Content uploaded by Manoj Jayabalan
Author content
All content in this area was uploaded by Manoj Jayabalan on Jan 15, 2018
Content may be subject to copyright.
Privacy and Security Challenges Towards Cloud Based Access Control in Electronic Health Records
Abstract
Over the years, data theft has been rampant in financial institutions, however at present medical data is in the spotlight. Healthcare industry is considered as a potential target for hackers and cyber criminals for accessing patients’ data. Electronic Health Record (EHR) provide flexibility, timely access and interoperability of patient information which is key in decision making by physicians and medical officers. With the advancement of technology, cloud has been spotted as a solution for healthcare practitioners to implement interconnected EHR as it reduces cost and hassle of infrastructure maintenance. Cloud platform allows data to be replicated in different geographical locations and retrieved and shared among various organizations in a timely manner. Healthcare sector is facing a dilemma on how patients’ information can be protected while it is being managed by cloud vendors. Several cloud-based EHR apply cryptographic techniques to encrypt data at rest/data in motion and access control to eliminate unauthorized access. As a result, existing access control mechanisms in cloud mainly focuses on giving data access to physicians and other medical officers but overlooks privacy requirements of patients. This research discusses various access control models, their merits, limitations, and roles to promote privacy in cloud based solutions.
... The cloud service provider stores patient private-sensitive data remotely, which provides attackers the one-stop center to intercept and counterfeit the health record during the transmissions. By storing healthcare data on a third-party server, makes it difficult for the patients to control their data and throws unique challenges related to the privacy and security of healthcare information [5] [6] [7]. ...
... Healthcare organizations accumulate patient information for a legitimate purpose but, barely any controls exist to guarantees that it isn't revealing the patient's privacy. Hence, a need arises to implement a secure and dynamic mechanism to confine access to patient information based on risk analysis [7] [8] [22]. ...
... EHRs in the cloud servers are not reliable without accomplishing security and privacy measures. Security and privacy requirements assist in preventing unauthorized use of data and protect against loss and tampering [5][6][7] Cloud-based EHR security and privacy requirements: 1) Authenticity: It ensures only the authorized and authentic authority can access sensitive health records. ...
Recently, many healthcare organizations have started adopting intelligent cloud-based EHR (Electronic Health Record) applications due to improved technological innovations. Integrating cloud services with healthcare systems provide benefits such as scalable, flexible, reliable, and cost-effective environment for easy sharing of health records between healthcare providers and stakeholders. However numerous benefits inherited from cloud computing to the healthcare organizations, security and privacy concerns are still hindering its wide adoption. Security and privacy preservation of healthcare data are mandatory considering the sensitivity of data involved in this sector. Over the past few years, several attempts have been made to provide a secure and reliable EHR framework. But the model still suffers from various security and privacy attacks due to the lack of transparency, trust, and dynamic nature of EHR applications. This paper aims to analyze existing security and privacy preservation approaches with their limitations, security and privacy threats of cloud-based EHRs, and envisioned future research directions.
... erefore, access, processing, updating, deleting, and authorizing operations should be carefully managed to ensure that confidentiality, integrity, and accessibility are maintained. In recent years, some techniques have been developed in published literature which outline the rules related to access, authorization, monitoring, and control of information and information systems [12][13][14]. However, it is seen in many industries that the development area of these techniques has narrowed and that existing techniques do not fully meet the new business requirements that arise with developing technology, and they cannot be managed in accordance with the organizational structure. ...
... In recent years, various studies using different techniques for the purposes mentioned above have been described in published literature [13,15,[23][24][25][26]. In this present study, on the other hand, there is no need for separate control for both authorizing and denying authorization. ...
Information security is defined as preventing actions such as unauthorized access and use, modification, and removal of information. It consists of certain basic elements of confidentiality, integrity, and accessibility. There are numerous studies in published literature which have been conducted to ensure information security. However, there is no previous study that covers these three basic elements together. In the present study, a model that includes these three key elements of information security together for big data was proposed and implemented. With this proposed “single-label model,” a more practical and flexible structure was established for all operations (read, write, update, and delete) performed on a database on real data. In previous studies conducted with a label model, separate labels were used for read-only or write-only operations, and there was no structure that could ensure both confidentiality and integrity at the same time. The present study, however, shows what type of authorization and access control could be established between which processes and which users by looking at a single label for all the operations performed on the data. Thus, in contrast to the previous studies seen in published literature, data confidentiality, data integrity, and data consistency were all guaranteed for all transactions. The results of the proposed single-label model were also shown comparatively by conducting an experimental study of its application. The results obtained are promising for further studies.
... The integration of these fields can be seen in the medical domain where the cloud is used to store personal information of patients as Electronic Health Records (EHR), the architectural domain where sensors and different devices in a building can be used to for resource planning in smart buildings and cities and in other smart environments such as the monitoring of the smart environment in terms of Internet of Things (IoT) and smart weather forecasting [23] [24] [25] [26]. According to [27], it was found that there are several privacy concerns that may jeopardize the data that is stored by organizations. Electronic Health Records (EHR) is the case that is being studied, and it was found that without proper security measures being taken to protect their patients' data, it is vulnerable to attacks from attackers. ...
The integration of big data analytics and the cloud computing environment has become the focus area of many businesses and organizations. The growth that is being observed in big data requires more resources to perform analytics. In the business environment, it is important to be able to generate useful insights from the data that is collected. When integrating the cloud environment, the selection made for the chosen cloud service providers as well as the cloud services would highly impact the success of a business in bringing value to the data that is collected. The medical sector, development of smart cities as well as the entertainment industries are all examples of sectors with huge generation of big data. These are also some fields that have moved into the big data cloud computing environment. The main objective of businesses and organizations is to take the data that is being generated in its final form which can bring value to their decision-making capabilities. Being able to understand the impact of migrating to cloud services, the security challenges, and the wide spectrum of cloud services to choose from would be crucial for businesses. In this paper, the integration of big data technology in the cloud computing environment is discussed critically where different cloud services and tools suitable for generating business insights and the security and privacy challenges are evaluated.
Modern communications, sensors, and cloud services have recently been revolutionizing the traditional public health system. However, privacy concerns have been growing due to the convergence of advancements. Therefore, it is essential to thoroughly investigate the privacy concerns related to e-health information. To implement quality and effective health services seamlessly, hospitals in India and worldwide have shifted from paper-based human data processing to Healthcare Information Systems (HIS) and Digital Health Records (DHR). Because patient information is now nearly instantly accessible from anywhere globally, the increasing use of digital data in the healthcare sector has the potential to yield tremendous benefits. However, making DHR accessible online and linking HIS to the internet expose data to security risks and compromise patient privacy. This paper provides a survey on the privacy of healthcare data and information on healthcare systems (HIS), their automation, threats to the privacy protection of healthcare information as a result of automation, and how to identify these threats using new technologies to promote the quality of healthcare.
Authentication is the preliminary security mechanism employed in the information system to identify the legitimacy of the user. With technological advancements, hackers with sophisticated techniques easily crack single-factor authentication (username and password). Therefore, organizations started to deploy Multi-Factor Authentication (MFA) to increase the complexity of the access to the system. Despite, the MFA increase the security of the digital service the usable security should be given equal importance. The user behavior-based authentication provides a means to analyze the user interaction with the system in a non-intrusive way to identify the user legitimacy. This chapter presents a review of user behavior-based authentication in smartphones and websites. Moreover, the review highlights some of the common features, techniques, and evaluation criteria usually considered in the development of user behavior profiling.
This study creates a new and simplified method for selecting the suitable site for building wind turbines, using standard power factor and power curves. The electrical energy generated from wind energy be influenced by on the physical characters of the wind site and the factors of the wind turbine; thus, the matching of the turbine with the site depends on determining the parameters of the optimum speed of the turbine, which is estimated from the performance index (PI) curve. This indicator is a new rating parameter, obtained from the highest value of the standard power and capacitance curves. The relationship between the three indices is plotted against the rated wind speed of a specific value of the Weibull shape parameter of the location. Thus, a more skillful method was used for Weibull parameters evaluation which is called equivalent energy method (EEM).KeywordsWeibull distribution functionCapacity factorNormalized powerPerformance index
The human services supplier might be moving from paper records to electronic health records (EHRs) or might be utilizing EHRs as of now. EHRs permit suppliers to utilize data all the more successfully to improve the quality and productivity of your consideration; however, EHRs won't change the protection assurances or security shields that apply to your wellbeing data. This venture centers around creating secure cloud structure for developing and getting to believe registering administrations in all degrees of open cloud sending model. Along these lines, disposes of both inside and outside security dangers. These outcomes in accomplishing information classification, information honesty, confirmation, and approval, disposing of both dynamic and detached assaults from cloud arrange condition. Building up a safe cloud structure for getting is to believe figuring and capacity benefits in all degrees of open cloud organization model.KeywordsE-HealthcareEHRAttribute-based encryptionPatient’s data
In the present age, Cloud Computing is acting as a most flexible and collaborative approach that can be applied in different public and private domains. Apart from playing a crucial role in terms of employment and revenue, the healthcare sector also plays a significant role in saving the lives of numerous people. Directly or indirectly, the lives of patients depend on their previous records, new advancements in the health sector, and interconnection among various health staff. All these factors were not feasible by using traditional ways, but this has become feasible since the introduction of cloud computing in the health sector. Cloud Computing has eased the access of applications and data from any worldwide location from any device with an internet connection. In this paper, the role of cloud computing in healthcare services and the opportunities associated are presented. This paper elaborates on the challenges faced by the industries with current and future innovations of cloud computing in healthcare. Security concerns along with the benefits, risks, stakeholders, challenges associated with cloud computing in health sectors have also been discussed.KeywordsCloud computingHealthcareInformation technologyPublic cloudPrivate cloudHybrid cloudHealthcare servicesCloud service providers
The pervasive as well as service-oriented nature of cloud computing has necessitated its adoption for development, deployment and servicing of Health Records Management solutions in today’s modern world. However, there are rapidly growing concerns for security/privacy and trustworthiness of such cloud-based systems/services. The dynamics of electronic health records (EHR) management system makes privacy preservation and trust, non-negotiable features of a presumably reliable cloud service. To cater for these concerns, this chapter proposes a multilevel cryptography approach for achieving security (privacy) in electronic health system. This approach involves using AES algorithm for on-premise encryption service and ECC for cloud-based encryption services towards ensuring data security/privacy at both the local hospitals’ electronic medical record (EMR) systems and the central cloud electronic health record (EHR) ends. Also, an artificial intelligence (AI) approach, which is referred to as subjective logic-based belief or reasoning model, was used towards measuring the trustworthiness of the medical personnel. Metrics such as the average system computation time otherwise referred to as the encryption/decryption runtime, system throughput, and system output size were utilized for appraising the privacy model in the newly developed system. The system was also compared with existing related systems in terms of standard reputation measurement metrics in order to determine its reputation performance. Results obtained from implementation shows that the proposed system offer better or highly improved performance in terms of security/privacy for users’ data, as well as reputation measurements.
Bu çalışmada, dağıtık veritabanlarında bilgi akış denetimi ile veri gizliliği ve kullanıcıların veri mahremiyetini sağlamak amaçlanmıştır. Özellikle, veri akış denetimi ile gizliliği muhafaza edecek dağıtık etiket modeli tanıtılır. Bu model aktör, nesne ve etiketten oluşur. Nesne sahibi bir aktördür ve sahip olduğu veriyi sistemdeki başka aktörlerce paylaşmak durumundadır. Aktörler nesneleri etiketleyerek veri gönderimini sağlar. Etiket aktörler tarafından verilen kişisel güvenlik politikası ifadeleridir. Her aktör diğerlerinden bağımsız bir şekilde kendi güvenlik ve gizlilik politikasını belirler. Etiket aracılığıyla, güvenli olmayan ulaşım kanallarında, akış kontrolü, sistemde bulunan tüm aktörlerin veri gizliliğini sağlar. Veri nesnesi, güvenli olmayan aktör ve ortamlarda güvenli bir şekilde yayılır ve paylaşılır.
ResearchGate has not been able to resolve any references for this publication.