Skip to main content
SpringerLink
Log in

Cloud Computing Framework for e-Health Security Requirements and Security Policy Rules Case Study: A European Cloud-Based Health System

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12395))

Included in the following conference series:

Abstract

The final few years, Information and Communication Technology (ICT) have delivered the concept of central enterprise model in e-health. Health-care is increasingly being supported via IT functions and new technologies, such as Cloud Computing. But sharing sensitive private data in Cloud Computing can be risky, when an unauthorized person gets access to this information and uses this in a different way than those supposed by the Providers. Numerous nations are sharp to go their typical health care services to the modern innovation of Cloud Computing, in order to move forward the first-class of care and to limit the cost. In any case, these possibilities introduce new safety risks and require a special treatment of safety issues, which cannot be ignored. Our work focuses on analyzing the challenges when using Cloud Computing in e-health systems and on moderation of these risks. In this paper, we present a list of the main security requirements that have to be viewed when migrating an e-health system to a SaaS Cloud Computing environment by means of each Health-care Providers and Cloud Service Providers and at the same time we propose some basic provisions to mitigate the significant risks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Goodwin, L., Courtney, K., Kirby, K.D., Iannacchione, M.A., Manley, T.: A pilot study: patients’ perceptions about the privacy of their medical records. J. Nurs. Inf. 6(3), 1–21 (2002)

    Google Scholar 

  2. Flynn, H., Marcus, S., Kerber, K., Alessi, N.: Patients’ concerns about and perceptions of electronic psychiatric records. Psychiat. Serv. 54(11), 1539–1541 (2003)

    Article  Google Scholar 

  3. Silber, D.: (2003). http://www.openclinical.org/e-Health. Accessed 9 Nov 2018

  4. Han, S., Skinner, G., Potdar, V., Chang, E.: A framework of authentication and authorization for e-health services 105–106 (2006). https://doi.org/10.1145/1180367.1180387

  5. Oh, H., Rizo, C., Enkin, M., Jadad, A.: What is eHealth (3): a systematic review of published definitions. J. Med. Internet Res. 7(1), e1 (2005)

    Google Scholar 

  6. Scott, R.E., Chowdhury, M.F.U., Varghese, S.: Telehealth policy: looking for global complementarity. Telemed. Telecare 8, 55–57 (2002)

    Article  Google Scholar 

  7. Gematik - gesellschaft fur telematikanwendungen der gesundheitskarte: http://www.gematik.de. Accessed 27 Nov 2017

  8. Chatman, C.: How cloud computing is changing the face of health care information technology. J. Health Care Compliance 12, 37–70 (2010)

    Google Scholar 

  9. Dudley, J.T., Pouliot, Y., Chen, R., et al.: Translational bioinformatics in the Cloud: an affordable alternative. Genome Med. 2, 51 (2010)

    Article  Google Scholar 

  10. Kabachinski, J.: What’s the forecast for Cloud Computing in healthcare? Biomed. Instrum. Technol. 45(2), 146–150 (2011). https://doi.org/10.2345/0899-8205-45.2.146

    Article  Google Scholar 

  11. Meingast, M., Roosta, T., Sastry, S.: Security and privacy issues with health care information technology. In: Conference Proceedings, vol. 1, pp. 5453–5458 (2006). IEEE Eng Med Biol Soc

    Google Scholar 

  12. Shmatikov, V.: Anonymity is not privacy: technical perspective. J. Commun. ACM 54, 132 (2011)

    Article  Google Scholar 

  13. Reynolds, B., Venkatanathan, J., Gonçalves, J., Kostakos, V.: Sharing ephemeral information in online social networks: privacy perceptions and behaviours. In: Campos, P., Graham, N., Jorge, J., Nunes, N., Palanque, P., Winckler, M. (eds.) INTERACT 2011. LNCS, vol. 6948, pp. 204–215. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23765-2_14

    Chapter  Google Scholar 

  14. De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Protecting privacy in data release. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 1–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23082-0_1

    Chapter  Google Scholar 

  15. Georgiou, D., Lambrinoudakis, C.: Cloud computing security requirements and a methodology for their auditing. In: Katsikas, S.K., Sideridis, A.B. (eds.) e-Democracy 2015. CCIS, vol. 570, pp. 51–61. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27164-4_4

    Chapter  Google Scholar 

  16. Georgiou, D., Lambrinoudakis, C.: Security policy rules and required procedures for two crucial cloud computing threats. Int. J. Electron. Govern. 9(3/4), 385–403 (2017)

    Article  Google Scholar 

  17. Georgiou, D., Lambrinoudakis, C.: A security policy for cloud providers the software-as-a-service model. In: Conference: ICIMP 2014: The Ninth International Conference on Internet Monitoring and Protection (2014)

    Google Scholar 

  18. Final European progress report. E-health strategies. www.ehealth-stragies.eu/report/report.html. Accessed 10 Nov 2018

  19. European Commission SWD (2012) 413 final (2018)

    Google Scholar 

  20. Communication from the Commission to the Council the European Parliament, the European Economic and Social Committee and the Committee of the Regions, COM(2004) 356: e-Health—making health care better for European citizens: an action plan for a European e-Health Area {SEC(2004) 539}. European Commission, Brussels (2004)

    Google Scholar 

  21. European Commission SWD (2012) 414 final. Οn the applicability of the existing EU legal framework to telemedicine services (2018). https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2012:0414:FIN:EN:PDF. Accessed 24 Nov 2018

  22. Action77: Foster EU-wide standards, interoperability testing and certification of e Health: digital Agenda for Europe. http://ec.europa.eu/digital-agenda/en/pillar-vii-ict-enabled-benefits-eu-society/action-77-foster-eu-wide-standards-interoperability. Accessed 28 Aug 2018

  23. EU activities in the field of e Health interoperability and standardization: an overview. European Commission (2013, press release)

    Google Scholar 

  24. Europe’s Information Society eHealth portal. http://europa.eu.int/information_society/activities/health. Accessed 30 Sept 2019

  25. European Commission. eHealth Action Plan 2012–2020 - Innovative healthcare for the 21st century (2019). http://ec.europa.eu/health/ehealth/docs/com_2012_736_en.pdf. Accessed 12 Dec 2019

  26. European Parliament, Council of the European Union. Decision on adopting a programme of Community action on health monitoring within the framework of action in the field of public health (1997–2001) (1400/97/EC). Off J EurCommunities, vol. 40, pp. 1–10 (1997)

    Google Scholar 

  27. European Parliament, Council of the European Union. Decision on adopting a programme of Community action in the field of public health (2003–2008) (1786/2002/EC). Off J Eur Union, vol. 45, pp. 1–11 (2002)

    Google Scholar 

  28. European Parliament, Council of the European Union. Decision on establishing a second programme of Community action in the field of health (2008–13) (1350/2007/EC). Off J Eur Union, vol. 50, pp. 3–13 (2007)

    Google Scholar 

  29. eHealth Industries Innovation. What is e Health? e Health Industries Innovation (ehi2) Centre, http://www.ehi2.swan.ac.uk/en/what-is-ehealth.htm. Accessed 3 Apr 2014

  30. European Commission. eHealth Action Plan 2012–2020 - Innovative healthcare for the 21st century (2012). http://ec.europa.eu/health/ehealth/docs/com_2012_736_en.pdf. Accessed 12 Dec 2018

  31. Khazaei, H., Misic, J., Misic, V.: Performance analysis of cloud computing centers using M/G/m/m+r. queuing systems IEEE Trans Parallel Distrib. Syst. 23, 5 (2012)

    Google Scholar 

  32. Wang, L., von Laszewski, G., Younge, A., et al.: Cloud computing: a perspective study. New Gener. Comput. 28, 137–146 (2010)

    Article  Google Scholar 

  33. Kleinrock, L.: Queueing Systems: Theory, vol. 1. Wiley-Interscience, Hoboken (1975)

    MATH  Google Scholar 

  34. Mao, M., Li, J., Humphrey, M.: Cloud auto-scaling with deadline and budget constraints. In: 2010 11th IEEE/ACM International Conference on Grid Computing (GRID), pp. 41–48 (2010)

    Google Scholar 

  35. Barham, P., Dragovic, B., Fraser, K., et al.: Xen and the art of virtualization. SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)

    Article  Google Scholar 

  36. WMWare White paper http://www.vmware.com/pdf/virtualization.pdf. Accessed 25 Dec 2017

  37. The Open Stack Project: Open Stack ‘The open source cloud operating system’. http://www.openstack.org/software/. Accessed 30 Nov 2017

  38. Grance, M.P.: The NIST definition of cloud computing Gaithersburg: NIST Special Publication 800-145, 20899-8930 (2011)

    Google Scholar 

  39. Georgiou, D.: PhD Thesis Security Policies for Cloud Computing (2018)

    Google Scholar 

  40. Cloud Security Alliance, Top threats to Cloud Computing v1.0. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf. Accessed 15 Nov 2019

  41. Heiser, J., Nicolett, M.: Assessing the Security Risks of Cloud Computing, white paper, Gartner Group, ID Number: G00157782 (2008). Accessed 10 Dec 2018

    Google Scholar 

Download references

Acknowledgment

This research is co-financed by Greece and the European Union (European Social Fund- ESF) through the Operational Programme «Human Resources Development, Education and Lifelong Learning» in the context of the project “Reinforcement of Postdoctoral Researchers - 2nd Cycle” (MIS-5033021), implemented by the State Scholarships Foundation (ΙKY).

figure a

Author information

Authors and Affiliations

  1. Systems Security Laboratory, Department of Digital Systems, School of Information and Communication Technologies, University of Piraeus, Piraeus, Greece

    Dimitra Georgiou & Costas Lambrinoudakis

Authors
  1. Dimitra Georgiou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Costas Lambrinoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dimitra Georgiou .

Editor information

Editors and Affiliations

  1. School of Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  2. SBA Research, Vienna, Wien, Austria

    Edgar R. Weippl

  3. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Gabriele Kotsis

  4. Vienna University of Technology, Vienna, Wien, Austria

    A Min Tjoa

  5. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Georgiou, D., Lambrinoudakis, C. (2020). Cloud Computing Framework for e-Health Security Requirements and Security Policy Rules Case Study: A European Cloud-Based Health System. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2020. Lecture Notes in Computer Science(), vol 12395. Springer, Cham. https://doi.org/10.1007/978-3-030-58986-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58986-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58985-1

  • Online ISBN: 978-3-030-58986-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation