Designing Privacy-Aware Personal Health Record Systems

  • Reza Samavi
  • Thodoros Topaloglou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5232)


Implementation of Personal Health Record (PHR) systems involves multiple stakeholders with different interpretations and expectations; more importantly it involves changes in the custody of data, patient privacy, and consent management. In PHR analysis we need to answer questions such as: Who is the provider of PHR? Who has access to the patient data and why? And how the system can empower the patient? And how can the patient privacy be managed. This paper exploits techniques from Goal and Agent-oriented Requirements Engineering and proposes a methodological framework for dealing with concerns surrounding PHR systems. The framework is illustrated through an example that emphasizes the privacy aspects of PHRs.


Requirement Analysis Goal Model Requirement Engineer Strategic Goal Personal Health Record 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Tang, P.C., Lansky, D.: The missing link: bridging the patient-provider health information gap. Health Aff. 24, 1290–1295 (2005)CrossRefGoogle Scholar
  2. 2.
    Halamka, J.D., Mandl, K.D., Tang, P.C.: Early Experiences with Personal Health Records. J. Am. Med. Inform. Assoc. 15(1), 1–7 (2008)CrossRefGoogle Scholar
  3. 3.
    HIPAA., Act of 1996 (accessed, May 2008),
  4. 4.
  5. 5.
    Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: Tropos: An Agent-Oriented Software Development Methodology, vol. 8(3), pp. 203–236 (2004)Google Scholar
  6. 6.
    Giorgini, P., Massacci, F., Mylopoulous, J., Zannone, N.: Requirements Engineering meets Trust Management. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Chung, L., Nixon, B., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer Academic Publishers, Dordrecht (2000)CrossRefzbMATHGoogle Scholar
  8. 8.
    Markle Foundation: Connecting for Health. Connecting Americans to their healthcare. Final rep. of the wg on policies for electronic information sharing. NY Markle Found (2004)Google Scholar
  9. 9.
    Jones, C.: Patterns of software failure and Success. Thomson (1996)Google Scholar
  10. 10.
    Hickey, A., Davis, A.: The role of Requirement Elicitation technique in Achieving Software Quality. In: Req. Eng. WS: Foundation for Software Quality (REFSQ) (2002)Google Scholar
  11. 11.
    Yu, E.: Towards Modelling and reasoning Support for Early-Phase Requirements Engineering. In: Proc. RE 1997-3rd Int. Symp. on RE, Annapolis, pp. 226–235 (1997)Google Scholar
  12. 12.
    Samavi, R., Yu, E., Topaloglou, T.: Strategic Reasoning about Business Models: a Conceptual Modelling approach. J. Info. Sys. & E-Business Manag. (2008)Google Scholar
  13. 13.
    Liu, L., Yu, E.: Designing Information Systems in Social Context: A Goal and Scenario Modelling Approach. J. Information Systems 29(2), 187–203 (2002)CrossRefGoogle Scholar
  14. 14.
    van Lamsweerde, A.: Goal-Oriented Requirements Engineering: A Guided Tour. Invited minitutorial. In: Proc. RE 2001, Int. Joint Conf. on RE, Toronto, pp. 249–263. IEEE, Los Alamitos (2001)Google Scholar
  15. 15.
    PRIME: Privacy and Identity Management for Europe (accessed, May 2008),
  16. 16.
    Karjoth, G., Schunter, M.: A Privacy Policy Model for Enterprises. In: Proc. Of CSFW 2002, pp. 271–281. IEEE Press, Los Alamitos (2002)Google Scholar
  17. 17.
    Giorgini, P., Massacci, F., Zannone, N.: Security and Trust Requirements Engineering. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2005. LNCS, vol. 3655, pp. 237–272. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Giorgini, P., Massacci, F., Mylopoulous, J., Zannone, N.: Modelling Security Requirements Through Ownership, Permission and Delegation. In: Proc. of the 13th IEEE Requirements Engineering Conference (RE 2005) (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Reza Samavi
    • 1
  • Thodoros Topaloglou
    • 1
  1. 1.University of TorontoTorontoCanada

Personalised recommendations