Health Records and the Cloud Computing Paradigm from a Privacy Perspective

Stingl, Christian; Slamanig, Daniel

doi:https://doi.org/10.1260/2040-2295.2.4.487

Journal of Healthcare Engineering

On this page

Abstract References Copyright Related Articles

Research Article | Open Access

Volume 2 | Article ID 370209 | https://doi.org/10.1260/2040-2295.2.4.487

Health Records and the Cloud Computing Paradigm from a Privacy Perspective

Christian Stingl¹and Daniel Slamanig¹

Received01 Jul 2010

Accepted01 Jun 2011

Abstract

With the advent of cloud computing, the realization of highly available electronic health records providing location-independent access seems to be very promising. However, cloud computing raises major security issues that need to be addressed particularly within the health care domain. The protection of the privacy of individuals often seems to be left on the sidelines. For instance, common protection against malicious insiders, i.e., non-disclosure agreements, is purely organizational. Clearly, such measures cannot prevent misuses but can at least discourage it. In this paper, we present an approach to storing highly sensitive health data in the cloud whereas the protection of patient's privacy is exclusively based on technical measures, so that users and providers of health records do not need to trust the cloud provider with privacy related issues. Our technical measures comprise anonymous communication and authentication, anonymous yet authorized transactions and pseudonymization of databases.

References

Google.com. Google Health - Personal Health Record Service. www.google.com/health.
Microsoft, Microsoft HealthVault. www.healthvault.com.
Computer Security Institute (CSI), Computer Crime and Security Survey 2007. http://www.gocsi.com/forms/csisurvey.jhtml.
B. Gain, “Cloud Computing & SaaS In 2010 - What To Expect After The Uncertainty & Hype Fade,” Processor, vol. 32, no. 1, 2010.
View at: Google Scholar
J. Rittinghouse and F. Ransome, Cloud Computing: Implementation, Management and Security, CRC Press, 2010.
P. Mell and T. Grance, The NIST Definition of Cloud Computing, National Institute of Standards and Technology, http://csrc.nist.gov/groups/SNS/cloud-computing.
P. C. Tang, J. S. Ash, D. W. Bates, J. M. Overhage, and D. Z. Sands, “Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption,” J Am Med Inform Assoc, vol. 13, no. 2, pp. 121–126, 2006.
View at: Google Scholar
U. Frick, N. Baer et al., “Chronisch Kranke einstellen? Eine experimentelle Vignettenstudie unter Personalmanagern,” in Proc. FFH 2008, pp. 45–50, Martin Meidenbauer Verlag, 2008.
View at: Google Scholar
M. Jensen, S. Schwenk, N. Gruschka, and L. Lo Iacono, “On Technical Security Issues in Cloud Computing,” in Proc. of the IEEE International Conference on Cloud Computing, pp. 109–116, IEEE.
View at: Google Scholar
I. Thomson, Google Docs leaks private user data online. http://www.v3.co.uk/vnunet/news/2238122/google-docs-leaks-private.
B. Riedl, V. Grascher, and T. A. Neubauer, “Secure e-Health Architecture based on the Appliance of Pseudonymization,” Journal of Software, vol. 3, no. 2, pp. 23–32, 2008.
View at: Google Scholar
J. Caumanns, “Der Patient bleibt Herr seiner Daten. Realisierung des eGK-Berechtigungs-konzepts über ein ticketbasiertes, virtuelles Dateisystem,” Informatik-Spektrum, vol. 29, no. 5, pp. 323–331, 2006.
View at: Google Scholar
B. Alhaqbani and C. Fidge, “Privacy-Preserving Electronic Health Record Linkage Using Pseudonym Identifiers,” in Proc. of HealthComm 2008, pp. 108–117, IEEE Communications Society, 2008.
View at: Google Scholar
N. Huda, N. Sonehara, and S. A. Yamada, “Privacy Management Architecture for Patient-Controlled Personal Health Record System,” Journal of Engineering Science and Technology, vol. 4, no. 2, pp. 154–170, 2009.
View at: Google Scholar
L. Sweeney, “k-Anonymity: a Model for Protecting Privacy,” International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5, pp. 557–570, 2002.
View at: Google Scholar
P. Samarati, “Protecting Respondents' Identities in Microdata Release,” IEEE Trans. Knowl. Data Eng, vol. 13, no. 6, pp. 1010–1027, 2001.
View at: Google Scholar
M. Bellare and P. Rogaway, “Optimal Asymmetric Encryption,” in Proc. of EUROCRYPT, 1994, vol. 950 of LNCS, pp. 92–111, Springer-Verlag, 1994.
View at: Google Scholar
T. El Gamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” in Proc. of CRYPTO, 1984, vol. 196 of LNCS, pp. 10–18, Springer-Verlag, 1984.
View at: Google Scholar
R. Cramer and V. Shoup, “A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack,” in Proc. of CRYPTO, 1998, vol. 1462 of LNCS, pp. 13–25, Springer-Verlag, 1998.
View at: Google Scholar
C. Stingl and D. Slamanig, “Privacy-enhancing methods for e-health applications: how to prevent statistical analyses and attacks,” Int. J. Bus. Intell. Data Min, vol. 3, no. 3, pp. 236–254, 2008.
View at: Google Scholar
D. Slamanig and C. Stingl, “Privacy Aspects of eHealth,” in Proc. of ARES, 2008, pp. 1226–1233, IEEE Computer Society, 2008.
View at: Google Scholar
M. Bellare, A. Boldyreva, and A. O'Neill, “Deterministic and Efficiently Searchable Encryption,” in Proc. of CRYPTO, 2007, vol. 4622 of LNCS, pp. 535–552, Springer-Verlag, 2007.
View at: Google Scholar
G. Danezis and C. Diaz, “A Survey of Anonymous Communication Channels,” Technical Report MSRTR-2008-35, Microsoft Research, 2008.
View at: Google Scholar
G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, “A Practical and Provably Secure Coalition-Resistant Group Signature Scheme,” in Proc. of CRYPTO, 2000, vol. 1880 of LNCS, pp. 255–270, Springer-Verlag, 2000.
View at: Google Scholar
D. Boneh, X. Boyen, and H. Shacham, “Short Group Signatures,” in Proc. of CRYPTO, 2004, vol. 3152 of LNCS, pp. 41–55, Springer-Verlag, 2004.
View at: Google Scholar
I. Teranishi and K. Sako, “k-Times Anonymous Authentication with a Constant Proving Cost,” in Proc. of Public-Key Cryptography 2006, vol. 3958 of LNCS, pp. 525–542, Springer-Verlag, 2006.
View at: Google Scholar
D. Slamanig, P. Schartner, and C. Stingl, “Practical Traceable Anonymous Identification,” in Proc. of SECRYPT, 2009, pp. 225–232, INSTICC Press, 2009.
View at: Google Scholar
D. Slamanig and S. Rass, “Anonymous But Authorized Transactions Supporting Selective Traceability,” in Proc. of SECRYPT, 2010, IEEE Communications Society, 2010.
View at: Google Scholar
A. Shamir, “How to Share a Secret,” Commun. ACM, vol. 22, no. 11, pp. 612–613, 1979.
View at: Google Scholar
J. C. Benaloh and J. Leichter, “Generalized Secret Sharing and Monotone Functions,” in Proc. of CRYPTO, 1988, vol. 403 of LNCS, pp. 27–35, Springer-Verlag, 1988.
View at: Google Scholar

Copyright

Copyright © 2011 Hindawi Publishing Corporation. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation Order printed copies

Views

620

Downloads

750

Citations