Springer Nature is making Coronavirus research free. View research | View latest news | Sign up for updates

Role-based policy to maintain privacy of patient health records in cloud

  • 164 Accesses


Modern healthcare system collects health information from health assisted gadgets of different sources and stores them in the cloud storage servers as an electronic record called the patients health records (PHR) and ensures the availability whenever and wherever needed. An important issue in this centralized cloud storage is the loss of privacy and security of sensitive PHR. Existing and the most recent solutions on privacy and security provisioning are purely based on role-based access control (RBAC). However, these RBAC schemes suffer from role explosion due to the increasing number of different roles. Furthermore, managing all those roles in order to provide proper access permissions can become a complex problem. Dynamic segregation of duty relations reduces the number of potential permissions that can be made available to a user by placing constraints on the users by assigning a set of roles. In order to address the above stated problem, this paper proposes a hybrid framework called MediTrust. The proposed MediTrust combines two schemes namely RBAC and attribute-based encryption (ABE) and works on semantic database, ensuring the accessibility of patient data for different access controls. The patient data are encrypted at the provider side before outsourcing it to the cloud server and then it is decrypted again at the user end after being downloaded from the cloud server. The general information of the patient collected as PHR is stored in a separate cloud server, and the medical reports are stored separately in yet another cloud server. A second-step security control is provided using CAPTCHA which is mainly used as a security check to ensure that only human users can log in to the MediTrust. A third-step security control is also provided in which one key is shared to user’s registered mobile number and another key is shared to user’s e-mail id. In MediTrust, combination of these two keys is required to decrypt the PHR. Further, ABE polices and access control security mechanisms for privacy preservation have been validated on PHR using Amazon AWS EC2 CA. Performance evaluation results show that the proposed MediTrust is better than existing work in terms of time complexity and computational overhead.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5


  1. 1.

    Aiswarya R, Divya R, Sangeetha D, Vaidehi V (2013) Harnessing healthcare data security in cloud. ICRTIT

  2. 2.

    Logeswari G, Sangeetha D, Vaidehi V (2014) A cost effective clustering based anonymization approach for storing PHR’s in cloud. In: International Conference on Recent Trends in Information Technology

  3. 3.

    Sweeney L (2002) k-Anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl Based Syst 10(5):557–570

  4. 4.

    Terrovitis M, Mamoulis N, Kalnis P (2008) Privacy-preserving anonymization of set-valued data. In: Proc. International Conference on Very Large Data Bases (VLDB), pp 115–125

  5. 5.

    Wong RC-W, Fu AW-C, Wang K, Pei J (2007) Minimality attack in privacy preserving data publishing. In: Proc. International Conference on Very Large Data Bases (VLDB), pp 543–554

  6. 6.

    Guide to ABAC definition and consideration.

  7. 7.

    Xhafa F, Qassem T, Moore P (2014) Collaboration through patient data access and sharing in the cloud. In: IEEE Journal of Selected Topics in Signal Processing, vol 4, no. 7

  8. 8.

    Chen R, Mu Y, Yang G, Guo F, Wang X (2016) Dual-server public-key encryption with keyword search for secure cloud storage. IEEE Trans 4

  9. 9.

    Cui B, Liu Z, Wang L (2016) Key-aggregate searchable encryption (KASE) for group data sharing via cloud storage. IEEE Trans Comput 65(8)

  10. 10.

    Zhou J, Cao Z, Dong X, Lin X (2015) Privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE J Sel Top Signal Process 9(7)

  11. 11.

    Salih RM, Lilien LT (2015) Protecting users’ privacy in healthcare cloud computing with APB-TTP

  12. 12.

    Ming Li, Shucheng Yu, Member, IEEE, Yao Zheng, Kui Ren, and Wenjing Lou (2013) Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption. IEEE 2013

  13. 13.

    Vijayapriya M, Malathi (2013) On demand security for personal health record in cloud computing using encryption and decryption cryptography. Volume 3, Issue 9

  14. 14.

    Zhou J, Cao Z, Dong X, Lin X (2015) PPDM: a privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE

  15. 15.

    Liu X, Zhang Y, Wang B, Yan J (2013) Mona: secure multi-owner data sharing for dynamic groups in the cloud. IEEE Trans Parallel Distrib Syst 24(6):1182–1191

  16. 16.

    Li M, Yu S, Ren K, Lou W (2010) Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Proc. Sixth Int’l ICST Conf. Security and Privacy in Comm. Networks (Secure Comm’10)

  17. 17.

    Sahai, Waters B (2015) Fuzzy identity-based encryption in Proc. Eurocrypt 457–473

  18. 18.

    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute based encryption. In: Proc. IEEE Symp. Security Privacy, pp 321–334

  19. 19.

    Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proc. ACM Conference on Computing, Communication and Security, pp 195–203

  20. 20.

    Cheung L, Newport C (2007) Provably secure ciphertext policy ABE. In: Proc. ACM Conference on computing, Communication Security, pp 456–465

  21. 21.

    Goyal V, Jain A, Pandey O, Sahai A (2008) Bounded ciphertext policy attribute-based encryption. In: Proc. ICALP, pp 579–591

  22. 22.

    Liang X, Cao Z, Lin H, Xing D (2009) Provably secure and efficient bounded cipher text policy attribute based encryption. In Proc. ASIACCs, pp 343–352

  23. 23.

    Chase M (2007) Multi-authority attribute based encryption. In: Proc. TCC, LNCS 4329, pp 515–534

  24. 24.

    Goyal BV, Kumar V (2008) Identity-based encryption with efficient revocation. In Proc. of ACM Conference on Computing, Communication and Security, pp 9–112

  25. 25.

    Chen N, Gerla M, Huang D, Hong X (2010) Secure, selective group broadcast in vehicular networks using dynamic attribute based encryption. In: Proc. Ad Hoc Network Workshop, pp 1–8

  26. 26.

    Pirretti M, Traynor P, McDaniel P, Waters B (2006) Secure attribute based systems. In: Proc. ACM Conference on Computing, Communication, and Security, pp 417–426

Download references


Funding was provided by Nvidia (Hardware Grant).

Author information

Correspondence to S. Sibi Chakkaravarthy.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Tembhare, A., Sibi Chakkaravarthy, S., Sangeetha, D. et al. Role-based policy to maintain privacy of patient health records in cloud. J Supercomput 75, 5866–5881 (2019).

Download citation


  • Attribute-based encryption
  • Role-based access control
  • MediTrust
  • Access control
  • Privacy preservation