Journal of Medical Systems

, Volume 30, Issue 4, pp 309–315 | Cite as

Personal Health Record Systems and Their Security Protection

  • Khin Than WinEmail author
  • Willy Susilo
  • Yi Mu
Original Article


The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.


Personal health record Electronic health record Privacy Security Information protection 


  1. 1.
    Eysenbach, G., Consumer health informatics: Recent advances Br. Med. J. 320:1713–1716, 2000.CrossRefGoogle Scholar
  2. 2.
    Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inf. 73:305–309, 2004.CrossRefGoogle Scholar
  3. 3.
    Lemos, R. 2000, Medical Privacy Gets CPR, December. Available at,4586, 2667243,00.html accessed May 17, 2001.Google Scholar
  4. 4.
    Win, K. T., A review of security of electronic health records. Health Inf. Manage. J. 34(1):13–18, 2005.Google Scholar
  5. 5.
    Stallings, W., Cryptography and Network Security: Principle and Practices, 4th edn., Prentice-Hall, Englewood Cliffs, NJ, 2006.Google Scholar
  6. 6.
    Varadharajan, V., and Mu, Y., Design of secure end-to-end protocols for mobile systems. In Encarnacao, J. L., and Rabaey, K. M. (eds.), Mobile Communications, Chapman and Hall, London, pp. 258–266, 1996.Google Scholar
  7. 7.
    Waegemann, C. P., Status Report 2002: Electronic Health Records, Medical Records Institute, available at, 2002.Google Scholar
  8. 8.
    Committee on Data Standards for Patient Safety, Key Capabilities of an Electronic Health Record System, Institute of Medicine, The National Academies, Washington, DC, 2003.Google Scholar
  9. 9.
    NSW Ministerial Advisory Committee on Privacy and Health Information, ANACEA OR PLACEBO? Linked Electronic Health Records and Improvements in Health Outcomes, December, 2000.Google Scholar
  10. 10.
    Australian Medical Council 2003, Legal, ethical and organisational aspects of the practice of medicine. In Marshall, V. C. et al. (ed.), Anthology of Medical Conditions, Australian Medical Council, Inc., Barton, ACT, Australia.Google Scholar
  11. 11.
    Ross, S., and Chen, T. L., The effects of promoting patient access to medical records. J. Am. Med. Inf. Assoc. 10:129–138, 2003.CrossRefGoogle Scholar
  12. 12.
    Sittig, D. F., Middleton, B., and Hazlehurst, L. B., Personalized Health Care Record Information on the Web, Proceedings of the Quality Healthcare Information on the “Net'99 Conference, October 13, 1999 in New York. Available at:, 1999.Google Scholar
  13. 13.
    Treseder, P., Keeping Your Health on Record, ISO/TC 215, Health Informatics. Available at;, (Accessed: February 2, 2004), 2000.Google Scholar
  14. 14.
    Cimino, J. J., Patel, V. L., and Kushniruk, A. W., The patient clinical information system (PatCIS): Technical solutions for and experience with giving patients access to their electronic medical records. Int. J. Med. Inf. 68:113–127, 2002.CrossRefGoogle Scholar
  15. 15.
    Win, K. T., Web-based personal health record systems evaluation, Int. J. Healthc. Technol. Manage. 7(3/4):208–217, 2006.Google Scholar
  16. 16.
    Galvanon, News and Events: GE Healthcare's Health Kiosks Enable Easy “ATM style” Access to Electronic Medical Records [Online]. Available URL:, [Accessed 25 May 2005], 2005.Google Scholar
  17. 17.
    Nicholas, D., Huntington, P., and Williams, P., An evaluation of the use of NHS touch-screen health kiosks: A national study, Aslib Proc. 54(6):372–384, 2002.CrossRefGoogle Scholar
  18. 18.
    Briggs, B., Patients Step Up to Kiosks—Warily. Health Data Manage. 13(6):88–90, 2005.Google Scholar
  19. 19.
    Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report. Monash University, The Department of General Practice in Affiliation with the Dept of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.Google Scholar
  20. 20.
    Benoit, A., and Hamel, G., Adoption of Smart Cards in the Medical Sector: The Canadian Experience. Soc. Sci. Med. 53(7):879–894, 2001.CrossRefGoogle Scholar
  21. 21.
    Smart Card Alliance, The Taiwan Health Care Smart Card Project [Online]. Available URL: [Accessed 24 March 2005], 2005a.Google Scholar
  22. 22.
    Chan, A., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Commun. ACM 44(9):77–82, 2001.CrossRefGoogle Scholar
  23. 23.
    PAERS, Patient Access to Electronic Medical Record and Automatic Arrival System [Online]. Available URL:, [Accessed 5 October 2005], 2004.Google Scholar
  24. 24.
    Kim, M., and Johnson, K., Personal health records: Evaluation of functionality and utility. J. Am. Med. Inf. Assoc. 9(2):171–180, 2002.CrossRefGoogle Scholar
  25. 25.
    Tobacman, J. K., Kissinger, P., Wells, M., Prokuski, J., Hoyer, M., McPherson, P., Wheeler, J., Kron-Chalupa, J., Parsons, C., Weller, P., and Zimmerman, B., Implementation of personal health records by case managers in a VAMC general medicine clinic. Patient Educ. Couns. 54:27–33.Google Scholar
  26. 26.
    Fowles, J. B., Kind, A. C., Craft, C., Kind, E. A., Mandel, J. L., and Adlis, S., Patient’ interest in reading their medical record: Relation with clinical and sociodemographic characteristics and patients’ approach to health care. Arch. Intern. Med. 164:793–780, 2004.CrossRefGoogle Scholar
  27. 27.
    Songini, M. C., and Dash, J., Hospital confirms hacker stole 5,000 patient files: Attack points to need for standards for patient records. Comput. World 34(51):7, 2000.Google Scholar
  28. 28.
    Chin, T., Security breach: Hacker gets medical records. Am. Med. News 44:18–19, 2001.Google Scholar
  29. 29.
    Chadwick, D. 2003, Patient privacy in electronic prescription transfer, IEEE Secur. Priv. 1(2):77–80.CrossRefGoogle Scholar
  30. 30.
    American Society for Testing and Materials, E1714-00: Standard Guide for Properties of a Universal Healthcare Identifier, Available at:>, (n.d.).Google Scholar
  31. 31.
    Allaert, F. A., Le Teuff, G., Quantin, C., and Barber, B., The legal knowledge of the electronic signature: A key for a secure direct access of patients to their computerised medical record, Int. J. Med. Inf. 73:239–242, 2004.CrossRefGoogle Scholar
  32. 32.
    Horst, H., How to Tamper with Electronic Health Records. Available at: <> (accessed May 2004), 2001.Google Scholar
  33. 33.
    Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report, Monash University, The Department of General Practice in Affiliation with the Department of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.Google Scholar
  34. 34.
    Bilykh, I., Bychkov, Y., Jahnke, J. H., McCallum, G., Obry, C., Onabajo, A., and Kuziemsky, C., Can GRID Services Provide Answers to the Challenges of National Health Information Sharing? Proceedings of the 2003 Conference of the Centre for Advanced Studies Conference, IBM, Canada, pp. 39–53, 2003.Google Scholar
  35. 35.
    Sax, U., Kohane, I., and Mandl, K. D., Wireless technology infrastructures for authentication of patients: PKI that rings. J. Am. Med. Inf. Assoc. 12(3):263–268, 2005.CrossRefGoogle Scholar
  36. 36.
    Fried, B. M., and Pittman, S., Protecting medical privacy in a digital age: Beyond policies and procedures. A critical role for technology. California, Surf Control Inc. Available at:<>, 2001.Google Scholar
  37. 37.
    Gao, Y., Mu, Y., and Susilo, W., A New Client Puzzle Scheme Against DoS/DDoS Attacks. International Journal of Computer Science and Network Security (IJCSNS), Vol. 5 No. 10, pp.189–200, 2005.Google Scholar
  38. 38.
    Gao, Y., Mu, Y., and Susilo, W., Preventing DoS Attacks with A New Client Puzzle Scheme. The AUUG’2005 Annual Conference, pp. 3–16, 2005.Google Scholar
  39. 39.
    Huang, J., Susilo, W., and Seberry, J., Observations on the Message Integrity Code in IEEE 802.11 Wireless LANs. The 3rd Workshop on the Internet, Telecommunications and Signal Processing (WITSP 2004), pp. 328–332, 2004.Google Scholar
  40. 40.
    Huang, J., Seberry, J., Susilo, W., and Bunder, M., Security Analysis of Michael: The IEEE 802.11i Message Integrity Code. Second International Symposium on Ubiquitous Intelligence and Smart Worlds (UISW2005), Lecture Notes in Computer Science 3823, pp. 423–432, Springer-Verlag, Berlin, 2005.Google Scholar

Copyright information

© Springer Science+Business Media, Inc. 2006

Authors and Affiliations

  1. 1.University of WollongongNew South WalesAustralia

Personalised recommendations