A Secure EHR System Based on Hybrid Clouds
- 1.9k Downloads
Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.
KeywordsElectronic health record Privacy Cloud computing Healthcare
Conflict of Interest
The authors declare that they have no conflict of interest.
- 1.HIMSS, definition of an electronic health record, http://www.himss.org/ASP/topics_ehr.asp.
- 2.Rau, H. H, Hsu, C. Y, Lee, Y. L., Chen, W., and Jian, W. S., Developing electronic health records in Taiwan, IT Professional, pp. 17–25, March/April, 2010Google Scholar
- 3.Schabetsberger, T., Ammenwerth, E., Andreatta, S., Gratl, G., Haux, R., Lechleitner, G., Schindelwig, K., Stark, C., Vogl, R., Wilhelmy, I., and Wozak, F., From a paper-based transmission of discharge summaries to electronic communication in health care regions. Int. J. Med. Inform. 75(3):209–215, 2006.CrossRefGoogle Scholar
- 5.Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D., Design and implementation of a Telecare information platform. J. Med. Syst., 2010. doi: 10.1007/s10916-010-9625-6.
- 6.Takemura, T., Araki, K., Arita, K., Suzuki, T., Okamoto, K., Kume, N., Kuroda, T., Takada, A., and Yoshihara, H., Development of fundamental infrastructure for nationwide EHR in Japan. J. Med. Syst., 2011. doi: 10.1007/s10916-011-9688-z.
- 8.Moore, P., Navigating the Tech Maze, Physicians practice. http://www.physicianspractice.com/display/article/1462168/1590647, 2009
- 9.Zhang, R., and Liu, L., Security models and requirements for healthcare application clouds, Cloud Computing (CLOUD), 2010 IEEE 3 rd International Conference on, vol., no., pp. 268-275, 5–10 July 2010, Doi: 10.1109/CLOUD.2010.62
- 11.104th United States Congress, Health Insurance Portability and Accountability Act of 1996 (HIPPA), Online at http://aspe.hhs.gov/admnsimp/pl104191.htm, 1996.
- 12.Pritts, J., and Connr, K., The implementation of e-Consent mechanisms in three countries: Canada, England, and The Netherlands. SAMHSA report, http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf; 2007.
- 13.Künzi, J., Koster, P., and Petković, M., Emergency access to protected health records. Stud. Health Technol. Inform. 150:705–9, 2009.Google Scholar
- 15.MacKenzie, P., and Reiter, M. K., Networked cryptographic devices resilient to capture. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001, 12–25.Google Scholar
- 16.MacKenzie, P., and Reiter, M. K., Delegation of cryptographic servers for capture-resilient devices. In Proceedings of the 2001 ACM Conference on Computer and Communication Security, November 2001, 10–19Google Scholar
- 19.Wang, D. W., Liu, D. R., and Chen, Y. C., A mechanism to verify the integrity of computer-based patient records. J. Chin. Med. Assoc. 10:71–84, 1999.Google Scholar
- 21.Wu, Z. Y., Chung, Y. F., Lai, F. P., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst., 2010. doi: 10.1007/s10916-010-9527-7.
- 23.Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for Telecare medicine information systems. J. Med. Syst., 2011. doi: 10.1007/s10916-011-9735-9.
- 28.Ahmad, N., Restrictions on cryptography in India – A case studyof encryption and privacy, Comput. Law Secur. Rev., Volume 25, Issue 2, 2009, Pages 173–180, ISSN 0267–3649, 10.1016/j.clsr.2009.02.001.Google Scholar
- 29.Takeda, H., Matsumura, Y., Kuwata, S., Nakano, H., Shanmai, J., Qiyan, Z., Yufen, C., Kusuoka, H., and Matsuoka, M., “An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System). Int. J. Med. Inform. 73(3):311–316, 2004.CrossRefGoogle Scholar
- 30.Hu, J., Chen, H.H., A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Compu. Stand. Interfaces., 2009Google Scholar
- 31.van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78:3, 2009.Google Scholar
- 34.Gobi, M., and Vivekanandan, K., A new digital envelope approach for secure electronic medical records., IJCSNS Int. J. Comput. Sci. Netw. Secur., VOL. 9 No.1, January 2009Google Scholar