Resources for Security Assured Healthcare Informatics

Research Paper Collection

We create a public list that collects the research papers for security assured healthcare informatics. Please visit our Security-Assured-Healthcare group.

Tools/Platforms Collection


'OpenEHR' is the name of a technology for e-health, consisting of open specifications, clinical models and software that can be used to create standards, and build information and interoperability solutions for healthcare. The various artefacts of openEHR are produced by the openEHR community and managed by the openEHR Foundation, an international non-profit organisation established in the year 2003.


OpenMRS is a collaborative open-source project to develop software to support the delivery of health care in developing countries. OpenMRS is founded on the principles of openness and sharing of ideas, software and strategies for deployment and use.


Electronic Health Records (EHRs) were never designed to manage the complexities of multi-institutional, lifetime medical records. As patients move between providers, their data becomes scattered across different organizations, losing easy access to past records. As providers — not patients — are the primary stewards of EHRs, patients face significant hurdles in viewing their reports, correcting erroneous data, and distributing the information. The situation is much like consumer finance, where an individual may have several bank accounts, credit cards, loans, and assets but no unified way to access and control them. In the case of finance, however, there is an infrastructure in place that greases the wheels: currency. With medical information we are still in the age of barter.


SimpleRisk is a free and open source risk management system. It is a web application, developed using LAMP (Linux, Apache, MySQL, PHP) stack and based on client-server architecture. It provides functionalities such as risk identification, risk mitigation, and risk report generation.

The Workgroup for Electronic Data Interchange (WEDI)

The Workgroup for Electronic Data Interchange (WEDI) is the leading authority on the use of Health IT to improve healthcare information exchange in order to enhance the quality of care, improve efficiency and to reduce costs of the American healthcare system. Formed in 1991 by the Secretary of Health and Human Services (HHS), WEDI was named in the 1996 HIPAA legislation as an advisor to HHS and continues to fulfill that role today.

THealth Level Seven International (HL7)

Founded in 1987, Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services.


SmartHL7 is a set of small tools is made for working with HL7 data.

Open Health Tool

The vision of Open Health Tool is to enable a ubiquitous ecosystem where members of the Health and IT professions can collaborate to build open, standards-based interoperable systems that enable patients and their care providers to have access to vital and reliable medical information at the time and place it is needed.

Security Risk Assessment Tool

The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), developed a downloadable Security Risk Assessment (SRA) Tool to help guide you through the process. The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.

HIPAA Handbook

University of Pittsburgh HIPAA Security Procedures, Electronic Security Policies and the HIPAA Handbook

University of Pittsburgh Notice of Privacy Practices
University of Pittsburgh IRB
HIPAA Security Toolkit Application
TEMPLATE - Model Notices of Privacy Practices (NPPs)
Mobile Devices – Keeping Health Information Private and Secure
HIPAA Privacy and Security Rules Training

Online modules on HIPAA Privacy, Security, and Breach Notification Rule compliance, developed by OCR and Medscape for health care professionals.

Privacy Tools
Differential Privacy Tool

The differentially private tools that will enable social scientists to share useful statistical information about sensitive datasets.

Anonymization ToolBox

The toolbox currently contains 6 different anonymization methods over 3 different privacy definitions: Datafly, Mondrian Multidimensional k-Anonymity, Incognito, Incognito with l-diversity, Incognito with t-closeness. Anatomy


he diffpriv package makes privacy-aware data science in R easy. diffpriv implements the formal framework of differential privacy: differentially-private mechanisms can safely release to untrusted third parties: statistics computed, models fit, or arbitrary structures derived on privacy-sensitive data.

Blockchain for e-Health resources

Healthcare-related Blockchains

Open-source landscape map for healthcare-related blockchains


Healthcoin is the world's first blockchain-enabled platform for diabetes prevention.


MediBloc is creating a decentralized healthcare information ecosystem on blockchain where medical records can be kept safely and securely transferred by their rightful owners, the patients and not the hospitals.


Medicalchain uses blockchain technology to store health records securely so physicians, hospitals, laboratories, pharmacists and health insurers can request a patient's permission to access the record as well as record transactions on the distributed ledger.


Graduate student researchers at Massachusetts Institute of Technology in Boston developed MedRec, a system for managing medical records using the Ethereum, a decentralized platform for applications.


MintHealth announced the launch of its self-sovereign health record platform at the Connected Health Conference in Boston in October 2017.


Leveraging blockchain immutable trust to form the world's first patient-first healthcare ecosystem.

SimplyVital Health

Intentionally simple care coordination platform backed by Blockchain technology to create a tamper-proof audit trail.


Shivom combines genome sequencing, artificial intelligence, cryptogrpahy, and next-gen distributed ledger technology, aiming to build the world's largest genomics & precision medicine ecosystem.


Tierion's HashAPI allows developers to anchor up to 100 records per second on the blockchain for free, with time stamping and data security.

Zenome Platform

Zenome is a blockchain-based genomic ecosystem built on the interaction between three different types of information: genomic, personal, and financial data.


Zenome is a blockchain-based genomic ecosystem built on the interaction between three different types of information: genomic, personal, and financial data.

Smartphone Sensing

Wikipedia table summarizing software
AWARE open-source framework

Projects focused on mobile Health / Training Resources

Center for Excellence for Mobile Sensor Data-To-Knowledge (MD2K) Adaptive Intervention Resources at Penn State Methodology Center
NIH mHealth Training Institute
My Health My Data
Digital Health Decision-Making Checklist
Guiding Principles for Ethics in Digital Health
HIT Infrastructure

Pittsburgh Health + Technology Communities/Centers

University of Pittsburgh Center for Behavioral Health and Smart Technology
Center for Research on Media, Technology, and Health
University of Pittsburgh Healthy Lifestyle Institute
Pittsburgh Health Data Alliance
CMU Quality of Life Technology Center
University of Pittsburgh School of Nursing Hub for Excellence in eHealth Research
Health 2.0 Pittsburgh
Hub for Excellence in eHealth Research
Center for Research on Healthcare

Other Collections

Awesome Differential Privacy

a list of differential-privacy related repositories (and a bit more)

Health Information Privacy

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules

Summary of the HIPAA Security Rule

This is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information. Because it is an overview of the Security Rule, it does not address every detail of each provision.

The HIPAA Privacy Rule

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

HIPAA Administrative Simplification Regulations

Administrative Simplification: Modification of the Requirements for the Use of Health Insurance Portability and Accountability Act of 1996 (HIPAA) National Council for Prescription Drug Programs (NCPDP) D.0 Standard

Medical Information Privacy and Security Act
Medical Privacy in the Age of New Technologies Act of 1997
Guide to Privacy and Security of Electronic Health Information
Sync for Science (S4S) API Privacy and Security