Secure sharing of electronic health records in clouds

In modern healthcare environments, healthcare providers are more willing to shift their electronic medical record systems to clouds. Instead of building and maintaining dedicated data centers, this paradigm enables to achieve lower operational cost and better interoperability with other healthcare providers. However, the adoption of cloud computing in healthcare systems may also raise many security challenges associated with authentication, identity management, access control, trust management, and so on. In this paper, we focus on access control issues in electronic medical record systems in clouds. We propose a systematic access control mechanism to support selective sharing of composite electronic health records (EHRs) aggregated from various healthcare providers in clouds. Our approach ensures that privacy concerns are accommodated for processing access requests to patients' healthcare information.We also demonstrate the feasibility and efficiency of our approach by implementing a proof-of-concept prototype along with evaluation results.

[1]  Gail-Joon Ahn,et al.  Anomaly discovery and resolution in web access control policies , 2011, SACMAT '11.

[2]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for electronic healthcare services , 2011, Comput. Secur..

[3]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[4]  Ruoyu Wu,et al.  Towards HIPAA-compliant healthcare systems , 2012, IHI '12.

[5]  Gail-Joon Ahn,et al.  Representing and Reasoning about Web Access Control Policies , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference.

[6]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for sharing electronic health records , 2009, SACMAT '09.

[7]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[8]  Reihaneh Safavi-Naini,et al.  A rights management approach to protection of privacy in a cloud of electronic health records , 2011, DRM '11.

[9]  Mukesh Singhal,et al.  Information flow control in cloud computing , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[10]  Florence Sèdes,et al.  Adaptive Solutions for Access Control within Pervasive Healthcare Systems , 2008, ICOST.

[11]  Sowmya R. Rao,et al.  Electronic health records in ambulatory care--a national survey of physicians. , 2008, The New England journal of medicine.

[12]  Clement T. Yu,et al.  Merging Source Query Interfaces onWeb Databases , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[13]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[14]  Gail-Joon Ahn,et al.  Enabling verification and conformance testing for access control model , 2008, SACMAT '08.

[15]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[16]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .