The Department of Informatics and Networked Systems at the School of Computing and Information (SCI) and the department of Health Information Management (HIM) at the School of Health and Rehabilitation Sciences (SHRS) in the University of Pittsburgh have collaborated to develop an integrated curriculum on Security Assured Healthcare Informatics (SAHI). The result is a novel curriculum that comprehensively integrates Health Informatics with Information Assurance (IA) and provide BS, MS and PhD level curriculum enhancements, and foster educational and research activities in SAHI areas. The SAHI curriculum contributes to preparing high caliber professionals with HIM and Information Assurance expertise that will help to address the critical and immediate need for a workforce trained to secure America's cyberspace. The project aims to produce professionals to fill research and employment needs in the Western Pennsylvania region.


The SAHI curriculum consists of multiple graduate level SAHI tracks with components focused on Healthcare IT (HIT) within the Information Science program, and a track focused on Healthcare Security and Privacy (HS&P) within the HIM program. BS curriculum is being modified to provide HIT S&P curriculum through course enhancements. A new SAHI subtrack is being implemented by updating the existing MSIS specialization in Security Assured Information Systems. A new 5-year BS-X + MSIS program has been created that will allow BSIS and BSCS students to finish both BS and MSIS degree with SAIS/SAHI focus (as well aas other tracks in the MSIS program) in 5 years.

Key milestones achieved:

  1. Curriculum Development and Changes in SCI and HIM Graduate Programs: (i) SAHI sub track in MSIS SAIS specialization; and (ii) HS&P track in HIM program. Towards this, we enhanced several existing courses to incorporate HIT security and privacy (S&P) modules in the existing Security Assured Information Systems (SAIS) tracks, and included several enhanced SAIS courses in the HIM curriculum. We offered Doctoral Seminar courses and new courses with healthcare S&P content. In SCI, we created Certificates of Advanced Studies with focus on SAHI (CAS-SAHI), and also are creating professional credential certificates in Cybersecurity areas.
  2. Curriculum Development and Changes in BSIS Program: (i) Incorporating Healthcare IT in Networks and Security (N&S) track in BSIS, and enhancing S&P modules in BS-HIM program; (ii) Development of a 5 year BS X – MSIS program at SCI (approved at the school level; waiting for the University level approval). With the creation of the new School of Computing and Information in 2017, and the opportunities that it created for full 4-year BS programs, we are also proposing a new BS degree in Cybersecurity and Privacy (tentative name); while BS in Cybersecurity and Privacy was not proposed in the original proposal, the PIs have focused on this given the new opportunity in the new school.
  3. Labs and Resources repository: Developed several labs to enhance hands-on educational experiences and active research in SAHI areas. Please visit the Labs link or the resources link above.

Intellectual Merit

The proposed work will result in novel curriculum that comprehensively integrates Health Informatics with IA and provide BS, MS and PhD level curriculum enhancements, and foster educational and research activities in SAHI areas. The proposed curriculum will enhance existing courses and include new advanced SAHI courses that will address emerging demands for expertise in HIT and Cybersecurity. The PIs have a long history of excellent collaborations in both significant educational and research activities related to IA and HIM areas and have established partnerships with community colleges, and the University of Pittsburgh Medical Center. The institutional support is very high because the IA area is a signature area at Pitt and 4+1 FastTrack is one of the highest priority of the SCI. Similarly, IA area is a significant priority for the HIM program. HIM labs and LERSAIS facilities have well established integrated research and educational components in HIM and IA areas, respectively, for implementing the proposed lab exercises.. .

Broader Impacts

The SAHI curriculum will be available to all students in the department of HIM, which has a 1:3 male-female ratio, and the SIS. The outreach activities include module delivery to high school students in summer and diversity students through a very active i3 program at SIS, and to a community college. The 4+1 FastTrack BS-MS program will allow fast production of the professionals that have the highest credentials in IA and HIT areas. Through HIM's highly female populated program the SAHI curriculum is poised to produce a huge number of female and minority students with focus in SAHI areas. The results (curriculum and lab modules) will be disseminated through dedicated websites (some as e-learning modules for general community) and conference publications, and outreach to high school and other college students.

Outreach Activities

SciTech High school projects

Altogether THREE projects have been created by PIs that involved participation from high school students in SAHI related areas:
  • Projects 1 and 2: Two high school projects created by Co-PIs from HIM program have been accepted by the Pittsburgh Science and Technology Academy (ScieTech). Each project will have two high school students. Project 1 (mentor Dr. Andi Saptono of HIM) is about mobile app security and privacy, and the other project (mentor: Co-PI Leming Zhou) is about genomic data security and privacy.
  • Project 3: Palanisamy, Joshi and Pelechrinis are involved in Project 3 that will mentor a team of high school students on a healthcare privacy project as part of the SciTech Executive Experience program - – two students were involved at different times; the second one finished the project. The objective of this project was to test and validate the privacy features of our LEAF anonymous social network. LEAF is an anonymous social network for sensitive health related information among users. Such a need for private communication may arise, for instance, in specialized social network applications that focus guiding and intervening patients of sensitive and critical health diseases. As part of this effort, we extended the methodologies for employing the anonymous social networking features implemented in our prototype social network system for intervening bulling issues in high schools. We also performed a qualitative evaluation of the privacy features based on a comprehensive survey-based feedback.  Overall, we believe that this collaborative project with the high school student has been productive. The student decided to pursue his undergraduate in the STEM field and has received admissions from several top universities including UIUC and Georgia Tech.

Presentations/Disseminations in Conferences and other Venues

The PIs and students supported by the project or the students who took graduate courses were able to publish and present their work related to healthcare security and privacy. The conferences included educational or research conferences. PIs also delivered talks and participated in the panels in conference geared towards healthcare cybersecurity. Please click on the publications link above to see the list of publications and conference venues where the published work have been presented. Some examples include, presentation by Co-PI from HIM in Assemble on Education conference, participation/presentation by the PI in 3rd Integrative Conference on Technology, Social Media, and Behavioral Health “Security and Privacy in Mobile and Web-Based Interventions” (on Nov 3, 2017).


Co-PI Palanisamy delivered a lecture on general data security and privacy issues related to healthcare to 107 high school students as part of the seventh year of the University of Pittsburgh Health Career Scholars Academy (formerly the Pennsylvania Governor’s School for Health Care). The lecture introduced basic awareness in data privacy and security to the students. Co-PI Palanisamy presented on the topic of “Implementing Curriculum To Address Cybersecurity In Healthcare” to a group of school administrators and instructors in the 2017 Allied Health Workshop organized by PAPSA (Pennsylvania Association of Private School Administrators) and Pocket Nurse in Pittsburgh and Lancaster.

Data Security Workshop for Health Information Management Students

Co-PI Palanisamy had annually conducted a one day workshop on Data Security issues in healthcare to the undergraduate students in the department of Health Information Management in SHRS. The workshop lectures covered basic data security and privacy issues and had three lab modules covering various aspects of data security. A high number female students attended the workshops (e.g., 70% in 2016).


Engagement of students in research and development

Throughout the project duration, the PIs were able to engaged undergraduate (mainly in HIM), and graduate (both MS and PhD) students in research and development. For instance, most of the projects in IS 2620 (Fall, 2018) were focused on security and privacy issues in Healthcare. Several doctoral students were able to write research papers in their Doctoral seminar courses or the advanced cybersecurity courses, and later publish. Several undergraduate students in HIM program worked on secure mobile app development projects – some of which resulted in publications.


SAHI Website with Resources/Labs/Modules

This project website is sharing Labs developed and resources related to tools and training materials related healthcare cybersecurity. We expect the use of labs to be used by colleagues. One example is the use of some privacy labs by our colleagues from Penn State for their use in the coursework. Some of the materials developed have been simplified and also shared through tutorials page of our other NSF funded SAC-PA project whose primary goal is to foster awareness and education of cybersecurity issues in general though online shared repository of tutorial modules.

Project related Publications


  • Leila Karimi, and James Joshi (2017). Multi-Owner Multi-Stakeholder Access Control Model for a Healthcare Environment.  IEEE Conference on Collaboration and Internet Computing (CIC2017). 3rd, (From Doctoral Seminar)
  • Li, Chao, Balaji Palanisamy, and James Joshi (2017). Differentially Private Trajectory Analysis for Points-of-Interest Recommendation.  IEEE International Congress on Big Data (BigData Congress)
  • Nuray B. Akhuseyinoglu, James Joshi (2017). A Risk-Aware Access Control Framework for Cyber-Physical Systems.  3rd IEEE Conference on Collaboration and Internet Computing (CIC2017)
  • Chao Li, Balaji Palanisamy and James Joshi, "SocialMix: Supporting Privacy‐aware Trusted Social Networking Services", Proc. of 23rd IEEE International Conference on Web Services (ICWS), San Francisco, USA, 2016. 
  • Runhua Xu and James Joshi. “An Integrated Privacy Preserving Attribute Based Access Control Framework.” In 2016 IEEE 9th International Conference on Cloud Computing (Cloud), San Francisco, USA, 2016. (From Doctoral Seminar)
  • Runhua Xu, James Joshi and Chao Li, “CryptoNN: Training Neural Networks over Encrypted Data,” The 39th IEEE International Conference on Distributed Computing Systems (ICDCS 2019), Jul, 2019
  • Zhou L, Thieret R, Watzlaf V, DeAlmeida D, Parmanto B, (2019), "A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation", International Journal of Telerehabilitation, in press.
  • Zhou L, Parmanto B, Bao J, Watzlaf V, (2019), "Barriers to and Facilitators of the Use of Mobile Health Apps from a Security Perspective: Mixed-Methods Study", JMIR mHealth and uHealth, 7(4):e11223. DOI: 10.2196/11223.
  • Zhou L, Parmanto B, Alfikri Z, Bao J, (2018), "A Mobile App for Assisting Users to Make Informed Selections in Security Settings for Protecting Personal Health Data: Development and Feasibility Study", JMIR mHealth and uHealth, 6(12):e11210. DOI: 10.2196/11210. PMID: 30538088.
  • Zhou L, Parmanto B, Joshi J, (2018), "Development and Evaluation of a New Security and Privacy Track in a Health Informatics Graduate Program: Multidisciplinary Collaboration in Education", JMIR Medical Education, 4(2):e19. DOI: 10.2196/mededu.9081. PMID: 30578227
    Smith K, Zhou L, Watzlaf V, (2017), "User Authentication in Smartphones for Telehealth", International Journal of Telerehabilitation, 9(2): 3-11. DOI: 10.5195/ijt.2017.6226.
  • Zhou L, Parmanto B, Saptono A, DeAlmeida D, and Watzlaf V, (2017), "A New Security Assured Healthcare Information Track: Evaluation Methods and Results", 2017 Assembly on Education, Anaheim, CA. (July 29 - August 2, 2017)
  • Zhou L, Parmanto B, Saptono A, DeAlmeida D, (2016), "A New Security Assured Healthcare Information Track: One Year Experience", AHIMA Assembly on Education Symposium, Denver, CO. (July 23-27, 2016)
  • Zhou L and Parmanto B, (2015), "A New Security Assured Healthcare Information Track", AHIMA Assembly on Education Symposium, Austin, TX. (July 19-22, 2015)


[Not published yet]


  • Runhua Xu, James Joshi, Prashant Krishnamurthy, “An Integrated Privacy Preserving Attribute Based Access Control Framework Supporting Secure Deduplication,” IEEE Transactions on Dependable and Secure Computing (under review)
  • Runhua Xu, James Joshi, “Trustworthy and Transparent Third Party Authority,” submitted to ACM Transactions on Internet Technologies.
  • Nuray Baltaci  Akhuseyinoglu,  James Joshi, “Access  Control  Approaches  for  SmartCities,” (Book Chapter) Book: “IoT  Technologies  in  Smart-Cities:  From sensors to big data, security and trust.” Editors: Al-Turjman  F,  Imran  M,   The Institution of Engineering and Technology (IET); 2019.
  • Leila Karimi, James Joshi, “An Automatic Attribute Based Access Control Policy Extraction from Access Logs,” (to be submitted to Elsevier Computer & Security journal)


[NSF not acknowledged]


  • Maryam Karimi, Prashant Krishnamurthy, James Joshi, and David Tipper, “Mining Historical Data towards Interference Management in Wireless SDNs,” The 20th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, November 21st-25th, 2017, Miami Beach, USA (From Doctoral Seminar).
  • Leila Karimi, James Joshi. “An Unsupervised Learning Based Approach for Mining Attribute Based Access Control Policies,” IEEE BigData 2019.
  • Watzlaf V, DeAlmeida D, Zhou L, (2019), "Security, Privacy and Safety in TeleAAC", Chapter 2 in "Tele-AAC: Augmentative and Alternative Communication Through Telepractice", in press.
  • Watzlaf V, Zhou L, DeAlmeida D, Hartman L, (2017), "A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices Used by Healthcare Providers", International Journal of Telerehabilitation, 9(2): 39-58. DOI: 10.5195/ijt.2017.6231.
  • Takyi H, Watzlaf V, Matthews JT, Zhou L, DeAlmeida D, (2017), "Privacy and Security in Multi-User Health Kiosks", International Journal of Telerehabilitation, 9(1), 3-14.
  • Watzlaf V, Dealmeida D, Zhou L, Hartman L, (2015), "Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices", International Journal of Telerehabilitation, 7(2), 15-22.

Project Team Members

SAC-PA Project Team Members

Dr. Joshi

James B.D.


Professor, Principal Investigator

Dr. Parmanto




Dr. Zhou



Assistant Professor

Dr. Spring

Michael B.


Associate Professor

Dr. Tipper




Dr. Shrestha

Prashant K.



Dr. Palanisamy



Assistant Professor

Dr. Palanisamy



Associate Professor

Dr. Palanisamy



Chief Innovation Officer, UPMC

Executive Vice President, UPMC Enterprises

Dr. Palanisamy



Assistant Director of CEAC

Enrolled PhD Students


Ph.D. Student


Ph.D. Student

Nuray Baltaci

Ph.D. Student



For more information regarding the project, please contact Professor James Joshi.

Please feel free to send us your comments!