Kato Mivule, Stephen Otunba, Tattwamasi Tripathy, Sharad and Sharma, "Implementation of Data Privacy and Security in an Online Student Health Records System", Proceedings at the ISCA 21th Int Conf on Software Engineering and Data Engineering (SEDE-2012), Pages 143-148, Los Angeles, CA, USA
Implementation of Data Privacy and Security in an Online Student Health Records System
1. Implementation of Data Privacy and Security in an Online
Student Health Records System
Kato Mivule, Stephen Otunba, and Tattwamasi Tripathy
Department of Computer Science
Bowie State University
Bowie, Maryland, 20715, USA
mivulek0220@students.bowiestate.edu,
otunbaas0402@students.bowiestate.edu, tripathyt0715@ students.bowiestate.edu
Abstract— Large data collection organizations such as the Census
Bureau often publish statistics to the public in the form of
statistical databases. These databases are often transformed to
some extent, omitting sensitive information such as Personal
Identifying Information (PII). On the other hand entities that
collect vast amounts of data such as the Census Bureau, Centers
for Disease Control (CDC), academic institutions, and health
organizations -to name a few- have to publish and share collected
data with both the public and researchers, taking into
consideration privacy concerns and staying in compliance with
data privacy laws such as the Health Insurance Portability and
Accountability Act of 1996 (HIPAA). Data collection
organizations are also tasked with finding the optimal balance
between privacy and utility needs of data being published.
Therefore the necessity to develop software applications that
address such data privacy concerns is enormous. This paper,
proposes an implementation of an Online Students Health
Record System application with data de-identification and access
control capabilities in compliance to HIPAA rules, while at the
same time, realizing query efficiency and optimization.
Keywords-component; Data privacy and Security, De-
identification, Personal identifying information, Access control,
online database applications
I. INTRODUCTION
Entities that collect vast amounts of data such as the Census
Bureau, CDC, academic institutions, health organizations,
among others, have to publish and share collected data with
both the public and researchers, taking into consideration
privacy concerns. Such data gathering institutions are bounded
by state and federal privacy and security laws that obligate that
confidentiality of individuals be protected. The US Privacy Act
of 1974, HIPAA Act of 1996, and the Personal Data Privacy
and Security Act of 2009, require entities to protect and secure
PII in data [1][2][3]. Academic institutions such as universities
often collect vast amount of student health data, in form of
immunization records, blood types, hospitalizations, illness
history, among others. In our implementation, we made an
observation of how student health records are gathered at
Bowie State University’s student health clinic center [4]. The
goal of the proposed system was to develop an online student
health record system that is in compliance with HIPPA rules,
combined with access control and data de-identification
capabilities. Often this responsibility falls to the university
health centers that have to maintain the record keeping and
share the collected data with students and school officials when
requested. For the most part, record gathering is done on paper
via student health record forms and then entered into a central
database, as is the case with many universities, with no online
health records systems. In our contribution of this work lies in
the implement of an Online Students Health Record System
(OSHRS) application with data de-identification and access
control capabilities in compliance to HIPAA rules, while at the
same time achieving query efficiency and optimization. We
have developed a software architecture that addresses both the
accessibility and confidentiality issues. The system controls
access to student records and at the same time grants
confidentiality to published student health data sets.
The following definitions will be essential in this paper in
context of health data and information: Data privacy is the
shielding of an individual’s health information against unlawful
disclosure. Data security is the protection of health information
against unlawful access [5] [6]. This means securing health
databases such that only lawful access is granted to only
authorized persons. Personally identifiable information (PII) is
any data that can uniquely be used to identify an individual
such as full names and social security numbers. However, this
includes data about an individual that could be used to
construct the full identity of that individual in conjunction with
auxiliary information [7] [8]. For example, an individual’s
identity being reconstructed using their birth date, city of
residence from Facebook in conjunction with their zip code
from a published health record data set. Quasi-attributes are
attributes not in the PII classification but can be used to
reconstruct an individual's identity in combination with
auxiliary information [16]; for example zip code and city of
residence. Attributes in statistical databases, are field names or
columns [5]. Confidential attributes are attributes not in the PII
and quasi-attributes classification but contain sensitive data,
such as DNA and HIV status. Non confidential attributes are
attributes not considered sensitive as to cause a leak of private
information. However, none confidential attributes can still be
used to reconstruct an individual’s identity in conjunction with
auxiliary information, thus making the explicit definition of
what PII is even more of a challenge [16]. Data De-
identification is a procedure in which PII attributes are
removed from datasets such that when the data is made public,
an individual's identity cannot be recreated [9][10].
Data utility verses privacy has to do with how beneficial a
dataset that is made public is to a user of that published dataset
[11] [12]. Often the usefulness of published health data
2. diminishes when PII and quasi-attributes, are removed or
distorted in order to grant confidentiality; equilibrium between
privacy and data utility is always pursued [13]. Researchers
have found that attaining optimal data privacy while not
diminishing data utility is a continual NP-hard task [14]. In
this paper, we focus on implementing an online student health
record system that de-identifies data and publishes data
without PII.
The stakeholders of this project are outlined and their roles
are defined in our general use case diagram in Figure 3.
Stakeholders: In the proposed system, we characterize stake
holders who will interact with the system in the subsequent
way: (1) Universities, Colleges, and High Schools. (2)
University and College Students. (3) Health Professionals
which includes, Registered Nurses, Doctors, and Nurse
Practitioner. (4) School Officials, which includes the Health
Compliance Officer. (5) Administrators, including the
Database Administrator. Actors: In addition to describing
stakeholders of the proposed system, we differentiate actors
and their goals as related to their interaction with the system:
University Students: Enter, Update, Print, View Data. Health
Professionals: Enter, Update, Print, View Data this includes
Registered Nurses, Doctors, and Nurse Practitioners. School
Officials: View Data and make recommendations, this
includes the Health Compliance Officer. Administrators: Add
and Edit Schema, Tables, Views and Reports. Guests
(Researchers/Visitor): query the database for de-identified data
sets.
The rest of this paper is organized as follows. Section II
presents related work. Section III describes methodology and
implementation. Section IV discusses results. Finally, Section
V presents conclusions.
II. RELATED WORK
Data privacy in health records applications has gained
considerable attention as organizations seek ways to grant
privacy and security of their client’s health data. Deng et al.,
[15] have discussed employing cryptographic techniques to
manage privacy and security to health records in a cloud
computing environment for health care systems. In such
systems Deng et al., suggest that the cryptographic techniques
employed would focus on patient control. In other words, the
patient would be able to control who gains access to their
health records by employing cryptographic means [15]. Yet at
the same time protecting electronic health records cannot work
without well refined policy and regulations for sharing health
data. In these efforts, Matteucci et al., [16] present a health
data model in which they advocate for a set of parameters that
include authorization, obligation, and prohibition, that have to
be satisfied in order to meet the security policy and regulations
requirements before health data access is granted [16].
Furthermore Delgado [17] notes that while there is a growth in
the employment of cloud computing for the transaction of
personal health information, policy and regulation
mechanisms for the control of health data have not been
upgraded to catch up with technology, in this case cloud
computing [17]. Of recent, a number of proposed electronic
health records systems have placed attention on privacy and
security of personal health records (PHRs), with focus placed
on patients having full control of their health data and granting
secure access to those they choose to.
Israelson and Cankaya [18] have proposed a web-based
system for sharing PHRs with patients in full control of their
health records while granting health professionals access for
record maintenance, and at the same time satisfying security
issues such as confidentiality, accessibility, and non-
repudiation during that health data transaction [18]. From the
literature review, we see that there are two types of electronic
health record systems, one is modeled after the PHRs, in
which patients have full control of their health data, and the
other is a model in which patient health data is controlled by
health data collecting entities such as University health clinics.
In our proposal, we focus on the latter, and we answer
questions like who has access to student health records. In our
case, we address the security and privacy questions of health
data being collected by large entities such as Universities,
while many proposed PHR models focus on patient control of
their health data. At the same time secure and confidential
query processing in electronic health data is essential to any
secure electronic health records model. In their proposal,
Clarke and Steele [19] address the issue of secure and
confidential query assurance in which query assurance has to
meet the requirements of correctness, completeness, and
freshness in the context of sound data security, privacy and
utility [19].
However, in our proposed model, we implement query data
de-identification by removing all PII from queries returned, by
checking the different levels of access to data. A doctor, for
example would be able access more private records of the
patient than say a school health compliance official who
simply needs an aggregate count of students who have taken
flu shots. In an attempt to keep patient health records secure
during an emergency Huda et al have developed a system that
uses data stored on an IC card in conjunction with
authorization and authentication to grant health professional’s
access to the patient’s health records [24]. Rostad presents a
discussion on user defined roles and patient defined roles on
granting access to health records in a PHR system. Rostad
sites three main concerns in regards to user roles; simplicity,
time, and transparency [25]. In our application user roles are
defined by the system and authorization mechanisms which
limit user access to data based on user roles.
We have provided a simple user interface that is easy for
patients and health professionals to use and understand.
Security measures implemented must be easy to use otherwise
people will not use the system or find ways of bypassing the
security measures [26]. As in our system, Daglish et al., [26]
identified the stakeholders in their PHR system as researcher,
patient, administrator, and various health professionals [26].
Steele and Kyongho have also developed a health record
system with role-based access mechanisms with the difference
being that their system uses an extended certificate approach
to insure patient record privacy [27]. Jiang et al., [28] focus on
personal self-service and self-management electronic health
records [28]. There system is geared more towards people
3. with chronic long term diseases such as hypertension and
diabetes [28]. Their system provides a means for patients to
monitor their illness and possibly correct unhealthy behavior.
They plan to implement data privacy mechanisms in their
future work [28]. Currently patient health data is stored in
remote medical records at various locations and are
maintained by numerous healthcare providers [29]. Alhaqbani
and Fidge have developed a system for patients to link their
individual health records using pseudonyms thus allowing
them to control access to their records and have all their health
data available to them in one place [29].
Our system is web based and maintains all patient health
data in a localized central location. Botts et al., discuss a
framework for making PHR data accessible to vulnerable
populations [30]. The system we proposed is web-based and
will allow for easy access to health data for all populations.
Our systems are similar in the sense that the will both provide
low-cost scalable health records systems [30]. Padma et al.,
have demonstrated how a web-based and terminal-based SQL
interface can be used to insure that patient privacy is
maintained [31]. Their system also controls the amount of
data that can be accessed by health professionals based on
their roles. For instance a doctor will be able to view more
patient health data than a nurse [31], thus ensuring data
confidentiality. The system developed by Motiwalla and
Xiaobai provides value added data analysis with the use of
masked datasets. Their software uses data masking algorithms
which keep “snoopers” from discovering the identities of
patients while at the same time still providing useful statistical
data for data miners [32]. Ma et al., have developed a system
that stores patient health data on SD cards. The system is
geared toward child health records but does not take into
consideration HIPAA privacy rules [33].
III. METHODOLOGY AND IMPLEMENTATION
In this section, we describe the software engineering
methodology of our proposed online student health records
system. The goal of our implementation is to propose an online
system used by students and school officials to store and
retrieve student health data. The system keeps in compliance
with HIPAA Privacy laws that govern how electronic health
records are transacted [20] [21]. This health system seeks to
cover the confidentiality, integrity, and accessibility of
student's medical data and comply with the National Institute of
Standards and Technology (NIST) in the handling of Personal
Identifiable Information (PII) [22][23].
Customer Statement of Requirements: In this proposed
system, students are able to log into the system and input their
medical data, and view their own health records. School Health
officials and researchers are also able to log into the system and
query data in compliance with the HIPAA privacy rules. The
system is meant to enhance the medical record keeping of a
small college or university student medical clinic. In this
proposed system, all actors accessing the system must agree
with the HIPPA privacy laws statement, that by logging into
the system they agree to transact with the health data in
accordance with the HIPPA privacy rules, failure to agree,
means being automatically logged off the system. Students,
researchers, and database administrators will all have web
access to the system and will be assigned appropriate
privileges. To access the system, all users must have a valid
username and password assigned to them by the database
administrator. Without the appropriate credentials access will
not be granted. If a user enters an invalid user name and
password the system will prompt the actor to re-enter the
credentials. If the actor is unable to access the system after
three attempts, they must contact the database administrator for
assistance, thus accessibility and access control is ensured.
Students and health professional will be able to upload, view,
and edit data. The database administrator will be able to create,
delete, and manage user accounts. Researchers (guests) will be
able to view de-identified data and query data in compliance
with HIPPA privacy rules, thus ensuring confidentiality.
In this proposed system, students are able to upload
documents and edit their own health records. To access their
account, students must log in using a valid username and
password that are assigned to them by the database
administrator. Students are able to enter and edit bio
information, health history, allergy, medication information,
upload documents for verification, and enter an electronic
signature, to ensure data integrity and non-repudiation.
Students will also be able to view individualized reports of
their own health data. Health professionals will be able to log
into the system with a valid username and password. The
health professionals will be able to search for students records
by student id number. Health professionals can also edit
information and verify documents uploaded by the student to
ensure the authenticity of submitted documents such as student
immunization certificates from doctors. All inputs into the
system and student records are stored in a MySQL database.
When new student data is entered or edited, the corresponding
information will also be updated in the database and time
stamped.
Development phase implementation: we implemented the
proposed system using, PHP for our front-end application and
MySQL for our back end database. Both PHP and MySQL are
free and available online for download, making this system
design feasible for implementation. The proposed designed
system is a three-tier database application that generally
consists of the back-end system composed of a MySQL
database that stores all the medical data, the front-end system
that is composed of the PHP modules that control the
accessibility to the medical system, and the Apache server to
have the database web accessible.
Functional Requirements Specifications: the proposed
system ensures the three computer security principles are met:
(1) Confidentiality: must grant privacy for students. (2)
Integrity: must keep data safe from any unauthorized changes.
(3) Availability: must make data available and accessible
anytime. In addition, this proposed system offers the following
functionality: (a) Students can input their health records. (b)
Students can access their health records. (c) School health
professionals and researchers can query health data. (d) A
student can only access their own personal health record. Refer
to Figure 1.
4. Figure 1: Sequence diagram for Researcher
At the same time, a number of functional utilities are
implemented with the proposed system to capture and process
data:
Register utility – allows a student to register.
The Login utility – allows registered students to
log into system.
Home page utility – displays current student health
records, grants access to Health Forms.
Health data forms utility – grants access to health
record forms for data input.
Search Query utility – allows for searching of
health records database in accordance with
HIPAA privacy rules.
The back-end database in the proposed system has the
following schema with subsequent functional entities: Student
Health Data – main Schema. Student Data – stores student data
on student bio data. Immunization Data – stores student data on
immunization history. Verification Data – stores student
verification data. Immunization Waiver Data – stores student
data on immunization waivers. Health History Data – stores
student data on health history. Login Registration Data – stores
student data on student registration. Signature Data – stores
student e-signature data. Medicine Allergies Data – stores
student data on known medical allergies. See Figure 2.
Figure 2: An overview of the Module architecture
The front-end database in the proposed system has the
following functional entities: Register utility – to register new
students and health workers to the system. Login utility –
authenticates students and health workers into the system.
HIPAA Rules Compliance Agreement Form – users agree to
HIPAA privacy rules. Trigger Communication utility – trigger
messages if health data not up to date. Home menu page: only
accessible after successful login, which offers the following
functional modules: Student input data form – captures student
bio data. Immunization input data form – captures student
immunization history data. Verification History input data form
– captures student verification data. Immunization Waiver input
data form – captures student immunization waiver data. Health
History input data form – captures student health history data.
Login Registration input data form – captures student login
registration data. Medicine Allergies input data form – captures
student known medical allergies data. Electronic Signature
input data form – captures student electronic signature data.
Student Health Record Report – display student data to
student/health worker. Search Query Engine – allows health
workers and researchers to search health records in compliance
to HIPAA Rules. Data De-identification Module – strips out
PII information from a query being returned, at the front-end
application level.
Use Cases: In the proposed system we defined casual
descriptions of the actors and their interaction with the system.
Students: are able to add, view, and edit their individual
health data. They are also able to upload documents, seek
immunization waivers, post electronic signatures, and view
their individual health reports. Health Professionals: the list of
health professionals includes doctors, registered nurses, and
nurses. Refer Figure 3.
Health professionals can add, view, and updated
health records. They are authorized view student data, make
recommendations, and verify documents uploaded by the
student.
School Officials: can view limited data, mainly
aggregated data and make recommendations. They
can also run a query search on the database to obtain
information such as which students have failed to
5. submit the required health history information so that
the student can be notified.
Administrators: consists of database administrators
who can add, edit, view, delete, and upgrade the
schema; they can also create and delete user accounts.
Guest: could be researchers from other universities
or other outside health related organizations. Guests
can query search the database to obtain statistical data
to generate reports. Data collected could be used to
study disease outbreaks or obtain information about
the overall health of university students.
Figure 3: Use case depicting the systems Actors/Stakeholders
and their various roles.
Non Functional Requirements: while non-functional
requirements might not be articulated in the customer
requirement documents, they do affect the overall performance
of a system [34]. In the proposed system, we implemented non
functional requirements that included the following:
Security Requirements: the main focus with security
requirements was the prevention of SQL Injection attacks.
The implementation was done at front end level by
ensuring that all PHP forms prevented SQL injection
attacks.
Usability Requirements: these included, consistency in the
user interface with ease of use as an imperative, and
documentation, giving an overview of the system
functionality to users.
Reliability Requirements: we utilized PHP and MySQL
because of their availability and easiness to archive, store,
and recover data, given that the applications are open
source and thus maintenance costs would considerably be
lower.
Performance Requirement: MySQL and PHP offer
considerable efficiency, speed, and response time.
Supportability Requirements: implementation of the
proposed system on MySQL and PHP architectures
offered testability, extensibility, adaptability,
maintainability, compatibility, configurability, and
serviceability.
IV. RESULTS
We found that our specialized query search was effective in
removing PII from search results returned from the patient
records. Figures 4 and 5 show the run time for query execution
before and after our specialized query search was applied at
the front-end application level. With our results, we found that
data de-identification does not add to query execution time but
actually might help with improving query efficiency and
optimization. Therefore granting data privacy and security to
queries might actually help improve overall performance and
not add overhead costs at the front-end application level. In
Figure 4, we have shown results of query execution time in
seconds after the same query with PII was executed 12 times.
However, in Figure 5, the same query was executed 12 times
with de-identification and results show that execution time
was faster than in the previous case with PII inclusive.
Figure 4: Query before De-identification is implemented
Figure 5: Query search with De-identification
V. CONCLUSION
This paper introduces a new user application based on open
source tools such as MySQL and PHP with emphasis on
HIPPA compliance and privacy. It presents an overview and
detailed description of the functional utilities, underlying
architecture of the application that is vital to access, edit and
retrieve data and generate statistical reports while adhering at
the same time to data integrity and confidentiality rules as
specified by HIPAA. In this paper, we have taken a look at
implementation of an Online Students Health Record System
application with data de-identification and access control
capabilities in compliance to HIPAA rules, while at the same
time, realizing query efficiency and optimization. With our
6. results show that data de-identification reduces query
execution time and might actually help with improving query
efficiency and optimization. Therefore granting data privacy
and security to queries can help improve overall performance
and not add to the overhead costs at the front-end application
level. One of the limitations of this application is that the
system is based on centralized data storage and more research
needs to be done on how the same system will fair in a cloud
computing environment. Since the current application is a
benchmark, numerous efficient data query search algorithms
can be incorporated that can take the application to the next
level.
ACKNOWLEDGMENT
We would like to thank Dr. Sharad Sharma and the Bowie
State University Computer Science Department.
REFERENCES
[1] USDOJ, “The Privacy Act of 1974. 5 U.S.C. § 552a”, 1974.
[2] USGPO, HIPAA of 1996-H. Rept.104-736, U.S. Govt Printing Office,
1996.
[3] US Library of Congress, 2009. Personal Data Privacy and Security Act
of 2009– S.1490, THOMAS (Library of Congress
[4] “Bowie State University Henry Wise Wellness Center - Health Data
Forms.” Available Online:
http://www.bowiestate.edu/CampusLife/wellness/;
http://www.bowiestate.edu/CampusLife/wellness/forms/, [Accessed: 09-
Feb-2012].
[5] Ciriani, V., et al, Secure Data Management in Decentralized System,
Springer, ISBN 0387276947, 2007, pp 291-321, 2007.
[6] Denning, D. E. and Denning, P.J., Data Security, ACM Computing
Surveys, Vpl. II,No. 3, September 1, 1979.
[7] U.S. DHS, Handbook for Safeguarding Sensitive PII at The DHS,
October 2008.
[8] McCallister, E. and Scarfone, K., Guide to Protecting the Confidentiality
of PII, Recommendations of the NIST, 2010.
[9] Ganta, S.R., et al, 2008. Composition attacks and auxiliary information
in data privacy, Proceeding of the 14th ACM SIGKDD 2008, p. 265.
[10] Oganian, A. and Domingo-Ferrer, J., On the complexity of optimal
micro-aggregation for statistical disclosure control, Statistical Journal of
the United Nations Economic Commission for Europe, Vol. 18, No. 4.
(2001), pp.345-353.
[11] Rastogi et al, The boundary between privacy and utility in data
publishing, VLDB ,September 2007, pp. 531-542.
[12] Sramka et al, A Practice-oriented Framework for Measuring Privacy and
Utility in Data Sanitization Systems, ACM, EDBT 2010.
[13] Sankar, S.R., Utility and Privacy of Data Sources: Can Shannon Help
Conceal and Reveal Information?, presented at CoRR, 2010.
[14] Wong, R.C., et al, Minimality attack in privacy preserving data
publishing, VLDB, 2007. pp.543-554.
[15] Deng, M.; Petkovic, M.; Nalin, M.; Baroni, I.; , "A Home Healthcare
System in the Cloud--Addressing Security and Privacy Challenges,"
Cloud Computing (CLOUD), 2011 IEEE International Conference on ,
vol., no., pp.549-556, 4-9 July 2011
[16] Matteucci, I.; Mori, P.; Petrocchi, M.; Wiegand, L.; , "Controlled data
sharing in E-health," Socio-Technical Aspects in Security and Trust
(STAST), 2011 1st Workshop on , vol., no., pp.17-23, 8-8 Sept. 2011
[17] Delgado, M.; , "The Evolution of Health Care IT: Are Current U.S.
Privacy Policies Ready for the Clouds?," Services (SERVICES), 2011
IEEE World Congress on , vol., no., pp.371-378, 4-9 July 2011
[18] Israelson, Jennifer; Cankaya, Ebru Celikel; , "A Hybrid Web Based
Personal Health Record System Shielded with Comprehensive Security,"
System Science (HICSS), 2012 45th Hawaii International Conference on
, vol., no., pp.2958-2968, 4-7 Jan. 2012
[19] Clarke, Andrew; Steele, Robert; , "Secure and Reliable Distributed
Health Records: Achieving Query Assurance across Repositories of
Encrypted Health Data," System Science (HICSS), 2012 45th Hawaii
International Conference on , vol., no., pp.3021-3029, 4-7 Jan. 2012
[20] U.S. Department of Health & Human Services, “Summary of the
HIPAA Privacy Rule.” Online:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.ht
ml.
[21] U.S. Department of Health & Human Services, “Summary of the
HIPAA Security Rule.” Online:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html.
[22] McCallister et al, “Guide to Protecting the Confidentiality of Personally
Identifiable Information ( PII ) Recommendations of the National
Institute of Standards and Technology,” Nist Special Publication, 2010,
Online:csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
[23] “HIPAA Privacy Rule and Public Health Guidance from CDC and the
U.S. Department of Health and Human Services*.” Online:
http://www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm.
[24] Huda, M.N.; Yamada, S.; Sonehara, N.; , "Privacy-aware access to
Patient-controlled Personal Health Records in emergency situations,"
Pervasive Computing Technologies for Healthcare, 2009.
PervasiveHealth 2009. 3rd International Conference on , vol., no., pp.1-
6, 1-3 April 2009 doi: 10.4108/ICST.PERVASIVEHEALTH2009.6008.
[25] Rostad, L.; , "An Initial Model and a Discussion of Access Control in
Patient Controlled Health Records," Availability, Reliability and
Security, 2008. ARES 08. Third International Conference on , vol., no.,
pp.935-942, 4-7 March 2008 doi: 10.1109/ARES.2008.185.
[26] Daglish, D.; Archer, N.; , "Electronic Personal Health Record Systems:
A Brief Review of Privacy, Security, and Architectural Issues," Privacy,
Security, Trust and the Management of e-Business, 2009. CONGRESS
'09. World Congress on , vol., no., pp.110-120, 25-27 Aug. 2009 doi:
10.1109/CONGRESS.2009.14
[27] Steele, R.; Kyongho Min; , "Role-Based Access To Portable Personal
Health Records," Management and Service Science, 2009. MASS '09.
International Conference on , vol., no., pp.1-4, 20-22 Sept. 2009
doi:10.1109/ICMSS.2009.5301451
[28] Weiwei Jiang; Haishun Wang; Xiaomei Xu; Chun Peng; , "Individual
Self-Service Electronic Health Records: Architecture, Key Technologies
and Prototype System," Cyber-Enabled Distributed Computing and
Knowledge Discovery (CyberC), 2011 International Conference on ,
vol., no., pp.574-579, 10-12 Oct. 2011doi: 10.1109/CyberC.2011.97
[29] Alhaqbani, B.; Fidge, C.; , "Privacy-preserving electronic health record
linkage using pseudonym identifiers," e-health Networking, Applications
and Services, 2008. HealthCom 2008. 10th International Conference on ,
vol., no., pp.108-117, 7-9 July 2008
[30] Botts, N.; Thoms, B.; Noamani, A.; Horan, T.A.; , "Cloud Computing
Architectures for the Underserved: Public Health Cyberinfrastructures
through a Network of HealthATMs," System Sciences (HICSS), 2010
43rd Hawaii International Conference on , vol., no., pp.1-10, 5-8 Jan.
2010 doi: 10.1109/HICSS.2010.107
[31] Padma, J.; Silva, Y.N.; Arshad, M.U.; Aref, W.G.; , "Hippocratic
PostgreSQL," Data Engineering, 2009. ICDE '09. IEEE 25th
International Conference on , vol., no., pp.1555-1558, March 29 2009-
April 2 2009 doi: 10.1109/ICDE.2009.126
[32] Motiwalla, L.; Xiaobai Li; , "Value Added Privacy Services for
Healthcare Data," Services (SERVICES-1), 2010 6th World Congress
on , vol., no., pp.64-71, 5-10 July 2010 doi:
10.1109/SERVICES.2010.42
[33] Guoqiang Ma; Juan Liu; Zhaoyu Wei; , "The Portable Personal Health
Records: Storage on SD Card and Network, Only for One's Childhood,"
Electrical and Control Engineering (ICECE), 2010 International
Conference on , vol., no., pp.4829-4833, 25-27 June 2010
[34] L. Chung and J.C.S. do Prado Leite; “On Non-Functional Requirements
in Software Engineering,” Conceptual Modeling: Foundations and
Applications, Springer, LNCS 5600, pp. 363-379