JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617

HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 56

Secure Module for Transmissions Data over Unsecured Channel: 
Study Case on Electronic Medical Records 
Hamdan O. Alanazi (1, 2, 3), Prof. Dr. Lim (1)
(1)
Department of Computer System and Technology, Faculty of Computer Science and
Information Technology, University of Malaya, 50603 Kuala Lumpur, Malaysia
(2)
Faculty of Applied Medical Science, King Saud University, P.O. BOX 2454,
Riyadh 11451, Kingdom of Saudi Arabia.
(3)
Faculty of Computer and Information Technology, Al-Madinah International
University, Shah Alam, Malaysia.

Abstract
Recently, Health care presents one of the most important subjects in the life. USA
government planed to spend 100 $ billion over the next 10 years, according to experts.
The Electronic Medical Record is usually a computerized legal medical record created in
an organization that delivers care, such as a hospital and doctor's surgery. In age of
technology, one of the most important factors for EMR is that securing the records for
the patients, protect their rights and knowing the responsible of disclosure their data.
Thus, the architecture design of transmission, that could guarantee the privacy of the
patients, plays an important role on building a strong relationship among the medical
center and the patient. Nevertheless, the design must be carried out with awareness to
protect the rights of the patients and maintains the confidentiality, integrity, authenticity
and non repudiation. The architecture of a secure transmission for single medical
records has been descried in this paper; the author has used UML tools on the design.

Keywords: Electronic Medical Record, Information Security, Data Privacy, Rights of Patient and
cryptography algorithms.

INTRODUCTION appreciate the differentiating qualities of

services and resulting management
Omputer, information sciences and

C
implications with characteristic focus on
technologies are accompanied in life healthcare aids [2]. Modern medical records
[1]. Services are becoming an can help the scholars to support on those
incrementally important component of researches [3], for these cases; researchers
national economies and it is critical to have used the medical record files to bring

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 57

the required data about the patient [4, 5]. the technical integrity of the information
Most of the people consider information items and the accountability of the
about their health to be highly secured, information items should be verifiable. This
worthy of the strongest protection under the requires specific electronic signature
law [6]. Laws in often states and the age-old approaches and procedures that are long-
tradition of doctor-patient privilege has been lasting and long-verifiable and therefore long
the mainstay of privacy protection for provable ones [16-19]. For applications like
generations [7]. Electronic medical records the electronic medical record, law needs
pose tremendous problems to system algorithms that are protected for at least 30
developers [7-10]. Infrastructure and privacy years (the legal obligation for EMR) [17, 19,
consequences need to be resolved before 20]. Confidentiality, Authentication,
doctors can even start using the records [9, Authorization, Privacy, Integrity and Non-
10]. Non-intrusive hardware might be repudiation are the factors which are used in
required for doctors to do their work (i.e. the security of connotation for each term
interview patients) away from their offices [8, clarify the target of that term. Authentication
11]. But all the labors to solve these means accommodating the identity of the
problems will only succeed if acceptable communicating authorities to one another
care is also agreed to the design of the user [21, 22] meaning that authentication
interface [8, 11]. The National Research approach is a verification approach [23, 24]
Council has established that manufacturing while Authorization is the process by which
spends more than $15 billion on information we certify whether a subject is owed to
technology (IT), an amount that is expanding access [25] which means the Authorization
by 20% a year [12]. The president of USA is the granting or denial of permission to
has pledged to invest $10 billion a year over carry out a given action [26-28].
the next five years on the effort; the cost tag Confidentiality is the term used to prevent
for such a system can be around to $100 the disclosure of information to unauthorized
billion through the next 10 years. individuals or systems [29, 30]. Integrity
Additionally, they note that sticking to his involves protecting against unauthorized
five-year timetable can guarantee to be adaptations (i.e. causeless or intentional) to
daunting. E-Medical Records (EMR) the data [31]. Non-repudiation is the
systems would come out of the $825 billion concept of assuring that a party in a
economic stimulus package Obama wishes challenge cannot cancel, or refute the
to push through Congress [13-15]. A certain validity of a statement or contract [32].
item of information must be secured even
LIMITATION OF RESEARCH
more than 30 years after it was stored. It
should be stored unchanged all that time,
The paper outlines several
and it must be accessible. Therefore, both of
objectives. The main objective of the

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 58

paper is to design and implement a EXPECTED SOLUTIONS

secured Electronic Medical Records
New system will be implemented to
over the remotely channel. Below I
secure the communication of
followed the considered scope and
transferring the Medical records over
out of scope points:
the unsecure communication using
1- The paper designed to cover the PK infrastucture. This system will
communication part of transfer a accomplish the requirements of this
single record from the server to the paper. These following security
end user. factors: Confidentiality,
authentication, authorization, and
2- The paper spots the light on the
non-repudiation will be achieved in
problems of confidentiality,
this paper.
authentication, authorization, and
non-repudiation to ensure the privacy NON-FUNCTIONAL REQUIREMENTS

and secrecy of the data and also to

Non-functional requirements are
identify the person who cause any
requirements that are not directly
illegal broadcast to the patient’s
concerned with the functions of the
records.
system. They might relate to

3- This paper has not paid any emergent system features for

attention to the security of the example reliability, response time

database. The author has been and store occupancy. They might

informed that, the database has identify system performance,

been protect from any attacker, in availability, and other emergent

addition, no one has the authority to features. It means that they are

access the database from illegal always more critical than individual

ways. functional requirements. System

users can often find ways to work
around a system function that
doesn’t really achieve their needs.
However, failing to meet a non-
functional requirement can mean that

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG
the whole system is unusable. Non-
functional requirements needed in
securing Electronic Medical Records
system are identified as performance
requirements, safety requirements,
and software quality attributes.
The System Engineering Process
The waterfall can not be used when
there is the need of an update of the
requirements and subsequently
design and coding. The spiral model is
intended for large, expensive
complicated paper. In this paper, The V-
SHAPED MODEL will be used.
Fig.1 V-model of the System
Engineering Process of this paper
The paper phases can be divided into the
following steps as follows:
I. Phase One:
This phase is the most important
phase; this is because all
59
following phases will fully depend on
this phase. In other words, the
backbone of this paper is this phase.
In this phase can lead the whole
paper to be successful.
II. Phase Two:
In this phase, this system will be
implemented based on phase 1. The
system will be ready to use and the
the success of this phase will depend on
phase 1. Actually this phase just
and
translate of the last phase.
III. Phase Three:
This phase has been divided into the
following parts: Operation, Testing
and Evaluation, Acceptance and
Maintenance. The target of this
phase is to get feedback from users
about the system to evaluate
whether the user requirements are
fulfilled and achieved or not. To
achieve the target of acceptance, a
questionnaire survey has performed
the testing. After this phase the
paper will be completed.
the
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 60

LITURETURE REVIEW 1. Use Cases Digrames of EMR

[33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
43, 44] They have mentioned about the
securing of electronic medical record.
However, they do not present which
algorithm can be used. [45, 46, 47, 17,
48, 49, 50] They used RSA to secure
the EMR. [51] They used ECC to
Fig2. Use Case of Create Account
achieve securing for EMR. However the
RSA and ECC are entirely broken [52,
53, 54]. [36, 37, 38, 39, 54, 56, 57, 58,
48, 49, 50, 43, 44] They have discussed
some of the factors of the security. This
is good but they do not cover the Non
Repudiation which is very important
element in order to know who is
responsible about disclosure the patient
record. Fig3. Use Case of Login

System Module

In this paper System Module has been

proposed four type of diagrams which
are to handle the final system of
Electronic Medical Records
Transmissions as following: Fig4. Use Case of Manage the EMR

Fig5. Use Case of Search

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 61

Fi
g6. Use Case of View the EMR

Fig9. Sequence of Create EMR

2. Sequence Diagrams of EMR

Fig10. Sequence of Edit EMR

Fig7. Sequence of Signup

Fig11. Sequence of Delete EMR

Fig8. Sequence of Login

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 62

Fig12. Sequence of Internal User View

Fig16. Activity diagram of Login

Fig13. Sequence of NonInternal User

View

1. Activity Diagrams of EMR

Fig17. Activity diagram of Create EMR

Fig15. Activity diagram of Signup

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 63

Fig20. Activity diagram of Search

Fig18. Activity diagram of Edit EMR

Fig19. Activity diagram of Delete EMR

Fig21. Activity diagram of View EMR

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 64

1. Class Diagram of EMR

Fig14. The Class Diagram of Securing EMR System

Risk Analysis  Human: Human risk on the

system shows the wrong usage
Brimary risks taht jeopardize the system
and data entry, which may permit
functionality and lead to breakdown and
redundancy and poor indexing.
error resulting with high inaccuracy:

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 65

 Operational: as in permanent or system by not achieving users’

temporary loss of access, and requirements.
failure in using the system due to
Conclusion
accumulating dependent
responsibilities, and ineffective Due to the speed, flexibility, and efficiency
that it offers, the Internet applications
sequencing for dissertations, or
system has become the means for
sometimes; a system crash
conducting growing numbers of transactions
along with losing all the data.
between suppliers and large international

 Procedural: includes failures of corporations. The Internet applications

accountability, related systems
and controls, system’s structure
incompatibility, cheating/fraud or
hacking the system by unknown
users.
 Implementation risks: of cost
over-runs, tasks taking too long
and underestimated
scheduling and management.
 Technical: from advances in
technology, technical failure, use
complexity, and
adaptability/compatibility
new/different systems.
 Natural threats: from accident,
power failure, data
servers or backup.
Reputation: quality of the
performance, interfaces, and outputs
quality and presentation may lead to low
usage by researchers and students
which do not achieve the intention of the
system has been widely used in these days.
The success of the applications system
depends on its flexibility, availability and
security. Since that the electronic medical
records transmissions system should have a
special way to design the system and
implement it. Nowadays, the electronic
medical records transmissions system one
of internet applications system which is
time
widely used looking to provide the best
quality system with highly available, fast
response, secure and safe to use. The
Unified Modeling Language (UML) is the
uniquely language which is used to analyse
low and design any system. In this paper, the
to UML diagrams have been proposed to
illustrate the design phase for any electronic
medical records transmissions system. The
authors presented four types of modules
loss by which are used for the electronic medical
records transmissions System. In this paper
have been proposed four diagrams module
system
for electronic medical records transmissions
system which are Use Case Diagram,
Sequence Diagrams, Class diagrams,
Activity Digrames respectively. This
digrames are capable of handling

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 66

requirements of electronic medical records as a lecturer at the King Saud University.

transmissions. Currently, he is a Master’s candidate at the
Faculty of Computer Science & Information
Technology at the University of Malaya in
Kuala Lumpur, Malaysia. He has published
ACKNOWLEDGEMENT many articles. He is has been reviewed in
many journals. His research interests are in
This research was partially supported by the
King Saud University, Riyadh, Saudi Arabia, Cryptography, Steganography, Digital
the University of Malaya, Kuala Lumpur, Watermarking, Network Security, Artificial
Malaysia and “Al-Madinah International Intelligence, pattern recognitions, signal
University”, Shah Alam, Malaysia. First and processing and image processing and
foremost I would like to thank “ALLAH” Medical Applications.
(SWT), most gracious and most merciful. I
would like to thank Prof. Dr. Lim for his .
continue support, encouragement and
References
valuable discussions during my research work.
I also would like to express the deepest 1 Rao, V.S., et al., Recent developments
appreciation to Professor Abdullah Ben Abdul-
in life sciences research: Role of bioinformatics.
Rahman Abdullah Al-Othman, Dr. Ali ibn
African Journal of Biotechnology, 2008. 7(5): p.
Sulaiman Al-Attiyah and Prof. Dr.
495-503.
Mohammad Khalifa Al-Tamimi. My thanks
are also extended to Dr. Ali bin Abdullah
2. de Jager, J.W., A.T. du Plooy, and M.F.
Alafnan, Dr. Abdullah Alsbail, Dr.
Muhammed Al Arifi, Dr. Musaed AL-Jrrah, Ayadi, Delivering quality service to in-and out-
and Mr. Abdullah Alsbait. Dr.Khalid Alhazmi, patients in a South African public hospital. African
Mr. Seraj, Mr. Khalid and all the staff in the Journal of Business Management, 2010. 4(2): p.
King Saud University especially in Applied 133-139.
Medical Science for their unlimited support.
Without their notes and suggestions this 3. Aboelsoud, N.H., Herbal medicine in
research would not have appeared. Finally, I ancient Egypt. Journal of Medicinal Plants
would like to express my sincere gratitude to Research, 2010. 4(2): p. 082-086.
my family for their help and their
unconditional support. A very special vote of 4. Bello, S.I. and O.A. Itiola, Drug
thanks is due to my beloved mother. adherence amongst tuberculosis patients in the
University of Ilorin Teaching Hospital, Ilorin,
Nigeria. African Journal of Pharmacy and
AUTHOR’S PROFILE  Pharmacology, 2010. 4(3): p. 109-114.

HAMDAN ALANAZI: 5. Bello, S.I., Challenges of DOTS

He has obtained his implementation strategy in the treatment of
bachelor’s degree from the tuberculosis in a tertiary health institution, Ilorin,
King Saud University,
Nigeria. African Journal of Pharmacy and
Riyadh, Kingdom of Saudi
Pharmacology, 2010. 4(4): p. 158-164.
Arabia. He worked as a
lecturer at the Health College in the Ministry
of Health in Saudi Arabia, and then worked

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 67

6. Izet Masic, H.P. Requirements for Journal of Mental Health, 2009. 18(3): p. 193-
Security and Privacy. in Medical Informatics in 197.
Enlarged Europe. 2007. Brijuni, Croatia: Pro
15. Mearian, L., Obama's national health
Universitate.
records system will be costly, daunting But an
7. Barton, B.H., Do Judges Systematically electronic health records system could save the
Favor the Interests of the Legal Profession. Ala. nation $300B a year, in computerworld. 2009.
L. Rev., 2007. 59: p. 453.
16. Bruun-Rasmussen, M., et al., The
8. Plaisant, C., et al. LifeLines: using impact of EHR and digital electrocardiograms.
visualization to enhance navigation and analysis The new navigators: from professionals to
of patient records. in Clinical Infrastructure for the patients: proceedings of MIE2003, 2003.
21 st Century. 1998 Orlando, FL: American
17. Pharow, P., et al., Security infrastructure
Medical Informatics Association.
services for electronic archives and electronic
9. Plaisant, C. and A. Rose. Exploring health records. Medical and care compunetics 1,
LifeLines to visualize patient records. in American 2004: p. 434.
Medical Informatics Association Annual Fall
18. Brandner, R., et al., Electronic Signature
Symposium. 1996. USA: Citeseer.
of Medical Documents--Integration and
10. Plaisant, C., et al. Visualizing medical Evaluation of a Public Key Infrastructure in
records with LifeLines. in Conference on Human Hospitals. Methods of Information in Medicine-
Factors in Computing Systems. 1998. Los Methodik der Information in der Medizin, 2002.
Angeles, California, United States: ACM. 41(4): p. 321-330.

11. Phd, C.P., et al. LifeLines: Using 19. Pharow, P. and B. Blobel, Electronic
Visualization to Enhance Navigation and Analysis signatures for long-lasting storage purposes in
of Patient Records. in Aparadigm Shift in Health electronic archives. International Journal of
Care Information Systems: Clinical Infrastructure Medical Informatics, 2005. 74(2-4): p. 279-287.
for the 21 st Century. 1998. Orlando, FL.
20. Winslade, W.J., Confidentiality of
12. Anderson, J.G., Security of the medical records: An overview of concepts and
distributed electronic patient record: a case- legal policies. Journal of Legal Medicine, 1982.
based approach to identifying policy issues. 3(4): p. 497-533.
International Journal of Medical Informatics,
21. Needham, R.M. and M.D. Schroeder,
2000. 60(2): p. 111-118.
Using encryption for authentication in large
13. Marmor, T., J. Oberlander, and J. White, networks of computers. Communications of the
The Obama administration's options for health ACM, 1978. 21(12): p. 999.
care cost control: hope versus reality. Annals of
22. Bellare, M. and P. Rogaway. Entity
Internal Medicine, 2009. 150(7): p. 485.
authentication and key distribution. in 13th
14. Goldman, H.H., President Obama and Annual International Cryptology Conference
Mental Health Policy–the Audacity to Hope. Santa Barbara, California, USA August 22–26,

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 68

1993 Proceedings. 1993. California, USA: 31. Lee, H.J., A review of IPTV threats
Springer. based on the value chain. KSII Transactions on
the Internet and Systems, 2009. 3(2): p. 163-77.
23. Han, C.C., et al., Personal
authentication using palm-print features* 1. 32. Harb, H., H. Farahat, and M. Ezz.
Pattern Recognition, 2003. 36(2): p. 371-381. SecureSMSPay: Secure SMS Mobile Payment
model. in Anti-counterfeiting, Security and
24. Perrig, A. The BiBa one-time signature
Identification, 2008. ASID 2008. 2nd International
and broadcast authentication protocol. in
Conference 2008. Guiyang
Proceedings of the 8th ACM conference on
Computer and Communications Security. 2001. 37. Blobel, B., Advanced tool kits for EPR
Philadelphia, PA, USA: ACM. security. International Journal of Medical
Informatics, 2000. 60(2): p. 169-175.
25. Nakamur, Y., S. Hada, and R. Neyama,
Towards the integration of Web services security 38. Espinosa, A.L., Availability of health data:
on enterprise environments. saint-w, 2002: p. requirements and solutions. International Journal
166. of Medical Informatics, 1998. 49(1): p. 97-104.

26. Alfieri, R., R. Cecchini, and V. Ciaschini, 39. Kluge, E.H.W., Secure e-health: managing
From gridmap-file to VOMS: managing risks to patient health data. International Journal
authorization in a Grid environment. Future of Medical Informatics, 2007. 76(5-6): p. 402-406.
Generation Computer Systems, 2005. 21(4): p.
40. Ahmad, N., Restrictions on cryptography in
549-558.
india-a case studyof encryption and privacy.
27. Jo, S.M., et al. Access Authorization Computer Law & Security Review, 2009. 25(2): p.
Policy for XML Document Security. in Lecture 173-180.
Notes in Computer Science. 2005. Nanjing,
41. Julià-Barcelَ, R. and T. Vinje, "Towards a
China: Springer.
european framework for digital signatures and
28. Lee, A.J., et al. Traust: a trust encryption" : The european commission takes a
negotiation-based authorization service for open step forward for confidential and secure
systems. in Proceedings of the eleventh ACM electronic communications. Computer Law &
symposium on Access control models and Security Report. 14(2): p. 79-86.
technologies. 2006. Lake Tahoe, California, USA:
ACM.
42. Janczewski, L. and X. Shi, Development of
29. Carney, P.A., et al., Current medicolegal information security baselines for healthcare
and confidentiality issues in large, multicenter information systems in New Zealand. Computers
research programs. American journal of & Security, 2002. 21(2): p. 172-192.
epidemiology, 2000. 152(4): p. 371.
43. Takeda, H., et al., An assessment of PKI and
30. Stallings, W., Cryptography and network networked electronic patient record system:
security. 2010: Prentice Hall. lessons learned from real patient data exchange
at the platform of OCHIS (Osaka Community

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 69

Healthcare Information System). International health information systems. International Journal

Journal of Medical Informatics, 2004. 73(3): p.
311-316.
44. Hu, J., H.H. Chen, and T.W. Hou, A hybrid
public key infrastructure solution (HPKI) for
HIPAA privacy/security regulations. Computer
Standards & Interfaces, 2009.
45. Kalra, H.L.D. and A.H.J. Talmon, Inter-
organizational Future Proof Ehr Systems A
Review Of The Security And Privacy Related
Issues. International Journal of
Informatics, 2009. 78(3).
46. de Meyer, F., et al., Determination of user
requirements for the secure communication of
electronic medical record
International Journal of Medical Informatics,
1998. 49(1): p. 125-130.
of Medical Informatics, 2001. 62(1): p. 51-78.
52. Smith, J.P., Authentication of digital medical
images with digital signature technology.
Radiology, 1995. 194(3): p. 771.
53. Janbandhu, P.K. and M.Y. Siyal, Novel
biometric digital signatures for Internet-based
applications. Information Management and
Computer Security, 2001. 9(5): p. 205-212.
54. Epstein, M.A., et al., Security for the digital
Medical
information age of medicine: issues, applications,
and implementation. Journal of Digital Imaging,
1998. 11(1): p. 33-44.
55. Gobi, M. and K. Vivekanandan, A New Digital
information.
Envelope Approach for Secure Electronic Medical
Records. IJCSNS, 2009. 9(1): p. 1.

56. Kurosawa, K., K. Okada, and S. Tsujii, Low

47. Rind, D.M., et al., Maintaining the
exponent attack against elliptic curve RSA.
confidentiality of medical records shared over the
Advances in Cryptology—ASIACRYPT'94: p.
Internet and the World Wide Web. Annals of
376-383.
Internal Medicine, 1997. 127(2): p. 138.

57. Maitra, S. and S. Sarkar, Revisiting Wiener’s

48. O'Brien, D.G. and W.A. Yasnoff, Privacy,
attack–new weak keys in RSA. Information
confidentiality, and security in information
Security Springer Berlin / Heidelberg, 2008: p.
systems of state health agencies. American
228-243.
journal of preventive medicine, 1999. 16(4): p.
351-358. 58. Tartary, C., Authentication for Multicast
Communication. 2007.
49. Gritzalis, D.L.D., Long-term verifiability of the
electronic healthcare records' authenticity. 59. Sucurovic, S., Implementing security in a
International Journal of Medical Informatics,
distributed web-based EHCR. International
2007. 76(5/6).
Journal of Medical Informatics, 2007. 76(5-6): p.
491-496.
50. Bos, J.J., Digital signatures and the electronic
health records: providing legal and security
60. Smith, E. and J.H.P. Eloff, Security in health-
guarantees. International journal of bio-medical
care information systems--current trends.
computing, 1996. 42(1-2): p. 157-163. International Journal of Medical Informatics,
1999. 54(1): p. 39-54.
51. Blobel, B. and F. Roger-France, A systematic
approach for analysis and design of secure

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 10, OCTOBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 70

61. Van der Haak, M., et al., Data security and

protection in cross-institutional electronic patient
records. International Journal of Medical
Informatics, 2003. 70(2-3): p. 117-130.

62. Ferreira, A., et al. Integrity for electronic

patient record reports. 2004: IEEE Computer
Society.

63. Smith, J.P., Authentication of digital medical

images with digital signature technology.
Radiology, 1995. 194(3): p. 771.