Securely Streaming SVG Web-Based Electronic Healthcare Records involving Android Mobile Clients Sabah Mohammed and Jinan Fiaidhi Department of Computer Science, Lakehead University, Thunder Bay, Ontario P7B 5E1, Canada {mohammed, jfiaidhi}@lakeheadu.ca Osama Mohammed Department of Software Engineering, Lakehead University, Thunder Bay, Ontario P7B 5E1, Canada omohamme@lakeheadu.ca Abstract— Although Electronic Healthcare Records (EHRs) technology largely facilitates patient care by providing clinicians with the ability to review a more complete medical record, interoperability and privacy issues present significant barriers to their implementation. This article proposes the open source SVG (Scalable Vector Graphics) standard for representing electronic healthcare records for interoperability purpose where security can be enforced using lightweight SAX streaming filters. The SVG filters are based on the Java SAX API to push pieces of the SVG to the encryption/decryption handlers. The SAX handlers can filter, skip tags, or encrypt tags partially or universally at any time from the stream of the SVG EHRs. A prototype for implementing the SAX streaming filter is presented along with experiments to test its applicability in a web environment for sharing SVG EHRs on the Android mobile development environment. Index Terms— Open Source EHRs, Semantic Interoperability, SVG, SAX Filters, XML Encryption Standard, Android. I. INTRODUCTION E-health networks can provide more seamless and integrated services to patients and health care workers that are more broadly accessible by leveraging Internet technology and electronic health records. In order to do so, however, issues of security and privacy of personal health information must be addressed [1]. Moreover, healthcare systems globally are challenged by the human and financial resource requirements of an ever growing and aging population. Health promotion and preventative programs along with early and rapid access to treatment are all key factors to improving healthy living. Investments in medical technology to improve the delivery of health care are also a critical consideration and it is here that the mobile Internet has a role to play. Mobile Internet technology has also proven itself invaluable in bringing important medical applications to the point of care [2]. In the past, physicians and healthcare users who required information related to a medication almost always had to wait for the legacy system to provide it in a paper fashion. Healthcare has long relied upon paper based record systems which have become cumbersome and expensive to manage and present significant challenges related to speed of accessibility and security. Thus the emerging benefit of mobile Internet technology to healthcare is to provide mobile access to medical records. Again, using mobile technology means that the treatment process can be sped up and the potential for medical errors can be reduced. With motivations such as patient privacy protection and laws like the US Health Insurance Portability and Accountability Act (HIPAA), the US President Executive Order (13335 of April 2004) on the migration to EHR, the recent President Obama’s Healthcare Reform where EHRs is the key for such strategy, the Canada Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario Personal Health Information Protection Act (PHIPA), make implementations of EHRs and their security a fundamental concern within the healthcare industry. However, the advantages of mobility and openness offered by the Internet to promote connectivity between healthcare user’s devices are not in line with the connectivity between e-health applications. There are many different standards for EHRs (e.g. EN13606, HL7v3 RIM, HL7 CDA) and we need to provide the right harmonization between these different standards to achieve the required compatibility. Although there are many standards development organizations who care about e-health standardization including EHRs (e.g. HL7, CEN, ISO/IEC, ASTM, DICOM, OMG, IHE, IEEE, OASIS, LOINC, SNOMED, WHO, UN/CEFACT, W3C and various universities, research institutes and national standards bodies), much work is still required to resolve several key compatibility issues and gain global acceptance of widely used standards for the Extended article from an article submitted to the E-health Workshop, Part of MCETCH 2009 Conference, University of Ottawa, Ottawa, Ontario, Canada, May 4-6, 2009. 146 JOURNAL OF EMERGING TECHNOLOGIES IN WEB INTELLIGENCE, VOL. 1, NO. 2, NOVEMBER 2009 © 2009 ACADEMY PUBLISHER doi:10.4304/jetwi.1.2.146-152