Abstract
The recent advancement in Information and Communication Technology (ICT) has undoubtedly improved services in all sectors in the world. Specifically, Information Technology (IT) has led to a very vital innovation in the health sector called electronic health (e-Health). In order to optimize full and excellent benefits of this innovation, its implementation in a cloud-based environment is important. However, with noticeable and numerous benefits inherent from e-Health in a cloud computing, its full utilization is still hampered by challenges of security and privacy. The Internet of Things (IoT) which is considered as a connection of various smart objects through network has unfolded many opportunities in many areas particularly in the healthcare sector. However, the introduction of IoT services in electronic health applications has resulted to increase fear and concerns of security and privacy. In this paper, we focused on extensive review of current and existing literatures of various approaches and mechanisms being used to handle security and privacy related matters in e-Health. Strengths and weaknesses of some of these approaches were enunciated. The literature review was carried out after selecting over 110 original articles and figured out several models adopted in their solutions. After comparing models used, we arrived at the reviewed articles. Reviewed articles were narrowed down to the current number because of similarity observed in the models adopted by some researchers. Also, we give an acceptable and standard definition of e-Health. An effort was made to classify cloud-based models. Security and privacy requirements as recommended by Health Insurance Portability and Accountability Act (HIPAA) were also provided. Remarks and recommendations were made regarding the review process and future directions on security and privacy of e-Health in cloud computing. Finally, we proposed a secured architecture for electronic health that could guarantee efficiency, reliability, and regulated access framework to health information. The architecture, though is currently under implementation, will yield the objective for which it is designed for. Its full-scale deployment will undoubtedly guarantee security of classified and confidential information.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, R., Liu, L.: Security models and requirements for healthcare application clouds. In: 3rd IEEE International Conference on Cloud Computing (CLOUD), Miami, FL, USA, USA, pp. 268–275. IEEE (2010)
Abbas, A., Bilal, K., Zhang, L., Khan, S.: A cloud based health insurance plan recommendation system. Future Gener. Comput. Syst. 43, 99–109 (2015)
Abbas, A., Khan, M., Ali, M., Khan, S., Yang, L.: A cloud based framework for identification of influential health experts from twitter. In: Proceedings of the 15th International Conference on Scalable Computing and Communications (ScalCom) (2015), Beijing, China, pp. 831–838. IEEE (2015)
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2012)
Eysenbach, G.: What is e-health? J. Med. Internet Res. 3(2), e20 (2001)
Subashini, S., Kavitha, V.: Review: a survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Abbas, A., Khan, S.U.: E-health cloud: privacy concerns and mitigation strategies. In: Medical Data Privacy Handbook, pp. 389–421. Springer, Basel (2015)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
VMware: Your cloud in healthcare. http://www.vmware.com/files/pdf/VMware-Your-Cloudin-Healthcare-Industry-Brief.pdf. Accessed 2015
Skorin-Kapov, L., Matijasevic, M.: Analysis of QoS requirements for e-health services and mapping to evolved packet system QoS classes. Int. J. Telemed. Appl. 2010, 1–19 (2010)
Pussewalage, H., Oleshchuk, V.: Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions. Int. J. Inf. Manag. 36(6), 1161–1173 (2016)
Shin, M., Jeon, H., Ju, Y., Lee, B., Jeong, S.: Constructing RBAC based security model in u-healthcare service platform. Sci. World J. 2015, 937914 (2015)
Simplicio, M., Iwaya, L., Barros, B., Carvalho, T., Naslund, M.: SecourHealth: a delay-tolerant security framework for mobile health data collection. IEEE J. Biomed. Health Inform. 19(2), 761–772 (2015)
Barua, M., Lu, R., Liang, X., Shen, X.: PEACE: an efficient and secure patient-centric access control scheme for eHealth care system. In: The First International Workshop on Security in Computers, Networking and Communications, Shanghai, China, pp. 970–975. IEEE (2011)
Guo, L., Zhang, C., Sun, J., Fang, Y.: PAAS: a privacy-preserving attribute-based authentication system for eHealth networks. In: 2012 32nd IEEE International Conference on Distributed Computing Systems, Macau, China, pp. 224–233. IEEE (2012)
Gajanayake, R., Iannella, R., Sahama, T.: Privacy oriented access control for electronic health records. e-J. Health Inform. 8(2), 175–186 (2014)
Azeez, N., Ademolu, O.: CyberProtector: identifying compromised URLs in electronic mails with Bayesian classification. In: International Conference Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, pp. 959–965. IEEE (2016)
Kumar, M., Fathima, M., Mahendran, M.: Personal health data storage protection on cloud using MA-ABE. Int. J. Comput. Appl. 75(8), 11–16 (2013)
Ayofe, A.N., Adebayo, S.B., Ajetola, A.R., Abdulwahab, A.F.: A framework for computer aided investigation of ATM fraud in Nigeria. Int. J. Soft Comput. 5(3), 78–82 (2010)
Zhu, H., Huang, R., Liu, X., Li, H.: SPEMR: a new secure personal electronic medical record scheme with privilege separation. In: 2014 IEEE International Conference on Communications Workshops (ICC), Sydney, NSW, Australia, pp. 700–705. IEEE (2014)
Sunagar, V., Biradar, C.: Securing public health records in cloud computing patient centric and fine grained data access control in multi owner settings. Int. J. Sci. Appl. Inf. Technol. 3(4), 18–21 (2014)
Liu, W., Liu, X., Liu, J., Wu, Q., Zhang, J., Li, Y.: Auditing and revocation enabled role-based access control over outsourced private EHRs. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC), New York, NY, USA, pp. 336–341. IEEE (2015)
Bahtiyar, S., Çağlayan, M.: Trust assessment of security for e-health systems. Electron. Commer. Res. Appl. 13(3), 164–177 (2014)
Li, W., Hoang, D.: A new security scheme for e-health system. In: International Symposium on Collaborative Technologies and Systems, 2009. CTS ‘09., Baltimore, MD, USA, pp. 361–366. IEEE (2009)
Fan, L., Lo, O., Buchanan, W., Ekonomou, E., Sharif, T., Sheridan, C.: SPoC: protecting patient privacy for e-health services in the cloud. In: eTELEMED 2012, pp. 1–6. IARIA, Wilmington (2014)
Bhartiya, S., Mehrotra, D., Girdhar, A.: Proposing hierarchy-similarity based access control framework: a multilevel electronic health record data sharing approach for interoperable environment. J. King Saud Univ. Comput. Inf. Sci. 29(4), 505–519 (2017)
Rezaeibagha, F., Mu, Y.: Distributed clinical data sharing via dynamic access-control policy transformation. Int. J. Med. Inform. 89, 25–31 (2016)
Garcia-Morchon, O., Wehrle, K.: Efficient and context-aware access control for pervasive medical sensor networks. In: 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), Mannheim, Germany, pp. 322–327. IEEE (2010)
Amini, S., Verhoeven, R., Lukkien, J., Chen, S.: Toward a security model for a body sensor platform. In: 2011 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, pp. 143–144. IEEE (2011)
Wang, X., Ma, J., Xhafa, F., Zhang, M., Luo, X.: Cost-effective secure E-health cloud system using identity based cryptographic techniques. Futur. Gener. Comput. Syst. 67, 242–254 (2017)
Karakış, R., Güler, I., Çapraz, I., Bilir, E.: A novel fuzzy logic-based image steganography method to ensure medical data security. Comput. Biol. Med. 67, 172–183 (2015)
Sahi, A., Lai, D., Li, Y.: Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan. Comput. Biol. Med. 78, 1–8 (2016)
Peleg, M., Beimel, D., Dori, D., Denekamp, Y.: Situation-based access control: privacy management via modeling of patient data access scenarios. J. Biomed. Inform. 41, 1028–1040 (2008)
Rubio, O., Alesanco, A., GarcÃa, J.: A robust and simple security extension for the medical standard SCP-ECG. J. Biomed. Inform. 46(1), 142–151 (2013)
Azeez, N.A., Lasisi, A.A.: Empirical and statistical evaluation of the effectiveness of four lossless data compression algorithms. Niger. J. Technol. Dev. 13(2), 64–73 (2016)
Nureni, A.A., Irwin, B.: Cyber security: challenges and the way forward. Comput. Sci. Telecommun. 29, 56–69 (2010)
Azeez, N., Venter, I.: Towards ensuring scalability, interoperability and efficient access control in a multi-domain grid-based environment. SAIEE Afr. Res. J. 104(2), 54–68 (2013)
Kahani, N., Elgazzar, K., Cordy, K.: Authentication and access control in e-health systems in the cloud. In: IEEE International Conference on High Performance and Smart Computing (HPSC), Big Data Security on Cloud (BigDataSecurity), New York, NY, USA, pp. 13–23. IEEE (2016)
Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: International Conference on Security and Privacy in Communication Systems, pp. 89–106. Springer, Berlin (2010)
Azeez, N.A., Olayinka, A.F., Fasina, E.P., Venter, I.M.: Evaluation of a flexible column-based access control security model for medical-based information. J. Comput. Sci. Appl. 22(1), 14–25 (2015)
Azeez, N.A., Babatope, A.B.: AANtID: an alternative approach to network intrusion detection. J. Comput. Sci. Appl. 23(1), 129–143 (2016)
Azeez, N.A., Iliyas, H.D.: Implementation of a 4-tier cloud-based architecture for collaborative health care delivery. Niger. J. Technol. Dev. 13(1), 17–25 (2016)
Azeez, N.A., Iyamu, T., Venter, I.M.: Grid security loopholes with proposed countermeasures. In: Gelenbe, E., Lent, R., Sakellari, G. (eds.) 26th International Symposium on Computer and Information Sciences, pp. 411–418. Springer, London (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Azeez, N.A., Van der Vyver, C. (2020). Security Challenges and Suggested Solutions for e-Health Information in Modern Society. In: Inácio, P., Duarte, A., Fazendeiro, P., Pombo, N. (eds) 5th EAI International Conference on IoT Technologies for HealthCare. HealthyIoT 2018. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-30335-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-30335-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30334-1
Online ISBN: 978-3-030-30335-8
eBook Packages: EngineeringEngineering (R0)