Implementation of Data Privacy and Security in an Online Student

Implementation of Data Privacy and Security in an Online Student Health Records System Kato Mivule, Stephen Otunba, and Tattwamasi Tripathy Department of Computer Science Bowie State University Bowie, Maryland, 20715, USA [email protected], [email protected], tripathyt0715@ students.bowiestate.edu Abstract— Large data collection organizations such as the Census Bureau often publish statistics to the public in the form of statistical databases. These databases are often transformed to some extent, omitting sensitive information such as Personal Identifying Information (PII). On the other hand entities that collect vast amounts of data such as the Census Bureau, Centers for Disease Control (CDC), academic institutions, and health organizations -to name a few- have to publish and share collected data with both the public and researchers, taking into consideration privacy concerns and staying in compliance with data privacy laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Data collection organizations are also tasked with finding the optimal balance between privacy and utility needs of data being published. Therefore the necessity to develop software applications that address such data privacy concerns is enormous. This paper, proposes an implementation of an Online Students Health Record System application with data de-identification and access control capabilities in compliance to HIPAA rules, while at the same time, realizing query efficiency and optimization. Keywords-component; Data privacy and Security, Deidentification, Personal identifying information, Access control, online database applications

I.

INTRODUCTION

Entities that collect vast amounts of data such as the Census Bureau, CDC, academic institutions, health organizations, among others, have to publish and share collected data with both the public and researchers, taking into consideration privacy concerns. Such data gathering institutions are bounded by state and federal privacy and security laws that obligate that confidentiality of individuals be protected. The US Privacy Act of 1974, HIPAA Act of 1996, and the Personal Data Privacy and Security Act of 2009, require entities to protect and secure PII in data [1][2][3]. Academic institutions such as universities often collect vast amount of student health data, in form of immunization records, blood types, hospitalizations, illness history, among others. In our implementation, we made an observation of how student health records are gathered at Bowie State University’s student health clinic center [4]. The goal of the proposed system was to develop an online student health record system that is in compliance with HIPPA rules, combined with access control and data de-identification capabilities. Often this responsibility falls to the university health centers that have to maintain the record keeping and share the collected data with students and school officials when

requested. For the most part, record gathering is done on paper via student health record forms and then entered into a central database, as is the case with many universities, with no online health records systems. In our contribution of this work lies in the implement of an Online Students Health Record System (OSHRS) application with data de-identification and access control capabilities in compliance to HIPAA rules, while at the same time achieving query efficiency and optimization. We have developed a software architecture that addresses both the accessibility and confidentiality issues. The system controls access to student records and at the same time grants confidentiality to published student health data sets. The following definitions will be essential in this paper in context of health data and information: Data privacy is the shielding of an individual’s health information against unlawful disclosure. Data security is the protection of health information against unlawful access [5] [6]. This means securing health databases such that only lawful access is granted to only authorized persons. Personally identifiable information (PII) is any data that can uniquely be used to identify an individual such as full names and social security numbers. However, this includes data about an individual that could be used to construct the full identity of that individual in conjunction with auxiliary information [7] [8]. For example, an individual’s identity being reconstructed using their birth date, city of residence from Facebook in conjunction with their zip code from a published health record data set. Quasi-attributes are attributes not in the PII classification but can be used to reconstruct an individual's identity in combination with auxiliary information [16]; for example zip code and city of residence. Attributes in statistical databases, are field names or columns [5]. Confidential attributes are attributes not in the PII and quasi-attributes classification but contain sensitive data, such as DNA and HIV status. Non confidential attributes are attributes not considered sensitive as to cause a leak of private information. However, none confidential attributes can still be used to reconstruct an individual’s identity in conjunction with auxiliary information, thus making the explicit definition of what PII is even more of a challenge [16]. Data Deidentification is a procedure in which PII attributes are removed from datasets such that when the data is made public, an individual's identity cannot be recreated [9][10]. Data utility verses privacy has to do with how beneficial a dataset that is made public is to a user of that published dataset [11] [12]. Often the usefulness of published health data

diminishes when PII and quasi-attributes, are removed or distorted in order to grant confidentiality; equilibrium between privacy and data utility is always pursued [13]. Researchers have found that attaining optimal data privacy while not diminishing data utility is a continual NP-hard task [14]. In this paper, we focus on implementing an online student health record system that de-identifies data and publishes data without PII. The stakeholders of this project are outlined and their roles are defined in our general use case diagram in Figure 3. Stakeholders: In the proposed system, we characterize stake holders who will interact with the system in the subsequent way: (1) Universities, Colleges, and High Schools. (2) University and College Students. (3) Health Professionals which includes, Registered Nurses, Doctors, and Nurse Practitioner. (4) School Officials, which includes the Health Compliance Officer. (5) Administrators, including the Database Administrator. Actors: In addition to describing stakeholders of the proposed system, we differentiate actors and their goals as related to their interaction with the system: University Students: Enter, Update, Print, View Data. Health Professionals: Enter, Update, Print, View Data this includes Registered Nurses, Doctors, and Nurse Practitioners. School Officials: View Data and make recommendations, this includes the Health Compliance Officer. Administrators: Add and Edit Schema, Tables, Views and Reports. Guests (Researchers/Visitor): query the database for de-identified data sets. The rest of this paper is organized as follows. Section II presents related work. Section III describes methodology and implementation. Section IV discusses results. Finally, Section V presents conclusions. II. RELATED WORK Data privacy in health records applications has gained considerable attention as organizations seek ways to grant privacy and security of their client’s health data. Deng et al., [15] have discussed employing cryptographic techniques to manage privacy and security to health records in a cloud computing environment for health care systems. In such systems Deng et al., suggest that the cryptographic techniques employed would focus on patient control. In other words, the patient would be able to control who gains access to their health records by employing cryptographic means [15]. Yet at the same time protecting electronic health records cannot work without well refined policy and regulations for sharing health data. In these efforts, Matteucci et al., [16] present a health data model in which they advocate for a set of parameters that include authorization, obligation, and prohibition, that have to be satisfied in order to meet the security policy and regulations requirements before health data access is granted [16]. Furthermore Delgado [17] notes that while there is a growth in the employment of cloud computing for the transaction of personal health information, policy and regulation mechanisms for the control of health data have not been upgraded to catch up with technology, in this case cloud computing [17]. Of recent, a number of proposed electronic health records systems have placed attention on privacy and

security of personal health records (PHRs), with focus placed on patients having full control of their health data and granting secure access to those they choose to. Israelson and Cankaya [18] have proposed a web-based system for sharing PHRs with patients in full control of their health records while granting health professionals access for record maintenance, and at the same time satisfying security issues such as confidentiality, accessibility, and nonrepudiation during that health data transaction [18]. From the literature review, we see that there are two types of electronic health record systems, one is modeled after the PHRs, in which patients have full control of their health data, and the other is a model in which patient health data is controlled by health data collecting entities such as University health clinics. In our proposal, we focus on the latter, and we answer questions like who has access to student health records. In our case, we address the security and privacy questions of health data being collected by large entities such as Universities, while many proposed PHR models focus on patient control of their health data. At the same time secure and confidential query processing in electronic health data is essential to any secure electronic health records model. In their proposal, Clarke and Steele [19] address the issue of secure and confidential query assurance in which query assurance has to meet the requirements of correctness, completeness, and freshness in the context of sound data security, privacy and utility [19]. However, in our proposed model, we implement query data de-identification by removing all PII from queries returned, by checking the different levels of access to data. A doctor, for example would be able access more private records of the patient than say a school health compliance official who simply needs an aggregate count of students who have taken flu shots. In an attempt to keep patient health records secure during an emergency Huda et al have developed a system that uses data stored on an IC card in conjunction with authorization and authentication to grant health professional’s access to the patient’s health records [24]. Rostad presents a discussion on user defined roles and patient defined roles on granting access to health records in a PHR system. Rostad sites three main concerns in regards to user roles; simplicity, time, and transparency [25]. In our application user roles are defined by the system and authorization mechanisms which limit user access to data based on user roles. We have provided a simple user interface that is easy for patients and health professionals to use and understand. Security measures implemented must be easy to use otherwise people will not use the system or find ways of bypassing the security measures [26]. As in our system, Daglish et al., [26] identified the stakeholders in their PHR system as researcher, patient, administrator, and various health professionals [26]. Steele and Kyongho have also developed a health record system with role-based access mechanisms with the difference being that their system uses an extended certificate approach to insure patient record privacy [27]. Jiang et al., [28] focus on personal self-service and self-management electronic health records [28]. There system is geared more towards people

with chronic long term diseases such as hypertension and diabetes [28]. Their system provides a means for patients to monitor their illness and possibly correct unhealthy behavior. They plan to implement data privacy mechanisms in their future work [28]. Currently patient health data is stored in remote medical records at various locations and are maintained by numerous healthcare providers [29]. Alhaqbani and Fidge have developed a system for patients to link their individual health records using pseudonyms thus allowing them to control access to their records and have all their health data available to them in one place [29]. Our system is web based and maintains all patient health data in a localized central location. Botts et al., discuss a framework for making PHR data accessible to vulnerable populations [30]. The system we proposed is web-based and will allow for easy access to health data for all populations. Our systems are similar in the sense that the will both provide low-cost scalable health records systems [30]. Padma et al., have demonstrated how a web-based and terminal-based SQL interface can be used to insure that patient privacy is maintained [31]. Their system also controls the amount of data that can be accessed by health professionals based on their roles. For instance a doctor will be able to view more patient health data than a nurse [31], thus ensuring data confidentiality. The system developed by Motiwalla and Xiaobai provides value added data analysis with the use of masked datasets. Their software uses data masking algorithms which keep “snoopers” from discovering the identities of patients while at the same time still providing useful statistical data for data miners [32]. Ma et al., have developed a system that stores patient health data on SD cards. The system is geared toward child health records but does not take into consideration HIPAA privacy rules [33]. III. METHODOLOGY AND IMPLEMENTATION In this section, we describe the software engineering methodology of our proposed online student health records system. The goal of our implementation is to propose an online system used by students and school officials to store and retrieve student health data. The system keeps in compliance with HIPAA Privacy laws that govern how electronic health records are transacted [20] [21]. This health system seeks to cover the confidentiality, integrity, and accessibility of student's medical data and comply with the National Institute of Standards and Technology (NIST) in the handling of Personal Identifiable Information (PII) [22][23]. Customer Statement of Requirements: In this proposed system, students are able to log into the system and input their medical data, and view their own health records. School Health officials and researchers are also able to log into the system and query data in compliance with the HIPAA privacy rules. The system is meant to enhance the medical record keeping of a small college or university student medical clinic. In this proposed system, all actors accessing the system must agree with the HIPPA privacy laws statement, that by logging into the system they agree to transact with the health data in accordance with the HIPPA privacy rules, failure to agree, means being automatically logged off the system. Students,

researchers, and database administrators will all have web access to the system and will be assigned appropriate privileges. To access the system, all users must have a valid username and password assigned to them by the database administrator. Without the appropriate credentials access will not be granted. If a user enters an invalid user name and password the system will prompt the actor to re-enter the credentials. If the actor is unable to access the system after three attempts, they must contact the database administrator for assistance, thus accessibility and access control is ensured. Students and health professional will be able to upload, view, and edit data. The database administrator will be able to create, delete, and manage user accounts. Researchers (guests) will be able to view de-identified data and query data in compliance with HIPPA privacy rules, thus ensuring confidentiality. In this proposed system, students are able to upload documents and edit their own health records. To access their account, students must log in using a valid username and password that are assigned to them by the database administrator. Students are able to enter and edit bio information, health history, allergy, medication information, upload documents for verification, and enter an electronic signature, to ensure data integrity and non-repudiation. Students will also be able to view individualized reports of their own health data. Health professionals will be able to log into the system with a valid username and password. The health professionals will be able to search for students records by student id number. Health professionals can also edit information and verify documents uploaded by the student to ensure the authenticity of submitted documents such as student immunization certificates from doctors. All inputs into the system and student records are stored in a MySQL database. When new student data is entered or edited, the corresponding information will also be updated in the database and time stamped. Development phase implementation: we implemented the proposed system using, PHP for our front-end application and MySQL for our back end database. Both PHP and MySQL are free and available online for download, making this system design feasible for implementation. The proposed designed system is a three-tier database application that generally consists of the back-end system composed of a MySQL database that stores all the medical data, the front-end system that is composed of the PHP modules that control the accessibility to the medical system, and the Apache server to have the database web accessible. Functional Requirements Specifications: the proposed system ensures the three computer security principles are met: (1) Confidentiality: must grant privacy for students. (2) Integrity: must keep data safe from any unauthorized changes. (3) Availability: must make data available and accessible anytime. In addition, this proposed system offers the following functionality: (a) Students can input their health records. (b) Students can access their health records. (c) School health professionals and researchers can query health data. (d) A student can only access their own personal health record. Refer to Figure 1.

Figure 1: Sequence diagram for Researcher

At the same time, a number of functional utilities are implemented with the proposed system to capture and process data:  Register utility – allows a student to register.  The Login utility – allows registered students to log into system.  Home page utility – displays current student health records, grants access to Health Forms.  Health data forms utility – grants access to health record forms for data input.  Search Query utility – allows for searching of health records database in accordance with HIPAA privacy rules. The back-end database in the proposed system has the following schema with subsequent functional entities: Student Health Data – main Schema. Student Data – stores student data on student bio data. Immunization Data – stores student data on immunization history. Verification Data – stores student verification data. Immunization Waiver Data – stores student data on immunization waivers. Health History Data – stores student data on health history. Login Registration Data – stores student data on student registration. Signature Data – stores student e-signature data. Medicine Allergies Data – stores student data on known medical allergies. See Figure 2.

Figure 2: An overview of the Module architecture

The front-end database in the proposed system has the following functional entities: Register utility – to register new students and health workers to the system. Login utility – authenticates students and health workers into the system. HIPAA Rules Compliance Agreement Form – users agree to HIPAA privacy rules. Trigger Communication utility – trigger messages if health data not up to date. Home menu page: only accessible after successful login, which offers the following functional modules: Student input data form – captures student bio data. Immunization input data form – captures student immunization history data. Verification History input data form – captures student verification data. Immunization Waiver input data form – captures student immunization waiver data. Health History input data form – captures student health history data. Login Registration input data form – captures student login registration data. Medicine Allergies input data form – captures student known medical allergies data. Electronic Signature input data form – captures student electronic signature data. Student Health Record Report – display student data to student/health worker. Search Query Engine – allows health workers and researchers to search health records in compliance to HIPAA Rules. Data De-identification Module – strips out PII information from a query being returned, at the front-end application level. Use Cases: In the proposed system we defined casual descriptions of the actors and their interaction with the system. Students: are able to add, view, and edit their individual health data. They are also able to upload documents, seek immunization waivers, post electronic signatures, and view their individual health reports. Health Professionals: the list of health professionals includes doctors, registered nurses, and nurses. Refer Figure 3. Health professionals can add, view, and updated health records. They are authorized view student data, make recommendations, and verify documents uploaded by the student.  School Officials: can view limited data, mainly aggregated data and make recommendations. They can also run a query search on the database to obtain information such as which students have failed to

 

submit the required health history information so that the student can be notified. Administrators: consists of database administrators who can add, edit, view, delete, and upgrade the schema; they can also create and delete user accounts. Guest: could be researchers from other universities or other outside health related organizations. Guests can query search the database to obtain statistical data to generate reports. Data collected could be used to study disease outbreaks or obtain information about the overall health of university students.

IV.

RESULTS

We found that our specialized query search was effective in removing PII from search results returned from the patient records. Figures 4 and 5 show the run time for query execution before and after our specialized query search was applied at the front-end application level. With our results, we found that data de-identification does not add to query execution time but actually might help with improving query efficiency and optimization. Therefore granting data privacy and security to queries might actually help improve overall performance and not add overhead costs at the front-end application level. In Figure 4, we have shown results of query execution time in seconds after the same query with PII was executed 12 times. However, in Figure 5, the same query was executed 12 times with de-identification and results show that execution time was faster than in the previous case with PII inclusive.

Figure 3: Use case depicting the systems Actors/Stakeholders and their various roles. Non Functional Requirements: while non-functional requirements might not be articulated in the customer requirement documents, they do affect the overall performance of a system [34]. In the proposed system, we implemented non functional requirements that included the following:  Security Requirements: the main focus with security requirements was the prevention of SQL Injection attacks. The implementation was done at front end level by ensuring that all PHP forms prevented SQL injection attacks.  Usability Requirements: these included, consistency in the user interface with ease of use as an imperative, and documentation, giving an overview of the system functionality to users.  Reliability Requirements: we utilized PHP and MySQL because of their availability and easiness to archive, store, and recover data, given that the applications are open source and thus maintenance costs would considerably be lower.  Performance Requirement: MySQL and PHP offer considerable efficiency, speed, and response time.  Supportability Requirements: implementation of the proposed system on MySQL and PHP architectures offered testability, extensibility, adaptability, maintainability, compatibility, configurability, and serviceability.

Figure 4: Query before De-identification is implemented

Figure 5: Query search with De-identification V.

CONCLUSION

This paper introduces a new user application based on open source tools such as MySQL and PHP with emphasis on HIPPA compliance and privacy. It presents an overview and detailed description of the functional utilities, underlying architecture of the application that is vital to access, edit and retrieve data and generate statistical reports while adhering at the same time to data integrity and confidentiality rules as specified by HIPAA. In this paper, we have taken a look at implementation of an Online Students Health Record System application with data de-identification and access control capabilities in compliance to HIPAA rules, while at the same time, realizing query efficiency and optimization. With our

results show that data de-identification reduces query execution time and might actually help with improving query efficiency and optimization. Therefore granting data privacy and security to queries can help improve overall performance and not add to the overhead costs at the front-end application level. One of the limitations of this application is that the system is based on centralized data storage and more research needs to be done on how the same system will fair in a cloud computing environment. Since the current application is a benchmark, numerous efficient data query search algorithms can be incorporated that can take the application to the next level. ACKNOWLEDGMENT We would like to thank Dr. Sharad Sharma and the Bowie State University Computer Science Department. REFERENCES [1] [2]

USDOJ, “The Privacy Act of 1974. 5 U.S.C. § 552a”, 1974. USGPO, HIPAA of 1996-H. Rept.104-736, U.S. Govt Printing Office, 1996.

[3]

US Library of Congress, 2009. Personal Data Privacy and Security Act of 2009– S.1490, THOMAS (Library of Congress

[4]

“Bowie State University Henry Wise Wellness Center - Health Data Forms.” Available Online: http://www.bowiestate.edu/CampusLife/wellness/; http://www.bowiestate.edu/CampusLife/wellness/forms/, [Accessed: 09Feb-2012].

[5]

Ciriani, V., et al, Secure Data Management in Decentralized System, Springer, ISBN 0387276947, 2007, pp 291-321, 2007.

[6]

Denning, D. E. and Denning, P.J., Data Security, ACM Computing Surveys, Vpl. II,No. 3, September 1, 1979. U.S. DHS, Handbook for Safeguarding Sensitive PII at The DHS, October 2008.

[7] [8]

McCallister, E. and Scarfone, K., Guide to Protecting the Confidentiality of PII, Recommendations of the NIST, 2010.

[9]

Ganta, S.R., et al, 2008. Composition attacks and auxiliary information in data privacy, Proceeding of the 14th ACM SIGKDD 2008, p. 265.

[10] Oganian, A. and Domingo-Ferrer, J., On the complexity of optimal micro-aggregation for statistical disclosure control, Statistical Journal of the United Nations Economic Commission for Europe, Vol. 18, No. 4. (2001), pp.345-353. [11] Rastogi et al, The boundary between privacy and utility in data publishing, VLDB ,September 2007, pp. 531-542. [12] Sramka et al, A Practice-oriented Framework for Measuring Privacy and Utility in Data Sanitization Systems, ACM, EDBT 2010. [13] Sankar, S.R., Utility and Privacy of Data Sources: Can Shannon Help Conceal and Reveal Information?, presented at CoRR, 2010. [14] Wong, R.C., et al, Minimality attack in privacy preserving data publishing, VLDB, 2007. pp.543-554. [15] Deng, M.; Petkovic, M.; Nalin, M.; Baroni, I.; , "A Home Healthcare System in the Cloud--Addressing Security and Privacy Challenges," Cloud Computing (CLOUD), 2011 IEEE International Conference on , vol., no., pp.549-556, 4-9 July 2011

System Science (HICSS), 2012 45th Hawaii International Conference on , vol., no., pp.2958-2968, 4-7 Jan. 2012 [19] Clarke, Andrew; Steele, Robert; , "Secure and Reliable Distributed Health Records: Achieving Query Assurance across Repositories of Encrypted Health Data," System Science (HICSS), 2012 45th Hawaii International Conference on , vol., no., pp.3021-3029, 4-7 Jan. 2012 [20] U.S. Department of Health & Human Services, “Summary of the HIPAA Privacy Rule.” Online: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.ht ml. [21] U.S. Department of Health & Human Services, “Summary of the HIPAA Security Rule.” Online: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html. [22] McCallister et al, “Guide to Protecting the Confidentiality of Personally Identifiable Information ( PII ) Recommendations of the National Institute of Standards and Technology,” Nist Special Publication, 2010, Online:csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf [23] “HIPAA Privacy Rule and Public Health Guidance from CDC and the U.S. Department of Health and Human Services*.” Online: http://www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm. [24] Huda, M.N.; Yamada, S.; Sonehara, N.; , "Privacy-aware access to Patient-controlled Personal Health Records in emergency situations," Pervasive Computing Technologies for Healthcare, 2009. PervasiveHealth 2009. 3rd International Conference on , vol., no., pp.16, 1-3 April 2009 doi: 10.4108/ICST.PERVASIVEHEALTH2009.6008. [25] Rostad, L.; , "An Initial Model and a Discussion of Access Control in Patient Controlled Health Records," Availability, Reliability and Security, 2008. ARES 08. Third International Conference on , vol., no., pp.935-942, 4-7 March 2008 doi: 10.1109/ARES.2008.185. [26] Daglish, D.; Archer, N.; , "Electronic Personal Health Record Systems: A Brief Review of Privacy, Security, and Architectural Issues," Privacy, Security, Trust and the Management of e-Business, 2009. CONGRESS '09. World Congress on , vol., no., pp.110-120, 25-27 Aug. 2009 doi: 10.1109/CONGRESS.2009.14 [27] Steele, R.; Kyongho Min; , "Role-Based Access To Portable Personal Health Records," Management and Service Science, 2009. MASS '09. International Conference on , vol., no., pp.1-4, 20-22 Sept. 2009 doi:10.1109/ICMSS.2009.5301451 [28] Weiwei Jiang; Haishun Wang; Xiaomei Xu; Chun Peng; , "Individual Self-Service Electronic Health Records: Architecture, Key Technologies and Prototype System," Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2011 International Conference on , vol., no., pp.574-579, 10-12 Oct. 2011doi: 10.1109/CyberC.2011.97 [29] Alhaqbani, B.; Fidge, C.; , "Privacy-preserving electronic health record linkage using pseudonym identifiers," e-health Networking, Applications and Services, 2008. HealthCom 2008. 10th International Conference on , vol., no., pp.108-117, 7-9 July 2008 [30] Botts, N.; Thoms, B.; Noamani, A.; Horan, T.A.; , "Cloud Computing Architectures for the Underserved: Public Health Cyberinfrastructures through a Network of HealthATMs," System Sciences (HICSS), 2010 43rd Hawaii International Conference on , vol., no., pp.1-10, 5-8 Jan. 2010 doi: 10.1109/HICSS.2010.107 [31] Padma, J.; Silva, Y.N.; Arshad, M.U.; Aref, W.G.; , "Hippocratic PostgreSQL," Data Engineering, 2009. ICDE '09. IEEE 25th International Conference on , vol., no., pp.1555-1558, March 29 2009April 2 2009 doi: 10.1109/ICDE.2009.126 [32] Motiwalla, L.; Xiaobai Li; , "Value Added Privacy Services for Healthcare Data," Services (SERVICES-1), 2010 6th World Congress on , vol., no., pp.64-71, 5-10 July 2010 doi: 10.1109/SERVICES.2010.42

[16] Matteucci, I.; Mori, P.; Petrocchi, M.; Wiegand, L.; , "Controlled data sharing in E-health," Socio-Technical Aspects in Security and Trust (STAST), 2011 1st Workshop on , vol., no., pp.17-23, 8-8 Sept. 2011

[33] Guoqiang Ma; Juan Liu; Zhaoyu Wei; , "The Portable Personal Health Records: Storage on SD Card and Network, Only for One's Childhood," Electrical and Control Engineering (ICECE), 2010 International Conference on , vol., no., pp.4829-4833, 25-27 June 2010

[17] Delgado, M.; , "The Evolution of Health Care IT: Are Current U.S. Privacy Policies Ready for the Clouds?," Services (SERVICES), 2011 IEEE World Congress on , vol., no., pp.371-378, 4-9 July 2011

[34] L. Chung and J.C.S. do Prado Leite; “On Non-Functional Requirements in Software Engineering,” Conceptual Modeling: Foundations and Applications, Springer, LNCS 5600, pp. 363-379

[18] Israelson, Jennifer; Cankaya, Ebru Celikel; , "A Hybrid Web Based Personal Health Record System Shielded with Comprehensive Security,"