Journal of Medical Systems

, Volume 36, Issue 5, pp 3375–3384 | Cite as

A Secure EHR System Based on Hybrid Clouds

  • Yu-Yi ChenEmail author
  • Jun-Chao Lu
  • Jinn-Ke Jan
Original Paper


Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.


Electronic health record Privacy Cloud computing Healthcare 


Conflict of Interest

The authors declare that they have no conflict of interest.


  1. 1.
    HIMSS, definition of an electronic health record,
  2. 2.
    Rau, H. H, Hsu, C. Y, Lee, Y. L., Chen, W., and Jian, W. S., Developing electronic health records in Taiwan, IT Professional, pp. 17–25, March/April, 2010Google Scholar
  3. 3.
    Schabetsberger, T., Ammenwerth, E., Andreatta, S., Gratl, G., Haux, R., Lechleitner, G., Schindelwig, K., Stark, C., Vogl, R., Wilhelmy, I., and Wozak, F., From a paper-based transmission of discharge summaries to electronic communication in health care regions. Int. J. Med. Inform. 75(3):209–215, 2006.CrossRefGoogle Scholar
  4. 4.
    Hsu, C. Y., Chen, Y. C., Luo, R. C., Rau, H. H., Fan, C. T., Hsiao, B. S., and Chiu, H. W., A resource-sharing platform for trading biomedical intellectual property. IT Prof. 12(2):42–49, 2010. doi: 10.1109/MITP.2010.48.CrossRefGoogle Scholar
  5. 5.
    Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D., Design and implementation of a Telecare information platform. J. Med. Syst., 2010. doi: 10.1007/s10916-010-9625-6.
  6. 6.
    Takemura, T., Araki, K., Arita, K., Suzuki, T., Okamoto, K., Kume, N., Kuroda, T., Takada, A., and Yoshihara, H., Development of fundamental infrastructure for nationwide EHR in Japan. J. Med. Syst., 2011. doi: 10.1007/s10916-011-9688-z.
  7. 7.
    Heslop, L., Weeding, S., Dawson, L., Fisher, J., and Howard, A., Implementation issues for mobile-wireless infrastructure and mobile health care computing devices for a hospital ward setting. J. Med. Syst. 34(4):509–518, 2010. doi: 10.1007/s10916-009-9264-y.CrossRefGoogle Scholar
  8. 8.
    Moore, P., Navigating the Tech Maze, Physicians practice., 2009
  9. 9.
    Zhang, R., and Liu, L., Security models and requirements for healthcare application clouds, Cloud Computing (CLOUD), 2010 IEEE 3 rd International Conference on, vol., no., pp. 268-275, 5–10 July 2010, Doi:  10.1109/CLOUD.2010.62
  10. 10.
    Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organization future proof EHR systems-A review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.CrossRefGoogle Scholar
  11. 11.
    104th United States Congress, Health Insurance Portability and Accountability Act of 1996 (HIPPA), Online at, 1996.
  12. 12.
    Pritts, J., and Connr, K., The implementation of e-Consent mechanisms in three countries: Canada, England, and The Netherlands. SAMHSA report,; 2007.
  13. 13.
    Künzi, J., Koster, P., and Petković, M., Emergency access to protected health records. Stud. Health Technol. Inform. 150:705–9, 2009.Google Scholar
  14. 14.
    Coskun, N., and Erol, R., An optimization model for locating and sizing emergency medical service stations. J. Med. Syst. 34(1):43–49, 2010. doi: 10.1007/s10916-008-9214-0.CrossRefGoogle Scholar
  15. 15.
    MacKenzie, P., and Reiter, M. K., Networked cryptographic devices resilient to capture. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001, 12–25.Google Scholar
  16. 16.
    MacKenzie, P., and Reiter, M. K., Delegation of cryptographic servers for capture-resilient devices. In Proceedings of the 2001 ACM Conference on Computer and Communication Security, November 2001, 10–19Google Scholar
  17. 17.
    Takeda, H., Matsumura, Y., and Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.CrossRefGoogle Scholar
  18. 18.
    Chan, A. T. S., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Comm. ACM 44(9):77–82, 2001.CrossRefGoogle Scholar
  19. 19.
    Wang, D. W., Liu, D. R., and Chen, Y. C., A mechanism to verify the integrity of computer-based patient records. J. Chin. Med. Assoc. 10:71–84, 1999.Google Scholar
  20. 20.
    Yang, Y., Han, X., Bao, F., and Deng, R. H., A smart-card-enabled privacy preserving E-Prescription system. IEEE Trans. Inf. Technol. Biomed. 8(1):47–58, 2004.CrossRefGoogle Scholar
  21. 21.
    Wu, Z. Y., Chung, Y. F., Lai, F. P., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst., 2010. doi: 10.1007/s10916-010-9527-7.
  22. 22.
    He, D.B., Chen, J.H. and Rui, Z., A more secure authentication scheme for telecare medicine information systems, J. Med. Syst.,  10.1007/s10916-011-9658-5, 10.1007/s10916-011-9658-5, 2011
  23. 23.
    Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for Telecare medicine information systems. J. Med. Syst., 2011. doi: 10.1007/s10916-011-9735-9.
  24. 24.
    Farzandipour, M., Sadoughi, F., Ahmadi, M., and Karimi, I., Security requirements and solutions in electronic health records: lessons learned from a comparative study. J. Med. Syst. 34:629–642, 2010.CrossRefGoogle Scholar
  25. 25.
    Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76(5):442–448, 2007. doi: 10.1016/j.ijmedinf.2006.09.010.CrossRefGoogle Scholar
  26. 26.
    Pharow, P., and Blobel, B., Electronic signatures for long-lasting storage purposes in electronic archives. Int. J. Med. Inform. 74(2):279–287, 2005. doi: 10.1016/j.ijmedinf.2004.04.018.CrossRefGoogle Scholar
  27. 27.
    Kluge, W. E. H., Secure e-Health: managing risks to patient health data. Int. J. Med. Inform. 76(5):402–406, 2007. doi: 10.1016/j.ijmedinf.2006.09.003.CrossRefGoogle Scholar
  28. 28.
    Ahmad, N., Restrictions on cryptography in India – A case studyof encryption and privacy, Comput. Law Secur. Rev., Volume 25, Issue 2, 2009, Pages 173–180, ISSN 0267–3649, 10.1016/j.clsr.2009.02.001.Google Scholar
  29. 29.
    Takeda, H., Matsumura, Y., Kuwata, S., Nakano, H., Shanmai, J., Qiyan, Z., Yufen, C., Kusuoka, H., and Matsuoka, M., “An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System). Int. J. Med. Inform. 73(3):311–316, 2004.CrossRefGoogle Scholar
  30. 30.
    Hu, J., Chen, H.H., A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Compu. Stand. Interfaces., 2009Google Scholar
  31. 31.
    van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78:3, 2009.Google Scholar
  32. 32.
    Sucurovic, S., Implementing security in a distributed web-based EHCR. Int. J. Med. Inform. 76(5):491–496, 2007. doi: 10.1016/j.ijmedinf.2006.09.017.CrossRefGoogle Scholar
  33. 33.
    Bonacina, S., Marceglia, S., Bertoldi, M., and Pinciroli, F., Modelling, designing, and implementing a family-based health record prototype. Comput. Biol. Med. 40(6):580–590, 2010. doi: 10.1016/j.compbiomed.2010.04.002.CrossRefGoogle Scholar
  34. 34.
    Gobi, M., and Vivekanandan, K., A new digital envelope approach for secure electronic medical records., IJCSNS Int. J. Comput. Sci. Netw. Secur., VOL. 9 No.1, January 2009Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Department of Management Information SystemNational Chung Hsing UniversityTaichungRepublic of China
  2. 2.Department of Computer Science and EngineeringNational Chung Hsing UniversityTaichungRepublic of China

Personalised recommendations