Privacy Engineering: Personal Health Records in Cloud Computing Environments

Personal health records (PHR) enable patients to manage their health information in cloud environments. The information contained in PHRs is highly sensitive. Unintended exposure of this data threatens an intimate part of a patient’s private sphere and may lead to undesirable consequences. Cloud technologies gain in momentum but also created security issues broadly discussed in academia and practice. Due to possible inherent conflicts, the collaboration of technologies like PHRs and Clouds requires work on security and privacy issues. In our study, we aim to investigate privacy issues, which may apply when using such a cloud service. The findings are supported by a real-world scenario with concrete facts and questions. Thus, this work presents the research-in-progress by examining the theoretical foundation of PHRs in cloud environments, discussing the upcoming privacy engineering framework, and reflecting the privacy case studies performed on selected PHR systems.

[1]  Jörg Schäfer,et al.  Cloud Computing : Evolution in der Technik, Revolution im Business; BITKOM-Leitfaden , 2013 .

[2]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[3]  S Ramgovind,et al.  The management of security in Cloud computing , 2010, 2010 Information Security for South Africa.

[4]  Dong Xu Cloud Computing: An emerging technology , 2010, 2010 International Conference On Computer Design and Applications.

[5]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[6]  Helmut Krcmar,et al.  Evaluation Framework for Personal Health Records: Microsoft HealthVault Vs. Google Health , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[7]  AuS Den DATENScHuTZBEHÖRDEN Prüfung der Selbst-Zertifizierung des Datenimporteurs nach dem Safe Harbor-Abkommen durch das Daten exportierende Unternehmen , 2010, Datenschutz und Datensicherheit - DuD.

[8]  Helmut Krcmar,et al.  Comparative Evaluation of Google Health API vs. Microsoft HealthVault API , 2010, HEALTHINF.

[9]  Jan Marco Leimeister,et al.  Mobile Anwendungen im Kontext des Medizinproduktegesetzes , 2009, GI Jahrestagung.

[10]  Bernd Carsten Stahl,et al.  The Ideology of Design: A Critical Appreciation of the Design Science Discourse in Information Systems and Wirtschaftsinformatik , 2009 .

[11]  Robert Sprague Orwell Was an Optimist: The Evolution of Privacy in the United States and its De-Evolution for American Employees , 2008 .

[12]  Thomas Hess,et al.  Software as a Service , 2008, Wirtschaftsinf..

[13]  Mikhail J. Atallah,et al.  Incentives and Perceptions of Information Security Risks , 2008, ICIS.

[14]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[15]  Steve Kenny,et al.  The Value of Privacy Engineering , 2002, J. Inf. Law Technol..

[16]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[17]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .