e-Health Cloud: Privacy Concerns and Mitigation Strategies

Cloud based solutions have permeated in the healthcare domain due to a broad range of benefits offered by the cloud computing. Besides the financial advantages to the healthcare organizations, cloud computing also offers large-scale and on-demand storage and processing services to various entities of the cloud based health ecosystem. However, outsourcing the sensitive health information to the third-party cloud providers can result in serious privacy concerns. This chapter highlights the privacy issues related to the health data and also presents privacy preserving requirements. Besides the benefits of the cloud computing in healthcare, cloud computing deployment models are also discussed from the perspective of healthcare systems. Moreover, some recently developed strategies to mitigate the privacy concerns and to fulfil the privacy preserving requirements are also discussed in detail. Furthermore, strengths and weaknesses of each of the presented strategies are reported and some open issues for the future research are also presented.

[1]  Jianqiang Li,et al.  A hybrid solution for privacy preserving medical data sharing in the cloud environment , 2015, Future Gener. Comput. Syst..

[2]  Benjamin Fabian,et al.  Collaborative and secure sharing of healthcare data in multi-clouds , 2015, Inf. Syst..

[3]  Jyh-Charn Liu,et al.  SAPPHIRE: Anonymity for enhanced control and private collaboration in healthcare clouds , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[4]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[5]  Dijiang Huang,et al.  Efficient Attribute-Based Comparable Data Access Control , 2015, IEEE Transactions on Computers.

[6]  Jingquan Li Electronic Personal Health Records and the Question of Privacy , 2013 .

[7]  V. T. Kamble,et al.  Ensuring Distributed Accountability for Data Sharing in the Cloud , 2014 .

[8]  Sanjay P. Ahuja,et al.  A Survey of the State of Cloud Computing in Healthcare , 2012, Netw. Commun. Technol..

[9]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[10]  Laurence T. Yang,et al.  Cyberentity Security in the Internet of Things , 2013, Computer.

[11]  Laurence T. Yang,et al.  A Cloud Based Framework for Identification of Influential Health Experts from Twitter , 2015, 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom).

[12]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[13]  William J. Buchanan,et al.  DACAR Platform for eHealth Services Cloud , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[14]  Feipei Lai,et al.  A secure electronic medical record sharing mechanism in the cloud computing platform , 2011, 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE).

[15]  Cong Wang,et al.  Toward Secure and Dependable Storage Services in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[16]  Jianfeng Ma,et al.  Privacy-Preserving Patient-Centric Clinical Decision Support System on Naïve Bayesian Classification , 2016, IEEE Journal of Biomedical and Health Informatics.

[17]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[18]  XiaoFeng Wang,et al.  Sedic: privacy-aware data intensive computing on hybrid clouds , 2011, CCS '11.

[19]  Albert Y. Zomaya,et al.  Remote Data Auditing in Cloud Computing Environments , 2015, ACM Comput. Surv..

[20]  Armin B. Cremers,et al.  Pseudonymization for Secondary Use of Cloud Based Electronic Health Records , 2014 .

[21]  Ahmad-Reza Sadeghi,et al.  Flexible patient-controlled security for electronic health records , 2012, IHI '12.

[22]  Ruoyu Wu,et al.  Secure sharing of electronic health records in clouds , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[23]  Jun Zhou,et al.  PSMPA: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributedm-Healthcare Cloud Computing System , 2015, IEEE Transactions on Parallel and Distributed Systems.

[24]  Yuguang Fang,et al.  CAM: Cloud-Assisted Privacy Preserving Mobile Health Monitoring , 2013, IEEE Transactions on Information Forensics and Security.

[25]  Yu-Yi Chen,et al.  A Secure EHR System Based on Hybrid Clouds , 2012, Journal of Medical Systems.

[26]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[27]  Sushmita Ruj,et al.  Privacy Preserving Access Control with Authentication for Securing Data in Clouds , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[28]  Shiping Chen,et al.  A platform for secure monitoring and sharing of generic health data in the Cloud , 2014, Future Gener. Comput. Syst..

[29]  Ben Y. Zhao,et al.  Silverline: toward data confidentiality in storage-intensive cloud applications , 2011, SoCC.

[30]  Jinjun Chen,et al.  A Privacy Leakage Upper Bound Constraint-Based Approach for Cost-Effective Privacy Preserving of Intermediate Data Sets in Cloud , 2013, IEEE Transactions on Parallel and Distributed Systems.

[31]  Pan Li,et al.  Cloud-Assisted Mobile-Access of Health Data With Privacy and Auditability , 2014, IEEE Journal of Biomedical and Health Informatics.

[32]  Pg Scholar,et al.  Privacy Preserving Delegated Access Control in Public Clouds , 2014 .

[33]  Sungyoung Lee,et al.  Dual Locks: Partial Sharing of Health Documents in Cloud , 2014, ICOST.

[34]  Ahmad-Reza Sadeghi,et al.  Securing the e-health cloud , 2010, IHI.

[35]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[36]  Xiaohui Liang,et al.  Exploiting Geo-Distributed Clouds for a E-Health Monitoring System With Minimum Service Delay and Privacy Preservation , 2014, IEEE Journal of Biomedical and Health Informatics.

[37]  Matthew Green,et al.  Self-Protecting Electronic Medical Records Using Attribute-Based Encryption , 2010, IACR Cryptol. ePrint Arch..

[38]  Robert Sedgewick,et al.  Algorithms in C++ - part 5: graph algorithms (3. ed.) , 2014 .

[39]  Yacine Challal,et al.  Healing on the cloud: Secure cloud architecture for medical wireless sensor networks , 2016, Future Gener. Comput. Syst..

[40]  Daisuke Mashima,et al.  Enhancing accountability of electronic health record usage via patient-centric monitoring , 2012, IHI '12.

[41]  Hoh Peter In,et al.  A scheme for data confidentiality in Cloud-assisted Wireless Body Area Networks , 2014, Inf. Sci..

[42]  M. Eric Johnson,et al.  Data Hemorrhages in the Health-Care Sector , 2009, Financial Cryptography.

[43]  Minglu Li,et al.  Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing , 2014, Comput. Secur..

[44]  A. Kuo Opportunities and Challenges of Cloud Computing to Improve Health Care Services , 2011, Journal of medical Internet research.

[45]  Samee Ullah Khan,et al.  Future Generation Computer Systems ( ) – Future Generation Computer Systems a Cloud Based Health Insurance Plan Recommendation System: a User Centered Approach , 2022 .

[46]  Josep Domingo-Ferrer,et al.  FRR: Fair remote retrieval of outsourced private medical records in electronic health networks , 2014, J. Biomed. Informatics.

[47]  Ali Sunyaev,et al.  Privacy Engineering: Personal Health Records in Cloud Computing Environments , 2011, ICIS.

[48]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[49]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[50]  Erdenebaatar Altangerel,et al.  A sharable cloud-based pancreaticoduodenectomy collaborative database for physicians: Emphasis on security and clinical rule supporting , 2013, Comput. Methods Programs Biomed..

[51]  Xiaohui Liang,et al.  PHDA: A priority based health data aggregation with privacy preservation for cloud assisted WBANs , 2014, Inf. Sci..

[52]  Noboru Sonehara,et al.  Aspects of privacy for electronic health records , 2011, Int. J. Medical Informatics.

[53]  Pieter Van Gorp,et al.  Lifelong Personal Health Data and Application Software via Virtual Machines in the Cloud , 2014, IEEE Journal of Biomedical and Health Informatics.

[54]  A. Policy Review of the 2002 Department of Health and Human Service Notice of Proposed Rule Making for The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Regulations , 2002 .

[55]  Ling Liu,et al.  Role-based and time-bound access and management of EHR data , 2014, Secur. Commun. Networks.

[56]  Walter V. Sujansky,et al.  A standard-based model for the sharing of patient-generated health information with electronic health records , 2014, Personal and Ubiquitous Computing.

[57]  Xiaolei Dong,et al.  4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks , 2015, Inf. Sci..

[58]  Reihaneh Safavi-Naini,et al.  A rights management approach to protection of privacy in a cloud of electronic health records , 2011, DRM '11.

[59]  P. Vishvapathi,et al.  Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data , 2022 .

[60]  Armin B. Cremers,et al.  A Decentralized Pseudonym Scheme for Cloud-based eHealth Systems , 2014, HEALTHINF.

[61]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[62]  Sumit Sarkar,et al.  Against Classification Attacks: A Decision Tree Pruning Approach to Privacy Protection in Data Mining , 2009, Oper. Res..

[63]  Yacine Challal,et al.  Secure and Scalable Cloud-Based Architecture for e-Health Wireless Sensor Networks , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[64]  Abdelmounaam Rezgui,et al.  MobiDyC: Private Mobile-based Health Data Sharing through Dynamic Context Handling , 2014, FNC/MobiSPC.