1
|
Privacy in electronic health records: a systematic mapping study. J Public Health (Oxf) 2023. [DOI: 10.1007/s10389-022-01795-z] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 01/25/2023] Open
Abstract
Abstract
Main
Electronic health record (EHR) applications are digital versions of paper-based patient health information. Traditionally, medical records are made on paper. However, nowadays, advances in information and communication technology have made it possible to change medical records from paper to EHR. Therefore, preserving user data privacy is extremely important in healthcare environments. The main challenges are providing ways to make EHR systems increasingly capable of ensuring data privacy and at the same time not compromising the performance and interoperability of these systems.
Subject and methods
This systematic mapping study intends to investigate the current research on security and privacy requirements in EHR systems and identify potential research gaps in the literature. The main challenges are providing ways to make EHR systems increasingly capable of ensuring data privacy, and at the same time, not compromising the performance and interoperability of these systems. Our research was carried out in the Scopus database, the largest database of abstracts and citations in the literature with peer review.
Results
We have collected 848 articles related to the area. After disambiguation and filtering, we selected 30 articles for analysis. The result of such an analysis provides a comprehensive view of current research.
Conclusions
We can highlight some relevant research possibilities. First, we noticed a growing interest in privacy in EHR research in the last 6 years. Second, blockchain has been used in many EHR systems as a solution to achieve data privacy. However, it is a challenge to maintain traceability by recording metadata that can be mapped to private data of the users applying a particular mapping function that can be hosted outside the blockchain. Finally, the lack of a systematic approach between EHR solutions and existing laws or policies leads to better strategies for developing a certification process for EHR systems.
Collapse
|
2
|
Zala K, Thakkar HK, Jadeja R, Dholakia NH, Kotecha K, Jain DK, Shukla M. On the Design of Secured and Reliable Dynamic Access Control Scheme of Patient E-Healthcare Records in Cloud Environment. COMPUTATIONAL INTELLIGENCE AND NEUROSCIENCE 2022; 2022:3804553. [PMID: 36035822 PMCID: PMC9410930 DOI: 10.1155/2022/3804553] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/27/2022] [Revised: 07/21/2022] [Accepted: 07/26/2022] [Indexed: 11/20/2022]
Abstract
Traditional healthcare services have changed into modern ones in which doctors can diagnose patients from a distance. All stakeholders, including patients, ward boy, life insurance agents, physicians, and others, have easy access to patients' medical records due to cloud computing. The cloud's services are very cost-effective and scalable, and provide various mobile access options for a patient's electronic health records (EHRs). EHR privacy and security are critical concerns despite the many benefits of the cloud. Patient health information is extremely sensitive and important, and sending it over an unencrypted wireless media raises a number of security hazards. This study suggests an innovative and secure access system for cloud-based electronic healthcare services storing patient health records in a third-party cloud service provider. The research considers the remote healthcare requirements for maintaining patient information integrity, confidentiality, and security. There will be fewer attacks on e-healthcare records now that stakeholders will have a safe interface and data on the cloud will not be accessible to them. End-to-end encryption is ensured by using multiple keys generated by the key conclusion function (KCF), and access to cloud services is granted based on a person's identity and the relationship between the parties involved, which protects their personal information that is the methodology used in the proposed scheme. The proposed scheme is best suited for cloud-based e-healthcare services because of its simplicity and robustness. Using different Amazon EC2 hosting options, we examine how well our cloud-based web application service works when the number of requests linearly increases. The performance of our web application service that runs in the cloud is based on how many requests it can handle per second while keeping its response time constant. The proposed secure access scheme for cloud-based web applications was compared to the Ethereum blockchain platform, which uses internet of things (IoT) devices in terms of execution time, throughput, and latency.
Collapse
Affiliation(s)
- Kirtirajsinh Zala
- Department of Computer Engineering, Marwadi University, Rajkot 360006, Gujarat, India
| | - Hiren Kumar Thakkar
- Department of Computer Science and Engineering, School of Technology, Pandit Deendayal Energy University, Gandhinagar 382007, Gujarat, India
| | | | - Neel H. Dholakia
- Department of Computer Engineering, Marwadi University, Rajkot 360006, Gujarat, India
| | - Ketan Kotecha
- Symbiosis Centre for Applied Artificial Intelligence, Symbiosis International (Deemed) University, Pune, India
| | - Deepak Kumar Jain
- Key Laboratory of Intelligent Air-Ground Cooperative Control for Universities in Chongqing, College of Automation, Chongqing University of Posts and Telecommunications, Chongqing, China
| | - Madhu Shukla
- Department of Computer Engineering, Marwadi University, Rajkot 360006, Gujarat, India
| |
Collapse
|
3
|
Kim Y. Reputation, trust, and norms as mechanisms forming academic reciprocity in data sharing: an empirical test of theory of collective action. ASLIB J INFORM MANAG 2022. [DOI: 10.1108/ajim-08-2021-0242] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
PurposeThis research investigated how biological scientists' perceived academic reputation, community trust, and norms all influence their perceived academic reciprocity, which eventually leads to their data sharing intentions.Design/methodology/approachA research model was developed based on the theory of collective action, and the research model was empirically evaluated by using the Structural Equation Modeling method based on a total of 649 survey responses.FindingsThe results suggest that perceived academic reputation significantly increases perceived community trust, norm of data sharing, and academic reciprocity. Also, both perceived community trust and norm of data sharing significantly increases biological scientists' perceived academic reciprocity, which significantly affect their data sharing intentions. In addition, both perceived community trust and norm of data sharing significantly affect the relationship between perceived academic reciprocity and data sharing intention.Research limitations/implicationsThis research shows that the theory of collective action provides a new theoretical lens for understanding scientists' data sharing behaviors based on the mechanisms of reputation, trust, norm, and reciprocity within a research community.Practical implicationsThis research offers several practical implications for facilitating scientists' data sharing behaviors within a research community by increasing scientists' perceived academic reciprocity through the mechanisms of reputation, trust, and norm of data sharing.Originality/valueThe collective action perspective in data sharing has been newly proposed in this research; the research sheds light on how scientists' perceived academic reciprocity and data sharing intention can be encouraged by building trust, reputation, and norm in a research community.
Collapse
|
4
|
Berlato S, Carbone R, Lee AJ, Ranise S. Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud. ACM TRANSACTIONS ON PRIVACY AND SECURITY 2022. [DOI: 10.1145/3474056] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/19/2022]
Abstract
To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers).
To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we propose a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs.
Collapse
Affiliation(s)
- Stefano Berlato
- University of Genoa and Fondazione Bruno Kessler, Trento, Italy
| | | | | | - Silvio Ranise
- University of Trento and Fondazione Bruno Kessler, Trento, Italy
| |
Collapse
|
5
|
Access control based on entity matching for secure data sharing. SERVICE ORIENTED COMPUTING AND APPLICATIONS 2022. [DOI: 10.1007/s11761-021-00331-3] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/27/2022]
|
6
|
Huang YT, Chiang DL, Chen TS, Wang SD, Lai FP, Lin YD. Lagrange interpolation-driven access control mechanism: Towards secure and privacy-preserving fusion of personal health records. Knowl Based Syst 2022. [DOI: 10.1016/j.knosys.2021.107679] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/30/2022]
|
7
|
Oh SR, Seo YD, Lee E, Kim YG. A Comprehensive Survey on Security and Privacy for Electronic Health Data. INTERNATIONAL JOURNAL OF ENVIRONMENTAL RESEARCH AND PUBLIC HEALTH 2021; 18:ijerph18189668. [PMID: 34574593 PMCID: PMC8465695 DOI: 10.3390/ijerph18189668] [Citation(s) in RCA: 13] [Impact Index Per Article: 4.3] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/28/2021] [Revised: 09/01/2021] [Accepted: 09/09/2021] [Indexed: 12/01/2022]
Abstract
Recently, the integration of state-of-the-art technologies, such as modern sensors, networks, and cloud computing, has revolutionized the conventional healthcare system. However, security concerns have increasingly been emerging due to the integration of technologies. Therefore, the security and privacy issues associated with e-health data must be properly explored. In this paper, to investigate the security and privacy of e-health systems, we identified major components of the modern e-health systems (i.e., e-health data, medical devices, medical networks and edge/fog/cloud). Then, we reviewed recent security and privacy studies that focus on each component of the e-health systems. Based on the review, we obtained research taxonomy, security concerns, requirements, solutions, research trends, and open challenges for the components with strengths and weaknesses of the analyzed studies. In particular, edge and fog computing studies for e-health security and privacy were reviewed since the studies had mostly not been analyzed in other survey papers.
Collapse
Affiliation(s)
- Se-Ra Oh
- Miro Corporation, Incheon 21988, Korea;
| | - Young-Duk Seo
- Department of Computer Engineering, Inha University, Incheon 22212, Korea;
| | - Euijong Lee
- Department of Computer Science, Chungbuk National University, Cheongju 28644, Korea;
| | - Young-Gab Kim
- Department of Computer and Information Security, and Convergence Engineering for Intelligent Drone, Sejong University, Seoul 05006, Korea
- Correspondence:
| |
Collapse
|
8
|
Bertuccio S, Tardiolo G, Giambò FM, Giuffrè G, Muratore R, Settimo C, Raffa A, Rigano S, Bramanti A, Muscarà N, De Cola MC. ReportFlow: an application for EEG visualization and reporting using cloud platform. BMC Med Inform Decis Mak 2021; 21:7. [PMID: 33407445 PMCID: PMC7789295 DOI: 10.1186/s12911-020-01369-7] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/17/2020] [Accepted: 12/09/2020] [Indexed: 11/22/2022] Open
Abstract
Background The cloud is a promising resource for data sharing and computing. It can optimize several legacy processes involving different units of a company or more companies. Recently, cloud technology applications are spreading out in the healthcare setting as well, allowing to cut down costs for physical infrastructures and staff movements. In a public environment the main challenge is to guarantee the patients’ data protection. We describe a cloud-based system, named ReportFlow, developed with the aim to improve the process of reporting and delivering electroencephalograms. Methods We illustrate the functioning of this application through a use-case scenario occurring in an Italian hospital, and describe the corresponding key encryption and key management used for data security guarantee. We used the X2 test or the unpaired Student t test to perform pre-post comparisons of some indexes, in order to evaluate significant changes after the application of ReportFlow. Results The results obtained through the use of ReportFlow show a reduction of the time for exam reporting (t = 19.94; p < 0.001) and for its delivering (t = 14.95; p < 0.001), as well as an increase of the number of neurophysiologic examinations performed (about 20%), guaranteeing data integrity and security. Moreover, 68% of exam reports were delivered completely digitally. Conclusions The application resulted to be an optimal solution to optimize the legacy process adopted in this scenario. The comparative pre-post analysis showed promising preliminary results of performance. Future directions will be the creation and release of certificates automatically.
Collapse
Affiliation(s)
- S Bertuccio
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - G Tardiolo
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - F M Giambò
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - G Giuffrè
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - R Muratore
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - C Settimo
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - A Raffa
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - S Rigano
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - A Bramanti
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - N Muscarà
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy
| | - M C De Cola
- IRCCS Centro Neurolesi "Bonino Pulejo", S.S. 113, Contrada Casazza, 98124, Messina, Italy.
| |
Collapse
|
9
|
Azeez NA, der Vyver CV. Security and privacy issues in e-health cloud-based system: A comprehensive content analysis. EGYPTIAN INFORMATICS JOURNAL 2019. [DOI: 10.1016/j.eij.2018.12.001] [Citation(s) in RCA: 18] [Impact Index Per Article: 3.6] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/27/2022]
|
10
|
Liu X, Xia Y, Yang W, Yang F. Secure and efficient querying over personal health records in cloud computing. Neurocomputing 2018. [DOI: 10.1016/j.neucom.2016.06.100] [Citation(s) in RCA: 11] [Impact Index Per Article: 1.8] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/19/2022]
|
11
|
Rezaeibagha F, Mu Y. Practical and secure telemedicine systems for user mobility. J Biomed Inform 2017; 78:24-32. [PMID: 29288816 DOI: 10.1016/j.jbi.2017.12.011] [Citation(s) in RCA: 12] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/08/2017] [Revised: 12/02/2017] [Accepted: 12/20/2017] [Indexed: 10/18/2022]
Abstract
The application of wireless devices has led to a significant improvement in the quality delivery of care in telemedicine systems. Patients who live in a remote area are able to communicate with the healthcare provider and benefit from the doctor consultations. However, it has been a challenge to provide a secure telemedicine system, which captures users (patients and doctors) mobility and patient privacy. In this work, we present several secure protocols for telemedicine systems, which ensure the secure communication between patients and doctors who are located in different geographical locations. Our protocols are the first of this kind featured with confidentiality of patient information, mutual authentication, patient anonymity, data integrity, freshness of communication, and mobility. Our protocols are based on symmetric-key schemes and capture all desirable security requirements in order to better serve our objectives of research for secure telemedicine services; therefore, they are very efficient in implementation. A comparison with related works shows that our work contributes first comprehensive solution to capture user mobility and patient privacy for telemedicine systems.
Collapse
Affiliation(s)
- Fatemeh Rezaeibagha
- Institute of Cybersecurity and Cryptology, School of Computing and Information Technology, University of Wollongong, NSW 2522, Australia.
| | - Yi Mu
- Institute of Cybersecurity and Cryptology, School of Computing and Information Technology, University of Wollongong, NSW 2522, Australia.
| |
Collapse
|
12
|
Kim Y. Fostering scientists’ data sharing behaviors via data repositories, journal supplements, and personal communication methods. Inf Process Manag 2017. [DOI: 10.1016/j.ipm.2017.03.003] [Citation(s) in RCA: 26] [Impact Index Per Article: 3.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
|
13
|
Liu X, Liu Q, Peng T, Wu J. Dynamic access policy in cloud-based personal health record (PHR) systems. Inf Sci (N Y) 2017. [DOI: 10.1016/j.ins.2016.06.035] [Citation(s) in RCA: 40] [Impact Index Per Article: 5.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/27/2022]
|
14
|
Confidentiality and Privacy for Smartphone Applications in Child and Adolescent Psychiatry: Unmet Needs and Practical Solutions. Child Adolesc Psychiatr Clin N Am 2017; 26:117-124. [PMID: 27837937 DOI: 10.1016/j.chc.2016.07.006] [Citation(s) in RCA: 7] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Indexed: 01/22/2023]
Abstract
This article summarizes the current literature on clinical knowledge and practical gaps regarding the confidentiality and privacy for smartphone and connected devices in child and adolescent psychiatry and offers practical solutions and consideration for the next steps for the field. Important issues to consider include disclosure of information sharing, access privilege, privacy and trust, risk and benefit analysis, and the need for standardization. Through understanding the privacy and confidentiality concerns regarding digital devices, child and adolescent psychiatrists can guide patients and parents though informed decision-making and also help shape how the field creates the next generation of these tools.
Collapse
|