Abstract
The final few years, Information and Communication Technology (ICT) have delivered the concept of central enterprise model in e-health. Health-care is increasingly being supported via IT functions and new technologies, such as Cloud Computing. But sharing sensitive private data in Cloud Computing can be risky, when an unauthorized person gets access to this information and uses this in a different way than those supposed by the Providers. Numerous nations are sharp to go their typical health care services to the modern innovation of Cloud Computing, in order to move forward the first-class of care and to limit the cost. In any case, these possibilities introduce new safety risks and require a special treatment of safety issues, which cannot be ignored. Our work focuses on analyzing the challenges when using Cloud Computing in e-health systems and on moderation of these risks. In this paper, we present a list of the main security requirements that have to be viewed when migrating an e-health system to a SaaS Cloud Computing environment by means of each Health-care Providers and Cloud Service Providers and at the same time we propose some basic provisions to mitigate the significant risks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Goodwin, L., Courtney, K., Kirby, K.D., Iannacchione, M.A., Manley, T.: A pilot study: patients’ perceptions about the privacy of their medical records. J. Nurs. Inf. 6(3), 1–21 (2002)
Flynn, H., Marcus, S., Kerber, K., Alessi, N.: Patients’ concerns about and perceptions of electronic psychiatric records. Psychiat. Serv. 54(11), 1539–1541 (2003)
Silber, D.: (2003). http://www.openclinical.org/e-Health. Accessed 9 Nov 2018
Han, S., Skinner, G., Potdar, V., Chang, E.: A framework of authentication and authorization for e-health services 105–106 (2006). https://doi.org/10.1145/1180367.1180387
Oh, H., Rizo, C., Enkin, M., Jadad, A.: What is eHealth (3): a systematic review of published definitions. J. Med. Internet Res. 7(1), e1 (2005)
Scott, R.E., Chowdhury, M.F.U., Varghese, S.: Telehealth policy: looking for global complementarity. Telemed. Telecare 8, 55–57 (2002)
Gematik - gesellschaft fur telematikanwendungen der gesundheitskarte: http://www.gematik.de. Accessed 27 Nov 2017
Chatman, C.: How cloud computing is changing the face of health care information technology. J. Health Care Compliance 12, 37–70 (2010)
Dudley, J.T., Pouliot, Y., Chen, R., et al.: Translational bioinformatics in the Cloud: an affordable alternative. Genome Med. 2, 51 (2010)
Kabachinski, J.: What’s the forecast for Cloud Computing in healthcare? Biomed. Instrum. Technol. 45(2), 146–150 (2011). https://doi.org/10.2345/0899-8205-45.2.146
Meingast, M., Roosta, T., Sastry, S.: Security and privacy issues with health care information technology. In: Conference Proceedings, vol. 1, pp. 5453–5458 (2006). IEEE Eng Med Biol Soc
Shmatikov, V.: Anonymity is not privacy: technical perspective. J. Commun. ACM 54, 132 (2011)
Reynolds, B., Venkatanathan, J., Gonçalves, J., Kostakos, V.: Sharing ephemeral information in online social networks: privacy perceptions and behaviours. In: Campos, P., Graham, N., Jorge, J., Nunes, N., Palanque, P., Winckler, M. (eds.) INTERACT 2011. LNCS, vol. 6948, pp. 204–215. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23765-2_14
De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Protecting privacy in data release. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 1–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23082-0_1
Georgiou, D., Lambrinoudakis, C.: Cloud computing security requirements and a methodology for their auditing. In: Katsikas, S.K., Sideridis, A.B. (eds.) e-Democracy 2015. CCIS, vol. 570, pp. 51–61. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27164-4_4
Georgiou, D., Lambrinoudakis, C.: Security policy rules and required procedures for two crucial cloud computing threats. Int. J. Electron. Govern. 9(3/4), 385–403 (2017)
Georgiou, D., Lambrinoudakis, C.: A security policy for cloud providers the software-as-a-service model. In: Conference: ICIMP 2014: The Ninth International Conference on Internet Monitoring and Protection (2014)
Final European progress report. E-health strategies. www.ehealth-stragies.eu/report/report.html. Accessed 10 Nov 2018
European Commission SWD (2012) 413 final (2018)
Communication from the Commission to the Council the European Parliament, the European Economic and Social Committee and the Committee of the Regions, COM(2004) 356: e-Health—making health care better for European citizens: an action plan for a European e-Health Area {SEC(2004) 539}. European Commission, Brussels (2004)
European Commission SWD (2012) 414 final. Οn the applicability of the existing EU legal framework to telemedicine services (2018). https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2012:0414:FIN:EN:PDF. Accessed 24 Nov 2018
Action77: Foster EU-wide standards, interoperability testing and certification of e Health: digital Agenda for Europe. http://ec.europa.eu/digital-agenda/en/pillar-vii-ict-enabled-benefits-eu-society/action-77-foster-eu-wide-standards-interoperability. Accessed 28 Aug 2018
EU activities in the field of e Health interoperability and standardization: an overview. European Commission (2013, press release)
Europe’s Information Society eHealth portal. http://europa.eu.int/information_society/activities/health. Accessed 30 Sept 2019
European Commission. eHealth Action Plan 2012–2020 - Innovative healthcare for the 21st century (2019). http://ec.europa.eu/health/ehealth/docs/com_2012_736_en.pdf. Accessed 12 Dec 2019
European Parliament, Council of the European Union. Decision on adopting a programme of Community action on health monitoring within the framework of action in the field of public health (1997–2001) (1400/97/EC). Off J EurCommunities, vol. 40, pp. 1–10 (1997)
European Parliament, Council of the European Union. Decision on adopting a programme of Community action in the field of public health (2003–2008) (1786/2002/EC). Off J Eur Union, vol. 45, pp. 1–11 (2002)
European Parliament, Council of the European Union. Decision on establishing a second programme of Community action in the field of health (2008–13) (1350/2007/EC). Off J Eur Union, vol. 50, pp. 3–13 (2007)
eHealth Industries Innovation. What is e Health? e Health Industries Innovation (ehi2) Centre, http://www.ehi2.swan.ac.uk/en/what-is-ehealth.htm. Accessed 3 Apr 2014
European Commission. eHealth Action Plan 2012–2020 - Innovative healthcare for the 21st century (2012). http://ec.europa.eu/health/ehealth/docs/com_2012_736_en.pdf. Accessed 12 Dec 2018
Khazaei, H., Misic, J., Misic, V.: Performance analysis of cloud computing centers using M/G/m/m+r. queuing systems IEEE Trans Parallel Distrib. Syst. 23, 5 (2012)
Wang, L., von Laszewski, G., Younge, A., et al.: Cloud computing: a perspective study. New Gener. Comput. 28, 137–146 (2010)
Kleinrock, L.: Queueing Systems: Theory, vol. 1. Wiley-Interscience, Hoboken (1975)
Mao, M., Li, J., Humphrey, M.: Cloud auto-scaling with deadline and budget constraints. In: 2010 11th IEEE/ACM International Conference on Grid Computing (GRID), pp. 41–48 (2010)
Barham, P., Dragovic, B., Fraser, K., et al.: Xen and the art of virtualization. SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)
WMWare White paper http://www.vmware.com/pdf/virtualization.pdf. Accessed 25 Dec 2017
The Open Stack Project: Open Stack ‘The open source cloud operating system’. http://www.openstack.org/software/. Accessed 30 Nov 2017
Grance, M.P.: The NIST definition of cloud computing Gaithersburg: NIST Special Publication 800-145, 20899-8930 (2011)
Georgiou, D.: PhD Thesis Security Policies for Cloud Computing (2018)
Cloud Security Alliance, Top threats to Cloud Computing v1.0. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf. Accessed 15 Nov 2019
Heiser, J., Nicolett, M.: Assessing the Security Risks of Cloud Computing, white paper, Gartner Group, ID Number: G00157782 (2008). Accessed 10 Dec 2018
Acknowledgment
This research is co-financed by Greece and the European Union (European Social Fund- ESF) through the Operational Programme «Human Resources Development, Education and Lifelong Learning» in the context of the project “Reinforcement of Postdoctoral Researchers - 2nd Cycle” (MIS-5033021), implemented by the State Scholarships Foundation (ΙKY).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Georgiou, D., Lambrinoudakis, C. (2020). Cloud Computing Framework for e-Health Security Requirements and Security Policy Rules Case Study: A European Cloud-Based Health System. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2020. Lecture Notes in Computer Science(), vol 12395. Springer, Cham. https://doi.org/10.1007/978-3-030-58986-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-58986-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58985-1
Online ISBN: 978-3-030-58986-8
eBook Packages: Computer ScienceComputer Science (R0)