Journal of Computer Information Systems

ISSN: 0887-4417 (Print) 2380-2057 (Online) Journal homepage: http://www.tandfonline.com/loi/ucis20

A Service-Oriented Model for Personal Health

Records

Jingquan Li

To cite this article: Jingquan Li (2018): A Service-Oriented Model for Personal Health Records,
Journal of Computer Information Systems, DOI: 10.1080/08874417.2018.1483213

To link to this article: https://doi.org/10.1080/08874417.2018.1483213

Published online: 18 Jun 2018.

Submit your article to this journal

Article views: 12

View Crossmark data

Full Terms & Conditions of access and use can be found at

http://www.tandfonline.com/action/journalInformation?journalCode=ucis20
JOURNAL OF COMPUTER INFORMATION SYSTEMS
https://doi.org/10.1080/08874417.2018.1483213

A Service-Oriented Model for Personal Health Records

Jingquan Li
Hofstra University, Hempstead, NY, USA

ABSTRACT KEYWORDS
Personal health records (PHRs) have received widespread attention as a tool for people to store and Personal health records;
manage their own or their family’s health records. Today PHRs are provided by a variety of players, service-oriented
including health care systems or hospitals, health plans, employers, and technology vendors. Traditional architecture; cloud
PHR systems are institution specific and have not been concerned with the interoperability and privacy computing; web services;
interoperability; data privacy
of PHRs when interacting with other systems. The paper reported here seeks to address this challenge
by presenting a service-oriented model for PHRs. In this study, we examine the challenges faced in the
integration of existing electronic medical record (EMR) systems and health information exchanges (HIEs).
We then propose a service-oriented model for integrating PHR and EMR systems. Furthermore, we
analyze the services in SOA and explore the potential of service-oriented personal health cloud. We
present a practical case study to verify and validate our the proposed approach. We conclude by
discussing practical and policy implications and future research directions.

Introduction
Personal health records (PHRs) have received increasing recogni-
tion in the health care industry today. PHR systems allow indivi-
duals to receive copies of all or part of their electronic medical
records (EMRs),1 the test results from labs, the medication records
of pharmacies, the claims data from insurers, and individuals’ own
notes, such as information about their weight changes or blood
sugar levels. While a PHR system is likely to be tied to an EMR
system, web-based standalone PHRs are also provided by technol-
ogy companies, such as Microsoft, WebMD, and Dossia
Consortium. Electronic PHRs support patient-centered e-Health
(PCEH) by making medical records and patients self-manage-
ment tools available to patients.2,3 PHRs can help people with
chronic diseases to manage their conditions, maintain an ongoing
connection with their doctors, and improve overall health.4,5 Even
for healthy people, PHRs will empower individuals to manage
their own health care, reduce dangerous medical errors, improve
communications with doctors, lower health care costs, and pro-
vide vital and complete information for emergency care.5–8
Nowadays, PHRs are provided by various players, including med-
ical providers, health insurance plans, employers, and IT
companies.
However, the gathering and sharing of PHRs are still big
challenges. The United States health care system is costly,
fragmented, incompatible, and still partially paper based.
Since most EMR and PHR systems are institution specific
(limited to a certain organization), they have generally not
been concerned with the portability of a user’s health infor-
mation. Health records from different organizations are
incompatible formats and there are no uniform standards
for interoperability, in most cases a patient cannot gather a
complete PHR and share it with other medical providers and
clinicians. Furthermore, sharing of PHRs may also pose
potential risks to the privacy and confidentiality of highly
sensitive personal information. However, people, especially
these with multiple diseases, can have many different medical
providers, including primary care physicians, specialists,
therapists, and even alternative medicine practitioners to
serve their different medical needs. They can also use mobile
health (mHealth) applications, wearable devices, and home
monitoring devices for determining health status or managing
disease conditions. Consequently, the information pertaining
to a person’s past medical history typically is scattered among
all the places where care has been given.
Under the Health Information Technology for Economic
and Clinical Health (HITECH) Act of 2009, the United States
founded billions of dollars incentives for clinicians and hos-
pitals to use health information technology, including EMRs.
The law also clarifies that systems must be in place to aggre-
gate the records for each patient into a comprehensive PHR.
To accomplish the latter, many communities across the nation
have built regional health information exchanges (HIEs) to
facilitate the exchange of patient records across different
health care systems or hospitals. However, the regional HIEs
are very complex and unreliable.
The United States is making substantial investments to
accelerate the adoption and use of interoperable EMR and
PHR systems. However, there seems to be no standard frame-
work for the systems. Accordingly, it is always difficult for
consumers to gather their medical records from many differ-
ent health care systems and share the data with their current
physicians. In addition, medical practitioners have and

CONTACT Jingquan Li [email protected] Department of Information Systems and Business Analytics, Frank G. Zarb School of Business, Hofstra
University, 134 Hofstra University, Hempstead, NY 11549, USA
Color versions of one or more of the figures in the article can be found online at www.tandfonline.com/ucis.
© 2018 International Association for Computer Information Systems
2 J. LI
continue to use various non-interoperable EMR systems to
document rendered care. There is a strong need to design an
interoperable PHR system that achieves secure exchange with
various EMR and PHR systems by using communication and
health vocabulary standards.
To implement the enacted Directive 2011/24/EU on
patients’ right in cross-border healthcare, the European
Commission aims to enable all Europeans to have access to
online medical records anywhere in Europe by 2020. Cross-
border and interoperable EMR and PHR systems are taking
place in Europe. The systems make confidential health records
more easily and immediately accessible to a wider audience
and increase the risk that personal health data could be
accidentally exposed or easily disseminated to unauthorized
parties by enabling greater access to a compilation of EMR
and PHR systems, from different sources, and throughout a
lifetime.9
A service-oriented PHR model based on both service-
oriented architecture (SOA) and cloud computing has the
potential to address the challenge of interoperability in health
care. This can be more easily seen by taking a look at a couple
of service-oriented EMR and PHR systems. As an example,
Kart, Moser, and Melliar-Smith described a distributed
E-Health system that used SOA to enforce basic software
architecture principles and provided interoperability between
diverse computing applications that communicated with each
other.10 The system supported the clinic, pharmacy, and
patient service modules. In the system, different devices
could interact with the service modules, including Personal
Digital Assistants and smart phones, desktop, and server
computers, and even electronic medical devices, such as
blood pressure monitors. For another example, the
MammoGrid was a service-oriented EMR application. It was
a SOA-based medical grid application intended for the man-
agement and coordination of medical image data with feder-
ated mammogram databases across Europe.11 Bahga and
Madisetti proposed a cloud health information systems tech-
nology architecture (CHISTAR) that achieves semantic inter-
operable EMR systems.12 CHISTAR application components
were designed using the cloud component model approach
that comprises of loosely coupled components that commu-
nicates asynchronously.
A service-oriented PHR system has the potential to achieve
easy, accurate, and secure exchange with various EMR and
PHR systems by using communication and health vocabulary
standards. Gold and Ball described a conceptual health record
banking model based on regional and national HIE.5 Li
described the limitations of different types of PHR systems
and has presented a framework for addressing privacy and
security issues in PHR systems.7 With the rapid growth of
SOA, the use of cloud computing and web services became
the main trend to achieve SOA. Cloud computing can provide
cost-effective, flexible, and scalable solutions to businesses.
Cloud computing was proposed for integrating EMR
systems.13–15 But none of prior work explicitly addressed the
interoperability and security challenges faced by PHR systems.
This study significantly extends our previous work from
Ref. 16 and makes several contributions. First, we directly
incorporate the principles of SOA and cloud computing into
a service-oriented PHR model and explore the potential of
service-oriented personal health cloud. Second, we verify and
validate the proposed approach with a practical case study.
Finally, we develop more robust understanding of the inter-
operability and privacy issues with PHR/EMR systems and
offer insights into the design and implementation of service-
oriented PHR systems. Our manuscript proceeds as follows:
First, we identify the challenges faced in the integration of
traditional EMR systems and HIEs. Second, we present a
SOA-based approach for PHR systems and identify the pri-
mary focus areas for improving the interoperability and secur-
ity of PHR systems. Third, we analyze the functional services
of a service-oriented PHR system and explore the potential of
service-oriented personal health cloud. Fourth, we present a
practical case study that demonstrates how the service-
oriented approach is used in a large health care system.
Finally, we conclude by discussing policy and practical impli-
cations and future research in service-oriented PHR systems.
Traditional health care information systems
While web-based standalone PHRs, such as WebMD and
Microsoft are emerging, many PHR systems are linked to a
specific health care organization’s EMR system. A traditional
PHR system essentially extends an existing EMR system. Most
health care organizations have chosen an institution-centric
architecture for their hosting EMR and PHR systems. HIE is
used to electronically move clinical data among disparate
EMR and PHR systems. However, the data interfaces between
different EMR and PHR systems were point-to-point, with
each system having its own data format. Standard interface
formats, such as Health Level Seven International (HL7), have
been adopted only by larger health care providers.17
Figure 1 shows a common HIE architecture based on
point-to-point connections to legacy EMR systems. When a
clinician’s EMR system requests a patient’s prior medical
records from the HIE, this clinician’s EMR is added to the
index for future queries for the patient (if not already pre-
sent). The HIE then send multiple queries to all other EMR
systems of prior care recorded in the HIE index. After patient
consent is verified at each “other” system, each system must
return medical records for the patient to the exchange and the
Figure 1. Common health information exchange.

exchange must wait for all responses. Ideally, the exchange is
able to assemble the returned records, resolve any inconsis-
tencies or incompatibilities between records, and send the
records to the clinician’s EMR system.18 After the episode of
care, the new information is stored in the clinician’s EMR
system only. Because information exchange between the clin-
ician’s EMR system and the HIE is fully controlled by the
health care organization, what information patients will be
able to access may vary considerably, relying on the
institution.
The HIE has serious limitations. First, each EMR/PHR
system is limited to a specific institution; it has generally not
been concerned with the exchange and interoperability of
EMRs and PHRs. Because EMRs and PHRs from different
organizations have incompatible data formats, in most cases
an individual cannot transfer data from other data sources to
the patient’s EMR/PHR or share the EMR/PHR with other
medical providers. Second, because the connections between
different EMR/PHR systems were point-to-point, this archi-
tecture imposes substantial processing burdens on the HIE.
Third, the privacy and security of electronic health informa-
tion is also an important concern. Patients are worried about
what will happen when their medical information leaves their
doctor’s databases, where it is protected by the Health
Insurance Portability and Accountability Act of 1996
(HIPAA) and the HITECH Act, and lands in the server of
the HIE, controlled by technology vendors. Moreover, the
incentives for a PHR system may be not well aligned with
the institution’s goal. For example, non-visit care is not gen-
erally reimbursed, so strong incentives exist for the institution
to delay PHR implementation, even if the institution already
has an EMR system with PHR functionality.
A service-oriented model
Service-oriented architecture
SOA is an architectural approach to building complex, inter-
operable software systems from a collection of reusable mod-
ules (services) that obey service-orientation principles. A
service is a function that is self-contained, well-defined, and
does not rely on the context or state of other services. Services
can be combined with existing software systems to provide the
complete functionality of a large software system. Services link
together using the technology of Web services. Web services
describe a standard way of integrating web-based applications
using the Extensive Markup Language (XML), Simple Object
Access Protocol (SOAP), Representational State Transfer
(REST), Web Services Description Language (WSDL), and
Universal Description, Discovery, and Integration (UDDI).
The combination of services—internal and external to an
organization—makes up a SOA. A focus of SOA is on the
definition of service interfaces and predictable service beha-
viors. Through the reuse, interoperability, and governances of
services across internal and external organizational and pro-
gram boundaries, SOA can help businesses to be more
“agile”—in other words, enable faster and more cost-effective
responses to changing conditions.19
JOURNAL OF COMPUTER INFORMATION SYSTEMS 3
So far there are no industry standards relating to the exact
composition of a SOA, although some industries have pub-
lished their own principles. Some of the key principles of SOA
include the following. First, regarding the service reusability
principle, application logic is divided into services with the
intention of promoting reuse. Depending on their granularity,
services can be used by multiple processes and other coarse-
grained services through a standard interface. Second, the
standardized service contract design principle keeps service
contracts independent from their implementation. The service
contracts must be documented to formalize the required
processing resources by the individual functional capabilities.
Services interact by sending messages according to a commu-
nications contract, as defined collectively by one or more
service-description documents. Third, services are loosely
coupled. SOA only documents the service contract and any
published service-level agreement (SLA) but it makes no
assumptions about internal details of each service. This service
abstract principle preserves flexibility in how services are
implemented and deployed. SOAs, for example, may use
legacy system capabilities as services. Fourth, services are
autonomous. Services have control over the logic they encap-
sulate, from a design-time and runtime perspective, but they
are not subservient to other code. A service reacts to a mes-
sage, but how that message was created and what will happen
to any response the service creates is immaterial to the action
that the service will take. Fifth, services are platform-indepen-
dent. Both the consuming and SOA service systems can oper-
ate on any platform that supports the service transport and
interface requirements. Sixth, services are discoverable and
location independent. Services are located through a service
registry and accessed via universal resource locators, and
therefore may move over time without disruption to consum-
ing systems. Finally, services are built, consumed, and
described using standards, such as WSDL, SOAP, and REST.
Motivations to use a service-oriented model
In health care, there is a strong need to support broader and more
consistent integration of information systems. On one hand,
consumers can have many different medical providers, including
primary care physicians, specialists, therapists, and even alterna-
tive medicine practitioners to serve their diverse medical needs.
Consumers also take advantage of a variety of health-related
online services that are usually provided by private companies
direct to consumer, such as PatientsLikeMe, WebMD, Microsoft
HealthVault, and Google genomics for personal health informa-
tion management. Consequently, the information pertaining to a
person’s past medical history typically is scattered among all the
places where care has been given. Remarkably, no health care
institutions are legally responsible for ensuring that a complete
PHR is available for each person when care is needed. On the
other hand, health care organizations today are challenged to
build interoperable and secure PHR systems. The rapid rise of
heterogeneous technologies and their application to heteroge-
neous IT infrastructures has caused health care organizations to
collect an accumulation of non-interoperable systems that not
only need to work together within the organization, but also
4 J. LI
interoperate securely with other organizations to support care
delivery.
A service-oriented model offers system design and man-
agement principles that support reuse and sharing of various
patient records across different units within the organization
or across organizational boundaries. SOA does not require the
re-engineering of existing systems, such as EMR, clinical
decision support system (CDSS), and computerized physician
order entry (CPOE) systems. With SOA, existing processing
can be combined with new capabilities to build a library of
services that are used as a part of solutions. Using shared,
standardized services that are aligned with business processes,
a service-oriented model strengthens interoperability and
security while reducing the need to synchronize data between
heterogeneous systems.
A service-oriented PHR system
The inability to access patient records in multiple systems
across separate health care systems has been the frustration
of the health care industry for years. In some communities,
HIEs, such as Chesapeake Regional Information System for
our Patients (www.crisphealth.org) for Maryland and Indiana
Health Information Exchange (www.ihie.com) for Indiana,
have been established to support interoperability by synchro-
nizing data between various hospitals and health care systems.
In the systems, EMR databases are synchronized using point-
to-point interfaces and, for less critical systems, duplicate data
entry. The development of infrastructures that could success-
fully deliver needed patient records inside and outside the
complicated HIEs could equate to a costly, inefficient mess.
Increasingly, many large health care systems, such as the
Veterans Affairs and the Mayo Clinic, find that SOA is an
ideal architecture for HIE.
SOA attempts to integrate many disparate systems by
developing functionality as a suite of interoperable services
that adhere to the various protocols necessary for various
Figure 2. A service-oriented model for PHRs.
domains.20 Although there are industry standards for data
representation in health care, such as HL7, a fundamental
problem with the standards is their varied interpretation in
software. Therefore, it is important for PHR systems to stan-
dardize the software interpretation and then implementation
of representation and translation of patient records. The most
cost-effective way to do this is through a standardized set of
core business services that represent health records.
Figure 2 shows a service-oriented PHR model that uses
SOA to enforce basic software architecture principles and
provides a service bus that allows for robust message trans-
formation and communication across different systems. The
actual services revolve around the EMR, radiology images,
PHR, pharmacy, and patient modules. Various devices can
interact with the modules, including computers, smart
phones, and even mHealth devices, such as blood pressure
monitors. As Figure 2 shows, implementing SOA services to
manage a standardized implementation of data representa-
tions reduces the number of systems interface points by an
order of magnitude.17 Instead of each system having to create
and sustain a point-to-point connection to another system, all
a system needs to do is transform the system representation to
the one specified by the service, which defines the canonical
form for the specific data being exchanged (such as patient
portal, PHRs, EMRs, Medications, and so on). Therefore, SOA
allows for the integration of diverse systems because IT
resources—whether applications or systems—can be made
available through standard interfaces that do not require the
specific communication protocols that an operating system
might.
In the health IT industry, the exchange of health data
currently focuses on two primary focus areas: the standardi-
zation of information/data that gets exchanged and the devel-
opment of standards for connecting disparate health IT
systems. Regarding information/data standards, medical pro-
viders and technology vendors are focusing most of their
effort on achieving Heath Level Seven International’s (HL7)

clinical document architecture (CDA), a specification devel-
oped for clinical document exchanging between health care
expressions that is based on a service-oriented environment.
In the matter of connecting disparate systems for the
exchange of health data, a service-oriented approach uses
standard protocols and conventional interfaces that are typi-
cally provided as Web services, which allow access to data and
information from diverse systems. The benefits come in the
way of creating efficiencies as they relate to the development
of standardized interfaces and protocols for data exchange.
Integrating the Healthcare Enterprise (IHE) is an initiative by
health care professionals and technology vendors to improve
the interoperability of healthcare information systems. The
IHE Cross-Enterprise Document Sharing (XDS) profile is a
specification developed for clinical document exchange
between health care enterprises that is based on SOA
environment.21 SOA is currently the preferred model for
deploying CDA content. The VA and military health system
both built their gateways through XDS.
SOA also lends itself to more robust software because IT
vendors can write a program functionality once and reuse it
many times and modify it when needed.
Services
A service-oriented PHR system emphasize the service con-
cept. By definition, a service is performance of work by one
for another. This section presents some examples of business-
related services in a service-oriented PHR system. Services are
developed that can serve different applications, such as EMRs,
PHRs, and clinical DSS. The services can be configured and
shared among different software applications.
Administrative services
Administrative services include authentication, authorization,
etc. First, patients are authenticated by their own PHR system
to access their own account. Since patient records are highly
sensitive, the system should authenticate using a standard
procedure, which typically would involve two or more
factors.8
Second, authorization for accessing a PHR account is
given by the account holder by logging into the PHR
account and setting or changing permissions. The system
sends authorization credentials electronically to medical
providers that are approved to access any portion of the
patient’s account. Each PHR system determines the level of
granularity of information shared subject to patient permis-
sion, but at a minimum allows differentiations of classes of
information (e.g., doctor notes, labs, medical images,
patient notes, problems, etc). Medical provider directories
are available to assist patients in transmitting authoriza-
tions. In an emergency, a medical provider could find a
patient PHR account with an account locator service (ALS),
which could be operated by a trustworthy organization,
such as a government or state agency, or a trusted service
registry.18
JOURNAL OF COMPUTER INFORMATION SYSTEMS 5
Communication services
Communication services include secure patient–physician
communication and exchange of health information across
different EMR and PHR systems. First, each PHR system
must support patient–physician communication. The patient
would sign up and compose a message, which include the
information from the PHR or permission to access the PHR,
and send the message to the physician. The system would
then transmit this message to the physician. Any responses
from the physician would be accessible to the patient, and the
physician may originate messages, including attachments with
information that would be deposited automatically in the
patient’s PHR account.18
In addition, with the patient’s authorization, each PHR
system must transmit the patient’ PHR to another EMR
system so that the health care provider gets key information
like the patient’s medical history, allergies, persistent medical
problems, and current medications and active treatments at
the point of care. Different PHR and EMR systems connects
each other by using Web services.
Deposit services
A PHR system is a trusted repository for people to gather,
store, and share personal health information. Deposits from a
medical provider are made securely to the PHR system (for
example, using HL 7 specifications via Web services). Patients
may enter information through an interactive web interface or
upload their medical records or use other methods. Patients
can also automatically upload health information from con-
nected devices, such as pedometers and smart phones. For
data integrity, all deposits are marked with the source of the
data.
Access to records with permission
Doctors or other authorized people can access patient infor-
mation via authorization supplied by the patient or from the
ALS managed by a trusted party, such as a trusted service
registry, which is used to find a patient PHR account if the
patient does not have or is unable to present information
about their account (e.g., in an emergency).18 After obtaining
genuine informed consent from a patient, a physician or other
authorized people can access to or download information
from the patient’s PHR account. All accesses to a PHR
accounts are recorded in an audit trial that is accessible in
an easily understandable form to the account holder.
Data analytics services
A PHR system shall provide data analytics services that can
help improve individual health and population health, user
experience analysis, and software quality analysis. A PHR
system can also be used to deliver tailored health education
or interventions to the right people and find research subjects
for clinical trials. A trusted organization could distribute
clinical trial subject request queries to multiple PHR systems.
Patients with the desired characteristics would receive
6 J. LI
notification that they are qualified for the trial, including
contact information for the researchers.
Moreover, a PHR system can also be used to generate
anonymized and aggregated reports for researchers and public
health. A trusted organization could aggregate query results
from multiple PHR and EMR systems. The results would
represent summary of patient characteristics and would be
subject to statistical disclosure control to minimize the re-
identification risk of individual patients.22
Privacy and compliance
The privacy and security of personal health information is a
stringent requirement for the PHR. A service-oriented PHR
system must comply with the HIPAA Privacy Rule and other
federal and state laws. The system shall guarantee that con-
sumers would retain sole authority over access to any portion
of the PHR and who they trust to share the PHR with. To
many patients, individuals’ authorization of all uses of their
PHRs is the essence of privacy and thus a comprehensive
privacy framework would set out circumstances in which
informed consent must be obtained.7,23,24 No medical infor-
mation could be disclosed without genuine informed consent,
especially for nonmedical purposes. There would also be
regular independent privacy audits, analogous to auditing
requirements for financial institutions. By checking audit
logs, consumers would be able to see exactly who else has
access to the PHR and when.
Security services
All the security and identity management requirements of the
HIPAA Security Rule could be satisfied according to multiple
technical solutions for the PHR, including authentication and
authorization, access control, user registry, encryption, digital
signature, immutable logging, network security, malware
detection, and backup and disaster recovery plan.
Appropriate administrative, physical, and technical safeguards
must be in place to ensure the confidentiality, integrity, and
availability of the PHR.
Moving PHRs to the cloud
PHR systems are divided into two categories: client server or
cloud-based. Client-server systems store data in house, requir-
ing a server, hardware and software be installed in the physi-
cian’s office. Systems developers are not incentivized to have
their system integrate with other systems. Therefore, many
client-server systems do not provide a method for deploying
an SOA infrastructure. While in-house servers have tradition-
ally been the norm, many small to medium size medical
practices are looking for cloud-based solutions that can be
taken out of the box, plugged into the Internet, and run on
their own.
Service-oriented personal health cloud
PHR storage and application services in the cloud promises
anywhere, anytime access to critical health data. Cloud
computing technology is considered as the cost-effective, flex-
ible, and scalable solution for building a service-oriented
system. Its main objective is to leverage internet or intranet
for users to share services and resources.25 National Institute
of Standards and Technology (NIST) defines cloud computing
as a model for enabling convenient, on-demand network
access, to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with manage-
ment effort or service provider interaction.26 When a PHR is
operated through cloud computing it is called personal health
cloud. Personal health cloud is a style of computing that
enables people to capture, organize, and share portable health
records of themselves and their family with health profes-
sionals or caregivers over the internet.
Cloud computing and SOA are complementary activities,
and both can play an important role in a service-oriented
PHR system. SOA provides interoperability and privacy
between different systems that communicate with each
other. Cloud computing’s platform and storage service offer-
ings can provide scalability, ubiquity, and elasticity features
for SOA efforts. A service-oriented personal health cloud that
combines both cloud computing and SOA provides a promis-
ing and cost-effective way to achieve a scalable PHR system.
In a service-oriented personal health cloud system, either
patient PHR or physician EMR is stored on external servers
and can be accessed via the web, requiring only a computer or
a smart phone with an Internet connection.
Benefits of service-oriented personal health cloud
Service-oriented personal health cloud presents many bene-
fits. First, cloud computing makes SOA implementation sim-
ple and easily accessible to all stakeholders. PHR software
runs on the web instead of the server, meaning no hardware
or software installation. Most of individual or small group
practices are looking for an implementation process much
quicker than traditional client-server system. Second, ser-
vice-oriented personal health cloud also provides superior
accessibility for patients because patients and their doctors
can securely log in to the system from anywhere they have
internet connection. In combination with the mobile device
personal health cloud could be particularly powerful and
accessible. Third, small medical practices can realize tremen-
dous cost savings from service-oriented personal health cloud.
One of the largest hurdles for small practices is the initial cost
of PHR installation. Both PHR implementation cost and IT
resource requirements can be significantly reduced when
practices choose to move medical records to the cloud.27
Lastly, service-oriented personal health cloud makes PHR
systems scalable and interoperable. Cloud computing provides
almost unlimited CPU, storage space and bandwidth due to
resource virtualization and makes it easy to add new users,
doctors, or medical practices.
Comparison of PHR solution models
Each PHR system shall enable seamless and secure access to
integrated health records whenever and wherever needed.
 JOURNAL OF COMPUTER INFORMATION SYSTEMS 7

Table 1. Comparison of the properties of PHR solution models.

Solution models
Attribute Traditional PHR system Service-oriented PHR model Service-oriented personal health cloud
Integration A traditional PHR system is institution- A service-oriented PHR model provides system-to- Service-oriented personal health cloud
specific and not interoperable with other system integration by creating standards-based, provides system-to-system integration using
healthcare systems. interoperable services. standards-based services.
Interoperability Not interoperable Interoperable Interoperable
Reusability Not reusable Services are reusable Resources are reusable
Scalability Not scalable SOA is scalable since the system-to-system services Personal health cloud is scalable since cloud
are on demand and as needed. services are provided to the users on demand
and as needed.
Compliance Covered under HIPAA The service-oriented PHR system provided by Not covered under HIPAA
with legal consumer’s primary care site are covered under
mandates HIPAA.
Privacy control Managed by consumer’s primary care site Data privacy is controlled by privacy and Data privacy is controlled by the cloud
and the health information exchange (HIE) compliance services. provider.
Security Secure patient portal Data security is controlled by security services. Data security is controlled by the cloud
governance provider.

However, the most obvious obstacle when implementing
PHRs is integrating PHR data from different electronic
health systems. Where PHR and EMR systems are con-
cerned, we will probably run legacy client server solutions
for a long time, while the latest solution models continue to
make use of more cloud services and SOA technologies
become the bridge to the cloud. The SOA integration plat-
form plays a key role in integrating the existing PHR system
into cloud services and between different EMR/PHR sys-
tems by creating loosely coupled, standards-based, intero-
perable services. Cloud computing is internet-based
computing, whereby shared resources, software, and infor-
mation are provided to users on demand and as needed.
However, cloud data privacy could be a problem due to
outsourcing health data to a cloud computing platform. In
particular for a healthcare system that archives and pro-
cesses sensitive data. Table 1 presents a comparison of the
properties of PHR solution models. Integration, interoper-
ability, reusability, and scalability define the solution model
in terms of operational characteristics. Legal bindings, priv-
acy, and security help to define the solution model in terms
of privacy and security characteristics.
Case study: My HealtheVet
This section presents a case study of My HealtheVet PHR
system of the Veterans Health Administration (VHA) and its
associated Veterans Information Systems and Technology
Architecture (VistA).
My HealtheVet
My HealtheVet portal, launched on Veterans Day, 11th
November 2003, is an online PHR system that enables veterans,
family members, and their clinicians to access and update their
health records, communicate with their care providers, access
health education resources, refill prescriptions, and schedule
appointments. In August 2010, the Department of Veterans
Affairs (VA) launched the Blue Button in My HealtheVet portal.
VA Blue Button allows patients to access a single, downloadable
file with their VA medical records and self-entered information.
All VA patients are eligible to complete a one-time process of
identity authentication to obtain an upgraded or premium My
HealtheVet account. The downloadable PHR via Blue Button can
provide patient records from many data sources and VA patients
with a premium account can access data from the VA EMR
system and communicate electronically with their healthcare
team using secure messaging.
VA’s EMR system, VistA, is the primary source of EMRs
that are transferred to the PHR associated with the veteran’s
My HealtheVet account. Additional data from other sources
can be added to the My HealtheVet account, including self-
entered information, such as self-entered medications, Over-
the-Counters (OTCs), herbals, and supplements.
My HealtheVet portal is a PHR system implemented with a
SOA. Vast majority of the systems that would hold or origi-
nate the veteran’s medical profile and data would be siloed
and distributed across military hospital record systems (prior
active duty records), the VA records, and private records from
pre- and post-military service. My HealtheVet portal must
integrate with back-end systems seamlessly and securely via
Web services. Moreover, since My HealtheVet portal has
requirements to scale to a broad and diverse population, the
adopted technology solution must be scalable. Therefore, My
HealtheVet, VA Blue Button, and other applications leverage
Oracle’s WebLogic Portal and a SOA-based infrastructure for
integration to the VistA EMR system and different data
sources.28
My HealtheVet is a secure and private patient portal that
provide the veteran with full control over his/her PHR. For
example, the veteran could give permission to a non-VA
physician to access the results of some procedure into the
My HealtheVet system. It makes veteran-defined role-based
and user-based access available both inside and outside the
VA system. Doctors or others can only view or edit the
veteran’s PHR with an explicit permission. Furthermore, it
can securely handle all logistical items including prescription
ordering, appointment scheduling, and health monitoring and
providing decision analytics to particular aspects of the veter-
an’s health.28
VistA electronic medical record system
The Veterans Information Systems and Technology Architecture
(VistA) is an EMR system developed and deployed by VA
throughout the United States to all 1200+ healthcare sites of the
8 J. LI
VHA. VistA has been ranked among the best EMR systems by
physicians. Both My HealtheVet and VA Blue Button are tethered
to data from the VistA EMR system.
VistA is built on a client-server architecture, which ties
together workstations and personal computers with graphical
user interfaces at VHA facilities. VistA includes nearly 180
applications for clinical, financial, administrative, and infra-
structure need in VA integrated into a single, common data-
base, permitting all VA applications to share one single,
authoritative data source for all veteran-related care and ser-
vices. VistA EMR, more formally known as the VistA
Computerized Patient Record System (CPRS), provides a cli-
ent-server interface that allows healthcare providers to review
and update a patient’s EMR.25 VistA, which supports HL7
standards for HIE, is used in both hospital, ambulatory, and
long-term care settings. It includes modules for CPOE,
laboratory tests, MRIs, patient care diet orders, e-prescribing,
and other clinical documentation, but does not include mod-
ules for billing because VA health care is free for veterans who
quality for medical services.29 It provides an integrated inpa-
tient and outpatient EMR for VA patients, and administrative
tools to help VA deliver a high-quality medical care for
military veterans in the United States.
VistA’s data store is implemented in the Massachusetts
General Hospital Utility Multi-programming System
(MUMPS, also referred to M), an application environment
that integrates both programming logic and data storage.
MUMPS excels in multi-user database-driven applications,
such as health information systems and financial systems.
The data stored in VistA’s database can be accessed by a
variety of methods, tightly integrated custom code to loosely
coupled standard web services to networking-spanning
exchange mechanisms, such as eHealth Exchange.29
VistA evolution
VA sets out to evolve its VistA system from a set of decentralized
legacy systems to an integrated, modern service-oriented environ-
ment. This service-oriented approach leverages a combination of
enterprise application and SOA support infrastructure services
(including service registry, secure messaging, identity and access
management (IAM), master veterans index, etc.).30 The goal of
VistA evolution is twofold: to create interoperability and health-
care information sharing among the Department of Defense
(DoD), VA, and private healthcare providers, and to meet the
highest security and privacy standards. VistA evolution will rely
upon secure infrastructure, data models, and web services that
support an open, modular, and extensible EMR and PHR
platform.
Constructing an integrated patient profile from an array of
data sources, devices, and applications necessitates a high level of
intra- and inter-system interoperability. VA has developed open
web services interfaces to VistA that fully empower developers to
develop applications that meet the varied needs of VA clinicians
and patients using pervasive, standards-based software constructs.
VistA applications generally have a presentation layer at the top, a
services layer in the middle, and a data services layer at the bottom
(Figure 3). VistA supports a variety of applications, including My
HealtheVet, VA Blue Button, VistWeb, CPRS, etc. These
Figure 3. Service-oriented architecture for My HealtheVet and VistA.
applications may leverage existing Medical Domain Web
Services (MDWS) (to be retired in the to-be VistA SOA environ-
ment) or new VistA SOA services developed by the VistA Service
Assembler (VSA) toolkit. MDWS is a fully open source collection
of web services providing access to VistA data and common
services via industry standard Simple Object Access Protocol
(SOAP) while future VistA SOA services provide asynchronous
and stateless services using the Representational State Transfer
(REST) protocols. Both My HealtheVet portal and VA Blue
Button access VistA via MDWS web services. All major program-
ming languages have tools to turn a SOAP web service’s WSDL
document into code. Client applications developers can develop
an application quickly via MDWS services. MDWS is simply a
thin web service layer that exposes the functionality of Medical
Domain Objects (MDOs). MDO is available as a Dynamic Link
Library (DLL) that interacts with each of the different data
sources, queries and assembles the results.
The service-oriented approach provides secure, controlled
access for authorized users while providing for fine-grained
protection against unauthorized access or usage. Built on
MDWS, a robust IAM service, an integrated Master Veteran
Index (MVI) service, and well-designed network security sup-
port the high degree of security and privacy are embedded
into the system. Unauthorized system access is prevented, and
policy-based authorization selectively enables or prevents
from access to individual records or data fields, as well as
disallowed behaviors (such as a doctor attempting to self-
medication).
VA’s IAM architecture separates identity authentication from
role management. User identity is established through multiple
two-factor authentication methods, including methods supported
by DOD, such as Personal Identity Verification (PIV), Common
Access Card (CAC), and DoD Self Service Logon (DS Logon). Role
management, including provisioning, attribute query, and enfor-
cement are implemented via open standards, such as LDAP,
SAML and XACML, and SPML enabling interaction with new
applications including Commercial Off-the-shelf (COTS)
applications.
My HealtheVet portal is an important part of VA’s VistA
evolution. The SOA-based architectural approach enables
PHR interoperability, security, and innovation. VistA

evolution will provide or enhance the following for My
HealtheVet portal. First, it provides the ability to view, down-
load, and/or transmit to third-party a summary of care record,
such as human readable consolidated Clinical Document
Architecture (CCDA). Second, it provides the ability to view
the user activity history log for views, downloads, and trans-
missions of a summary of care record. Furthermore, it enables
a patient to securely send messages to and receive messages
from health care providers.30
Move to the cloud
VA plans a move to use cloud computing and mobile technologies
to modernize VistA, Blue Button, and My HealtheVet programs.31
Currently, VA uses VA-owned, VA-provided services and devices.
This limits flexibility and elasticity of application services, devices,
and staffing. The deployment environment for VistA and My
HealtheVet will adhere to a “cloud first” policy, with mechanisms
and provisions in place to consider the most appropriate cloud
deployment option, including private cloud offerings or infra-
structure/platform hosted on public clouds.
Cloud computing will be tested at three levels.32 At the first
level, VA has created an “internal cloud” for consolidating operat-
ing of the VistA EMR system in its data centers, rather than storing
the information at hospitals. The second level of the VA’s cloud
computing is that the department has outsourced data centers and
hardware for cost saving benefits. VA plans for expansion of
Infrastructure as a Service (IaaS), Software as a Service (SaaS),
and Network as a Service (NaaS). At the third level, VA will design
personal cloud in which the thousands of VA physicians have
access to application services and data on their personal Black
Berries, iPhones, iPads, Android devices, and other mobile
devices.
Discussion and conclusion
In this paper, we particularly examine a service-oriented
model for PHR systems and explore the potential of service-
oriented personal health cloud. We present a case study of My
HealtheVet portal. The debate on methods for PHR systems
development and integration is far from over, but this study
provides insights into this emerging class of health informa-
tion systems.
Policy and practical implications
A service-oriented PHR model can be developed to overcome
barriers, such as interoperability, reusability, flexibility, and scal-
ability along with security and privacy. As with any systems
development and integration project, there are policy and practical
implications to keep in mind when designing a service-oriented
PHR model. First, one primary challenge of SOA adoption is that
PHR providers are not incentivized to have their systems integrate
with other systems. It is relatively easy to architect a tethered PHR
system, such as My HealtheVet and Mayo Clinic, because such a
system is tethered to data from a single health care organization.
However, a service-oriented environment across organizational
boundaries, such as SOA and HIE, can be extremely complex
JOURNAL OF COMPUTER INFORMATION SYSTEMS 9
and expensive to develop and implement. Strong incentives exist
for PHR vendors not to implement it without cost efficiency.
Second, another challenge is privacy, security, and patient
safety when dealing with personal health cloud. Some consumers
may worry about what will occur when they store their sensitive
health information in the “blackbox” of a cloud offering. Although
different organizations tend to have different views on privacy and
security, it is important to consider direct misuse and improper
disclosure of personal health information, especially in a complex
mobile cloud environment.
Third, most SOA implementations in the health care industry
are currently for high-end projects like My HealtheVet and Mayo
Clinic. Since the majority of physicians in the United States are
individual or small group practices, most are looking for solutions
that can be taken out of the box, plugged into the internet, and play
on their own. Therefore, there is a strong need to develop cost-
effective, flexible and scalable PHR solutions that works well in
both high- and low-end environments. The proposed service-
oriented personal health cloud provides interesting and cost effec-
tive opportunities to both high- and low-end environments.
And last not least, there is a lack of guidance and governance
around a standardized approach to service-oriented solution
models. HL7’s CDA for standardization of content works well in
both high- and low-end environments. However, in the case of
connecting systems for data exchange, there are no standards for
interoperability. While the IHE XDS profile has the potential to
improve the interoperability of large healthcare information sys-
tems, there currently is no standardized cloud computing frame-
work that works well for connectivity and the retrieval of low-end
data.
Limitations and suggestions for future research
This paper has limitations that create some interesting opportu-
nities for future research. First, we discuss a service-oriented
model for PHRs without detailed design specification. Further
research in this area should focus on reference architecture and
implementation of cloud-based PHR systems that will support a
large variety of clinical settings, ranging from individual or small
clinics to large medical care delivery systems or Web services.
In addition, many PHR systems consider using sophisticated
consumer decision support tools and mobile devices for chronic
disease management, but this paper does not consider the impact
of the innovations on the interoperability and privacy of PHRs.
The rapidly developing uses of shared decision making, data
mining, big data, and mobile technologies in business and health
care signal even more demand for cloud-based PHR systems. The
literature on the integration of big data and its impact on data
privacy and security is quite limited. It is important to continue
examining the service-oriented PHR system in the context of big
data and cloud computing.
Conclusion
Despite these limitations, this paper makes important contribu-
tions. This study incorporated the principles of SOA and cloud
computing into a service-oriented PHR model and proposed a
new service-oriented personal health cloud model. It verified and
validated the proposed approach via a practical case study of the
10 J. LI
VHA’s My HealtheVet. It developed more robust understanding
of the interoperability and privacy issues with PHR/EMR systems
and offered insights into systems development and integration.
Extending health care services through PHRs, eHealth, and
mHealth are becoming increasingly popular in health care, parti-
cularly under the urgent demand due to rapidly aging populations
throughout the world. The benefits of ubiquitous health care
services are very clear. A service-oriented PHR model offers a
flexible and scalable method of integrating health data as informa-
tion is collected from heterogeneous systems. Future research in
this area should focus on reference architecture and implementa-
tion of service-oriented personal health cloud that will support a
large variety of clinical settings, ranging from individual or small
clinics to large medical care delivery systems.
ORCID
Jingquan Li http://orcid.org/0000-0002-9654-1770
References
1. Roberts N, Mellott M. Electronic medical record system avoidance
in a turbulent environment. Inf Manag. 2016;53(5):581–90.
doi:10.1016/j.im.2016.01.003.
2. Wilson V, Strong D. Editors’ introduction to the special section
on patient-centered e-Health: research opportunities and chal-
lenges. Commun Assoc Inf Syst. 2014;34:323–36.
3. Archer N, Fevrier T, McKibbon K, Straus S. Personal health
records: a scoping review. J Am Med Inform Assoc. 2011;18
(4):515–22. doi:10.1136/amiajnl-2011-000105.
4. Frasier HS, Biondich P, Moodley D, Choi S, Mamlin BW,
Szolovits P. Implementing electronic medical record systems in
developing countries. Inform Prim Care. 2005;13:83–95.
5. Li J. Improving chronic disease self-management through social
networks. Popul Health Manag. 2013;15(5):285–87. doi:10.1089/
pop.2012.0110.
6. Gold JD, Ball MJ. The health record banking imperative: a conceptual
model. IBM Syst J. 2007;46(1):43–55. doi:10.1147/sj.461.0043.
7. Li J. Ensuring privacy in a personal health record system.
Computer. 2015;48(2):20–27. doi:10.1109/MC.2015.43.
8. Li J. A privacy preservation model for health-related social networking
sites. J Med Internet Res. 2015;17(7):e168. doi:10.2196/jmir.3973.
9. Kierkegaard P. Electronic health record: wiring Europe’s health-
care. Comput Law Security Rev. 2011;27(5):503–15. doi:10.1016/j.
clsr.2011.07.013.
10. Kart F, Moser LE, Melliar-Smith PM. Building a distributed
e-healthcare system using SOA. IT Prof. 2008;10(2):24–30.
doi:10.1109/MITP.2008.22.
11. Amendolia SR, Estrella F, Hassen W, Hauer T, Manset D,
McClatchey R, Rogulin D, Solomonides T. Mammogrid: a service
oriented architecture based medical grid application. Lecture
Notes Comput Sci. 2004;3251:939–42.
12. Bahga A, Madisetti V. A cloud-based approach for interoperable
electronic health records (EHRs). IEEE J Biomed Health Inform.
2013;17(5):894–906. doi:10.1109/JBHI.2013.2257818.
13. Bahrami M, Singhal M. A dynamic cloud computing platform for
eHealth systems. Paper presented at: 17th International Conference on
E-health Networking, Application & Services (HealthCom); 2015:
435-438. IEEE Symposium on Service-Oriented System Engineering
(SOSE); 2017 Jun; p. 38–46. doi:10.1109/HealthCom.2015.7454539.
14. Wu Y, He F, Zhang D. Service-oriented feature-based data
exchange for cloud-based design and manufacturing. IEEE Trans
Serv Comput. 2018;11(2):341–53. doi:10.1109/TSC.2015.2501981.
15. Zaied ANH, Elmogy M, Elkader SA. A proposed cloud-based frame-
work for integrating electronic health records. Paper presented at: 10th
International Conference on Informatics and Systems; 2016 May 09–
11; p. 139–45. doi:10.11465/2908446.2908478.
16. Li J. A service-oriented approach to interoperable and secure
personal health record systems. Paper presented at: 11th IEEE
Symposium on Service-Oriented System Engineering (SOSE);
2017 Jun; 38–46. doi:10.1109/SOSE.2017.23.
17. Juneja G, Dournaee B, Natoli J, Birkel S. Improving performance of
healthcare systems with service oriented architecture. 2008 [accessed
2018 May 20]. http://www.infog.com/articles/soa-healthcare.
18. Health Record Banking Alliance White Paper. A proposed national
infrastructure for HIE usign personally controlled records. 2013
[accessed 2018 May 20]. http://www.healthbanking.org/docs/HRBA
%20Architecture%20White%20Paper%20Ja.n%202013.pdf.
19. Zhang D. Web services composition for process management
in E-Business process. J Comput Inf Syst. 2005;45:83–91.
20. Nano O, Zisman A. Realizing service-centric software systems.
IEEE Software. 2007;24(6):28–30. doi:10.1109/MS.2007.166.
21. Chavis S. A service-oriented approach. For Rec. 2011;23:10.
22. Li J. Data protection in healthcare social networks. IEEE Software.
2014;31(1):46–53. doi:10.1109/MS.2013.99.
23. Li J. Privacy policies for health social networking sites. J Am Med
Inform Assoc. 2013;20(4):704–07. doi:10.1136/amiajnl-2012-001500.
24. Li J, Li X. Privacy preserving data analysis in mental health
research. Paper presented at: First IEEE International
Conference on Big Data; 2007 Jul; p. 95–101. doi:10.1109/
BigDataCongress.2015.23.
25. Zhang L, Zhou Q. Cloud computing open architecture. Paper
presented at: IEEE International Conferen on Web Services; Jul
2009, Los Angeles, CA: p. 607–17.
26. Mell P, Grance T. NIST definition of cloud computing.
Gaithersburg, MD, USA: National Institute of Standards and
Technology; 2011.
27. CareCloud. 5 advantages of a cloud-based EHR for small prac-
tices. 2011 [accessed 20 Feb 2018]. http://www.carecloud.com/
blog/5-advantages-of-a-cloud-based-ehr-for-small-practices/.
28. Oracle White Paper. How providers can lower costs and
improve patient care using evidence based medicine. 2009
[accessed 2018 May 20]. http://www.oracle.com/us/industries/
018896.pdf.
29. The Department of Veterans Affairs. VistA monograph. 2013 Oct
[accessed 2018 May 20]. http://www.ehealth.va.gov/VistA_
Monograph.asp.
30. The Department of Veterans Affairs. SOA design patterns for
VistA evolution: web technologies data sharing for VistA evolu-
tion. 2014 [accessed 2018 May 20]. http://www.techstrategies.oit.
va.gov/docs/designpatterns/AchC_ENTDP_Inc2Rel1_
WebTechDataVistAEv.pdf.
31. The Department of Veterans Affairs. OneVA enterprise technol-
ogy strategic plan. 2014 [accessed 2018 May 20]. http://www.ea.
oit.va.gov/EAOIT/docs/OneVA_Enterprise_Technology_
Strategic_Plan_Feb_28_2014_final1.pdf.
32. Lipowicz A. VA CIO describes cloud, blue button and EHR
programs. 2011. [accessed 2018 May 20]. https://fcw.com/arti
cles/2011/05/05/va-cio-roger-baker-describes-cloud-blue-button-
and-ehr-initiatives.aspx.