Table 2 1st Round of Security Requirements and Mechanisms of Integrated PHR

Confidentiality

Registering authorized PHR users

28

93.33

2

6.67

Determining the information sensitivity level in PHR

30

100

0

0

Encrypting data or key fields in PHR databases

30

100

0

0

Hiding Information from unauthorized users

30

100

0

0

Restrictions of information updating by unauthorized users

24

80

6

20

Availability

Creating an information backup

28

93.33

2

6.67

Specifying data access control list

30

100

0

0

Integrity

Using digital signature

26

86.67

4

13.33

Determining the Standard terminology

30

100

0

0

Authentication

Assigning username to all user

30

100

0

0

Determining Password mechanisms

30

100

0

0

Using biometric scans (fingerprints, face, hands, retina)

30

100

0

0

Authorization

Defining the roles (patient, provider, system manager, etc.)

30

100

0

0

Defining users’ access level to information

28

93.33

2

6.67

Compiling user’s list to access information in emergencies

30

100

0

0

Non-Repudiation

Creating an audit log (information audit)

30

100

0

0

Creating accountability of users for any changes and manipulations

30

100

0

0

Access Right

Determining the time and individual (authorized users) to access personal health data by PHR owner

28

93.33

2

6.67

Authorizing another user to access & control the information for sharing by the PHR owner

28

93.33

2

6.67

Reviewing entities’ access to personal health data by PHR owner

30

100

0

0

Revocation of entities’ access by PHR owner at any time

23

76.67

7

23.33

Restricting the previous physician’s access right to PHR

26

86.67

4

13.33