Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

BACKGROUND: The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper,...

Descripción completa

Detalles Bibliográficos
Autores principales: JPC Rodrigues, Joel, de la Torre, Isabel, Fernández, Gonzalo, López-Coronado, Miguel
Formato: Online Artículo Texto
Lenguaje:English
Publicado: JMIR Publications Inc. 2013
Materias:
Original Paper
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3757992/
https://www.ncbi.nlm.nih.gov/pubmed/23965254
http://dx.doi.org/10.2196/jmir.2494
_version_ 1782282302035853312
author JPC Rodrigues, Joel
de la Torre, Isabel
Fernández, Gonzalo
López-Coronado, Miguel
author_facet JPC Rodrigues, Joel
de la Torre, Isabel
Fernández, Gonzalo
López-Coronado, Miguel
author_sort JPC Rodrigues, Joel
collection PubMed
description BACKGROUND: The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. OBJECTIVE: To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. METHODS: To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. RESULTS: Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). CONCLUSIONS: Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.
format Online
Article
Text
id pubmed-3757992
institution National Center for Biotechnology Information
language English
publishDate 2013
publisher JMIR Publications Inc.
record_format MEDLINE/PubMed
spelling pubmed-37579922013-08-30 Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems JPC Rodrigues, Joel de la Torre, Isabel Fernández, Gonzalo López-Coronado, Miguel J Med Internet Res Original Paper BACKGROUND: The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. OBJECTIVE: To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. METHODS: To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. RESULTS: Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). CONCLUSIONS: Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. JMIR Publications Inc. 2013-08-21 /pmc/articles/PMC3757992/ /pubmed/23965254 http://dx.doi.org/10.2196/jmir.2494 Text en ©Joel JPC Rodrigues, Isabel de la Torre, Gonzalo Fernández, Miguel López-Coronado. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 21.08.2013. http://creativecommons.org/licenses/by/2.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Journal of Medical Internet Research, is properly cited. The complete bibliographic information, a link to the original publication on http://www.jmir.org/, as well as this copyright and license information must be included.
spellingShingle Original Paper
JPC Rodrigues, Joel
de la Torre, Isabel
Fernández, Gonzalo
López-Coronado, Miguel
Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
title Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
title_full Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
title_fullStr Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
title_full_unstemmed Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
title_short Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
title_sort analysis of the security and privacy requirements of cloud-based electronic health records systems
topic Original Paper
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3757992/
https://www.ncbi.nlm.nih.gov/pubmed/23965254
http://dx.doi.org/10.2196/jmir.2494
work_keys_str_mv AT jpcrodriguesjoel analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems
AT delatorreisabel analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems
AT fernandezgonzalo analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems
AT lopezcoronadomiguel analysisofthesecurityandprivacyrequirementsofcloudbasedelectronichealthrecordssystems

Ejemplares similares