Executable choreographies for medical systems integration and data leaks prevention

Integrating healthcare systems represent a great opportunity to improve the quality of healthcare but represents, also, a challenge on securing medical data. In this article we propose a software architecture that can achieve the principles of "Privacy by Design" [1] directly from software and not through code compliance procedures and internal rules of the organizations. We also show that our architecture was designed with the ability to highly regulate access to private data, and furthermore, to identify which parts of the system can be subjected to external hacking or inside attacks. Our proposed architecture focuses mainly on preventing massive data leaks. Being indistinguishable from normal system usage some minor leaks caused by internal attacks are inevitable. However, our architecture guarantees that any access to sensitive data is logged into an external system which can not be affected by the attackers.