Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
BackgroundThe Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, t...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
JMIR Publications
2013-08-01
|
| Series: | Journal of Medical Internet Research |
| Online Access: | http://www.jmir.org/2013/8/e186/ |
| _version_ | 1819241992760066048 |
|---|---|
| author | JPC Rodrigues, Joel de la Torre, Isabel Fernández, Gonzalo López-Coronado, Miguel |
| author_facet | JPC Rodrigues, Joel de la Torre, Isabel Fernández, Gonzalo López-Coronado, Miguel |
| author_sort | JPC Rodrigues, Joel |
| collection | DOAJ |
| description | BackgroundThe Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered.
ObjectiveTo show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed.
MethodsTo study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers.
ResultsSome of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA).
ConclusionsStoring sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. |
| first_indexed | 2024-12-23T14:32:43Z |
| format | Article |
| id | doaj.art-e9529467a3bb4f9597ff44de25d771e9 |
| institution | Directory Open Access Journal |
| issn | 1438-8871 |
| language | English |
| last_indexed | 2024-12-23T14:32:43Z |
| publishDate | 2013-08-01 |
| publisher | JMIR Publications |
| record_format | Article |
| series | Journal of Medical Internet Research |
| spelling | doaj.art-e9529467a3bb4f9597ff44de25d771e92022-12-21T17:43:27ZengJMIR PublicationsJournal of Medical Internet Research1438-88712013-08-01158e18610.2196/jmir.2494Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records SystemsJPC Rodrigues, Joelde la Torre, IsabelFernández, GonzaloLópez-Coronado, MiguelBackgroundThe Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. ObjectiveTo show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. MethodsTo study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. ResultsSome of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). ConclusionsStoring sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.http://www.jmir.org/2013/8/e186/ |
| spellingShingle | JPC Rodrigues, Joel de la Torre, Isabel Fernández, Gonzalo López-Coronado, Miguel Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems Journal of Medical Internet Research |
| title | Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems |
| title_full | Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems |
| title_fullStr | Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems |
| title_full_unstemmed | Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems |
| title_short | Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems |
| title_sort | analysis of the security and privacy requirements of cloud based electronic health records systems |
| url | http://www.jmir.org/2013/8/e186/ |
| work_keys_str_mv | AT jpcrodriguesjoel analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems AT delatorreisabel analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems AT fernandezgonzalo analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems AT lopezcoronadomiguel analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems |