Haltung und Übertragung von Patientendaten im Cloud Computing: Anforderungserhebung und prototypische Implementierung eines Verschlüsselungsframeworks

Ziel des Beitrags ist es auf Basis eines systematischen Literaturreviews sowie eines Experteninterviews Anforderungen fur die Ubertragung und Haltung von Patientendaten zu identifizieren. Auf Basis dieser Anforderungen wird prototypisch ein Verschlusselungsframework implementiert und anhand zweier Experteninterviews konzeptionell sowie bei einem Arzneimittellieferanten mittels zweier Anwendungsbeispiele (Verschlusselte Backups sowie Arzneimittelbestellungen) technisch evaluiert. Auf Basis des systematischen Literaturreviews lasst sich statuieren, dass eine grundliche Betrachtung der deutschen Gesetzgebung hinsichtlich Sicherheit und Datenschutz in der Literatur bisher ausbleibt. Diese Lucke soll mit diesem Beitrag geschlossen werden.

[1]  Doan B. Hoang,et al.  Novel Data Protection Model in Healthcare Cloud , 2011, 2011 IEEE International Conference on High Performance Computing and Communications.

[2]  Ninja Marnau,et al.  Cloud Computing und Safe Harbor , 2011, Datenschutz und Datensicherheit - DuD.

[3]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[4]  Alexander Duisberg Gelöste und ungelöste Rechtsfragen im IT-Outsourcing und Cloud Computing , 2011 .

[5]  Anthony Sulistio,et al.  Designing Cloud Services Adhering to Government Privacy Laws , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[6]  Paula Kotzé,et al.  Secure cloud computing: Benefits, risks and controls , 2011, 2011 Information Security for South Africa.

[7]  Ambadas Wairagar,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2016 .

[8]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[9]  Geoff Walsham,et al.  Doing interpretive research , 2006, Eur. J. Inf. Syst..

[10]  Mathias Slawik,et al.  The Trusted Cloud Transfer Protocol , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[11]  Bundesärztekammer,et al.  Empfehlungen zur ärztlichen Schweigepflicht, Datenschutz und Datenverarbeitung in der Arztpraxis , 2009 .

[12]  Rüdiger Zarnekow,et al.  Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios , 2013, AMCIS.

[13]  Ahmad-Reza Sadeghi,et al.  Securing the e-health cloud , 2010, IHI.

[14]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[15]  Lech J. Janczewski,et al.  "Need-to-know" principle and fuzzy security clearances modelling , 2000, Inf. Manag. Comput. Secur..

[16]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[17]  Ali Sunyaev,et al.  Privacy Engineering: Personal Health Records in Cloud Computing Environments , 2011, ICIS.

[18]  Jonas Repschläger,et al.  Securing Medical SaaS solutions using a Novel End-to-End Encryption Protocol , 2014, ECIS.

[19]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[20]  Luke Stark,et al.  Lockbox: mobility, privacy and values in cloud storage , 2014, Ethics and Information Technology.

[21]  Milan Petkovic,et al.  Towards Trustworthy Health Platform Cloud , 2012, Secure Data Management.

[22]  F. Frances Yao,et al.  Design and Analysis of Password-Based Key Derivation Functions , 2005, IEEE Trans. Inf. Theory.

[23]  Ulrich Lampe,et al.  Data Privacy in Cloud Computing - An Empirical Study in the Financial Industry , 2014, AMCIS.

[24]  Wanda Pratt,et al.  Personal health information management , 2006, CACM.

[25]  Sarah Spiekermann,et al.  Privacy-by-Design through Systematic Privacy Impact Assessment - a Design Science Approach , 2012, ECIS.

[26]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[27]  Markus Kucera,et al.  Sicherheitsherausforderungen in hochverteilten Systemen , 2013, Prax. Inf.verarb. Kommun..

[28]  Upkar Varshney,et al.  Investigating Privacy and Security Challenges of mHealth Applications , 2013, AMCIS.

[29]  Rüdiger Zarnekow,et al.  Acceptance of Health Clouds - a Privacy Calculus Perspective , 2014, ECIS.

[30]  Marjory S. Blumenthal Is Security Lost in the Clouds? , 2011 .

[31]  Björn Niehaves,et al.  Reconstructing the giant: On the importance of rigour in documenting the literature search process , 2009, ECIS.

[32]  Jian-Guo Bau,et al.  Secure Dynamic Access Control Scheme of PHR in Cloud Computing , 2012, Journal of Medical Systems.

[33]  Milan Petkovic,et al.  A Home Healthcare System in the Cloud--Addressing Security and Privacy Challenges , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[34]  Klaas Apostol Brute-force Attack , 2012 .

[35]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[36]  Thilo Weichert Cloud Computing und Datenschutz , 2010, Datenschutz und Datensicherheit - DuD.