Abstract
One legitimate purpose of the health data integration (HDI) initiative is to provide a platform for improving healthcare treatment services, for example, providing a doctor with access to patient medical records from databases maintained by different healthcare provider organizations and clinics while investigating the health condition of the patient. More recently, however, the emphasis on health data management in health services has shifted from treatment to prevention via the use of HDI services. Along this perspective, HDI services integrate the datasets from various isolated health and social databases into integrated views for policy-makers, practitioners, and researchers, who will often use these resulting views to conduct additional analyses for various uses. As the purpose of such emerging HDI services to aggregate the datasets in previously isolated databases for a variety of such uses in a loosely coupled environment, this dynamic nature makes HDI a challenging domain for aggregation issues. Consequently, we argue that identifying and specifying these aggregation issues more formally to generate a rigorous security policy in HDI will better prevent unauthorized users from accessing aggregates.