Security and Privacy of Personal Health Records in Cloud Computing Environments - An Experimental Exploration of the Impact of Storage Solutions and Data Breaches

In the course of the digitization in healthcare, the collection and central storage of large health-related datasets in clouds in the form of personal health records is growing. However, the use of cloud services for sensitive data is associated with security and privacy risks. Further, the delegation of control over security and privacy measures to the cloud provider requires trust on the users’ side. In order to investigate the role of security and privacy when storing and processing patient data, we conducted an online experiment, in which thirdparty cloud services are compared to private on-premise data centers. Additionally, we examine the impact of data breaches on the perceived security, privacy, control and trust in both storage scenarios. Our results indicate that cloud-based personal health records still face concerns regarding perceived security, privacy, control and trust amongst end-users. Nevertheless, after a data breach, no significant differences between both solutions exist.

[1]  Ali Sunyaev,et al.  Privacy Engineering: Personal Health Records in Cloud Computing Environments , 2011, ICIS.

[2]  V. Mitchell Consumer perceived risk: conceptualisations and models , 1999 .

[3]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[4]  Ibrahim Arpaci,et al.  Effects of security and privacy concerns on educational use of cloud services , 2015, Comput. Hum. Behav..

[5]  C. Homburg,et al.  Konzeptualisierung und Operationalisierung komplexer Konstrukte : Ein Leitfaden für die Marketingforschung , 1996 .

[6]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[7]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[8]  Frank Teuteberg,et al.  Exploring Trust In Cloud Computing: A Multi-Method Approach , 2013, ECIS.

[9]  Herman Aguinis,et al.  Best Practice Recommendations for Designing and Implementing Experimental Vignette Methodology Studies , 2014 .

[10]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[11]  Frank Teuteberg,et al.  "May I help You?" Increasing Trust in Cloud Computing Providers through Social Presence and the Reduction of Information Overload , 2014, ICIS.

[12]  Xianggui Qu,et al.  Multivariate Data Analysis , 2007, Technometrics.

[13]  Peter Tolmie,et al.  Repacking ‘Privacy’ for a Networked World , 2017, Computer Supported Cooperative Work (CSCW).

[14]  J. H. Davis,et al.  An Integrative Model Of Organizational Trust , 1995 .

[15]  Nilmini Wickramasinghe,et al.  User Perceptions and Expectations of the Personally Controlled Electronic Health Record (PCEHR): A Case Study of Australia's e-health Solution , 2017, HICSS.

[16]  S. Chatterjee,et al.  Health Records on the Cloud : A Security Framework , 2015 .

[17]  Robert E. Crossler,et al.  The Mobile Privacy-Security Knowledge Gap Model: Understanding Behaviors , 2017, HICSS.

[18]  Richard Burns,et al.  Business Research Methods and Statistics Using SPSS , 2008 .

[19]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[20]  P. Bentler,et al.  Cutoff criteria for fit indexes in covariance structure analysis : Conventional criteria versus new alternatives , 1999 .

[21]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[22]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[23]  Miguel López-Coronado,et al.  Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems , 2013, Journal of medical Internet research.

[24]  Frank Teuteberg,et al.  Trust Transitivity and Trust Propagation in Cloud Computing Ecosystems , 2018, ECIS.

[25]  W. Shadish,et al.  Experimental and Quasi-Experimental Designs for Generalized Causal Inference , 2001 .

[26]  Rüdiger Zarnekow,et al.  Acceptance of Health Clouds - a Privacy Calculus Perspective , 2014, ECIS.

[27]  Hsin Hsin Chang,et al.  The impact of online store environment cues on purchase intention: Trust and perceived risk as a mediator , 2008, Online Inf. Rev..

[28]  Rüdiger Zarnekow,et al.  Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios , 2013, AMCIS.

[29]  Jan Marco Leimeister,et al.  Why different trust relationships matter for information systems users , 2016, Eur. J. Inf. Syst..

[30]  P. M. Podsakoff,et al.  Self-Reports in Organizational Research: Problems and Prospects , 1986 .

[31]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[32]  Kieran Mathieson,et al.  Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior , 1991, Inf. Syst. Res..

[33]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[34]  Cheryl Burke Jarvis,et al.  A Critical Review of Construct Indicators and Measurement Model Misspecification in Marketing and Consumer Research , 2003 .

[35]  Paul A. Pavlou,et al.  Understanding and Predicting Electronic Commerce Adoption: An Extension of the Theory of Planned Behavior , 2006, MIS Q..

[36]  Helmut Krcmar,et al.  Perceived Control and Privacy in a Professional Cloud Environment , 2018, HICSS.

[37]  Suanu Bliss Wikina What caused the breach? An examination of use of information technology and health data breaches. , 2014, Perspectives in health information management.

[38]  Carlos Flavián,et al.  Consumer trust, perceived security and privacy policy: Three basic elements of loyalty to a web site , 2006, Ind. Manag. Data Syst..

[39]  Charles J. Kacmar,et al.  Developing and Validating Trust Measures for e-Commerce: An Integrative Typology , 2002, Inf. Syst. Res..

[40]  Ritu Agarwal,et al.  Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion , 2009, MIS Q..

[41]  N. Menachemi,et al.  Benefits and drawbacks of electronic health record systems , 2011 .

[42]  A. Kuo Opportunities and Challenges of Cloud Computing to Improve Health Care Services , 2011, Journal of medical Internet research.

[43]  I. Benbasat,et al.  Research Note---The Influence of Trade-off Difficulty Caused by Preference Elicitation Methods on User Acceptance of Recommendation Agents Across Loss and Gain Conditions , 2011 .