Abstract
Cloud based solutions have permeated in the healthcare domain due to a broad range of benefits offered by the cloud computing. Besides the financial advantages to the healthcare organizations, cloud computing also offers large-scale and on-demand storage and processing services to various entities of the cloud based health ecosystem. However, outsourcing the sensitive health information to the third-party cloud providers can result in serious privacy concerns. This chapter highlights the privacy issues related to the health data and also presents privacy preserving requirements. Besides the benefits of the cloud computing in healthcare, cloud computing deployment models are also discussed from the perspective of healthcare systems. Moreover, some recently developed strategies to mitigate the privacy concerns and to fulfil the privacy preserving requirements are also discussed in detail. Furthermore, strengths and weaknesses of each of the presented strategies are reported and some open issues for the future research are also presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abbas, A., Khan, S.: A review on the state-of-the-art privacy preserving approaches in e-health clouds. IEEE J. Biomed. Health Inform. 18, 1431–1441 (2014)
Abbas, A., Bilal, K., Zhang, L., Khan, S.U.: A cloud based health insurance plan recommendation system: a user centered approach. Futur. Gener. Comput. Syst. 43, 99–109 (2015)
Abbas, A., Khan, M., Ali, M., Khan, S., Yang, L.: A cloud based framework for identification of influential health experts from Twitter. In: Proceedings of the 15th International Conference on Scalable Computing and Communications (ScalCom) (2015)
Sedgewick, R.: Algorithms in C++: Fundamentals, data structures, sorting, searching and graph algorithms. Boston: Addison-Wesley (2001)
Ahmad, M., Pervez, Z., Lee, S.: Dual locks: partial sharing of health documents in cloud. In: Bodine, C., Helal, S., Gu, T., Mokhtari, M. (eds.) Smart Homes and Health Telematics, vol. 8456, pp. 187–194. Springer, Cham (2014)
Ahuja, S., Mani, S., Zambrano, J.: A survey of the state of cloud computing in healthcare. Netw. Commun. Technol. 1, 12–19 (2012)
Akinyele, J., Lehmann, C., Green, M., Pagano, M., Peterson, Z., Rubin, A.: Self-protecting electronic medical records using attribute-based encryption. Technical Report 2010/565, Cryptology e-Print Archive (2010)
Ammar, N., Malik, Z., Rezgui, A., Alodib, M.: MobiDyC: private mobile-based health data sharing through dynamic context handling. Procedia Comput. Sci. 34, 426–433 (2014)
Barua, M., Liang, X., Lu, R., Shen, X.: ESPAC: enabling security and patient-centric access control for eHealth in cloud computing. Int. J. Secur. Netw. 6(2/3), 67–76 (2011)
Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, pp. 103–114. ACM (2009)
Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2014)
Chen, Y., Lu, J., Jan, J.: A secure EHR system based on hybrid clouds. J. Med. Syst. 36(5), 3375–3384 (2012)
Dong, X., Yu, J., Luo, Y., Chen, Y., Xue, G., Li, M.: Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing. Comput. Secur. 42, 151–164 (2014)
Fabian, B., Ermakova, T., Junghanns, P.: Collaborative and secure sharing of healthcare data in multi-clouds. Inf. Syst. 48, 132–150 (2015)
Fan, L., Buchanan, W., Thummler, C., Lo, O., Khedim, A., Uthmani, O., Lawson, A., Bell, D.: DACAR platform for e-Health services cloud. In: Proceedings of the 4th IEEE International Conference on Cloud Computing, pp. 219–226 (2011)
Gorp, P., Comuzzi, M.: Lifelong personal health data and application software via virtual machines in the cloud. IEEE J. Biomed. Health Inform. 18(1), 36–45 (2014)
Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Muller, G.: Aspects of privacy for electronic health records. Int. J. Med. Inform. 80(2), e26–e31 (2011)
Han, N., Han, L., Tuan, D., In, H., Jo, M.: A scheme for data confidentiality in cloud-assisted wireless body area networks. Inf. Sci. 284, 157–166 (2014)
Hans, L., Sadeghi, A., Winandy, M.: Securing the e-Health cloud. In: Proceedings of the 1st ACM International Health Informatics Symposium, IHI ’10, pp. 220–229. ACM (2010)
HealthIT.gov.: Health IT legislation and regulations. http://healthit.gov/policy-researchers-implementers/health-it-legislation (2015). Accessed 29 May 2015
Jafari, M., Naini, R., Sheppard, N.: A rights management approach to protection of privacy in a cloud of electronic health records. In: Proceedings of the 11th Annual ACM Workshop on Digital Rights Management, DRM ’11, pp. 23–30. ACM (2011)
Johnson, M.: Data hemorrhages in the health-care sector. In: Dingledine, R., Golle, P. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science, vol. 5628, pp. 71–89. Springer, Berlin/Heidelberg (2009)
Kaletsch, A., Sunyaev, A.: Privacy engineering: personal health records in cloud computing environments. In: Proceedings of the 32nd International Conference on Information Systems (ICIS), pp. 1–11 (2011)
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J., Sako, K., Kazue, S. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science, vol. 6054, pp. 136–149. Springer, Berlin/Heidelberg (2010)
Kuo, A.H.: Opportunities and challenges of cloud computing to improve health care services. J. Med. Internet Res. 13(3), e67 (2011). doi:10.2196/jmir.1867
Li, J.: Electronic personal health records and the question of privacy. Computer 99 (2013). doi:10.1109/MC.2013.225
Li, X.B., Sarkar, S.: Against classification attacks: a decision tree pruning approach to privacy protection in data mining. Oper. Res. 57(6), 1496–1509 (2009)
Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Security and Privacy in Communication Networks, Springer Berlin Heidelberg, pp. 89–106 (2010)
Li, Z., Chang, E., Huang, K., Lai, F.: A secure electronic medical record sharing mechanism in the cloud computing platform. In: Proceedings of the 15th IEEE International Symposium on Consumer Electronics (ISCE), pp. 98–103. ACM (2011)
Lin, H., Shao, J., Zhang, C., Fang, Y.: CAM: cloud-assisted privacy preserving mobile health monitoring. IEEE Trans. Inf. Forensics Secur. 8(6), 985–997 (2013)
Liu, X., Lu, R., Ma, J., Chen, L., Qin, B.: Privacy-preserving patient-centric clinical decision support system on naive Bayesian classification. IEEE J. Biomed. Health Inform. (2015). doi:10.1109/JBHI.2015.2407157
Lounis, A., Hadjidj, A., Bouabdallah, A., Challal, Y.: Healing on the cloud: secure cloud architecture for medical wireless sensor networks. Future Gener. Comput. Syst. (2015). doi:10.1016/j.future.2015.01.009
Mashima, D., Ahamad, M.: Enhancing accountability of electronic health record usage via patient-centric monitoring. In: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, IHI ’12, pp. 409–418. ACM (2012)
Metri, P., Sarote, G.: Privacy issues and challenges in cloud computing. Int. J. Adv. Eng. Sci. Technol. 5, 1–6 (2011)
Nabeel, M., Bertino, E.: Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9), 2268–2280 (2014)
Ning, H., Liu, H., Yang, L.: Cyberentity security in the Internet of things. Computer 46(4), 46–53 (2013)
Pecarina, J., Pu, S., Liu, J.C.: SAPPHIRE: anonymity for enhanced control and private collaboration in healthcare clouds. In: Proceedings of the 4th IEEE International Conference Cloud Computing Technology and Science (CloudCom), pp. 99–106. ACM (2012)
Puttaswamy, K., Kruegel, C., Zhao, B.: Silverline: toward data confidentiality in storage-intensive cloud applications. In: Proceedings of the 2nd ACM Symposium on Cloud Computing, SOCC ’11, pp. 10:1–10:13. ACM (2011)
Ruj, S., Stojmenovic, M., Nayak, A.: Privacy preserving access control with authentication for securing data in clouds. In: Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (Ccgrid), CCGRID ’12, pp. 556–563. IEEE Computer Society (2012)
Shen, Q., Liang, X., Shen, X., Lin, X., Luo, H.Y.: Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation. IEEE J. Biomed. Health Inform. 18, 430–439 (2014)
Sookhak, M., Gani, A., Talebain, H., Akhunzada, A., Khan, S., Buyya, R., Zomaya, A.: Remote data auditing in cloud computing environments: a survey, taxonomy, and open issues. ACM Comput. Surv. 47(4), 65:1–65:34 (2015)
Subashini, S., Kavitha, V.: Review: a survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Sujansky, W., Kunz, D.: A standard-based model for the sharing of patient-generated health information with electronic health records. Pers. Ubiquit. Comput. 19(1), 9–25 (2014)
Sundareswaran, S., Squicciarini, A., Lin, D.: Ensuring distributed accountability for data sharing in the cloud. IEEE Trans. Dependable Secure Comput. 9(4), 556–568 (2012)
Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., Alem, L.: A platform for secure monitoring and sharing of generic health data in the cloud. Future Gener. Comput. Syst. 35, 102–113 (2014)
Thomas, H., Lohr, H., Sadeghi, A., Winandyl, M.: Flexible patient-controlled security for electronic health records. In: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, IHI ’12, pp. 727–732. ACM (2012)
Tong, Y., Sun, J., Chow, S., Li, P.: Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18(2), 419–429 (2014)
U.S. Department of Health & Human Services.: Health Insurance Portability and Accountability Act of 1996 (HIPAA). http://aspe.hhs.gov/admnsimp/final/pvcpre03.htm (2015). Accessed 25 April 2015
VMware.: Your cloud in healthcare. http://www.vmware.com/files/pdf/VMware-Your-Cloud-in-Healthcare-Industry-Brief.pdf (2015). Accessed 22 April 2015
Wang, C., Wang, Q., Ren, K., Cao, N., Lou, W.: Toward secure and dependable storage services in cloud computing. IEEE Trans. Serv. Comput. 5(2), 220–232 (2012)
Wang, H., Wu, Q., Qin, B., Ferrer, J.: FRR: fair remote retrieval of outsourced private medical records in electronic health networks. J. Biomed. Inf. 50, 226–233 (2014)
Wang, Z., Huang, D., Zhu, Y., Li, B., Chung, C.J.: Efficient attribute-based comparable data access control. IEEE Trans. Comput. (2015). doi:10.1109/TC.2015.2401033
World Health Organization.: E-health. http://www.who.int/trade/glossary/story021/en/ (2015). Accessed 25 April 2015
Wu, R., Ahn, G.J., Hu, H.: Secure sharing of electronic health records in clouds. In: Proceedings of the 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 711–718 (2012)
Xu, L., Cremers, A.: A decentralized pseudonym scheme for cloud-based ehealth systems. In: Proceedings of the 2014 International Conference on Health Informatics, pp. 230–237. ACM (2014)
Xu, L., Cremers, A., Wilken, T.: Pseudonymization for secondary use of cloud based electronic health records. Working paper, Academy of Science and Engineering (2015)
Yang, J.J., Li, J.Q., Niu, Y.: A hybrid solution for privacy preserving medical data sharing in the cloud environment. Futur. Gener. Comput. Syst. 43–44, 74–86 (2015)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 2010 IEEE INFOCOM Conference, pp. 1–9 (2010)
Yu, H.J., Lai, H.S., Chen, K.H., Chou, H.C., Wu, J.M., Dorjgochoo, S., Mendjargal, A., Altangerel, E., Tien, Y.W., Hsueh, C.W., Lai, F.: A sharable cloud-based pancreaticoduodenectomy collaborative database for physicians: emphasis on security and clinical rule supporting. Comput. Methods Prog. Biomed. 111(2), 488–497 (2013)
Zhang, R., Liu, L.: Security models and requirements for healthcare application clouds. In: Proceedings of the 3rd IEEE International Conference on Cloud Computing (CLOUD), pp. 268–275 (2010)
Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: privacy-aware data intensive computing on hybrid clouds. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11, pp. 515–526. ACM (2011)
Zhang, X., Liu, C., Nepal, S., Pandey, S., Chen, J.: A privacy leakage upper bound constraint-based approach for cost-effective privacy preserving of intermediate data sets in cloud. IEEE Trans. Parallel Distrib. Syst. 24(6), 1192–1202 (2013)
Zhang, K., Liang, X., Baura, M., Lu, R., Shen, X.: PHDA: a priority based health data aggregation with privacy preservation for cloud assisted WBANs. Inf. Sci. 284, 130–141 (2014)
Zhang, R., Liu, L., Xue, R.: Role-based and time-bound access and management of EHR data. Secur. Commun. Netw. 7(6), 994–1015 (2014)
Zhou, J., Cao, Z., Dong, X., Xiong, N., Vasilakos, A.: 4s: a secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks. Inf. Sci. 314, 255–276 (2015)
Zhou, J., Lin, X., Dong, X., Cao, Z.: PSMPA: patient self-controllable and multi-level privacy-preserving cooperative authentication in distributed m-healthcare cloud computing system. IEEE Trans. Parallel Distrib. Syst. 26(6), 1693–1703 (2015)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Futur. Gener. Comput. Syst. 28(3), 583–592 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Abbas, A., Khan, S.U. (2015). e-Health Cloud: Privacy Concerns and Mitigation Strategies. In: Gkoulalas-Divanis, A., Loukides, G. (eds) Medical Data Privacy Handbook. Springer, Cham. https://doi.org/10.1007/978-3-319-23633-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-23633-9_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23632-2
Online ISBN: 978-3-319-23633-9
eBook Packages: Computer ScienceComputer Science (R0)