Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges

  • Anam Sajid
  • Haider Abbas
Systems-Level Quality Improvement
Part of the following topical collections:
  1. Advances in Big-Data based mHealth Theories and Applications


The widespread deployment and utility of Wireless Body Area Networks (WBAN’s) in healthcare systems required new technologies like Internet of Things (IoT) and cloud computing, that are able to deal with the storage and processing limitations of WBAN’s. This amalgamation of WBAN-based healthcare systems to cloud-based healthcare systems gave rise to serious privacy concerns to the sensitive healthcare data. Hence, there is a need for the proactive identification and effective mitigation mechanisms for these patient’s data privacy concerns that pose continuous threats to the integrity and stability of the healthcare environment. For this purpose, a systematic literature review has been conducted that presents a clear picture of the privacy concerns of patient’s data in cloud-assisted healthcare systems and analyzed the mechanisms that are recently proposed by the research community. The methodology used for conducting the review was based on Kitchenham guidelines. Results from the review show that most of the patient’s data privacy techniques do not fully address the privacy concerns and therefore require more efforts. The summary presented in this paper would help in setting research directions for the techniques and mechanisms that are needed to address the patient’s data privacy concerns in a balanced and light-weight manner by considering all the aspects and limitations of the cloud-assisted healthcare systems.


Patient data privacy Cloud computing Healthcare cloud data privacy 



The authors would like to extend their sincere appreciation to the Deanship of Scientific Research at King Saud University for its funding of this research through the Research Group Project no. RG-1435-048.


  1. 1.
    Dong, X., Yu, J., Luo, Y., Chen, Y., Xue, G., and Li, M., Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing. Comput. Sec. 42:151–164, 2014. doi: 10.1016/j.cose.2013.12.002.CrossRefGoogle Scholar
  2. 2.
    Othman, S., Bahattab, A., Trad, A., and Youssef, H., Secure data transmission protocol for medical wireless sensor networks. AINA ’14 Proc. 2014 I.E. 28th Int. Conf. Adv. Inform. Networking Appl. 649–656, 2014. doi: 10.1109/AINA.2014.80.
  3. 3.
    Divi, K., and Liu, H., Modeling of WBAN and cloud integration for secure and reliable healthcare. Proc. 8Th International Conf. Body Area Networks. 128–131, 2013. doi: 10.4108/icst.bodynets.2013.253706.
  4. 4.
    Waqar, A., Raza, A., Abbas, H., and Khurram Khan, M., A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. J. Network Comput. Appl. 36(1):235–248, 2013. doi: 10.1016/j.jnca.2012.09.001.CrossRefGoogle Scholar
  5. 5.
    Wooten, R., Klink, R., Sinek, F., Bai, Y., and Sharma, M., Design and implementation of a secure healthcare social cloud system. 2012 12Th IEEE/ACM Int. Symp. Cluster, Cloud Grid Comput. (Ccgrid 2012). 805–810, 2012. doi: 10.1109/CCGrid.2012.131.
  6. 6.
    Javadi, S., and Razzaque, M., Security and privacy in wireless body area networks for health care applications. Sign. Commun. Technol. 165–187, 2013. doi: 10.1007/978-3-642-36169-2_6.
  7. 7.
    Li, M., Lou, W., and Ren, K., Data security and privacy in wireless body area networks. IEEE Wireless Commun. 17(1):51–58, 2010. doi: 10.1109/mwc.2010.5416350.CrossRefGoogle Scholar
  8. 8.
    Kitchenham, B., Pearl Brereton, O., Budgen, D., Turner, M., Bailey, J., and Linkman, S., Systematic literature reviews in software engineering—a systematic literature review. Inform. Software Technol. 51(1):7–15, 2009. doi: 10.1016/j.infsof.2008.09.009.CrossRefGoogle Scholar
  9. 9.
    Shen, Q., Liang, X., Shen, X., Lin, X., and Luo, H., Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation. IEEE J. Biomed. Health Inform. 18(2):430–439, 2014. doi: 10.1109/JBHI.2013.2292829.CrossRefPubMedGoogle Scholar
  10. 10.
    Lounis, A., Hadjidj, A., Bouabdallah, A., and Challal, Y., Healing on the cloud: Secure cloud architecture for medical wireless sensor networks. Futur. Gener. Comput. Syst. 55:266–277, 2015. doi: 10.1016/j.future.2015.01.009.CrossRefGoogle Scholar
  11. 11.
    Fabian, B., Ermakova, T., and Junghanns, P., Collaborative and secure sharing of healthcare data in multi-clouds. Inf. Syst. 48:132–150, 2015. doi: 10.1016/ Scholar
  12. 12.
    Han, N., Han, L., Tuan, D., In, H., and Jo, M., A scheme for data confidentiality in cloud-assisted wireless body area networks. Inf. Sci. 284:157–166, 2014. doi: 10.1016/j.ins.2014.03.126.CrossRefGoogle Scholar
  13. 13.
    Tong, Y., Sun, J., Chow, S., and Pan, L., Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18(2):419–429, 2014. doi: 10.1109/JBHI.2013.2294932.CrossRefPubMedGoogle Scholar
  14. 14.
    Nabeel, M., and Bertino, E., Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9):2268–2280, 2014. doi: 10.1109/tkde.2013.68.CrossRefGoogle Scholar
  15. 15.
    Yang, J., Li, J., and Niu, Y., A hybrid solution for privacy preserving medical data sharing in the cloud environment. Futur. Gener. Comput. Syst. 43–44:74–86, 2015. doi: 10.1016/j.future.2014.06.004.CrossRefGoogle Scholar
  16. 16.
    Wang, H., Wu, Q., Qin, B., and Domingo-Ferrer, J., FRR: Fair remote retrieval of outsourced private medical records in electronic health networks. J. Biomed. Inform. 50:226–233, 2014. doi: 10.1016/j.jbi.2014.02.008.CrossRefPubMedGoogle Scholar
  17. 17.
    Zhang, K., Liang, X., Baura, M., Lu, R., and Shen, X., PHDA: A priority based health data aggregation with privacy preservation for cloud assisted WBANs. Inf. Sci. 284:130–141, 2014. doi: 10.1016/j.ins.2014.06.011.CrossRefGoogle Scholar
  18. 18.
    Wang, Z., Huang, D., Zhu, Y., Li, B., and Chung, C., Efficient attribute-based comparable data access control. IEEE Trans. Comput. 64(12):3430–3443, 2015. doi: 10.1109/tc.2015.2401033.CrossRefGoogle Scholar
  19. 19.
    Liu, X., Lu, R., Ma, J., Chen, L., and Qin, B., Privacy-preserving patient-centric clinical decision support system on naive Bayesian classification. IEEE J. Biomed. Health Inform. 20(2):655–668, 2015. doi: 10.1109/jbhi.2015.2407157.CrossRefGoogle Scholar
  20. 20.
    Zhou, J., Cao, Z., Dong, X., Xiong, N., and Vasilakos, A., 4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks. Inf. Sci. 314:255–276, 2015. doi: 10.1016/j.ins.2014.09.003.CrossRefGoogle Scholar
  21. 21.
    Sujansky, W., and Kunz, D., A standard-based model for the sharing of patient-generated health information with electronic health records. Personal Ubiquitous Comput. 19(1):9–25, 2014. doi: 10.1007/s00779-014-0806-z.CrossRefGoogle Scholar
  22. 22.
    Yu, H., Lai, H., Chen, K., Chou, H., Wu, J., Dorjgochoo, S., et al., A sharable cloud-based pancreaticoduodenectomy collaborative database for physicians: Emphasis on security and clinical rule supporting. Comput. Methods Programs Biomed. 111(2):488–497, 2013. doi: 10.1016/j.cmpb.2013.04.019.CrossRefPubMedGoogle Scholar
  23. 23.
    Zhou, J., Lin, X., Dong, X., and Cao, Z., PSMPA: Patient self-controllable and multi-level privacy-preserving cooperative authentication in distributed m-healthcare cloud computing system. IEEE Trans. Parallel Distrib. Syst. 26(6):1693–1703, 2015. doi: 10.1109/tpds.2014.2314119.CrossRefGoogle Scholar
  24. 24.
    Sawand, A., Djahel, S., Zhang, Z., and Na¨ıt-Abdesselam, F., Multidisciplinary Approaches to achieving efficient and trustworthy eHealth monitoring systems. IEEE/CIC ICCC 2014 Symp. Privacy Sec. In Commun 187–192, doi: 10.1109/ICCChina.2014.7008269.
  25. 25.
    Wang, C., Zhang, B., Ren, K., M. Roveda, J., Wen Chen, C., and Xu, Z., A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing. IEEE INFOCOM 2014 - IEEE Conf. Comput. Communi. 2130–2138, 2014. doi: 10.1109/INFOCOM.2014.6848155.
  26. 26.
    Zhou, J., Cao, Z., Dong, X., and Lin, X., PPDM: A privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE J. Sel. Top. Sign. Process 9(7):1332–1344, 2015. doi: 10.1109/jstsp.2015.2427113.CrossRefGoogle Scholar
  27. 27.
    Hoang, D., and Chen, L., Mobile Cloud for Assistive Healthcare (MoCAsH). 2010 I.E. Asia-Pacific Serv. Comput. Conf. 325–332, 2010. doi: 10.1109/APSCC.2010.102.
  28. 28.
    Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., and Luo, H., Security and privacy for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless Commun 22(4):104–112, 2015. doi: 10.1109/mwc.2015.7224734.CrossRefGoogle Scholar
  29. 29.
    Liu, C., Lin, F., Chiang, D., Chen, T., Chen, C., and Lin, H. et al., Secure PHR access control scheme for healthcare application clouds. 2013 42Nd Int. Conf. Parallel Process. 1067–1076, 2013. doi:  10.1109/icpp.2013.127.
  30. 30.
    Barua, M., Liang, X., Lu, R., and Shen, X., ESPAC: Enabling security and patient-centric access control for eHealth in cloud computing. Int. J. Sec. Networks 6(2/3):67–76, 2011. doi: 10.1504/ijsn.2011.043666.CrossRefGoogle Scholar
  31. 31.
    Narayan, S., Gagné, M., and Safavi-Naini, R., Privacy preserving EHR system using attribute-based infrastructure. Proc. 2010 ACM Workshop Cloud Comput. Sec. Workshop - CCSW ’10. 47-52, 2010. doi: 10.1145/1866835.1866845
  32. 32.
    Aljumah, F., Leung, R., Pourzandi, M., and Debbabi, M., Emergency mobile access to personal health records stored on an untrusted cloud. Health Inform. Sci. 30–41, 2013. doi: 10.1007/978-3-642-37899-7_3.
  33. 33.
    Huang, J., Sharaf, M., and Huang, C., A hierarchical framework for secure and scalable ehr sharing and access control in multi-cloud. 2012 41St Int. Conf. Parallel Process. Workshops. 279–287, 2012. doi:  10.1109/icppw.2012.42.
  34. 34.
    Chen, L., and Hoang, D., Novel data protection model in healthcare cloud. 2011 I.E. Int. Conf. High Perform. Comput. Commun. 550–555, 2011. doi:  10.1109/hpcc.2011.148.
  35. 35.
    Narayan, S., Gagné, M., and Safavi-Naini, R., Privacy preserving EHR system using attribute-based infrastructure. Proc. 2010 ACM Workshop Cloud Comput. Sec. Workshop - CCSW ’10. 47–52, 2010. doi: 10.1145/1866835.1866845.
  36. 36.
    Löhr, H., Sadeghi, A., and Winandy, M., Securing the e-health cloud. Proc. ACM Int. Conf. Health Inform. - IHI ’10. 220–229, 2010. doi:  10.1145/1882992.1883024.
  37. 37.
    Yu, Z., Thomborson, C., Wang, C., Wang, J., and Li, R., A cloud-based watermarking method for health data security. 2012 Int. Conf. High Perform. Comput. Simulation (HPCS. 642–647, 2012. doi:  10.1109/hpcsim.2012.6266986.
  38. 38.
    Alabdulatif, A., Khalil, I., and Mai, V., Protection of electronic health records (EHRs) in cloud. 2013 35Th Ann. Int. Conf. IEEE Eng. Med. Biol. Soc. (EMBC). 4191–4194, 2013. doi:  10.1109/embc.2013.6610469.
  39. 39.
    Ermakova, T., and Fabian, B., Secret sharing for health data in multi-provider clouds. 2013 I.E. 15Th Conf. Bus. Inform. 93–100, 2013. doi: 10.1109/CBI.2013.22.
  40. 40.
    Huang, M., Chen, Y., Chen, B., Liu, J., Rho, S., and Ji, W., A semi-supervised privacy-preserving clustering algorithm for healthcare. Peer-To-Peer Network. Appl. 1–12, 2015. doi: 10.1007/s12083-015-0356-9.
  41. 41.
    Rahman, S., Masud, M., Hossain, M., Alelaiwi, A., Hassan, M., and Alamri, A., Privacy preserving secure data exchange in mobile P2P cloud healthcare environment. Peer-To-Peer Network. Appl. 1–16, 2015. doi: 10.1007/s12083-015-0334-2.
  42. 42.
    Xhafa, F., Feng, J., Zhang, Y., Chen, X., and Li, J., Privacy-aware attribute-based PHR sharing with user accountability in cloud computing. J Supercomput. 71(5):1607–1619, 2014. doi: 10.1007/s11227-014-1253-3.CrossRefGoogle Scholar
  43. 43.
    Chen, C., Yang, T., Chiang, M., and Shih, T., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38:143, 2014. doi: 10.1007/s10916-014-0143-9.CrossRefPubMedGoogle Scholar
  44. 44.
    Chen, C., Yang, T., and Shih, T., A secure medical data exchange protocol based on cloud environment. J. Med. Syst. 38:112, 2014. doi: 10.1007/s10916-014-0112-3.CrossRefPubMedGoogle Scholar
  45. 45.
    Jafari, M., Safavi-Naini, R., and Sheppard, N., A rights management approach to protection of privacy in a cloud of electronic health records. Proc. 11Th Ann. ACM Workshop Digit. Rights Manag. - DRM ’11. 23–30, 2011. doi: 10.1145/2046631.2046637.
  46. 46.
    Lam, P., Mitchell, J., Scedrov, A., Sundaram, S., and Wang, F., Declarative privacy policy. Proc. 2Nd ACM SIGHIT Symp. Int. Health Inform. - IHI ’12. 323–332, 2012. doi: 10.1145/2110363.2110401.
  47. 47.
    Mohanty, M., Atrey, P., and Ooi, W., Secure cloud-based medical data visualization. Proc. 20Th ACM Int. Conf. Multimed. - MM ’12. 1105–1108, 2012. doi: 10.1145/2393347.2396394.
  48. 48.
    Sanz-Requena, R., Mañas-García, A., Cabrera-Ayala, J., and García-Martí, G., A cloud-based radiological portal for the patients: IT contributing to position the patient as the central axis of the 21 st century healthcare cycles. Proc. First Int. Workshop Tech. Legal Aspects Data Privacy. 54–57, 2015. Retrieved from
  49. 49.
    Francis, T., Madiajagan, M., and Kumar, V., Privacy issues and techniques in E-Health systems. Proc. 2015 ACM SIGMIS Conf. Comput. People Res. - SIGMIS-CPR ’15. 113115, 2015. doi: 10.1145/2751957.2751981.
  50. 50.
    Balinsky, H., and Mohammad, N., Fine grained access of interactive personal health records. Proc. 2015 ACM Symp. Doc. Eng. - DocEng ’15. 207–210, 2015. doi: 10.1145/2682571.2797098.
  51. 51.
    Hei, X., and Lin, S., Multi-part file encryption for electronic health records cloud. Proc. 4Th ACM Mobihoc Workshop Pervasive Wireless Healthcare - Mobilehealth ’14. 31–36, 2014. doi: 10.1145/2633651.2637473.
  52. 52.
    Mohandas, A., and S, S., Privacy preserving content disclosure for enabling sharing of electronic health records in cloud computing. Proc. 7Th ACM India Comput. Conf. - COMPUTE ’14. article no. 7, 2014. doi: 10.1145/2675744.2675753.
  53. 53.
    Ragesh, G., and Baskaran, K., CRYPE. Proc. First Int. Conf. Sec. Internet Things - Sec. ’12. 204–209, 2012. doi: 10.1145/2490428.2490457
  54. 54.
    Lin, H., Shao, J., Zhang, C., and Fang, Y., CAM: Cloud-assisted privacy preserving mobile health monitoring. IEEE Trans. Inform. Forensic Sec. 8(6):985–997, 2013. doi: 10.1109/tifs.2013.2255593.CrossRefGoogle Scholar
  55. 55.
    Li, M., Yu, S., Zheng, Y., Ren, K., and Lou, W., Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1):131–143, 2013. doi: 10.1109/tpds.2012.97.CrossRefGoogle Scholar
  56. 56.
    Li, M., Yu, S., Ren, K., and Lou, W., Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. Lecture Notes Inst. Comput. Sci. Soc. Inform. Telecommun. Eng. 89–106, 2010. doi: 10.1007/978-3-642-16161-2_6.
  57. 57.
    Castiglione, A., Pizzolante, R., De Santis, A., Carpentieri, B., Castiglione, A., and Palmieri, F., Cloud-based adaptive compression and secure management services for 3D healthcare data. Futur. Gener. Comput. Syst. 43–44:120–134, 2015. doi: 10.1016/j.future.2014.07.001.CrossRefGoogle Scholar
  58. 58.
    Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., and Alem, L., A platform for secure monitoring and sharing of generic health data in the Cloud. Futur. Gener. Comput. Syst. 35:102–113, 2014. doi: 10.1016/j.future.2013.09.011.CrossRefGoogle Scholar
  59. 59.
    Liu, J., Huang, X., and Liu, J., Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Futur. Gener. Comput. Syst. 52:67–76, 2015. doi: 10.1016/j.future.2014.10.014.CrossRefGoogle Scholar
  60. 60.
    Taneja, H., Kapil, and Singh, A., Preserving privacy of patients based on re-identification risk. Proc. Comput. Sci. 70:448–454, 2015. doi: 10.1016/j.procs.2015.10.073.CrossRefGoogle Scholar
  61. 61.
    Khan, F., Ali, A., Abbas, H., and Haldar, N., A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Proc. Comput. Sci. 34:511–517, 2014. doi: 10.1016/j.procs.2014.07.058.CrossRefGoogle Scholar
  62. 62.
    Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 2014. doi:  10.1007/s10916-014-0041-1.
  63. 63.
    Mishra, D., Srinivas, J., and Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):120, 2014. doi: 10.1007/s10916-014-0120-3.CrossRefPubMedGoogle Scholar
  64. 64.
    Abbas, H., Magnusson, C., Yngstrom, L., and Hemani, A., Addressing dynamic issues in information security management. Info. Mngmnt. Comp. Sec. 19(1):5–24, 2011. doi: 10.1108/09685221111115836.CrossRefGoogle Scholar
  65. 65.
    Ali, A., and Khan, F., Energy-efficient cluster-based security mechanism for intra-WBAN and inter-WBAN communications for healthcare applications. EURASIP J. Wirel. Commun. Netw. 2013(1):216, 2013. doi: 10.1186/1687-1499-2013-216.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology (SZABIST)IslamabadPakistan
  2. 2.King Saud UniversityRiyadhSaudi Arabia
  3. 3.National University of Sciences and TechnologyIslamabadPakistan

Personalised recommendations