Journal:Security and privacy in cloud-based eHealth systems

From LIMSWiki
Revision as of 00:16, 2 June 2021 by Shawndouglas (talk | contribs) (Saving and adding more.)
Jump to navigationJump to search
Full article title Security and privacy in cloud-based eHealth systems
Journal Symmetry
Author(s) Sivan, Remya; Zukarnain, Zuriati A.
Author affiliation(s) University Putra Malaysia
Primary contact Email: gs59108 at student dot upm dot edu dot my
Year published 2021
Volume and issue 13(5)
Article # 742
DOI 10.3390/sym13050742
ISSN 2073-8994
Distribution license Creative Commons Attribution 4.0 International
Website https://www.mdpi.com/2073-8994/13/5/742/htm
Download https://www.mdpi.com/2073-8994/13/5/742/pdf (PDF)

Abstract

Cloud-based healthcare computing has changed the face of healthcare in many ways. The main advantages of cloud computing in healthcare are scalability of the required service and the provision to upscale or downsize the data storge, particularly in conjunction with approaches to artificial intelligence (AI) and machine learning. This paper examines various research studies to explore the utilization of intelligent techniques in health systems and mainly focuses on the security and privacy issues in the current technologies. Despite the various benefits related to cloud computing applications for healthcare, there are different types of management, technology handling, security measures, and legal issues to be considered and addressed. The key focus of this paper is to address the increased demand for cloud computing and its definition, technologies widely used in healthcare, their problems and possibilities, and the way protection mechanisms are organized and prepared when the company chooses to implement the latest evolving service model. As such, we sought out current literature on different approaches and mechanisms used in eHealth to deal with security and privacy issues. Some of these approaches have strengths and weaknesses. After selecting original articles, a literature review was carried out, and we identified several models adopted in their solutions. We arrived at the reviewed articles after comparing the models used.

Keywords: eHealth, cloud computing, security, privacy in health systems

Introduction

Innovative changes in science, technology, and the broad understanding of our universe have permitted the evolution of practical, progressive answers to enhance the nature of human existence. Researchers considering these innovative developments have identified and assessed wellbeing data from various sources to acquire actionable information and address issues concerning human wellbeing, particularly in the realm of healthcare. In this manner, the advancement of incorporated medical care innovations—including technological innovations—has the likelihood to enhance efficiency and improve understanding of the results at each level of the medical care framework. Long-term care (LTC) facilities are a crucial a part of the healthcare industry, providing care to the fastest-growing group of the population. However, the adoption of electronic health records (EHRs) in LTC facilities lags behind other areas of the health care industry.[1] The advancement of new electronic health (eHealth) application frameworks can take care of specific issues pertinent to conventional medical care frameworks by means of powerful patient wellbeing controls, pervasive information access, distant patient checking, quick clinical intercession, and decentralized electronic medical records (EMRs). These frameworks can oversee wellbeing data and patient information, upgrade personal satisfaction, increase coordinated effort, improve results, decrease expenses, and increase the general efficiency of electronic healthcare administrations.[2] For healthcare, EHRs are required to be shared among different healthcare organizations, medical drug manufacturers, pharmacists, medical insurance providers, researchers, and patients. This poses a significant challenge to keeping patients' sensitive data secure.[3] Eisenach highlights this in his depiction of eHealth as a tech industry that addresses the intersection of the internet, systems administration, and medical services, which has the potential to benefit the framework of clients and partners. The growing concept of eHealth involves the convergence of clinical informatics, general human wellbeing, and the wellbeing and the use of a secure internet, which helps drive the overall advancement of new innovation to tackle profound issues, drive down expenses, and improve understanding.[4]

Along these lines, models, gadgets, and frameworks associated with the internet of things (IoT) have become universal. Besides, the broad appropriation of IoT has harmonized with the improvement of interrelated, corresponding advances, for example, registering knowledge for medical care, business, industry, operational frameworks, etc. The efficient and safe usage of wellbeing data advancements, benefits, and all-encompassing eHealth frameworks requires exceedingly efficient and strong security frameworks to make such execution reasonable. The universality of IoT frameworks has driven the expansion of IoT innovation, remembering assorted designs for use by healthcare organizations. Connecting networks, gadgets, applications, and administration with IoT permits eHealth frameworks to share related data by utilizing the most recent IoT innovations.[5]

IoT and distributed computing are progressive innovations that supplement each other’s capacities when incorporated as flexible, versatile, and efficient tolerant medical service frameworks. The blend provides benefits, including simplicity of execution (contrasted with regular organizations), improved data security during correspondence, speedy access to records, and lower energy costs over customary modalities. Cloud-based IoT eHealth frameworks can significantly improve medical care benefits and advance persistent and efficient healthcare development. Within such frameworks, hidden IoT networks empower correspondence between clients, administrators, and workers, with clinical information being stored in the cloud. However, with new these improvements in distributed computing pushing healthcare beyond "business as usual," a variety of data storage and security issues are revealed, requiring consideration.[6]

Distributed and cloud computing are innovations that have and continue to transform the healthcare industry. Distributed computing can help improve a healthcare organization's adaptability, savvy, finances, data processing ability, and secure data sharing and distribution.[7] Cloud computing, when implemented well, should provide the ability to oversee applications and information, server accessibility, and end-used computing (EUC). Cloud computing should also ideally provide a complete, logical set of insights into a healthcare enterprise's infrastructure and end clients. By extension, cloud computing permits staff or workers to obtain and deal with their applications and information continuously on any gadget, from anywhere in the world with access to the internet.[8] However, we recognize that a coordinated effort to move information to distributed systems and the cloud brings serious security and protection worries for healthcare providers. As such, they must endeavor to fully address the effectiveness of, security of, and versatility associated with the introduction of cloud-based eHealth to the healthcare enterprise.

The fundamental motivation behind this paper is to examine the idea of cloud-based eHealth, the current utilization of eHealth in healthcare, and the challenges and solutions of cloud-based eHealth. This paper will walk through the state of distributed and cloud computing within the healthcare industry, along with the diverse opportunities and significant cloud-related security challenges associated with it. Additionally, we will discuss the plausible security arrangements for cloud-enabled eHealth.

Methods and materials

The existing literature on eHealth security is difficult to survey. We originally identified and downloaded 40 papers from the ACM Digital Library, 57 articles from the IEEE Computer Society's Digital Library, and 43 from the IEEE Xplore library to provide a fair and calculable number of articles surveyed. Additional articles were also accessed from the specialized repositories of Springer, Elsevier, Science Direct, and MDPI. Few other papers from other sources were used as those sources were not as well-known and respected as from those cited. Of those papers analyzed, we identified 110 publications worthy of use in the face of conflicting evaluation models and methods used by many analysts. Due to the similarities found in the models obtained by some scientists, the analyzed papers were restricted to the momentum number.

We then directly analyzed the papers, looking at and dissecting the strengths of each of the approaches obtained in seeking a solution to the security problem in eHealth. Through this process, we identified numerous shortcomings of the various proposed techniques, which eventually indicated a way forward to mitigate eHealth security incidents. Improving healthcare outcomes using eHealth is a developing area at the crossroads of clinical informatics, general human wellbeing, and patient health data that is securely communicated and enhanced through the internet and related technologies.[9] [10][11][12] The use of eHealth in the healthcare setting represents not olny a specialized turn of events from a more traditional approach, but also a perspective, a demeanor, and a duty for coordinated, national efforts to enhance patient care through the use of information and communication technologies locally, territorially, and internationally.[13]

Research strategy

As this was a comprehensive review, we aimed to update the findings of previous studies (54) regarding the same matter. We retrieved eligible studies from late 2013 to December 2020. The study selection searched for publications from the journal Symmetry, other journals in MDPI, IEEE Access, and other IEEE journals. The first step involved including the relevant articles with related keywords in the title or abstract based on the inclusion criteria. Papers not related to our study were excluded. The second step consisted of a full text screening of the relevant studies to select the most eligible articles.

Research questions

When screening papers, we also wanted to ensure they would help us address four important questions:

  1. What is cloud computing and the state of the art of the cloud-based computing solutions commonly used in healthcare systems?
  2. What are the security concerns or challenges in cloud-based computing in healthcare systems?
  3. How are the current cloud-based eHealth systems being protected?
  4. What is the best solution for security in cloud-based eHealth systems?

Cloud computing and the state of the art

Cloud computing—a set of internet-based, always-on computing services provisioned on an as-needed or continuous basis—is organized into three different service models: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).

IaaS is a cloud service model that delivers computing resources, networking, and storage to consumers. It enables end users to upscale or downsize resources on an as-needed basis, reducing the need for compute upscaling, up-front capital expenditures, and unnecessary infrastructure.[14][15] PaaS is a cloud service model that provides an application development and deployment environment to comsumers. PaaS platforms handle the complexity around operating systems and servers and leaves application developers more time to focus their business requirements to the software they are developing. SaaS is a cloud service model that delivers software to customers with relative ease; all you need is an internet connection and a browser. This service model requires the cloud vendor to manage most of their technical issues, meaning customers need not heavily lean on their in-house IT expertise for hosting and maintaining the software.

Figure 1 take a high-level look at these cloud infastructures, as compared with on-premises offerings. Light blue indicates customer responsibility, and dark blue indicates cloud provider responsibility.


Fig1 Sivan Symmetry21 13-5.png

Figure 1. Cloud service models and responsibilities, compared with on-premises systems. Light blue indicates customer responsibility, and dark blue indicates cloud provider responsibility.

The eHealth system is a newly developed space that contains electronic processes and communications. EHRs and EMRs act as a compilation of digital patient health data, containing demographic information, diagrams, patient medical information, patient medications, hospital or clinic reports, radiology photographs, billing information, and other sensitive patient information. Cloud computing offers a cost-effective way of effectively storing, processing, and updating that type of data with efficiency and quality.[16] Cloud computing also offers the advantage of access to hosted services from multiple locations around the world with by multiple users.

Separately, eHealth systems promise faster, robust, and sought-after access to medical records, fewer medical regulations, and improved health care quality, though they also should ideally maintain patient privacy, prevent improper authorization, and prevent misuse of sensitive patient data. When using these eHealth systems in the cloud, maintaining security and privacy are especially critical when sharing or accessing patient data. An overview of e-health structures in the scope of cloud computing is shown in Figure 2.


Fig2 Sivan Symmetry21 13-5.png

Figure 2. eHealth architecture in the scope of cloud computing.

There are a number of deployment models for cloud computing, including public cloud, private cloud, and hybrid cloud. Public cloud deployments make resources available to private and public users via the internet as an ongoing or on-demand service, allowing clients to pay only for what they use or subscribe to. Instead of purchasing a physical server and networking equipment, a public cloud customer can purchase a virtual server and network that can be accessed from anywhere. The public cloud relies on a customized environment to provide corporate infrastructure expansion, allowing the company to host certain aspects of its infrastructure and services on virtual and identifiable third-party servers. Public cloud service providers have unique capabilities, and they offer excellent types of services and price models. However, companies considering migration to public cloud must carefully consider their options when it comes to choosing a provider, especially if there is a possibility of service being preemptively terminated in a long-term contract. Careful planning can help reduce the cost of monthly payments for cloud services, but organizations with unplanned or unexpected usage requirements may find it difficult to avoid spending large sums on public cloud services.[17][15]

Private clouds are cloud installations used exclusively by a single organization and its authorized users, usually in the form of a single network or datacenter that provides services hosted to a specific group of people. Private clouds offer easy access and more control over security for the organizations using them. Although a private cloud is less expensive than using a public cloud, the cost is not easily measured. The development or growth of private cloud infrastructure will require the purchase of additional equipment. Similarly, when the need for a private cloud decreases, expensive resources and equipment are inevitably misused.[18][19]

A hybrid cloud infrastructure is a combination of two or more integrated public and private clouds. In hybrid cloud infrastructure, the organization provides and manages their own resources within the private data center while also using additional outsourced public and private services—such as VMware that works in tandem with Fortinet Networks—to provide a hybrid cloud infrastructure that allows for increased organizational security on private and remote servers while the public cloud is largely secured by the cloud provider. Hybrid cloud is usually an excellent deal for those debating between a public cloud and a private cloud. The hybrid cloud environment allows organizations to take advantage of both types of cloud platforms and choose which cloud will provide the specific data needs. For example, the hybrid cloud provides another way to store sensitive company data and information, allowing the organization to maintain sensitive security configurations in the private cloud while conducting other business activities in the public cloud.[20][21]

Advantages of cloud-based eHealth systems

The more a healthcare center integrates system data and information via a global computer network such as the internet, the more global risk that is placed into the information network due to the expansion of breachable information access points. The need to access sensitive patient information should be limited to authorized users and protected from illegal users who may misuse that information for a variety of purposes. Identity-based encryption (IBE) has so far proven to be one of the best security solutions to protect eHealth record data.[22][23] The encryption algorithm deals with problems found in common cryptographic techniques using any thread as a public key. The system can further enhance the security of health records by adding authentication procedures to three connected servers. In this system, communication between three servers uses IBE to encrypt data, such that each server can perform the encryption and decryption process during the data exchange. Only servers with authorized IDs can access and extract health record data. Currently, test results show performance relative to the speed of the algorithm used in the system.[24][25]


References

  1. Kruse, C.S.; Mileski, M.; Vijaykumar, A.G. et al. (2017). "Impact of Electronic Health Records on Long-Term Care Facilities: Systematic Review". JMIR Medical Informatics 5 (3): e35. doi:10.2196/medinform.7958. PMC PMC5640822. PMID 28963091. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5640822. 
  2. Butpheng, C.; Yeh, K.-H.; Xiong, H. (2020). "Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review". Symmetry 12 (7): 1191. doi:10.3390/sym12071191. 
  3. Ismail, L.; Materwala, H. (2020). "Blockchain Paradigm for Healthcare: Performance Evaluation". Symmetry 12 (8): 1200. doi:10.3390/sym12081200. 
  4. Malluhi, Q.; Tran, V.D.; Trinh, V.C (2020). "Decentralized Broadcast Encryption Schemes with Constant Size Ciphertext and Fast Decryption". Symmetry 12 (6): 969. doi:10.3390/sym12060969. 
  5. Hassen, O.A.; Abdulhissein, A.A.; Darwish, S.M. et al. (2020). "Towards a Secure Signature Scheme Based on Multimodal Biometric Technology: Application for IOT Blockchain Network". Symmetry 12 (10): 1699. doi:10.3390/sym12101699. 
  6. Abdulghani, H.A.; Nijdam, N.A.; Collen, A. et al. (2019). "A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective". Symmetry 11 (6): 774. doi:10.3390/sym11060774. 
  7. Kang, J.; Chung, H.; Lee, J. et al. (2016). "The Design and Analysis of a Secure Personal Healthcare System Based on Certificates". Symmetry 8 (11): 129. doi:10.3390/sym8110129. 
  8. Griebel, L.; Prokosch, H.-U.; Köpcke, F. et al. (2015). "A scoping review of cloud computing in healthcare". BMC Medical Informatics and Decision Making 15: 17. doi:10.1186/s12911-015-0145-7. 
  9. Venčkauskas, A.; Štuikys, V.; Toldinas, J. et al. (2016). "A Model-Driven Framework to Develop Personalized Health Monitoring". Symmetry 8 (7): 65. doi:10.3390/sym8070065. 
  10. Khan, M.A. (2020). "An IoT Framework for Heart Disease Prediction Based on MDCNN Classifier". IEEE Access 8: 34717–27. doi:10.1109/ACCESS.2020.2974687. 
  11. Yang, M.; Hara-Azumi, Y. (2020). "Implementation of Lightweight eHealth Applications on a Low-Power Embedded Processor". IEEE Access 8: 121724–32. doi:10.1109/ACCESS.2020.3006901. 
  12. Guo, L.; Li, Z.; Yau, W.-C. et al. (2020). "A Decryptable Attribute-Based Keyword Search Scheme on eHealth Cloud in Internet of Things Platforms". IEEE Access 8: 26107–18. doi:10.1109/ACCESS.2020.2971088. 
  13. Edemacu, K.; Park, H.K.; Jang, B. et al. (2019). "Privacy Provision in Collaborative Ehealth With Attribute-Based Encryption: Survey, Challenges and Future Directions". IEEE Access 7: 89614—89636. doi:10.1109/ACCESS.2019.2925390. 
  14. Ma, H.; Xie, Y.; Wang, J. et al. (2019). "Revocable Attribute-Based Encryption Scheme With Efficient Deduplication for Ehealth Systems". IEEE Access 7: 89205–17. doi:10.1109/ACCESS.2019.2926627. 
  15. 15.0 15.1 Caiza, J.C.; Martin, Y.-S.; Guamán, D.S. et al. (2019). "Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study". IEEE Access 7: 66512–35. doi:10.1109/ACCESS.2019.2918003.  Cite error: Invalid <ref> tag; name "CaizaReusable19" defined multiple times with different content
  16. Chenthara, S.; Ahmed, K.; Wang, H. et al. (2019). "Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing". IEEE Access 7: 74361–82. doi:10.1109/ACCESS.2019.2919982. 
  17. Razaque, A.; Amsaad, F.; Khan, M.J. et al. (2019). "Survey: Cybersecurity Vulnerabilities, Attacks and Solutions in the Medical Domain". IEEE Access 7: 168774–97. doi:10.1109/ACCESS.2019.2926627. 
  18. Kim, J.W.; Edemacy, K.; Jang, B. (2019). "MPPDS: Multilevel Privacy-Preserving Data Sharing in a Collaborative eHealth System". IEEE Access 7: 109910–23. doi:10.1109/ACCESS.2019.2933542. 
  19. Bouras, M.A.; Lu, Q.; Zhang, F.; et al. (2020). "Distributed Ledger Technology for eHealth Identity Privacy: State of The Art and Future Perspective". Sensors 20 (2): 483. doi:10.3390/s20020483. PMC PMC7013398. PMID 31952172. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7013398. 
  20. Seol, K.; Kim, Y.-G.; Lee, E. et al. (2018). "Privacy-Preserving Attribute-Based Access Control Model for XML-Based Electronic Health Record System". IEEE Access 6: 9114—28. doi:10.1109/ACCESS.2018.2800288. 
  21. Zhu, L.; Zhang, C.; Xu, C. et al. (2018). "An Efficient and Privacy-Preserving Biometric Identification Scheme in Cloud Computing". IEEE Access 6: 19025–33. doi:10.1109/ACCESS.2018.2819166. 
  22. Qadir, J.; Mujeeb-U-Rahman, M.; Rehmani, M.H. et al. (2017). "IEEE Access Special Section Editorial: Health Informatics for the Developing World". IEEE Access 5: 27818–23. doi:10.1109/ACCESS.2017.2783118. 
  23. Yeh, K.-H. (2016). "A Secure IoT-Based Healthcare System With Body Sensor Networks". IEEE Access 4: 10288–99. doi:10.1109/ACCESS.2016.2638038. 
  24. Islam, S.M.R.; Kwak, D.; Kabir, H. et al. (2015). "The Internet of Things for Health Care: A Comprehensive Survey". IEEE Access 3: 678–708. doi:10.1109/ACCESS.2015.2437951. 
  25. Tahir, A.; Chen, F.; Khan, H.U. et al. (2020). "A Systematic Review on Cloud Storage Mechanisms Concerning e-Healthcare Systems". Sensors 20 (18): 5392. doi:10.3390/s20185392. PMC PMC7570508. PMID 32967094. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7570508. 

Notes

This presentation is faithful to the original, with only a few minor changes to presentation. However, extensive grammar, punctuation, and idea organization and clean up was required to improve the readability of the original article. In some cases important information was missing from the references, and that information was added. The original citation seven (Huh 2018) was omitted in this version as it appeared to have no connection to the topic cited. A paragraph appearing in the original introduction involving "mists" and service level agreements also had no bearing to the paper and appears to have been accidentally included in the original; it is omitted for this version.