Skip to main content
SpringerLink
Log in

e-Health Cloud: Privacy Concerns and Mitigation Strategies

  • Chapter
Medical Data Privacy Handbook

Abstract

Cloud based solutions have permeated in the healthcare domain due to a broad range of benefits offered by the cloud computing. Besides the financial advantages to the healthcare organizations, cloud computing also offers large-scale and on-demand storage and processing services to various entities of the cloud based health ecosystem. However, outsourcing the sensitive health information to the third-party cloud providers can result in serious privacy concerns. This chapter highlights the privacy issues related to the health data and also presents privacy preserving requirements. Besides the benefits of the cloud computing in healthcare, cloud computing deployment models are also discussed from the perspective of healthcare systems. Moreover, some recently developed strategies to mitigate the privacy concerns and to fulfil the privacy preserving requirements are also discussed in detail. Furthermore, strengths and weaknesses of each of the presented strategies are reported and some open issues for the future research are also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abbas, A., Khan, S.: A review on the state-of-the-art privacy preserving approaches in e-health clouds. IEEE J. Biomed. Health Inform. 18, 1431–1441 (2014)

    Article  Google Scholar 

  2. Abbas, A., Bilal, K., Zhang, L., Khan, S.U.: A cloud based health insurance plan recommendation system: a user centered approach. Futur. Gener. Comput. Syst. 43, 99–109 (2015)

    Article  Google Scholar 

  3. Abbas, A., Khan, M., Ali, M., Khan, S., Yang, L.: A cloud based framework for identification of influential health experts from Twitter. In: Proceedings of the 15th International Conference on Scalable Computing and Communications (ScalCom) (2015)

    Google Scholar 

  4. Sedgewick, R.: Algorithms in C++: Fundamentals, data structures, sorting, searching and graph algorithms. Boston: Addison-Wesley (2001)

    Google Scholar 

  5. Ahmad, M., Pervez, Z., Lee, S.: Dual locks: partial sharing of health documents in cloud. In: Bodine, C., Helal, S., Gu, T., Mokhtari, M. (eds.) Smart Homes and Health Telematics, vol. 8456, pp. 187–194. Springer, Cham (2014)

    Chapter  Google Scholar 

  6. Ahuja, S., Mani, S., Zambrano, J.: A survey of the state of cloud computing in healthcare. Netw. Commun. Technol. 1, 12–19 (2012)

    Google Scholar 

  7. Akinyele, J., Lehmann, C., Green, M., Pagano, M., Peterson, Z., Rubin, A.: Self-protecting electronic medical records using attribute-based encryption. Technical Report 2010/565, Cryptology e-Print Archive (2010)

    Google Scholar 

  8. Ammar, N., Malik, Z., Rezgui, A., Alodib, M.: MobiDyC: private mobile-based health data sharing through dynamic context handling. Procedia Comput. Sci. 34, 426–433 (2014)

    Article  Google Scholar 

  9. Barua, M., Liang, X., Lu, R., Shen, X.: ESPAC: enabling security and patient-centric access control for eHealth in cloud computing. Int. J. Secur. Netw. 6(2/3), 67–76 (2011)

    Article  Google Scholar 

  10. Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, pp. 103–114. ACM (2009)

    Google Scholar 

  11. Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2014)

    Article  Google Scholar 

  12. Chen, Y., Lu, J., Jan, J.: A secure EHR system based on hybrid clouds. J. Med. Syst. 36(5), 3375–3384 (2012)

    Article  Google Scholar 

  13. Dong, X., Yu, J., Luo, Y., Chen, Y., Xue, G., Li, M.: Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing. Comput. Secur. 42, 151–164 (2014)

    Article  Google Scholar 

  14. Fabian, B., Ermakova, T., Junghanns, P.: Collaborative and secure sharing of healthcare data in multi-clouds. Inf. Syst. 48, 132–150 (2015)

    Article  Google Scholar 

  15. Fan, L., Buchanan, W., Thummler, C., Lo, O., Khedim, A., Uthmani, O., Lawson, A., Bell, D.: DACAR platform for e-Health services cloud. In: Proceedings of the 4th IEEE International Conference on Cloud Computing, pp. 219–226 (2011)

    Google Scholar 

  16. Gorp, P., Comuzzi, M.: Lifelong personal health data and application software via virtual machines in the cloud. IEEE J. Biomed. Health Inform. 18(1), 36–45 (2014)

    Article  Google Scholar 

  17. Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Muller, G.: Aspects of privacy for electronic health records. Int. J. Med. Inform. 80(2), e26–e31 (2011)

    Article  Google Scholar 

  18. Han, N., Han, L., Tuan, D., In, H., Jo, M.: A scheme for data confidentiality in cloud-assisted wireless body area networks. Inf. Sci. 284, 157–166 (2014)

    Article  Google Scholar 

  19. Hans, L., Sadeghi, A., Winandy, M.: Securing the e-Health cloud. In: Proceedings of the 1st ACM International Health Informatics Symposium, IHI ’10, pp. 220–229. ACM (2010)

    Google Scholar 

  20. HealthIT.gov.: Health IT legislation and regulations. http://healthit.gov/policy-researchers-implementers/health-it-legislation (2015). Accessed 29 May 2015

  21. Jafari, M., Naini, R., Sheppard, N.: A rights management approach to protection of privacy in a cloud of electronic health records. In: Proceedings of the 11th Annual ACM Workshop on Digital Rights Management, DRM ’11, pp. 23–30. ACM (2011)

    Google Scholar 

  22. Johnson, M.: Data hemorrhages in the health-care sector. In: Dingledine, R., Golle, P. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science, vol. 5628, pp. 71–89. Springer, Berlin/Heidelberg (2009)

    Chapter  Google Scholar 

  23. Kaletsch, A., Sunyaev, A.: Privacy engineering: personal health records in cloud computing environments. In: Proceedings of the 32nd International Conference on Information Systems (ICIS), pp. 1–11 (2011)

    Google Scholar 

  24. Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J., Sako, K., Kazue, S. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science, vol. 6054, pp. 136–149. Springer, Berlin/Heidelberg (2010)

    Chapter  Google Scholar 

  25. Kuo, A.H.: Opportunities and challenges of cloud computing to improve health care services. J. Med. Internet Res. 13(3), e67 (2011). doi:10.2196/jmir.1867

    Article  Google Scholar 

  26. Li, J.: Electronic personal health records and the question of privacy. Computer 99 (2013). doi:10.1109/MC.2013.225

    Google Scholar 

  27. Li, X.B., Sarkar, S.: Against classification attacks: a decision tree pruning approach to privacy protection in data mining. Oper. Res. 57(6), 1496–1509 (2009)

    Article  MATH  Google Scholar 

  28. Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Security and Privacy in Communication Networks, Springer Berlin Heidelberg, pp. 89–106 (2010)

    Google Scholar 

  29. Li, Z., Chang, E., Huang, K., Lai, F.: A secure electronic medical record sharing mechanism in the cloud computing platform. In: Proceedings of the 15th IEEE International Symposium on Consumer Electronics (ISCE), pp. 98–103. ACM (2011)

    Google Scholar 

  30. Lin, H., Shao, J., Zhang, C., Fang, Y.: CAM: cloud-assisted privacy preserving mobile health monitoring. IEEE Trans. Inf. Forensics Secur. 8(6), 985–997 (2013)

    Article  Google Scholar 

  31. Liu, X., Lu, R., Ma, J., Chen, L., Qin, B.: Privacy-preserving patient-centric clinical decision support system on naive Bayesian classification. IEEE J. Biomed. Health Inform. (2015). doi:10.1109/JBHI.2015.2407157

    Google Scholar 

  32. Lounis, A., Hadjidj, A., Bouabdallah, A., Challal, Y.: Healing on the cloud: secure cloud architecture for medical wireless sensor networks. Future Gener. Comput. Syst. (2015). doi:10.1016/j.future.2015.01.009

    Google Scholar 

  33. Mashima, D., Ahamad, M.: Enhancing accountability of electronic health record usage via patient-centric monitoring. In: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, IHI ’12, pp. 409–418. ACM (2012)

    Google Scholar 

  34. Metri, P., Sarote, G.: Privacy issues and challenges in cloud computing. Int. J. Adv. Eng. Sci. Technol. 5, 1–6 (2011)

    Google Scholar 

  35. Nabeel, M., Bertino, E.: Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9), 2268–2280 (2014)

    Article  Google Scholar 

  36. Ning, H., Liu, H., Yang, L.: Cyberentity security in the Internet of things. Computer 46(4), 46–53 (2013)

    Article  Google Scholar 

  37. Pecarina, J., Pu, S., Liu, J.C.: SAPPHIRE: anonymity for enhanced control and private collaboration in healthcare clouds. In: Proceedings of the 4th IEEE International Conference Cloud Computing Technology and Science (CloudCom), pp. 99–106. ACM (2012)

    Google Scholar 

  38. Puttaswamy, K., Kruegel, C., Zhao, B.: Silverline: toward data confidentiality in storage-intensive cloud applications. In: Proceedings of the 2nd ACM Symposium on Cloud Computing, SOCC ’11, pp. 10:1–10:13. ACM (2011)

    Google Scholar 

  39. Ruj, S., Stojmenovic, M., Nayak, A.: Privacy preserving access control with authentication for securing data in clouds. In: Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (Ccgrid), CCGRID ’12, pp. 556–563. IEEE Computer Society (2012)

    Google Scholar 

  40. Shen, Q., Liang, X., Shen, X., Lin, X., Luo, H.Y.: Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation. IEEE J. Biomed. Health Inform. 18, 430–439 (2014)

    Article  Google Scholar 

  41. Sookhak, M., Gani, A., Talebain, H., Akhunzada, A., Khan, S., Buyya, R., Zomaya, A.: Remote data auditing in cloud computing environments: a survey, taxonomy, and open issues. ACM Comput. Surv. 47(4), 65:1–65:34 (2015)

    Google Scholar 

  42. Subashini, S., Kavitha, V.: Review: a survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  43. Sujansky, W., Kunz, D.: A standard-based model for the sharing of patient-generated health information with electronic health records. Pers. Ubiquit. Comput. 19(1), 9–25 (2014)

    Article  Google Scholar 

  44. Sundareswaran, S., Squicciarini, A., Lin, D.: Ensuring distributed accountability for data sharing in the cloud. IEEE Trans. Dependable Secure Comput. 9(4), 556–568 (2012)

    Article  Google Scholar 

  45. Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., Alem, L.: A platform for secure monitoring and sharing of generic health data in the cloud. Future Gener. Comput. Syst. 35, 102–113 (2014)

    Article  Google Scholar 

  46. Thomas, H., Lohr, H., Sadeghi, A., Winandyl, M.: Flexible patient-controlled security for electronic health records. In: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, IHI ’12, pp. 727–732. ACM (2012)

    Google Scholar 

  47. Tong, Y., Sun, J., Chow, S., Li, P.: Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18(2), 419–429 (2014)

    Article  Google Scholar 

  48. U.S. Department of Health & Human Services.: Health Insurance Portability and Accountability Act of 1996 (HIPAA). http://aspe.hhs.gov/admnsimp/final/pvcpre03.htm (2015). Accessed 25 April 2015

  49. VMware.: Your cloud in healthcare. http://www.vmware.com/files/pdf/VMware-Your-Cloud-in-Healthcare-Industry-Brief.pdf (2015). Accessed 22 April 2015

  50. Wang, C., Wang, Q., Ren, K., Cao, N., Lou, W.: Toward secure and dependable storage services in cloud computing. IEEE Trans. Serv. Comput. 5(2), 220–232 (2012)

    Article  Google Scholar 

  51. Wang, H., Wu, Q., Qin, B., Ferrer, J.: FRR: fair remote retrieval of outsourced private medical records in electronic health networks. J. Biomed. Inf. 50, 226–233 (2014)

    Article  Google Scholar 

  52. Wang, Z., Huang, D., Zhu, Y., Li, B., Chung, C.J.: Efficient attribute-based comparable data access control. IEEE Trans. Comput. (2015). doi:10.1109/TC.2015.2401033

    Google Scholar 

  53. World Health Organization.: E-health. http://www.who.int/trade/glossary/story021/en/ (2015). Accessed 25 April 2015

  54. Wu, R., Ahn, G.J., Hu, H.: Secure sharing of electronic health records in clouds. In: Proceedings of the 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 711–718 (2012)

    Google Scholar 

  55. Xu, L., Cremers, A.: A decentralized pseudonym scheme for cloud-based ehealth systems. In: Proceedings of the 2014 International Conference on Health Informatics, pp. 230–237. ACM (2014)

    Google Scholar 

  56. Xu, L., Cremers, A., Wilken, T.: Pseudonymization for secondary use of cloud based electronic health records. Working paper, Academy of Science and Engineering (2015)

    Google Scholar 

  57. Yang, J.J., Li, J.Q., Niu, Y.: A hybrid solution for privacy preserving medical data sharing in the cloud environment. Futur. Gener. Comput. Syst. 43–44, 74–86 (2015)

    Article  Google Scholar 

  58. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 2010 IEEE INFOCOM Conference, pp. 1–9 (2010)

    Google Scholar 

  59. Yu, H.J., Lai, H.S., Chen, K.H., Chou, H.C., Wu, J.M., Dorjgochoo, S., Mendjargal, A., Altangerel, E., Tien, Y.W., Hsueh, C.W., Lai, F.: A sharable cloud-based pancreaticoduodenectomy collaborative database for physicians: emphasis on security and clinical rule supporting. Comput. Methods Prog. Biomed. 111(2), 488–497 (2013)

    Article  Google Scholar 

  60. Zhang, R., Liu, L.: Security models and requirements for healthcare application clouds. In: Proceedings of the 3rd IEEE International Conference on Cloud Computing (CLOUD), pp. 268–275 (2010)

    Google Scholar 

  61. Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: privacy-aware data intensive computing on hybrid clouds. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11, pp. 515–526. ACM (2011)

    Google Scholar 

  62. Zhang, X., Liu, C., Nepal, S., Pandey, S., Chen, J.: A privacy leakage upper bound constraint-based approach for cost-effective privacy preserving of intermediate data sets in cloud. IEEE Trans. Parallel Distrib. Syst. 24(6), 1192–1202 (2013)

    Article  Google Scholar 

  63. Zhang, K., Liang, X., Baura, M., Lu, R., Shen, X.: PHDA: a priority based health data aggregation with privacy preservation for cloud assisted WBANs. Inf. Sci. 284, 130–141 (2014)

    Article  MathSciNet  Google Scholar 

  64. Zhang, R., Liu, L., Xue, R.: Role-based and time-bound access and management of EHR data. Secur. Commun. Netw. 7(6), 994–1015 (2014)

    Article  Google Scholar 

  65. Zhou, J., Cao, Z., Dong, X., Xiong, N., Vasilakos, A.: 4s: a secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks. Inf. Sci. 314, 255–276 (2015)

    Article  Google Scholar 

  66. Zhou, J., Lin, X., Dong, X., Cao, Z.: PSMPA: patient self-controllable and multi-level privacy-preserving cooperative authentication in distributed m-healthcare cloud computing system. IEEE Trans. Parallel Distrib. Syst. 26(6), 1693–1703 (2015)

    Article  Google Scholar 

  67. Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Futur. Gener. Comput. Syst. 28(3), 583–592 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, North Dakota State University, Fargo, ND, USA

    Assad Abbas & Samee U. Khan

Authors
  1. Assad Abbas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samee U. Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Assad Abbas .

Editor information

Editors and Affiliations

  1. IBM Research - Ireland, Mulhuddart, Dublin, Ireland

    Aris Gkoulalas-Divanis

  2. Cardiff University, Cardiff, United Kingdom

    Grigorios Loukides

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Abbas, A., Khan, S.U. (2015). e-Health Cloud: Privacy Concerns and Mitigation Strategies. In: Gkoulalas-Divanis, A., Loukides, G. (eds) Medical Data Privacy Handbook. Springer, Cham. https://doi.org/10.1007/978-3-319-23633-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23633-9_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23632-2

  • Online ISBN: 978-3-319-23633-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation