Security in Health Management
The District Health Information Software 2 (DHIS2) is an open source, web-based health management information system (HMIS) platform. Today, DHIS2 is the world's largest HMIS platform, in use by 67 low and middle-income countries.
2.28 billion people live in countries where DHIS2 is used. With inclusion of NGO-based programs, DHIS2 is in use in more than 100 countries.
DHIS2 is developed primarily at the University of Oslo, with some distributed development in Tanzania, Vietnam, USA, and other countries. It supports both reporting and analysis of aggregate statistics, as well as patient management.
There are openings for a range of topics related to security and confidentiality with DHIS2. Some potential topics can be:
- Build and test an OWASP ModSecurity ruleset for use as a web application firewall with DHIS2
- Work with the release team to develop a software security verification process (security by design) based on ASVS but customised for DHIS2.
- Develop a penetration testing process which could be used for internal testing of DHIS2. There are several potential tools for this, including the OWASP Zed Attack Proxy (ZAP)
- Secure implementations in countries. Work with/in an implementing country to improve the security measures. This can be linked to server configuration and routines, database configuration, and development of manuals and Standard Operating Procedures (SOP) for secure and confidential data management.
- Anonymization / Pseudonymization of patient data. In order to publish data sets containing personal information (e.g. for further statistical processing or for generating test/training data bases), the data must be anonymized or pseudonymized (depending on the application). The task will be analysis of existing methods and application/evaluation on real-life DHIS2 installation.