Proposed Privacy Patterns for Privacy Preserving Healthcare Systems in Accord with Nova Scotia’s Personal Health Information Act

  • Maha AljohaniEmail author
  • Kirstie Hawkey
  • James Blustein
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9750)


We propose privacy design patterns in the context of healthcare systems. These patterns are designed to support the Privacy-By-Design concept through the software lifecycle, focusing on the early design phase and mitigating privacy risks. As a departure point, we used Personal Health Information Act (PHIA) in Nova Scotia to derive the following five proposed privacy patterns: 1-request an access 2-request a correction 3-request not to disclose Personal Health Information 4-being notified if the PHI is lost, stolen or subject to unauthorized access 5-request a review. The patterns provide a guide to designers and developers in designing privacy-preserving systems in healthcare.


Privacy patterns Personal Health Information Act (PHIA) Privacy-by-Design Privacy Enhancing Technologies (PETs) Personal information ISO 29100 Privacy-by-Policy 



This research was supported and funded by the Saudi Cultural Bureau in Ottawa-Saudi Royal Embassy.


  1. 1.
    Government Nova Scotia. Personal Health Information Act (2013).
  2. 2.
    Cavoukian, A.: Privacy by design: leadership, methods, and results. In: European Data Protection: Coming of Age, pp. 175–202. Springer, Netherlands (2013)Google Scholar
  3. 3.
    National Research Council: Who goes there? Authentication through the lens of privacy. National Academies Press, Washington, D.C. (2003)Google Scholar
  4. 4.
    OECD: OECD guidelines on the protection of privacy and transborder flows of personal data (1980).
  5. 5.
    Brodie, C., Karat, C.M., Karat, J., Feng, J.: Usable security and privacy: a case study of developing privacy management tools. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 35–43. ACM, July 2005Google Scholar
  6. 6.
    Guarda, P., Zannone, N.: Towards the development of privacy-aware systems. Inf. Softw. Technol. 51(2), 337–350 (2009)CrossRefGoogle Scholar
  7. 7.
    Office of the Information & privacy commissioner in Nova Scotia (2015).
  8. 8.
  9. 9.
    Chung, E.S., Hong, J.I., Lin, J., Prabaker, M.K., Landay, J.A., Liu, A.L.: Development and evaluation of emerging design patterns for ubiquitous computing. In: Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, pp. 233–242. ACM, August 2004Google Scholar
  10. 10.
    Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F., Friedman, B.: Privacy patterns for online interactions. In: Proceedings of the 2006 Conference on Pattern Languages Of Programs, p. 12. ACM, October 2006Google Scholar
  11. 11.
    Borking, J.: Deridentity-protector. Datenschutz und Datensicherheit 20(11), 654–658 (1996)Google Scholar
  12. 12.
    Seničar, V., Jerman-Blažič, B., Klobučar, T.: Privacy-enhancing technologies—approaches and development. Comput. Stan. Interfaces 25(2), 147–158 (2003)CrossRefGoogle Scholar
  13. 13.
    Damiani, M.L.: Privacy enhancing techniques for the protection of mobility patterns in LBS: research issues and trends. In: European Data Protection: Coming of Age, pp. 223–239. Springer Netherlands (2013)Google Scholar
  14. 14.
    W3C, Platform for Privacy Preferences, P3P 1.0 (2002).
  15. 15.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Communication COM (2007) 228: from the Commission to the European Parliament and the Council. On Promoting Data Protection by Privacy Enhancing Technologies (PETs) (2007)Google Scholar
  17. 17.
    Fischer-Hübnner, S., Köffel, C., Pettersson, J.-S., Wolkerstorfer, P., Graf, C., Holtz, L.E., König, U., Hedbom, H., Kellermann, B.: Prime Life (2010).
  18. 18.
    Compagna, L., El Khoury, P., Krausová, A., Massacci, F., Zannone, N.: How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artif. Intell. Law 17(1), 1–30 (2009)CrossRefGoogle Scholar
  19. 19.
    Porekar, J., Jerman-Blazic, A., Klobucar, T.: Towards organizational privacy patterns. In: 2008 Second International Conference on the Digital Society, pp. 15–19. IEEE, February 2008Google Scholar
  20. 20.
    Bier, C., Krempel, E.: Common privacy patterns in video surveillance and smart energy. In: 2012 7th International Conference on Computing and Convergence Technology (ICCCT), pp. 610–615. IEEE, December 2012Google Scholar
  21. 21., accessed 2015.
  22. 22.
    Department of Health and Community Services (2015).
  23. 23.
    Personal Health Information Act, Department of Health and Community Services (2014).
  24. 24.
    ISO/IEC 29100. Information technology–Security techniques–Privacy framework. Technical report, ISO JTC 1/SC 27Google Scholar
  25. 25.
    Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture. John Wiley, Chichester (1996)Google Scholar
  26. 26.
    The tech report is named CS-2016-01 and available at:
  27. 27.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (2004)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Maha Aljohani
    • 1
    Email author
  • Kirstie Hawkey
    • 1
  • James Blustein
    • 1
    • 2
  1. 1.Faculty of Computer ScienceDalhousie UniversityHalifaxCanada
  2. 2.School of Information ManagementDalhousie UniversityHalifaxCanada

Personalised recommendations