Design a Software Reference Architecture to Enhance Privacy and Security in Electronic Health Records | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Design a Software Reference Architecture to Enhance Privacy and Security in Electronic Health Records Rodrigo Tertulino, Naghmeh Ivaki, Higor Morais This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4006291/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Healthcare services and organizations rely on Electronic Health Records (EHRs) to manage, store, and transmit patient data records. Consequently, EHRs play a crucial role in providing high-quality services and maintaining the privacy and security of patients' sensitive data. However, designing such complex systems with security and privacy concerns is anything but simple. This study aims to propose a software reference architecture (SRA) tailored for Electronic Health Records (EHRs) with security and privacy considerations, intending to enhance the development of these systems. To achieve this goal, we analyze the classification of reference architectures (RAs), taking into account the primary security and privacy requirements of EHRs along with well-established architectural design methods. We propose a layered architecture for SRA with privacy and security considerations. Subsequently, we derive the following five architecture views for SRA: the feature diagram, the context diagram, the decomposition view, the layered view, and the deployment view. Each view showcases the SRA software architecture from a different perspective.Moreover, we conducted an evaluation of the proposed SRA through its application in a case study. Specifically, we applied the proposed SRA and derived the application architecture from a study focused on Brazilian EHRs. Our analysis highlights the potential issues arising from the absence of an SRA tailored for EHRs, particularly regarding privacy and security concerns surrounding patient data. Through this case study, we demonstrate the practical applicability of our proposed SRA in enhancing EHR systems. Healthcare Systems Electronic Health Record (EHR) Privacy Security Software Reference architecture (SRA) Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4006291","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":279466725,"identity":"9149b5e1-ec98-4640-96b2-b4f6088bfda3","order_by":0,"name":"Rodrigo Tertulino","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAwElEQVRIiWNgGAWjYJCCAw8YGOQYDjA2kKAlgYHBGK6Fhyg9QC2JDQegHIJazGcff3ggsc0uve94cwMzTw1Dnj0hLTLncgyAWpJzZ545CNRyjKGYoC0SPDxAv5xhzt1wI7GBmbeBIbGHsBb2B0At9ekG9x8SrYXB4EBCxeEEgxuMRGvhAWk5bjjzTGLDwTnHJIp5DhB22OMPHwyq5fmOH3/44E2NTR57AyFrkAHQfIkEUjRAABlaRsEoGAWjYLgDAJSvQEGPFY8wAAAAAElFTkSuQmCC","orcid":"","institution":"University of Coimbra","correspondingAuthor":true,"prefix":"","firstName":"Rodrigo","middleName":"","lastName":"Tertulino","suffix":""},{"id":279466726,"identity":"3557b448-a071-4055-9dd4-cad6bffbedd2","order_by":1,"name":"Naghmeh Ivaki","email":"","orcid":"","institution":"University of Coimbra","correspondingAuthor":false,"prefix":"","firstName":"Naghmeh","middleName":"","lastName":"Ivaki","suffix":""},{"id":279466727,"identity":"c42b36ac-874b-4574-9a6d-74017722366d","order_by":2,"name":"Higor Morais","email":"","orcid":"","institution":"Instituto Federal do Rio Grande do Norte","correspondingAuthor":false,"prefix":"","firstName":"Higor","middleName":"","lastName":"Morais","suffix":""}],"badges":[],"createdAt":"2024-03-02 11:14:31","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4006291/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4006291/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":53788646,"identity":"3ad1df10-8fd2-4db4-8a8c-c5a7ec413554","added_by":"auto","created_at":"2024-03-30 15:53:01","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1037244,"visible":true,"origin":"","legend":"","description":"","filename":"2023JHIRRodrigoSilva.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4006291/v1_covered_0e0159f5-47ad-40cd-a3ed-cbcdbf3e3046.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Design a Software Reference Architecture to Enhance Privacy and Security in Electronic Health Records","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Healthcare Systems, Electronic Health Record (EHR), Privacy, Security, Software Reference architecture (SRA)","lastPublishedDoi":"10.21203/rs.3.rs-4006291/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4006291/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Healthcare services and organizations rely on Electronic Health Records (EHRs) to manage, store, and transmit patient data records. Consequently, EHRs play a crucial role in providing high-quality services and maintaining the privacy and security of patients' sensitive data. However, designing such complex systems with security and privacy concerns is anything but simple. This study aims to propose a software reference architecture (SRA) tailored for Electronic Health Records (EHRs) with security and privacy considerations, intending to enhance the development of these systems. To achieve this goal, we analyze the classification of reference architectures (RAs), taking into account the primary security and privacy requirements of EHRs along with well-established architectural design methods. We propose a layered architecture for SRA with privacy and security considerations. Subsequently, we derive the following five architecture views for SRA: the feature diagram, the context diagram, the decomposition view, the layered view, and the deployment view. Each view showcases the SRA software architecture from a different perspective.Moreover, we conducted an evaluation of the proposed SRA through its application in a case study. Specifically, we applied the proposed SRA and derived the application architecture from a study focused on Brazilian EHRs. Our analysis highlights the potential issues arising from the absence of an SRA tailored for EHRs, particularly regarding privacy and security concerns surrounding patient data. Through this case study, we demonstrate the practical applicability of our proposed SRA in enhancing EHR systems.","manuscriptTitle":"Design a Software Reference Architecture to Enhance Privacy and Security in Electronic Health Records","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-03-18 07:12:53","doi":"10.21203/rs.3.rs-4006291/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"9e31b6e7-9c27-4a1b-8acd-c7f8dba75884","owner":[],"postedDate":"March 18th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2024-03-30T15:44:23+00:00","versionOfRecord":[],"versionCreatedAt":"2024-03-18 07:12:53","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4006291","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4006291","identity":"rs-4006291","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.