security service diagram to find the new threats for requirements analysis phase. For each new threat, provide a security measure (security service). Describe new threats and their security measures.2?Develop the security classes on the static model and describe each security classes.3?Develop the secure communication model that depicts the application objects and security objects participating in each use case. Describe the sequence of interactions among the objects. Initial Threat/Application/Security Class Diagram for
Create daily/monthly reports Use Case
Threat
《threat》
Repudiate access
database
Access
Application
《service》
Hospital
database service
Check
Security
《security》
Path Traversal
Checker
Interact
With
1..*
1
《System》
Healthcare
System
Interact
With
1..*
1
Patient
CEO
Staff
Nurse
Doctor
PatientList
CardReader
CEO
Staff
Nurse
Doctor
ReceiptPrinter
Interact
With
1
1
PatientReport
Display
Patient
DailyReport
Display
MonthlyReport
Display
Outputs to
Input to
Healthcare
System
1..*
Operator
Make a payment
*
《entity》
Card Account
《entity》
Debit card
《entity》
Credit card
Make an appointment
1
Own
《entity》
Patient Account
1
《entity》
Checking
Account
Own
1
《entity》
Patient
1
1
《entity》
Patient record
*
Own
《entity》
Staff Account
Create
《entity》
Staff
1..*
Own
《entity》
Nurse Account
1..*
Own
Modify
《entity》
Doctor
1..*
Own
《entity》
CEO Account
*
Modify
《entity》
Nurse
《entity》
Doctor Account
*
View
《entity》
CEO
1
View
*
《entity》
Reports
1
《entity》
Patient List
You have been requested to develop a healthcare system with the following characteristics:
The CEO of a hospital plans to build a secure healthcare system, which manages patient
information securely. A hospital has a CEO, doctors, nurses and staff. A patient can make an
appointment, change, or cancel the appointment through the healthcare system directly or by
calling a staff in the hospital. On-line appointments are required for a patient to have an account
in the system. A patient or staff checks a doctor’s available time, with whom the patient makes
an appointment. The appointment is recorded in the system and updated whenever the patient
change or cancel the appointment. An appointment will be cleared when a patient visits the
doctor in the hospital. In case of missing appointments, the system clears the appointments
automatically at 8 pm on a daily basis. The hospital does not accept walk-in patients.
When a new patient arrives at the hospital, a staff enters to the system the patient
information, which includes patient name, address, phone number, email, social security
number, and insurance name. Then the staff creates a patient record for the day visit and adds
the record to a list of patients being served by each doctor. For a returning patient, the staff just
finds the patient record and adds it to the list of patients for a doctor. The nurse measures a
patient’s weight, height, blood pressure, and pulse every time a patient visits a doctor, updating
the patient record with the measurements. The nurse also adds the reason of patient’s visit to
the doctor to the patient record. A doctor can look at the next patient record before he/she meets
a patient. After treating a patient, a doctor updates a patient record with his treatment content
and, if any, prescription.
A patient can access his/her medical record on-line via the healthcare system, which
includes a doctor visit summary, lab result, radiology report, pathology report, allergy
information, and prescribed medicines. A patient is required to log in his/her account with ID
and password in order to access his/her medical record. If a patient does not have his/her
account, he/she should sign in a new account. A patient can see his/her medical record, but
he/she cannot change the medical record.
A patient pays for the copay of a doctor visit to the staff just after getting a treatment. A
patient can pay it by credit/debit/check/cash. In cases of credit or debit card payment, the card
is validated by the card company, and the amount is charged to the patient card account in the
card company. Then the card company sends a reference number to the hospital, which is stored
with the patient payment information. A patient receives a receipt for the payment.
In addition, a patient pays an invoice (except for the copay for a doctor’s visit) for his/her
medical services on-line via the healthcare system. The hospital sends to a patient his/her
invoice for any medical services using emails. The patient can access his/her account with
his/her ID/password to pay the invoice using a credit or debit card. Also a patient can pay the
invoice with the invoice number without logging in his/her account. The system generates a
receipt for the patient’s on-line payment and emails it to the patient if the patient wants to
receive the receipt using his/her email.
The system generates a daily summary report at 9 pm every business day and a monthly
report at the end of each month. The report shows the information on doctors’ performance for
a day or a month. The report contains each doctor name, the number of patients served by a
doctor in a day, and health service income. The monthly report is a summary of daily reports
for a month. The daily and monthly reports are stored in the system so that the CEO looks at
them any time.
Doctors, nurses, staff and CEO are allowed to access their patient records, and payment
information on the basis of their permission. A doctor has all permission on read/write on his
patient record. A nurse has read/write permission on patient record, but she cannot write
treatment. A doctor or nurse can access only his/her patients’ records. A staff can create, read
and write patient information on a record, and access patient payment information. CEO can
read patients’ records and payment information, but he cannot write on it. The CEO can look at
the daily and monthly reports, and change a doctor and his/her nurse’ salaries according to their
monthly performance.