e-Health Cloud: Privacy Concerns and Mitigation Strategies [chapter]

Assad Abbas, Samee U. Khan
2015 Medical Data Privacy Handbook  
Cloud based solutions have permeated in the healthcare domain due to a broad range of benefits offered by the cloud computing. Besides the financial advantages to the healthcare organizations, cloud computing also offers large-scale and on-demand storage and processing services to various entities of the cloud based health ecosystem. However, outsourcing the sensitive health information to the third-party cloud providers can result in serious privacy concerns. This chapter highlights the
more » ... issues related to the health-data and also presents privacy preserving requirements. Besides the benefits of the cloud computing in healthcare, cloud computing deployment models are also discussed from the perspective of healthcare systems. Moreover, some recently developed strategies to mitigate the privacy concerns and to fulfill the privacy preserving requirements are also discussed in detail. Furthermore, strengths and weaknesses of each of the presented strategies are reported and some open issues for the future research are also presented. organizations of the strenuous tasks of infrastructure management and has urged them to become accustomed to third-party IT service providers [3] . Moreover, the cloud computing paradigm has exhibited great potential: (a) to enhance collaboration among various participating entities of healthcare domain [4] and (b) to offer the most anticipated benefits, such as scalability, agility, cost effectiveness, and round the clock availability of health related information [5], [6] . On the other hand, due to the sharing and storage of sensitive electronic health-data and Personal Health Information (PHI) through Internet, various privacy and security concerns arise [7] . The literature pertaining to the e-Health clouds discusses the apprehensions about the probable disclosure of health information to entities that are not supposed to have access. One of the key reasons for patients' concerns about the PHI privacy is the distributed architecture of the cloud. Storing gigantic volumes of confidential health-data to third-party data centers and transmission over networks is vulnerable to disclosure or theft [8] . Particularly, in public clouds, administered by commercial service providers, health-data privacy is the most anticipated concern. Therefore, the Cloud Service Providers (CSP) should not only identify but also deal with health-data security issues to maximize the trust level of patients and healthcare organizations [9] . Governments have also shown interest to protect the privacy of health-data. For example, in the United States, the use and disclosure of patient health information is protected by the Health Insurance Portability and Accountability Act (HIPAA). The health-data privacy rules specified by HIPAA offer federal protection for the PHI and ensure the confidentiality, integrity, and availability of electronic health information [10]. Likewise, the Health Information Technology for Economic and Clinical Health (HITECH) Act [11] also mandates the secure exchange of electronic health information. Various approaches, such as cryptographic and non-cryptographic are used to preserve the privacy of health-data in the cloud. The majority of the solutions use certain cryptographic techniques to conceal the contents of health records, while quite a few solutions, such as [5], [12] , and [13] are based on non-cryptographic approaches using policy based authorizations. The benefit of cryptographic techniques is that they not only are capable of encrypting the data in storage and over the network [14] , but also employ authentication mechanisms requiring decryption keys and verification through digital signatures. Moreover, fine-grained and patientcentric access control mechanisms have also been deployed that enable patients to specify the individuals who could have access to health-data. Furthermore, quite a few privacy preserving solutions allow the patients themselves to encrypt the health data and provide the decryption keys to the individuals with right-to-know privilege. This chapter encompasses the recent efforts that have been made to preserve the privacy of the health-data in the cloud environment. We highlight the threats to the health-data in the cloud and present discussion on the requirements to be fulfilled to mitigate the threats. Moreover, the benefits of cloud computing and discussion on the cloud deployment models in context of healthcare are presented. Furthermore, the strengths and weaknesses of each of the discussed strategy to preserve privacy are reported and some open research issues are also highlighted. The chapter is organized as follows. Section 2 presents an overview of the preliminary concepts of cloud computing in terms of healthcare. Section 3 presents the recent strategies developed to overcome the privacy issues of health. Section 4 presents discussion on the performance of discussed strategies and highlights open issues whereas Section 5 concludes the chapter. An Overview of the e-Health Cloud The e-Health cloud can be regarded as a standard platform that offers standardized services to manage large volumes of health-data [15] . The e-Health cloud ensures the service provision for storage and processing of different types of health records that are originated and utilized by multiple providers and other participating entities, such as pharmacies, laboratories, and insurance providers. Typically the health records in an e-Health system include the EMRs, the EHRs, and the PHRs. Each of the aforementioned type of health records are the electronic versions of patient health information. However, there are certain differences that are should be understood. The EMR is the electronic version of a patient's health information that is created, used, and maintained by the healthcare providers or care delivery organizations. The EMRs contain information about the diagnosis obtained through the clinical decision support system, clinical notes, and medication. The EHRs on the other hand present a broader view of the patients' health information. A subset of the information contained in the EMRs is also present in the EHRs. However, the EHRs are shared for the purpose of consultation and treatment among multiple healthcare providers belonging to different care delivery organizations [1] . The PHRs are the health records that are managed by the patients themselves and comprise of the information instigated from diverse sources. The typical information that a PHR may contain includes, treatments and diagnosis, surgeries, laboratory reports, insurance claims data, and patients' personal notes and wellness charts to keep track of the health themselves [16] . Fig. 1 presents a distinction among the EMRs, the EHRs, and the PHRs. e-Health Cloud Benefits and Opportunities Cloud computing besides various other scientific and business domains has greatly impacted the healthcare sector. Shifting the health records to the cloud environment brings the following opportunities and benefits to the health service providers:
doi:10.1007/978-3-319-23633-9_15 fatcat:lz766kkhs5bqdeyo5r46n26zci