The CO.R.E. Project. An Integrated Security Approach to Self-Monitoring and Medical Record Keeping: Towards the Next Generation Personal Health Record

The CO.R.E. Project. An Integrated Security Approach to Self-Monitoring and Medical Record Keeping: Towards the Next Generation Personal Health Record

Stavros Pitoglou (National Technical University of Athens & Computer Solutions SA, Athens, Greece), Vangelis Kostalas (Computer Solutions SA, Athens, Greece), Anna Paidi (National Technical University of Athens, Athens, Greece), Athanasios Anastasiou (Biomedical Engineering Laboratory, School of Electrical and Computer Engineering, Division of Information Transmission Systems and Material Technology, National Technical University of Athens, Athens, Greece) and Dimitrios Koutsouris (Biomedical Engineering Lab, National Technical University of Athens, Athens, Greece)
Copyright: © 2019 |Pages: 8
DOI: 10.4018/IJCCP.2019010101
OnDemand PDF Download:
No Current Special Offers


The widespread use of electronic Personal Health Records is considered of great importance, however, until today, there is no widely adopted application paradigm for the functional specifications of a modern ePHR due to absence of trust, inadequate data completeness and overall use complexity and “unfriendliness”. CO.R.E. (COnsolidation & Routing Engine) is an innovative approach towards the development of a health data consolidation and cloud access provision infrastructure, taking under consideration both the needs for wide adoption and the application of mission critical technologies in real production environments. The CO.R.E. infrastructure provides an environment for deploying medical record applications with central storage and individually controlled distributed access, ensuring: a) the absence of readable identifiers in any network communication among the involved systems and b) the inability (as much as modern cryptographic methods offer) of anyone - even the engineers working on the system - to correlate the stored medical data with their owner/physical person.
Article Preview


The Patient Health Record (PHR) is defined broadly as the representation of the health information, wellness and development of a person (ISO, 2012), and more specifically as “an electronic application through which individuals can access, manage and share their health information and that of others for whom they are authorized, in a private, secure and confidential environment” (Markle, 2003). The rapidly growing body of scientific literature concerning various aspects of ePHRs is aligned with common sense that multiple contemporary trends, such as personalized medicine, self-monitoring, and self-management of chronic health issues, the right of individuals to own and handle their personal health data, find in ePHRs a necessary condition for their future progress (Roehrs, da Costa, Righi, & de Oliveira, 2017). However, in terms of implementation and real-life adoption, the record is very poor, and one could argue that there is not yet an application or an application paradigm, that is widely adopted and in the same time including all the characteristics the aforementioned definitions suggest.

We identify three major reasons that have contributed to the extremely limited results of the attempted implementations:

  • The absence of trust.

  • Inadequate data completeness.

  • Overall use complexity and “unfriendliness”.

CO.R.E. as a project includes the design and development of a working prototype ePHR that addresses all three of these factors “by default and by design”, as well as stakeholder adoption and real-world implementation considerations.


The Co.R.E. System

In order to build trust, it is self-evident that patient privacy and by extend data security-integrity is of paramount importance and needs to be well defined and clearly explained. CO.R.E.’s architectural design (as shown in Figure 1) ensures that even the maintainers and the database administrators have absolutely no possibility of identifying the physical person that owns any piece of data stored in the system. That principal entails a system which, even when fully compromised (the situation in which the potential perpetrator gains full control over the system’s internals, code, and database), the maximum information disclosed are unrelated clusters of transactional data, while the individuals’ identities are practically untraceable.

Complete Article List

Search this Journal:
Open Access Articles
Volume 4: 2 Issues (2019)
Volume 3: 2 Issues (2018)
Volume 2: 2 Issues (2017)
Volume 1: 2 Issues (2016)
View Complete Journal Contents Listing