Top

Published in:

01-06-2016 | Systems-Level Quality Improvement

Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges

Authors: Anam Sajid, Haider Abbas

Published in: Journal of Medical Systems | Issue 6/2016

Abstract

The widespread deployment and utility of Wireless Body Area Networks (WBAN’s) in healthcare systems required new technologies like Internet of Things (IoT) and cloud computing, that are able to deal with the storage and processing limitations of WBAN’s. This amalgamation of WBAN-based healthcare systems to cloud-based healthcare systems gave rise to serious privacy concerns to the sensitive healthcare data. Hence, there is a need for the proactive identification and effective mitigation mechanisms for these patient’s data privacy concerns that pose continuous threats to the integrity and stability of the healthcare environment. For this purpose, a systematic literature review has been conducted that presents a clear picture of the privacy concerns of patient’s data in cloud-assisted healthcare systems and analyzed the mechanisms that are recently proposed by the research community. The methodology used for conducting the review was based on Kitchenham guidelines. Results from the review show that most of the patient’s data privacy techniques do not fully address the privacy concerns and therefore require more efforts. The summary presented in this paper would help in setting research directions for the techniques and mechanisms that are needed to address the patient’s data privacy concerns in a balanced and light-weight manner by considering all the aspects and limitations of the cloud-assisted healthcare systems.

Dong, X., Yu, J., Luo, Y., Chen, Y., Xue, G., and Li, M., Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing. Comput. Sec. 42:151–164, 2014. doi:10.1016/j.cose.2013.12.002.CrossRef

Othman, S., Bahattab, A., Trad, A., and Youssef, H., Secure data transmission protocol for medical wireless sensor networks. AINA ’14 Proc. 2014 I.E. 28th Int. Conf. Adv. Inform. Networking Appl. 649–656, 2014. doi:10.1109/AINA.2014.80.

Divi, K., and Liu, H., Modeling of WBAN and cloud integration for secure and reliable healthcare. Proc. 8Th International Conf. Body Area Networks. 128–131, 2013. doi:10.4108/icst.bodynets.2013.253706.

Waqar, A., Raza, A., Abbas, H., and Khurram Khan, M., A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. J. Network Comput. Appl. 36(1):235–248, 2013. doi:10.1016/j.jnca.2012.09.001.CrossRef

Wooten, R., Klink, R., Sinek, F., Bai, Y., and Sharma, M., Design and implementation of a secure healthcare social cloud system. 2012 12Th IEEE/ACM Int. Symp. Cluster, Cloud Grid Comput. (Ccgrid 2012). 805–810, 2012. doi:10.1109/CCGrid.2012.131.

Javadi, S., and Razzaque, M., Security and privacy in wireless body area networks for health care applications. Sign. Commun. Technol. 165–187, 2013. doi:10.1007/978-3-642-36169-2_6.

Li, M., Lou, W., and Ren, K., Data security and privacy in wireless body area networks. IEEE Wireless Commun. 17(1):51–58, 2010. doi:10.1109/mwc.2010.5416350.CrossRef

Kitchenham, B., Pearl Brereton, O., Budgen, D., Turner, M., Bailey, J., and Linkman, S., Systematic literature reviews in software engineering—a systematic literature review. Inform. Software Technol. 51(1):7–15, 2009. doi:10.1016/j.infsof.2008.09.009.CrossRef

Shen, Q., Liang, X., Shen, X., Lin, X., and Luo, H., Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation. IEEE J. Biomed. Health Inform. 18(2):430–439, 2014. doi:10.1109/JBHI.2013.2292829.CrossRefPubMed

10.

Lounis, A., Hadjidj, A., Bouabdallah, A., and Challal, Y., Healing on the cloud: Secure cloud architecture for medical wireless sensor networks. Futur. Gener. Comput. Syst. 55:266–277, 2015. doi:10.1016/j.future.2015.01.009.CrossRef

11.

Fabian, B., Ermakova, T., and Junghanns, P., Collaborative and secure sharing of healthcare data in multi-clouds. Inf. Syst. 48:132–150, 2015. doi:10.1016/j.is.2014.05.004.CrossRef

12.

Han, N., Han, L., Tuan, D., In, H., and Jo, M., A scheme for data confidentiality in cloud-assisted wireless body area networks. Inf. Sci. 284:157–166, 2014. doi:10.1016/j.ins.2014.03.126.CrossRef

13.

Tong, Y., Sun, J., Chow, S., and Pan, L., Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18(2):419–429, 2014. doi:10.1109/JBHI.2013.2294932.CrossRefPubMed

14.

Nabeel, M., and Bertino, E., Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9):2268–2280, 2014. doi:10.1109/tkde.2013.68.CrossRef

15.

Yang, J., Li, J., and Niu, Y., A hybrid solution for privacy preserving medical data sharing in the cloud environment. Futur. Gener. Comput. Syst. 43–44:74–86, 2015. doi:10.1016/j.future.2014.06.004.CrossRef

16.

Wang, H., Wu, Q., Qin, B., and Domingo-Ferrer, J., FRR: Fair remote retrieval of outsourced private medical records in electronic health networks. J. Biomed. Inform. 50:226–233, 2014. doi:10.1016/j.jbi.2014.02.008.CrossRefPubMed

17.

Zhang, K., Liang, X., Baura, M., Lu, R., and Shen, X., PHDA: A priority based health data aggregation with privacy preservation for cloud assisted WBANs. Inf. Sci. 284:130–141, 2014. doi:10.1016/j.ins.2014.06.011.CrossRef

18.

Wang, Z., Huang, D., Zhu, Y., Li, B., and Chung, C., Efficient attribute-based comparable data access control. IEEE Trans. Comput. 64(12):3430–3443, 2015. doi:10.1109/tc.2015.2401033.CrossRef

19.

Liu, X., Lu, R., Ma, J., Chen, L., and Qin, B., Privacy-preserving patient-centric clinical decision support system on naive Bayesian classification. IEEE J. Biomed. Health Inform. 20(2):655–668, 2015. doi:10.1109/jbhi.2015.2407157.CrossRef

20.

Zhou, J., Cao, Z., Dong, X., Xiong, N., and Vasilakos, A., 4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks. Inf. Sci. 314:255–276, 2015. doi:10.1016/j.ins.2014.09.003.CrossRef

21.

Sujansky, W., and Kunz, D., A standard-based model for the sharing of patient-generated health information with electronic health records. Personal Ubiquitous Comput. 19(1):9–25, 2014. doi:10.1007/s00779-014-0806-z.CrossRef

22.

Yu, H., Lai, H., Chen, K., Chou, H., Wu, J., Dorjgochoo, S., et al., A sharable cloud-based pancreaticoduodenectomy collaborative database for physicians: Emphasis on security and clinical rule supporting. Comput. Methods Programs Biomed. 111(2):488–497, 2013. doi:10.1016/j.cmpb.2013.04.019.CrossRefPubMed

23.

Zhou, J., Lin, X., Dong, X., and Cao, Z., PSMPA: Patient self-controllable and multi-level privacy-preserving cooperative authentication in distributed m-healthcare cloud computing system. IEEE Trans. Parallel Distrib. Syst. 26(6):1693–1703, 2015. doi:10.1109/tpds.2014.2314119.CrossRef

24.

Sawand, A., Djahel, S., Zhang, Z., and Na¨ıt-Abdesselam, F., Multidisciplinary Approaches to achieving efficient and trustworthy eHealth monitoring systems. IEEE/CIC ICCC 2014 Symp. Privacy Sec. In Commun 187–192, doi:10.1109/ICCChina.2014.7008269.

25.

Wang, C., Zhang, B., Ren, K., M. Roveda, J., Wen Chen, C., and Xu, Z., A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing. IEEE INFOCOM 2014 - IEEE Conf. Comput. Communi. 2130–2138, 2014. doi:10.1109/INFOCOM.2014.6848155.

26.

Zhou, J., Cao, Z., Dong, X., and Lin, X., PPDM: A privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE J. Sel. Top. Sign. Process 9(7):1332–1344, 2015. doi:10.1109/jstsp.2015.2427113.CrossRef

27.

Hoang, D., and Chen, L., Mobile Cloud for Assistive Healthcare (MoCAsH). 2010 I.E. Asia-Pacific Serv. Comput. Conf. 325–332, 2010. doi:10.1109/APSCC.2010.102.

28.

Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., and Luo, H., Security and privacy for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless Commun 22(4):104–112, 2015. doi:10.1109/mwc.2015.7224734.CrossRef

29.

Liu, C., Lin, F., Chiang, D., Chen, T., Chen, C., and Lin, H. et al., Secure PHR access control scheme for healthcare application clouds. 2013 42Nd Int. Conf. Parallel Process. 1067–1076, 2013. doi: 10.1109/icpp.2013.127.

30.

Barua, M., Liang, X., Lu, R., and Shen, X., ESPAC: Enabling security and patient-centric access control for eHealth in cloud computing. Int. J. Sec. Networks 6(2/3):67–76, 2011. doi:10.1504/ijsn.2011.043666.CrossRef

31.

Narayan, S., Gagné, M., and Safavi-Naini, R., Privacy preserving EHR system using attribute-based infrastructure. Proc. 2010 ACM Workshop Cloud Comput. Sec. Workshop - CCSW ’10. 47-52, 2010. doi:10.1145/1866835.1866845

32.

Aljumah, F., Leung, R., Pourzandi, M., and Debbabi, M., Emergency mobile access to personal health records stored on an untrusted cloud. Health Inform. Sci. 30–41, 2013. doi:10.1007/978-3-642-37899-7_3.

33.

Huang, J., Sharaf, M., and Huang, C., A hierarchical framework for secure and scalable ehr sharing and access control in multi-cloud. 2012 41St Int. Conf. Parallel Process. Workshops. 279–287, 2012. doi: 10.1109/icppw.2012.42.

34.

Chen, L., and Hoang, D., Novel data protection model in healthcare cloud. 2011 I.E. Int. Conf. High Perform. Comput. Commun. 550–555, 2011. doi: 10.1109/hpcc.2011.148.

35.

36.

Löhr, H., Sadeghi, A., and Winandy, M., Securing the e-health cloud. Proc. ACM Int. Conf. Health Inform. - IHI ’10. 220–229, 2010. doi: 10.1145/1882992.1883024.

37.

Yu, Z., Thomborson, C., Wang, C., Wang, J., and Li, R., A cloud-based watermarking method for health data security. 2012 Int. Conf. High Perform. Comput. Simulation (HPCS. 642–647, 2012. doi: 10.1109/hpcsim.2012.6266986.

38.

Alabdulatif, A., Khalil, I., and Mai, V., Protection of electronic health records (EHRs) in cloud. 2013 35Th Ann. Int. Conf. IEEE Eng. Med. Biol. Soc. (EMBC). 4191–4194, 2013. doi: 10.1109/embc.2013.6610469.

39.

Ermakova, T., and Fabian, B., Secret sharing for health data in multi-provider clouds. 2013 I.E. 15Th Conf. Bus. Inform. 93–100, 2013. doi:10.1109/CBI.2013.22.

40.

Huang, M., Chen, Y., Chen, B., Liu, J., Rho, S., and Ji, W., A semi-supervised privacy-preserving clustering algorithm for healthcare. Peer-To-Peer Network. Appl. 1–12, 2015. doi:10.1007/s12083-015-0356-9.

41.

Rahman, S., Masud, M., Hossain, M., Alelaiwi, A., Hassan, M., and Alamri, A., Privacy preserving secure data exchange in mobile P2P cloud healthcare environment. Peer-To-Peer Network. Appl. 1–16, 2015. doi:10.1007/s12083-015-0334-2.

42.

Xhafa, F., Feng, J., Zhang, Y., Chen, X., and Li, J., Privacy-aware attribute-based PHR sharing with user accountability in cloud computing. J Supercomput. 71(5):1607–1619, 2014. doi:10.1007/s11227-014-1253-3.CrossRef

43.

Chen, C., Yang, T., Chiang, M., and Shih, T., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38:143, 2014. doi:10.1007/s10916-014-0143-9.CrossRefPubMed

44.

Chen, C., Yang, T., and Shih, T., A secure medical data exchange protocol based on cloud environment. J. Med. Syst. 38:112, 2014. doi:10.1007/s10916-014-0112-3.CrossRefPubMed

45.

Jafari, M., Safavi-Naini, R., and Sheppard, N., A rights management approach to protection of privacy in a cloud of electronic health records. Proc. 11Th Ann. ACM Workshop Digit. Rights Manag. - DRM ’11. 23–30, 2011. doi:10.1145/2046631.2046637.

46.

Lam, P., Mitchell, J., Scedrov, A., Sundaram, S., and Wang, F., Declarative privacy policy. Proc. 2Nd ACM SIGHIT Symp. Int. Health Inform. - IHI ’12. 323–332, 2012. doi:10.1145/2110363.2110401.

47.

Mohanty, M., Atrey, P., and Ooi, W., Secure cloud-based medical data visualization. Proc. 20Th ACM Int. Conf. Multimed. - MM ’12. 1105–1108, 2012. doi:10.1145/2393347.2396394.

48.

Sanz-Requena, R., Mañas-García, A., Cabrera-Ayala, J., and García-Martí, G., A cloud-based radiological portal for the patients: IT contributing to position the patient as the central axis of the 21 st century healthcare cycles. Proc. First Int. Workshop Tech. Legal Aspects Data Privacy. 54–57, 2015. Retrieved from http://dl.acm.org/citation.cfm?id=2821479.

49.

Francis, T., Madiajagan, M., and Kumar, V., Privacy issues and techniques in E-Health systems. Proc. 2015 ACM SIGMIS Conf. Comput. People Res. - SIGMIS-CPR ’15. 113115, 2015. doi:10.1145/2751957.2751981.

50.

Balinsky, H., and Mohammad, N., Fine grained access of interactive personal health records. Proc. 2015 ACM Symp. Doc. Eng. - DocEng ’15. 207–210, 2015. doi:10.1145/2682571.2797098.

51.

Hei, X., and Lin, S., Multi-part file encryption for electronic health records cloud. Proc. 4Th ACM Mobihoc Workshop Pervasive Wireless Healthcare - Mobilehealth ’14. 31–36, 2014. doi:10.1145/2633651.2637473.

52.

Mohandas, A., and S, S., Privacy preserving content disclosure for enabling sharing of electronic health records in cloud computing. Proc. 7Th ACM India Comput. Conf. - COMPUTE ’14. article no. 7, 2014. doi:10.1145/2675744.2675753.

53.

Ragesh, G., and Baskaran, K., CRYPE. Proc. First Int. Conf. Sec. Internet Things - Sec. ’12. 204–209, 2012. doi:10.1145/2490428.2490457

54.

Lin, H., Shao, J., Zhang, C., and Fang, Y., CAM: Cloud-assisted privacy preserving mobile health monitoring. IEEE Trans. Inform. Forensic Sec. 8(6):985–997, 2013. doi:10.1109/tifs.2013.2255593.CrossRef

55.

Li, M., Yu, S., Zheng, Y., Ren, K., and Lou, W., Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1):131–143, 2013. doi:10.1109/tpds.2012.97.CrossRef

56.

Li, M., Yu, S., Ren, K., and Lou, W., Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. Lecture Notes Inst. Comput. Sci. Soc. Inform. Telecommun. Eng. 89–106, 2010. doi:10.1007/978-3-642-16161-2_6.

57.

Castiglione, A., Pizzolante, R., De Santis, A., Carpentieri, B., Castiglione, A., and Palmieri, F., Cloud-based adaptive compression and secure management services for 3D healthcare data. Futur. Gener. Comput. Syst. 43–44:120–134, 2015. doi:10.1016/j.future.2014.07.001.CrossRef

58.

Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., and Alem, L., A platform for secure monitoring and sharing of generic health data in the Cloud. Futur. Gener. Comput. Syst. 35:102–113, 2014. doi:10.1016/j.future.2013.09.011.CrossRef

59.

Liu, J., Huang, X., and Liu, J., Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Futur. Gener. Comput. Syst. 52:67–76, 2015. doi:10.1016/j.future.2014.10.014.CrossRef

60.

Taneja, H., Kapil, and Singh, A., Preserving privacy of patients based on re-identification risk. Proc. Comput. Sci. 70:448–454, 2015. doi:10.1016/j.procs.2015.10.073.CrossRef

61.

Khan, F., Ali, A., Abbas, H., and Haldar, N., A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Proc. Comput. Sci. 34:511–517, 2014. doi:10.1016/j.procs.2014.07.058.CrossRef

62.

Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 2014. doi: 10.1007/s10916-014-0041-1.

63.

Mishra, D., Srinivas, J., and Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):120, 2014. doi:10.1007/s10916-014-0120-3.CrossRefPubMed

64.

Abbas, H., Magnusson, C., Yngstrom, L., and Hemani, A., Addressing dynamic issues in information security management. Info. Mngmnt. Comp. Sec. 19(1):5–24, 2011. doi:10.1108/09685221111115836.CrossRef

65.

Ali, A., and Khan, F., Energy-efficient cluster-based security mechanism for intra-WBAN and inter-WBAN communications for healthcare applications. EURASIP J. Wirel. Commun. Netw. 2013(1):216, 2013. doi:10.1186/1687-1499-2013-216.CrossRef

Title: Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges
Authors: Anam Sajid
Haider Abbas
Publication date: 01-06-2016
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 6/2016
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-016-0509-2

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges

Abstract

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 6/2016

Cost-Effectiveness Evaluation of EHR: Simulation of an Abdominal Aortic Aneurysm in the Emergency Department

Acquisition of Competencies by Medical Students in Neurological Emergency Simulation Environments Using High Fidelity Patient Simulators

Implementation of Online Veterinary Hospital on Cloud Platform

Building Computer-Based Experiments in Psychology without Programming Skills

Maturity Models of Healthcare Information Systems and Technologies: a Literature Review

Efficient and Anonymous Authentication Scheme for Wireless Body Area Networks