Electronic medical record can manage various kinds of patient data in digital form. Patient data security is a priority that must be met by healthcare provider for referral process. One of the medical data exchange standards that is widely used is Health Level Seven (HL7) standard. The absence of security in the HL7 standard makes patient data vulnerable to digital attacks, information security disturbances, and can even disrupt the patient's own psyche. This study aims to create an architectural design as well as a prototype of a patient data security system that uses HL7 standard, by utilizing the Advanced Encryption Standard (AES) as a cryptographic algorithm. Architectural design for data exchange, can change HL7 data from plain text and unauthenticated data transmission to data with secure and protected protocols. The research method starts from requirements analysis and finished with making system prototypes and model evolution. The system that has been developed is deployed into a SaaS model on cloud computing. The SaaS architecture for securing patient referral data has been adapted to the stakeholders involved (users), the medical data exchange standard used (HL7 standard), workflow and data exchange processes, and the data security technique itself (AES).

Referral Patient; Data Security; Electronic Medical Record; HL7; AES

S. Upadhyay and H. Hu, “A Qualitative Analysis of the Impact of Electronic Health Records (EHR) on Healthcare Quality and Safety: Clinicians’ Lived Experiences,” Health Serv Insights, vol. 15, Jan. 2022, doi: 10.1177/11786329211070722.

M. Duckert and L. Barkhuus, “Protecting Personal Health Data through Privacy Awareness,” Proc ACM Hum Comput Interact, vol. 6, no. GROUP, pp. 1–22, Jan. 2022, doi: 10.1145/3492830.

N. Amalia, M. Z. A. Rustam, A. Rosarini, D. R. Wijayanti, and M. A. Riestiyowati, “The Implementation of Electronic Medical Record (EMR) in The Development Health Care System in Indonesia,” International Journal of Advancement in Life Sciences Research, vol. 4, no. 3, Jul. 2021, doi: 10.31632/ijalsr.2021.v04i03.002.

R. Ait Abdelouahid, O. Debauche, S. Mahmoudi, and A. Marzak, “Literature Review: Clinical Data Interoperability Models,” Information, vol. 14, no. 7, p. 364, Jun. 2023, doi: 10.3390/info14070364.

C. Thapa and S. Camtepe, “Precision health data: Requirements, Challenges and Existing Techniques for Data Security and Privacy,” Comput Biol Med, vol. 129, p. 104130, Feb. 2021, doi: 10.1016/j.compbiomed.2020.104130.

A. Olutola and M. Olumuyiwa, “Comparative Analysis of Encryption Algorithms,” European Journal of Technology, vol. 7, no. 1, pp. 1–9, Jan. 2023, doi: 10.47672/ejt.1312.

X. Guo, M. El-Hadedy, S. Mosanu, X. Wei, K. Skadron, and M. R. Stan, “Agile-AES: Implementation of Configurable AES Primitive with Agile Design Approach,” Integration, vol. 85, pp. 87–96, Jul. 2022, doi: 10.1016/j.vlsi.2022.04.005.

O. Enaizan, B. Eneizan, M. Almaaitah, A. T. Al-Radaideh, and A. M. Saleh, “Effects of Privacy and Security on the Acceptance and usage of EMR: The Mediating Role of Trust on the basis of Multiple Perspectives,” Inform Med Unlocked, vol. 21, p. 100450, 2020, doi: 10.1016/j.imu.2020.100450.

A. F. Dennis, P. J. White, and T. Zayas-Cabán, “Fast-Tracking Health Data Standards Development and Adoption in Real-World Settings: A Pilot Approach,” Appl Clin Inform, vol. 12, no. 04, pp. 745–756, Aug. 2021, doi: 10.1055/s-0041-1731677.

M. Anywar et al., “Challenges and Lessons Learned in Mapping HL7 v2 Data to openEHR: Insights from UKSH Medical Data Integration Center,” 2024. doi: 10.3233/SHTI240658.

G. Dupont, D. R. dos Santos, E. Costante, J. den Hartog, and S. Etalle, “A Matter of Life and Death: Analyzing the Security of Healthcare Networks,” 2020, pp. 355–369. doi: 10.1007/978-3-030-58201-2_24.

A. L. Martínez, M. G. Pérez, and A. Ruiz-Martínez, “A Comprehensive Model for Securing Sensitive Patient Data in a Clinical Scenario,” IEEE Access, vol. 11, pp. 137083–137098, 2023, doi: 10.1109/ACCESS.2023.3338170.

A. A. AlQudah, M. Al-Emran, and K. Shaalan, “Medical data integration using HL7 Standards for Patient’s Early Identification,” PLoS One, vol. 16, no. 12, p. e0262067, Dec. 2021, doi: 10.1371/journal.pone.0262067.

M. Rizwan et al., “Risk Monitoring Strategy for Confidentiality of Healthcare Information,” Computers and Electrical Engineering, vol. 100, p. 107833, May 2022, doi: 10.1016/j.compeleceng.2022.107833.

B. Seth, S. Dalal, V. Jaglan, D. Le, S. Mohan, and G. Srivastava, “Integrating Encryption Techniques for Secure Data Storage in the Cloud,” Transactions on Emerging Telecommunications Technologies, vol. 33, no. 4, Apr. 2022, doi: 10.1002/ett.4108.

A. Almalawi, A. I. Khan, F. Alsolami, Y. B. Abushark, and A. S. Alfakeeh, “Managing Security of Healthcare Data for a Modern Healthcare System,” Sensors, vol. 23, no. 7, p. 3612, Mar. 2023, doi: 10.3390/s23073612.

T. Gunasekar, P. D. D. Dominic, and S. Kayalvizhi, “Authentic Cloud-Biometric Signature Verification System for Healthcare Data Management,” Int J Bus Inf Syst, vol. 37, no. 1, p. 63, 2021, doi: 10.1504/IJBIS.2021.115069.

A. Kumar, “Data Security and Privacy using DNA Cryptography and AES Method in Cloud Computing,” in 2021 Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), IEEE, Nov. 2021, pp. 1529–1535. doi: 10.1109/I-SMAC52330.2021.9640708.

M. Kumar, A. Soni, A. R. S. Shekhawat, and A. Rawat, “Enhanced Digital Image and Text Data Security using Hybrid Model of LSB Steganography and AES Cryptography Technique,” in 2022 Second International Conference on Artificial Intelligence and Smart Energy (ICAIS), IEEE, Feb. 2022, pp. 1453–1457. doi: 10.1109/ICAIS53314.2022.9742942.

K. Shankar Komathi Maathavan and S. Venkatraman, “A Secure Encrypted Classified Electronic Healthcare Data for Public Cloud Environment,” Intelligent Automation & Soft Computing, vol. 32, no. 2, pp. 765–779, 2022, doi: 10.32604/iasc.2022.022276.

J. Jain and A. Jain, “Securing E-Healthcare Images using an Efficient Image Encryption Model,” Sci Program, vol. 2022, pp. 1–11, Mar. 2022, doi: 10.1155/2022/6438331.

J. Nan and L.-Q. Xu, “Designing Interoperable Health Care Services based on Fast Healthcare Interoperability Resources: Literature Review,” JMIR Med Inform, vol. 11, p. e44842, Aug. 2023, doi: 10.2196/44842.

S. M. Kareem and A. M. S. Rahma, “New Method for Improving Add Round Key in the Advanced Encryption Standard Algorithm,” Information Security Journal: A Global Perspective, vol. 30, no. 6, pp. 371–383, Nov. 2021, doi: 10.1080/19393555.2020.1859654.

S. Alsaqqa, S. Sawalha, and H. Abdel-Nabi, “Agile Software Development: Methodologies and Trends,” International Journal of Interactive Mobile Technologies (iJIM), vol. 14, no. 11, p. 246, Jul. 2020, doi: 10.3991/ijim.v14i11.13269.

Z. Fang, “System-of-Systems Architecture Selection: A Survey of Issues, Methods, and Opportunities,” IEEE Syst J, vol. 16, no. 3, pp. 4768–4779, Sep. 2022, doi: 10.1109/JSYST.2021.3119294.

J. Gmys, T. Carneiro, N. Melab, E.-G. Talbi, and D. Tuyttens, “A Comparative Study of High-Productivity High-Performance Programming Languages for Parallel Metaheuristics,” Swarm Evol Comput, vol. 57, p. 100720, Sep. 2020, doi: 10.1016/j.swevo.2020.100720.

S. Raghavan R., J. K.R., and R. V. Nargundkar, “Impact of Software as a Service (SaaS) on Software Acquisition Process,” Journal of Business & Industrial Marketing, vol. 35, no. 4, pp. 757–770, Apr. 2020, doi: 10.1108/JBIM-12-2018-0382.

S. Galiveeti, L. Tawalbeh, M. Tawalbeh, and A. A. A. El-Latif, “Cybersecurity Analysis: Investigating the Data Integrity and Privacy in AWS and Azure Cloud Platforms,” 2021, pp. 329–360. doi: 10.1007/978-3-030-74575-2_17.