Difference between revisions of "Journal:Security and privacy in cloud-based eHealth systems"

From LIMSWiki
Jump to navigationJump to search
(Saving and adding more.)
(Saving and adding more.)
Line 58: Line 58:


==Cloud computing and the state of the art==
==Cloud computing and the state of the art==
Cloud computing—a set of internet-based, always-on computing services provisioned on an as-needed or continuous basis—is organized into three different service models: [[infrastructure as a service]] (IaaS), [[platform as a service]] (PaaS), and [[software as a service]] (SaaS).
IaaS is a cloud service model that delivers computing resources, networking, and storage to consumers. It enables end users to upscale or downsize resources on an as-needed basis, reducing the need for compute upscaling, up-front capital expenditures, and unnecessary infrastructure.<ref name="MaRevoc19">{{cite journal |title=Revocable Attribute-Based Encryption Scheme With Efficient Deduplication for Ehealth Systems |journal=IEEE Access |author=Ma, H.; Xie, Y.; Wang, J. et al. |volume=7 |pages=89205–17 |year=2019 |doi=10.1109/ACCESS.2019.2926627}}</ref><ref name="CaizaReusable19">{{cite journal |title=Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study |journal=IEEE Access |author=Caiza, J.C.; Martin, Y.-S.; Guamán, D.S. et al. |volume=7 |pages=66512–35 |year=2019 |doi=10.1109/ACCESS.2019.2918003}}</ref> PaaS is a cloud service model that provides an application development and deployment environment to comsumers. PaaS platforms handle the complexity around operating systems and servers and leaves application developers more time to focus their business requirements to the software they are developing. SaaS is a cloud service model that delivers software to customers with relative ease; all you need is an internet connection and a browser. This service model requires the cloud vendor to manage most of their technical issues, meaning customers need not heavily lean on their in-house IT expertise for hosting and maintaining the software.
Figure 1 take a high-level look at these cloud infastructures, as compared with on-premises offerings. Light blue indicates customer responsibility, and dark blue indicates cloud provider responsibility.




Revision as of 22:40, 1 June 2021

Full article title Security and privacy in cloud-based eHealth systems
Journal Symmetry
Author(s) Sivan, Remya; Zukarnain, Zuriati, A.
Author affiliation(s) University Putra Malaysia
Primary contact Email: gs59108 at student dot upm dot edu dot my
Year published 2021
Volume and issue 13(5)
Article # 742
DOI 10.3390/sym13050742
ISSN 2073-8994
Distribution license Creative Commons Attribution 4.0 International
Website https://www.mdpi.com/2073-8994/13/5/742/htm
Download https://www.mdpi.com/2073-8994/13/5/742/pdf (PDF)
Emblem-important-yellow.svg This article should be considered a work in progress and incomplete. Consider this article incomplete until this notice is removed.

Abstract

Cloud-based healthcare computing has changed the face of healthcare in many ways. The main advantages of cloud computing in healthcare are scalability of the required service and the provision to upscale or downsize the data storge, particularly in conjunction with approaches to artificial intelligence (AI) and machine learning. This paper examines various research studies to explore the utilization of intelligent techniques in health systems and mainly focuses on the security and privacy issues in the current technologies. Despite the various benefits related to cloud computing applications for healthcare, there are different types of management, technology handling, security measures, and legal issues to be considered and addressed. The key focus of this paper is to address the increased demand for cloud computing and its definition, technologies widely used in healthcare, their problems and possibilities, and the way protection mechanisms are organized and prepared when the company chooses to implement the latest evolving service model. As such, we sought out current literature on different approaches and mechanisms used in eHealth to deal with security and privacy issues. Some of these approaches have strengths and weaknesses. After selecting original articles, a literature review was carried out, and we identified several models adopted in their solutions. We arrived at the reviewed articles after comparing the models used.

Keywords: eHealth, cloud computing, security, privacy in health systems

Introduction

Innovative changes in science, technology, and the broad understanding of our universe have permitted the evolution of practical, progressive answers to enhance the nature of human existence. Researchers considering these innovative developments have identified and assessed wellbeing data from various sources to acquire actionable information and address issues concerning human wellbeing, particularly in the realm of healthcare. In this manner, the advancement of incorporated medical care innovations—including technological innovations—has the likelihood to enhance efficiency and improve understanding of the results at each level of the medical care framework. Long-term care (LTC) facilities are a crucial a part of the healthcare industry, providing care to the fastest-growing group of the population. However, the adoption of electronic health records (EHRs) in LTC facilities lags behind other areas of the health care industry.[1] The advancement of new electronic health (eHealth) application frameworks can take care of specific issues pertinent to conventional medical care frameworks by means of powerful patient wellbeing controls, pervasive information access, distant patient checking, quick clinical intercession, and decentralized electronic medical records. These frameworks can oversee wellbeing data and patient information, upgrade personal satisfaction, increase coordinated effort, improve results, decrease expenses, and increase the general efficiency of electronic healthcare administrations.[2] For healthcare, EHRs are required to be shared among different healthcare organizations, medical drug manufacturers, pharmacists, medical insurance providers, researchers, and patients. This poses a significant challenge to keeping patients' sensitive data secure.[3] Eisenach highlights this in his depiction of eHealth as a tech industry that addresses the intersection of the internet, systems administration, and medical services, which has the potential to benefit the framework of clients and partners. The growing concept of eHealth involves the convergence of clinical informatics, general human wellbeing, and the wellbeing and the use of a secure internet, which helps drive the overall advancement of new innovation to tackle profound issues, drive down expenses, and improve understanding.[4]

Along these lines, models, gadgets, and frameworks associated with the internet of things (IoT) have become universal. Besides, the broad appropriation of IoT has harmonized with the improvement of interrelated, corresponding advances, for example, registering knowledge for medical care, business, industry, operational frameworks, etc. The efficient and safe usage of wellbeing data advancements, benefits, and all-encompassing eHealth frameworks requires exceedingly efficient and strong security frameworks to make such execution reasonable. The universality of IoT frameworks has driven the expansion of IoT innovation, remembering assorted designs for use by healthcare organizations. Connecting networks, gadgets, applications, and administration with IoT permits eHealth frameworks to share related data by utilizing the most recent IoT innovations.[5]

IoT and distributed computing are progressive innovations that supplement each other’s capacities when incorporated as flexible, versatile, and efficient tolerant medical service frameworks. The blend provides benefits, including simplicity of execution (contrasted with regular organizations), improved data security during correspondence, speedy access to records, and lower energy costs over customary modalities. Cloud-based IoT eHealth frameworks can significantly improve medical care benefits and advance persistent and efficient healthcare development. Within such frameworks, hidden IoT networks empower correspondence between clients, administrators, and workers, with clinical information being stored in the cloud. However, with new these improvements in distributed computing pushing healthcare beyond "business as usual," a variety of data storage and security issues are revealed, requiring consideration.[6]

Distributed and cloud computing are innovations that have and continue to transform the healthcare industry. Distributed computing can help improve a healthcare organization's adaptability, savvy, finances, data processing ability, and secure data sharing and distribution.[7] Cloud computing, when implemented well, should provide the ability to oversee applications and information, server accessibility, and end-used computing (EUC). Cloud computing should also ideally provide a complete, logical set of insights into a healthcare enterprise's infrastructure and end clients. By extension, cloud computing permits staff or workers to obtain and deal with their applications and information continuously on any gadget, from anywhere in the world with access to the internet.[8] However, we recognize that a coordinated effort to move information to distributed systems and the cloud brings serious security and protection worries for healthcare providers. As such, they must endeavor to fully address the effectiveness of, security of, and versatility associated with the introduction of cloud-based eHealth to the healthcare enterprise.

The fundamental motivation behind this paper is to examine the idea of cloud-based eHealth, the current utilization of eHealth in healthcare, and the challenges and solutions of cloud-based eHealth. This paper will walk through the state of distributed and cloud computing within the healthcare industry, along with the diverse opportunities and significant cloud-related security challenges associated with it. Additionally, we will discuss the plausible security arrangements for cloud-enabled eHealth.

Methods and materials

The existing literature on eHealth security is difficult to survey. We originally identified and downloaded 40 papers from the ACM Digital Library, 57 articles from the IEEE Computer Society's Digital Library, and 43 from the IEEE Xplore library to provide a fair and calculable number of articles surveyed. Additional articles were also accessed from the specialized repositories of Springer, Elsevier, Science Direct, and MDPI. Few other papers from other sources were used as those sources were not as well-known and respected as from those cited. Of those papers analyzed, we identified 110 publications worthy of use in the face of conflicting evaluation models and methods used by many analysts. Due to the similarities found in the models obtained by some scientists, the analyzed papers were restricted to the momentum number.

We then directly analyzed the papers, looking at and dissecting the strengths of each of the approaches obtained in seeking a solution to the security problem in eHealth. Through this process, we identified numerous shortcomings of the various proposed techniques, which eventually indicated a way forward to mitigate eHealth security incidents. Improving healthcare outcomes using eHealth is a developing area at the crossroads of clinical informatics, general human wellbeing, and patient health data that is securely communicated and enhanced through the internet and related technologies.[9] [10][11][12] The use of eHealth in the healthcare setting represents not olny a specialized turn of events from a more traditional approach, but also a perspective, a demeanor, and a duty for coordinated, national efforts to enhance patient care through the use of information and communication technologies locally, territorially, and internationally.[13]

Research strategy

As this was a comprehensive review, we aimed to update the findings of previous studies (54) regarding the same matter. We retrieved eligible studies from late 2013 to December 2020. The study selection searched for publications from the journal Symmetry, other journals in MDPI, IEEE Access, and other IEEE journals. The first step involved including the relevant articles with related keywords in the title or abstract based on the inclusion criteria. Papers not related to our study were excluded. The second step consisted of a full text screening of the relevant studies to select the most eligible articles.

Research questions

When screening papers, we also wanted to ensure they would help us address four important questions:

  1. What is cloud computing and the state of the art of the cloud-based computing solutions commonly used in healthcare systems?
  2. What are the security concerns or challenges in cloud-based computing in healthcare systems?
  3. How are the current cloud-based eHealth systems being protected?
  4. What is the best solution for security in cloud-based eHealth systems?

Cloud computing and the state of the art

Cloud computing—a set of internet-based, always-on computing services provisioned on an as-needed or continuous basis—is organized into three different service models: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).

IaaS is a cloud service model that delivers computing resources, networking, and storage to consumers. It enables end users to upscale or downsize resources on an as-needed basis, reducing the need for compute upscaling, up-front capital expenditures, and unnecessary infrastructure.[14][15] PaaS is a cloud service model that provides an application development and deployment environment to comsumers. PaaS platforms handle the complexity around operating systems and servers and leaves application developers more time to focus their business requirements to the software they are developing. SaaS is a cloud service model that delivers software to customers with relative ease; all you need is an internet connection and a browser. This service model requires the cloud vendor to manage most of their technical issues, meaning customers need not heavily lean on their in-house IT expertise for hosting and maintaining the software.

Figure 1 take a high-level look at these cloud infastructures, as compared with on-premises offerings. Light blue indicates customer responsibility, and dark blue indicates cloud provider responsibility.



References

  1. Kruse, C.S.; Mileski, M.; Vijaykumar, A.G. et al. (2017). "Impact of Electronic Health Records on Long-Term Care Facilities: Systematic Review". JMIR Medical Informatics 5 (3): e35. doi:10.2196/medinform.7958. PMC PMC5640822. PMID 28963091. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5640822. 
  2. Butpheng, C.; Yeh, K.-H.; Xiong, H. (2020). "Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review". Symmetry 12 (7): 1191. doi:10.3390/sym12071191. 
  3. Ismail, L.; Materwala, H. (2020). "Blockchain Paradigm for Healthcare: Performance Evaluation". Symmetry 12 (8): 1200. doi:10.3390/sym12081200. 
  4. Malluhi, Q.; Tran, V.D.; Trinh, V.C (2020). "Decentralized Broadcast Encryption Schemes with Constant Size Ciphertext and Fast Decryption". Symmetry 12 (6): 969. doi:10.3390/sym12060969. 
  5. Hassen, O.A.; Abdulhissein, A.A.; Darwish, S.M. et al. (2020). "Towards a Secure Signature Scheme Based on Multimodal Biometric Technology: Application for IOT Blockchain Network". Symmetry 12 (10): 1699. doi:10.3390/sym12101699. 
  6. Abdulghani, H.A.; Nijdam, N.A.; Collen, A. et al. (2019). "A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective". Symmetry 11 (6): 774. doi:10.3390/sym11060774. 
  7. Kang, J.; Chung, H.; Lee, J. et al. (2016). "The Design and Analysis of a Secure Personal Healthcare System Based on Certificates". Symmetry 8 (11): 129. doi:10.3390/sym8110129. 
  8. Griebel, L.; Prokosch, H.-U.; Köpcke, F. et al. (2015). "A scoping review of cloud computing in healthcare". BMC Medical Informatics and Decision Making 15: 17. doi:10.1186/s12911-015-0145-7. 
  9. Venčkauskas, A.; Štuikys, V.; Toldinas, J. et al. (2016). "A Model-Driven Framework to Develop Personalized Health Monitoring". Symmetry 8 (7): 65. doi:10.3390/sym8070065. 
  10. Khan, M.A. (2020). "An IoT Framework for Heart Disease Prediction Based on MDCNN Classifier". IEEE Access 8: 34717–27. doi:10.1109/ACCESS.2020.2974687. 
  11. Yang, M.; Hara-Azumi, Y. (2020). "Implementation of Lightweight eHealth Applications on a Low-Power Embedded Processor". IEEE Access 8: 121724–32. doi:10.1109/ACCESS.2020.3006901. 
  12. Guo, L.; Li, Z.; Yau, W.-C. et al. (2020). "A Decryptable Attribute-Based Keyword Search Scheme on eHealth Cloud in Internet of Things Platforms". IEEE Access 8: 26107–18. doi:10.1109/ACCESS.2020.2971088. 
  13. Edemacu, K.; Park, H.K.; Jang, B. et al. (2019). "Privacy Provision in Collaborative Ehealth With Attribute-Based Encryption: Survey, Challenges and Future Directions". IEEE Access 7: 89614—89636. doi:10.1109/ACCESS.2019.2925390. 
  14. Ma, H.; Xie, Y.; Wang, J. et al. (2019). "Revocable Attribute-Based Encryption Scheme With Efficient Deduplication for Ehealth Systems". IEEE Access 7: 89205–17. doi:10.1109/ACCESS.2019.2926627. 
  15. Caiza, J.C.; Martin, Y.-S.; Guamán, D.S. et al. (2019). "Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study". IEEE Access 7: 66512–35. doi:10.1109/ACCESS.2019.2918003. 

Notes

This presentation is faithful to the original, with only a few minor changes to presentation. However, extensive grammar, punctuation, and idea organization and clean up was required to improve the readability of the original article. In some cases important information was missing from the references, and that information was added. The original citation seven (Huh 2018) was omitted in this version as it appeared to have no connection to the topic cited. A paragraph appearing in the original introduction involving "mists" and service level agreements also had no bearing to the paper and appears to have been accidentally included in the original; it is omitted for this version.

Retrieved from "https://www.limswiki.org/index.php?title=Journal:Security_and_privacy_in_cloud-based_eHealth_systems&oldid=42908"