Privacy-Aware Cloud Architecture for Collaborative Use of Patients’ Health Information
Abstract
:1. Introduction
1.1. Information Privacy
1.2. Research Problem
1.3. Cloud Computing in Healthcare
2. Related Work
3. Proposed Architecture
- Just-enough information disclosure: disclosing only the right information according to the context in which it is required.
- Accessible location of information: Storing patients’ information in one place for easy access whenever information is required.
- Unified platform: Accessing information through a unified platform is a key characteristic for improving healthcare services.
- Adherence to the legal privacy-related frameworks: The architecture should adhere to privacy-related regulations and policies such as HIPPA and the Information Privacy Act when using information.
- Patients control: Patients should have a means of controlling who can access their information.
- Cloud provider blindness: The cloud provider should not be able to read or access patients’ information that is stored on the cloud.
3.1. Architecture Fundamental Aspects
3.1.1. Structuring Patients Information
3.1.2. Searchable Symmetric Encryption (SSE)
- Generating a secret root key () for the patient.
- Generating a secret key () for every document of patient information and choosing a keyword for each document.
- Keywords are encrypted using their corresponding secret keys, and the resulting ciphertexts are listed to form an encrypted index.
- Trapdoors are then created, which involve combining the secret keys with the ciphertexts. Trapdoors will be used to identify and decrypt documents.
- Documents are encrypted using their corresponding secret keys.
3.2. Architectural Design and Components
- Standard presentation and categorization of information
- Information pre-processing, encrypting, and decrypting
- Characteristics related to accessing patients’ information for research purposes
3.3. System Instantiation
- A random secret root key (SkR) is generated for Bob’s information using the KeyGen algorithm.
- A number of keywords from each document are selected, and a secret key (Sk) for encrypting them is generated using the KeyDer algorithm.
- The IndexGen algorithm encrypts selected keywords for every document using their corresponding Sk. The goal in this step is to create an encrypted index for each document to identify it while it is encrypted.
- After encrypted indexes are generated for all documents, the ciphertexts of keywords with their corresponding Sk for each document are grouped to be the documents’ trapdoors.
- The last step in the information preparation process involves encrypting the patient’s documents and their corresponding trapdoors. Each document is encrypted using the Sk that is included in its corresponding trapdoor, and trapdoors are encrypted using the SkR that was generated in the first step.
- Generates a unique code for the patient, referred to as (System ID).
- Sends Bob’s encrypted information labeled by Bob’s system ID to the cloud service provider (CSP).
- Sends the encrypted trapdoors to the secret key agent (SKA) for storage. Information sent to the SKA is also labeled by Bob’s system ID.
- The information sent to both CSP and SKA is deleted from the RA.
- The RA stores the following information:
- Bob’s identification information
- Bob’s system ID,
- Bob’s SkR,
- Document indexes,
- Names of users who have permanent consent to access Bob’s information (if Bob has provided any),
- Information required for obtaining Bob’s temporary consent.
- Bob’s information is stored in encrypted form and labeled by Bob’s system-generated ID. The cloud provider is not able to learn the content of the information.
- The trapdoors are encrypted using Bob’s SkR and stored on the SKA, labeled by Bob’s system ID. The SKA is unable to learn the content of the trapdoors without Bob’s SkR which is stored on the RA.
- The RA is the only entity in the system that can identify Bob and his SkR. The RA stores all the information that is required to access Bob’s information, as presented in Figure 2.
- Accessing stored patient information—Scenario
3.3.1. Protocol to Access Information Stored in the Cloud
- It searches for Bob’s information using his basic information and finds his system ID.
- It sends a request for authorization to the CSR. The request includes the following information:
- Information that is required to identify the nurse (user ID);
- List of users who have permanent consent to access Bob’s information;
- Bob’s mobile number for requesting his consent if required in this particular instance.
- It searches for the nurse’s information to identify her access rights to patient information. This happens by searching through the list of users that is stored locally on the CSR.
- It checks if the nurse is permanently consented to access Bob’s information using the list of users who have permanent consent to access Bob’s information.
- The CSR finds out that the nurse is allowed access doc-1 and doc-2 (Em_V) of patients’ information, but she is not permanently consented to access Bob’s information, therefore, Bob’s consent is required.
- The SCR sends a request of consent to Bob in the form of a text message. The content of the message includes:
- Bob’s system ID
- Indexes of doc-1 and doc-2
- The nurse’s application address
- Bob’s system ID and SkR
- Trapdoor-1 and trapdoor-2 tags
- The nurse’s application address
- Searches for Bob’s information using Bob’s system ID.
- Searches for the doc-1 and doc-2 using their indexes.
- Sends the identified documents (doc-1 and doc-2) to the nurse using her application physical address.
- Searches for the encrypted trapdoors using Bob’s system ID.
- Decrypts the trapdoors using Bob’s SkR.
- Sends trapdoors for doc-1 and doc-2 to the nurse application using her physical address.
- Re-encrypts the trapdoors using the same SkR and drops the SkR (deletes it).
3.3.2. Updating Patient Information
- It searches for Bob’s information to identify him.
- It searches through the list of authorized users to access Bob’s information and finds the nurse listed as a temporarily authorized user to access doc-1 and doc-2 of patients’ information.
- It forwards the encrypted information, indexes for doc-1 and doc-2, and Bob’s system ID to the CSP.
- It searches for Bob’s encrypted documents using indexes and the system ID.
- It identifies the documents using the indexes and replaces them with the new ones.
- It deletes the indexes received from the RA.
3.4. Architecture Implementation
- The ability of the cloud provider to access and read the information that is stored in the cloud;
- The ability of unauthorized users to access patients’ information stored in the cloud.
3.4.1. Implementation Setup
3.4.2. Testing the Architecture
4. Discussion
4.1. Privacy-Preservation
4.2. Security Analysis
4.3. Architecture Limitation
- Network congestion: Healthcare organizations may experience network congestion when multiple users are accessing cloud-based services simultaneously. This can cause slowdowns, latency, or even a complete loss of service.
- Geographic location: Healthcare providers located in remote or rural areas may not have access to high-speed Internet, which can make accessing cloud-based services difficult.
- Data-intensive applications: Certain healthcare applications, such as EHRs or medical imaging systems, generate large amounts of data that need to be transferred over the Internet. This can be a bandwidth-intensive process, which can lead to slowdowns and performance issues.
- Security: High-bandwidth applications may require additional security measures to protect patient data. This can further slow-down the data transfer process and add to the bandwidth requirements.
- Cost: Higher bandwidth requirements can result in increased costs for healthcare organizations, which may make cloud adoption less feasible.
- Assessing their current bandwidth requirements and planning for future needs. This can help ensure that their network infrastructure can handle the bandwidth requirements of cloud-based applications.
- Investing in high-speed Internet connections and upgrading network infrastructure, including routers and switches.
- Considering cloud providers that offer content delivery networks (CDNs) to minimize latency and speed up data transfer times.
- Implementing data compression and deduplication techniques to reduce the amount of data that needs to be transferred over the Internet.
- Prioritizing network traffic to ensure that bandwidth-intensive applications are given priority over less critical applications.
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Gupta, M.; Thirumalaisamy, M.; Shamsher, S.; Pandey, A.; Muthiah, D.; Suvarna, N. Patient health monitoring using feed forward neural network with cloud based internet of things. In Proceedings of the 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), Greater Noida, India, 28–29 April 2022. [Google Scholar]
- Mamlin, B.W.; Tierney, W.M. The Promise of Information and Communication Technology in Healthcare: Extracting Value From the Chaos. Am. J. Med. Sci. 2016, 351, 59–68. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Neves, A.L.; Carter, A.W.; Freise, L.; Laranjo, L.; Darzi, A.; Mayer, E.K. Impact of sharing electronic health records with patients on the quality and safety of care: A systematic review and narrative synthesis protocol. BMJ Open 2018, 8, e020387. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Kalkman, S.; van Delden, J.; Banerjee, A.; Tyl, B.; Mostert, M.; van Thiel, G. Patients’ and public views and attitudes towards the sharing of health data for research: A narrative review of the empirical evidence. J. Med. Ethics 2019, 48, 3–13. [Google Scholar] [CrossRef] [Green Version]
- Kim, E.; Rubinstein, S.M.; Nead, K.T.; Wojcieszynski, A.P.; Gabriel, P.E.; Warner, J.L. The Evolving Use of Electronic Health Records (EHR) for Research. Semin. Radiat. Oncol. 2019, 29, 354–361. [Google Scholar] [CrossRef] [PubMed]
- Kitamura, T.; Kiyohara, K.; Matsuyama, T.; Hatakeyama, T.; Shimamoto, T.; Izawa, J.; Nishiyama, C.; Iwami, T. Is Survival After Out-of-Hospital Cardiac Arrests Worse During Days of National Academic Meetings in Japan? A Population-Based Study. J. Epidemiol. 2016, 26, 155–162. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Gray, C.S.; Barnsley, J.; Gagnon, D.; Belzile, L.; Kenealy, T.; Shaw, J.; Sheridan, N.; Nji, P.W.; Wodchis, W.P. Using information communication technology in models of integrated community-based primary health care: Learning from the iCOACH case studies. Implement. Sci. 2018, 13, 87. [Google Scholar] [CrossRef] [Green Version]
- Oude, W.; Velsen, L.V.; Huygens, M.; Hermens, H. Requirements for and Barriers towards Interoperable eHealth Technology in Primary Care. IEEE Internet Comput. 2015, 19, 10–19. [Google Scholar]
- Bélanger, F.; Crossler, R.E. Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. MIS Q. 2011, 35, 1017–1041. [Google Scholar] [CrossRef] [Green Version]
- White, T.; Blok, E.; Calhoun, V.D. Data sharing and privacy issues in neuroimaging research: Opportunities, obstacles, challenges, and monsters under the bed. Hum. Brain Mapp. 2022, 43, 278–291. [Google Scholar] [CrossRef]
- Wirth, F.N.; Meurers, T.; Johns, M.; Prasser, F. Privacy-preserving data sharing infrastructures for medical research: Systematization and comparison. BMC Med. Inform. Decis. Mak. 2021, 21, 1–13. [Google Scholar] [CrossRef]
- Public Law. Health Insurance Portability And Accountability Act Of 1996," Public Law 104-191, 104th Congress, 1996. Available online: https://www.govinfo.gov/app/details/PLAW-104publ191 (accessed on 20 May 2023).
- Gunasekara, G.; Dillon, E. Data Protection Litigation in New Zealand: Processes and Outcomes. Vic. Univ. Wellingt. Law Rev. 2008, 39, 457–486. [Google Scholar] [CrossRef] [Green Version]
- Gkoulalas-Divanis, A.; Loukides, G. Introduction to medical data privacy. In Medical Data Privacy Handbook; Springer International Publishing: Cham, Switzerland, 2015; pp. 1–14. [Google Scholar] [CrossRef]
- Meng, S.; Fan, S.; Li, Q.; Wang, X.; Zhang, J.; Xu, X.; Qi, L.; Alam Bhuiyan, Z. Privacy-Aware Factorization-Based Hybrid Recommendation Method for Healthcare Services. IEEE Trans. Ind. Inform. 2022, 18, 5637–5647. [Google Scholar] [CrossRef]
- Gürsoy, G.; Li, T.; Liu, S.; Ni, E.; Brannon, C.M.; Gerstein, M.B. Functional genomics data: Privacy risk assessment and technological mitigation. Nat. Rev. Genet. 2021, 23, 245–258. [Google Scholar] [CrossRef] [PubMed]
- Tanriverdi, M. A Systematic Review of Privacy Preserving Healthcare Data Sharing on Blockchain. J. Cybersecur. Inf. Manag. 2020, 4, 31–37. [Google Scholar] [CrossRef]
- Blackman, S. Towards a conceptual framework for persistent use: A technical plan to achieve semantic interoperability within electronic health record systems. In Proceedings of the 50th Hawaii International Conference on System Sciences, Waikoloa Village, HI, USA, 4–7 January 2017. [Google Scholar]
- Shahid, J.; Ahmad, R.; Kiani, A.K.; Ahmad, T.; Saeed, S.; Almuhaideb, A.M. Data Protection and Privacy of the Internet of Healthcare Things (IoHTs). Appl. Sci. 2022, 12, 1927. [Google Scholar] [CrossRef]
- Priyanga, P.; Muthu Kumar, V.P. Cloud computing for healthcare organisation. Int. J. Multidiscip. Res. Development. 2015, 2, 487–493. [Google Scholar]
- Casola, V.; Castiglione, A.; Choo, K.-K.R.; Esposito, C. Healthcare-Related Data in the Cloud: Challenges and Opportunities. IEEE Cloud Comput. 2016, 3, 10–14. [Google Scholar] [CrossRef]
- Svensson, A. Challenges in Using IT Systems for Collaboration in Healthcare Services. Int. J. Environ. Res. Public Health 2019, 16, 1773. [Google Scholar] [CrossRef] [Green Version]
- Griffith, E. What Is Cloud Computing? Available online: http://au.pcmag.com/networking-communications-software-products/29902/feature/what-is-cloud-computing (accessed on 21 March 2016).
- Cresswell, K.; Hernández, A.D.; Williams, R.; Sheikh, A. Key Challenges and Opportunities for Cloud Technology in Health Care: Semistructured Interview Study. JMIR Hum. Factors 2022, 9, e31246. [Google Scholar] [CrossRef]
- Mell, P.; Grance, T. The NIST Definition of Cloud Computing. Natl. Inst. Stand. Technol. 2011, 2. [Google Scholar] [CrossRef]
- Doukas, C.; Pliakas, T.; Maglogiannis, I. Mobile healthcare information management utilizing cloud computing and android OS. In Proceedings of the Engineering in Medicine and Biology Society (EMBC), Annual International Conference of the IEEE, Glasgow, UK, 11–15 July 2010. [Google Scholar] [CrossRef]
- Griebel, L.; Prokosch, H.-U.; Köpcke, F.; Toddenroth, D.; Christoph, J.; Leb, I.; Engel, I.; Sedlmayr, M. A scoping review of cloud computing in healthcare. BMC Med. Inform. Decis. Mak. 2015, 15, 1–16. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Zhang, R.; Liu, L. Security models and requirements for healthcare application clouds. In Proceedings of the IEEE 3rd International Conference on Cloud Computing (CLOUD), Miami, FL, USA, 5–10 July 2010. [Google Scholar] [CrossRef] [Green Version]
- Sharma, M.; Sehrawat, R. A hybrid multi-criteria decision-making method for cloud adoption: Evidence from the healthcare sector. Technol. Soc. 2020, 61, 101258. [Google Scholar] [CrossRef]
- Yüksel, B.; Küpçü, A.; Özkasap, Ö. Research issues for privacy and security of electronic health services. Future Gener. Comput. Syst. 2017, 68, 1–17. [Google Scholar] [CrossRef]
- Raj, H.; Kumar, M.; Kumar, P.; Singh, A.; Verma, O.P. Issues and Challenges Related to Privacy and security in healthcare Using IoT, Fog, and cloud computing. In Advanced Healthcare Systems: Empowering Physicians with IoT-Enabled Technologies; Scrivener Publishing LLC: Beverly, MA, USA, 2022; pp. 21–32. [Google Scholar]
- Aziz, H.; Guled, A. Cloud Computing and Healthcare Services. 2016. Available online: http://hdl.handle.net/10576/4714 (accessed on 20 May 2023).
- Chenthara, S.; Ahmed, K.; Wang, H.; Whittaker, F. Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing. IEEE Access 2019, 7, 74361–74382. [Google Scholar] [CrossRef]
- Weir, C.R.; Hammond, K.W.; Embi, P.J.; Efthimiadis, E.N.; Thielke, S.M.; Hedeen, A.N. An exploration of the impact of computerized patient documentation on clinical collaboration. Int. J. Med. Inform. 2011, 80, e62–e71. [Google Scholar] [CrossRef]
- Dixon, B.E.; Embi, P.J.; Haggstrom, D.A. Information technologies that facilitate care coordination: Provider and patient perspectives. Transl. Behav. Med. 2018, 8, 522–525. [Google Scholar] [CrossRef] [Green Version]
- Bertagnolli, M.M.; Anderson, B.; Quina, A.; Piantadosi, S. The electronic health record as a clinical trials tool: Opportunities and challenges. Clin. Trials 2020, 17, 237–242. [Google Scholar] [CrossRef]
- Liu, X.; Wang, Z.; Jin, C.; Li, F.; Li, G.A. Blockchain-Based Medical Data Sharing and Protection Scheme. IEEE Access 2019, 7, 118943–118953. [Google Scholar] [CrossRef]
- Cordovano, G.; Shah, S.N. Requesting Medical Records, Health Data. 2020. Available online: https://journal.ahima.org/page/requesting-medical-records (accessed on 20 May 2023).
- Gupta, D.; Malik, S.; Rana, A. Adopting Semantic Interoperability for Improved Healthcare (29 April 2022). Proceedings of the International Conference on Innovative Computing & Communication (ICICC) 2022. 2022. Available online: https://ssrn.com/abstract=4096399 (accessed on 20 May 2023).
- Rajkumar, N.; Muzoora, M.; Thun, S. Dentistry and Interoperability. J. Dent. Res. 2022, 101, 1258–1262. [Google Scholar] [CrossRef]
- Devadass, L.; Sekaran, S.S.; Thinakaran, R. Cloud Computing in Healthcare. Int. J. Stud. Res. Technol. Manag. 2017, 5, 25–31. [Google Scholar] [CrossRef] [Green Version]
- Quatrani, T.; Evangelist, U.M.L. Introduction to the Unified Modeling Language. IBM 2003, 6, 3. [Google Scholar]
- Górski, T. Profile for Messaging Patterns in Service-Oriented Architecture, Microservices, and Internet of Things. Appl. Sci. 2022, 12, 12790. [Google Scholar] [CrossRef]
- Thramboulidis, K.; Christoulakis, F. UML4IoT—A UML-based approach to exploit IoT in cyber-physical manufacturing systems. Comput. Ind. 2016, 82, 259–272. [Google Scholar] [CrossRef]
- Petrasch, R.J.; Petrasch, R.R. Data Integration and Interoperability: Towards a Model-Driven and Pattern-Oriented Approach. Modelling 2022, 3, 105–126. [Google Scholar] [CrossRef]
- Pufahl, L.; Zerbato, F.; Weber, B.; Weber, I. BPMN in healthcare: Challenges and best practices. Inf. Syst. 2022, 107, 102013. [Google Scholar] [CrossRef]
- Schmidt, M.-T.; Hutchison, B.; Lambros, P.; Phippen, R. The Enterprise Service Bus: Making service-oriented architecture real. IBM Syst. J. 2005, 44, 781–797. [Google Scholar] [CrossRef] [Green Version]
- Niknejad, N.; Ismail, W.; Ghani, I.; Nazari, B.; Bahari, M.; Hussin, A.R.B.C. Understanding Service-Oriented Architecture (SOA): A systematic literature review and directions for further investigation. Inf. Syst. 2020, 91, 101491. [Google Scholar] [CrossRef]
- Aziz, O.; Farooq, M.S.; Abid, A.; Saher, R.; Aslam, N. Research Trends in Enterprise Service Bus (ESB) Applications: A Systematic Mapping Study. IEEE Access 2020, 8, 31180–31197. [Google Scholar] [CrossRef]
- Agbo, C.C.; Mahmoud, Q.H.; Eklund, J.M. Blockchain Technology in Healthcare: A Systematic Review. Healthcare 2019, 7, 56. [Google Scholar] [CrossRef] [Green Version]
- Jin, H.; Luo, Y.; Li, P.; Mathew, J. A Review of Secure and Privacy-Preserving Medical Data Sharing. IEEE Access 2019, 7, 61656–61669. [Google Scholar] [CrossRef]
- Kim, J.W.; Kim, S.J.; Cha, W.C.; Kim, T. A Blockchain-Applied Personal Health Record Application: Development and User Experience. Appl. Sci. 2022, 12, 1847. [Google Scholar] [CrossRef]
- Abdellatif, A.A.; Al-Marridi, A.Z.; Mohamed, A.; Erbad, A.; Chiasserini, C.F.; Refaey, A. ssHealth: Toward Secure, Blockchain-Enabled Healthcare Systems. IEEE Netw. 2020, 34, 312–319. [Google Scholar] [CrossRef]
- Guo, R.; Shi, H.; Zheng, D.; Jing, C.; Zhuang, C.; Wang, Z. Flexible and Efficient Blockchain-Based ABE Scheme with Multi-Authority for Medical on Demand in Telemedicine System. IEEE Access 2019, 7, 88012–88025. [Google Scholar] [CrossRef]
- Xi, P.; Zhang, X.; Wang, L.; Liu, W.; Peng, S. A Review of Blockchain-Based Secure Sharing of Healthcare Data. Appl. Sci. 2022, 12, 7912. [Google Scholar] [CrossRef]
- Qu, J. Blockchain in medical informatics. J. Ind. Inf. Integr. 2022, 25, 100258. [Google Scholar] [CrossRef]
- Fiore, M.; Capodici, A.; Rucci, P.; Bianconi, A.; Longo, G.; Ricci, M.; Sanmarchi, F.; Golinelli, D. Blockchain for the Healthcare Supply Chain: A Systematic Literature Review. Appl. Sci. 2023, 13, 686. [Google Scholar] [CrossRef]
- Alhaddadin, F.; Gutiérrez, J.A.; Liu, W. Privacy-Aware Cloud-Based Architecture for Sharing Healthcare Information. Ph.D. Thesis, Auckland University of Technology, Auckland, New Zealand, 2020. [Google Scholar]
- Curtmola, R.; Garay, J.; Kamara, S.; Ostrovsky, R. Searchable symmetric encryption: Improved definitions and efficient constructions. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VI, USA, 30 October–3 November 2006. [Google Scholar]
- Boneh, D.; Crescenzo, G.D.; Ostrovsky, R.; Persiano, G. Public key encryption with keyword search. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, 11–15 May 2004. [Google Scholar]
- Chang, Y.-C. Single database private information retrieval with logarithmic communication. In Proceedings of the 9th Australasian Conference on Information Security and Privacy, Sydney, Australia, 13–15 July 2004. [Google Scholar] [CrossRef]
- Goh, E. Secure Indexes; IACR ePrint Cryptography Archive: 2003. Available online: http://crypto.stanford.edu/~eujin/papers/secureindex/ (accessed on 20 May 2023).
- Eludiora, S.; Abiona, O.; Oluwatope, A.; Oluwaranti, A.; Onime, C.; Kehinde, L. A User Identity Management Protocol for Cloud Computing Paradigm. Int. J. Commun. Netw. Syst. Sci. 2011, 4, 152–163. [Google Scholar] [CrossRef] [Green Version]
- Amazon, "aws,". 2019. Available online: https://aws.amazon.com (accessed on 5 April 2023).
- Marwaha, J.S.; Landman, A.B.; Brat, G.A.; Dunn, T.; Gordon, W.J. Deploying digital health tools within large, complex health systems: Key considerations for adoption and implementation. NPJ Digit. Med. 2022, 5, 1–7. [Google Scholar] [CrossRef]
Reference | Approach | Purpose | Challenges Highlighted |
---|---|---|---|
[42,43,44,45] | UML Profile for Messaging Patterns | Facilitate communication among systems | Healthcare information systems complexity |
[47,48,49] | Enterprise Service Bus (ESB) | Applications integration to facilitate communications between applications | Fragmentation of patients’ information in heterogeneous proprietary systems |
[51] | A survey of the state-of-the-art schemes on secure and privacy-preserving medical data sharing of the past decade with a focus on blockchain-based approaches. | Analyze advantages and disadvantages of blockchain privacy-preserving medical data sharing. | Query efficiency, scalability, and Information management and security. |
[52] | A mixed-method study using a questionnaire, in-depth interviews, and usability evaluation. | Introducing a novel blockchain-applied personal health records (PHR) application and validate its user experience. | Users trust in terms of the security of their information when shared using Blockchain. |
[53] | Blockchain approach that separates medical data processing, access control, and data sharing into local and blockchain networks. | Sharing data among different local blockchain networks (different institutions). | Quality of Service and Information privacy |
[54] | Proposed blockchain-based ABE scheme with multi-Authority for medical on demand in telemedicine system. | To achieve dynamic authentication and authorization with higher flexibility and efficiency. | Privacy and unauthorized access from insiders due to centralization. |
[55] | A review of blockchain-based secure sharing of healthcare data. | Evaluating the development of blockchain in healthcare from various perspectives, and analyzing the approaches to blockchain in different application scenarios. | Issues related to low throughput and low scalability, which limit its adoption in the healthcare industry |
[57] | A systematic review | Summarizing how blockchain technology has been used to address supply chain challenges in healthcare. | security and privacy challenges. |
Doc-1 | Doc-2 | Doc-3 |
---|---|---|
Full Name Date of Birth Gender Ethnicity Significant Conditions NHI Number Current Medication | Drug Allergies Discharge, Summaries Blood Type Laboratory Results Next Kin | All the information that is not contained in doc-1 and doc-2 |
Doc-1 Encrypted Index | Doc-1 Trapdoor | ||
---|---|---|---|
Basic Info | JK^78Uo8361KL$#VWL | Sk | JK^78Uo8361KL$#VWL |
Significant | RM*#%H)GIDU784K2% | RM*#%H)GIDU784K2% | |
Medication | B&0*9QOVPI(068B%#O | B&0*9QOVPI(068B%#O | |
Doc-1 | APV*89&@JE)<I@DO$ | APV*89&@JE)<I@DO$ |
Full Name | D.O. Birth | NHI Number |
---|---|---|
ID | SKR | doc-1 Index doc-2 Index doc-3 Index |
User ID User ID User ID |
|
ID# | Role | Access Privilege |
---|---|---|
29930894 | Nurse | doc-1|doc-2 |
29930804 | Doctor | doc-1|doc-2|doc-3 |
29930832 | Receptionist | doc-1 |
29930930 | Doctor | doc-1|doc-2|doc-3 |
Section 1 | Section 2 | Section 3 | |
---|---|---|---|
Organization ID Practitioner ID Patient Name Patient DOB Patient NHI Consent Method: Phone# | SKR | Encrypted information doc-1 doc-2 doc-3 | |
doc-1 Index doc-2 Index doc-3 Index | doc-1 Trapdoor doc-1 Trapdoor doc-1 Trapdoor |
SysId# | UserId | Role | Access Privilege |
---|---|---|---|
29930894 | 7777 | Receptionist | doc-1 |
29930804 | 8888 | Nurse | doc-1|doc-2 |
29930832 | 9999 | Specialist | doc-1|doc-2|doc-3 |
29930930 | 6666 | Receptionist | doc-1 |
Test | Description | Result | Pass/Fail |
---|---|---|---|
Unauthorized System Access | Unauthorized user made request to download a trapdoor that is stored on the cloud | Access Denied | Pass |
Getting access to documents stored on the cloud | A document downloaded without having the secret key. | Document was viewed in its encrypted form | Pass |
Unauthorized operations | Attempt made to access the server or the database by sending queries | Access Denied | Pass |
Unknown users | Unregistered user attempted to log in to the system | Login failed | Pass |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alhaddadin, F.; Gutierrez, J. Privacy-Aware Cloud Architecture for Collaborative Use of Patients’ Health Information. Appl. Sci. 2023, 13, 7401. https://0-doi-org.brum.beds.ac.uk/10.3390/app13137401
Alhaddadin F, Gutierrez J. Privacy-Aware Cloud Architecture for Collaborative Use of Patients’ Health Information. Applied Sciences. 2023; 13(13):7401. https://0-doi-org.brum.beds.ac.uk/10.3390/app13137401
Chicago/Turabian StyleAlhaddadin, Fadi, and Jairo Gutierrez. 2023. "Privacy-Aware Cloud Architecture for Collaborative Use of Patients’ Health Information" Applied Sciences 13, no. 13: 7401. https://0-doi-org.brum.beds.ac.uk/10.3390/app13137401