Review Comment:
Summary:
This manuscript presents a survey of 20 studies on security of EHR data using semantic web technologies. It covers security attributes including authentication, authorization, integrity, availability, confidentiality, privacy, and provenance. The study shows the objectives and advantages of each study and classifies them into access control, interoperability, and privacy compliance classes.
This manuscript was submitted as 'Survey Article' and should be reviewed along the following dimensions:
(1) Suitability as introductory text, targeted at researchers, PhD students, or practitioners, to get started on the covered topic.
The manuscript presents 20 studies and their advantages and limitations in a table. As an introductory scope paper, it is essential to give background knowledge, terminology, and basic introduction to the readers first. But, these are missing in this manuscript. Between Introduction and Materials and Methods, it would be better to add a background, definition or terminology section to describe authentication, authorization, integrity, availability, confidentiality, privacy, and provenance (7 features) in detail. In the current version, those terms are presented briefly in the result section. And access control, interoperability, and privacy compliance are not explained in detail either. People who are new to the field need to know why there are three classes, how you classified papers into them, and why these 7 features are being looked at, are they standard security evaluation metrics, etc. Therefore, I think the current version of the manuscript is not sufficiently suitable as introductory text.
(2) How comprehensive and how balanced is the presentation and coverage.
The selected studies are discussed in a comprehensive manner. However, a few studies were covered in details but the others are not. In the results section, the manuscript shows several individual studies’ methods, but more technical details are needed. The current version only summarizes what these individual studies do in 1-2 sentences which can be found in the abstract of each study. The results and discussion of a survey need to be more than only summarizing. Additionally, I don’t know if the search strategy covers forward and backward searching. If the references and citations of selected papers have been looked at?
(3) Readability and clarity of the presentation.
The manuscript is well-written and clearly presented. The structure is easy to follow and logical. However, the review result table needs more work to be re-constructed. Firstly, the selected papers in the table need to be linked with the references. Second, the full result table can be stored in a repository with many columns or text. But the one presented in the paper should be informative and precise. For example, the authors, publication types, and year are not the key messages in the manuscript. At least, this information does not provide discussion points. Removing these columns, and refining “Results and security mechanisms” will increase the readability of the results table. Furthermore, the text in the columns of “Results and security mechanisms” and “advantages and features” is too long. They can be presented in points or short phrases. Lastly, a comparison of these studies needs to be indicated in the table. Are there any relations between these studies such as similarity, or extension, etc.
(4) Importance of the covered material to the broader Semantic Web community.
The summaries and findings of this manuscript is important for the broader semantic web community. However, the importance and significance needs to be elaborated in the manuscript. This is missing in the current version. In addition, related work (if similar surveys have been done by others) needs to be presented in the paper.
Please also assess the data file provided by the authors under “Long-term stable URL for resources”. In particular, assess
(A) whether the data file is well organized and in particular contains a README file which makes it easy for you to assess the data,
No. I expect the authors to publish their original search result, review results in an accessible repository to make it FAIR (finable, accessible, interoperable, reusable).
(B) whether the provided resources appear to be complete for replication of experiments, and if not, why,
Not completely. The search term in the article can retrieve the initial identified records, but the exclusion was not well-explained. Other researchers are not able to re-filter the studies based on the method description (Study Selection) in the paper,
(C) whether the chosen repository, if it is not GitHub, Figshare or Zenodo, is appropriate for long-term repository discoverability, and
The review results are not published in any repository.
(4) whether the provided data artifacts are complete. Please refer to the reviewer instructions and the FAQ for further information.
Data artifacts are not complete.
|