Abstract
Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
HIMSS, definition of an electronic health record, http://www.himss.org/ASP/topics_ehr.asp.
Rau, H. H, Hsu, C. Y, Lee, Y. L., Chen, W., and Jian, W. S., Developing electronic health records in Taiwan, IT Professional, pp. 17–25, March/April, 2010
Schabetsberger, T., Ammenwerth, E., Andreatta, S., Gratl, G., Haux, R., Lechleitner, G., Schindelwig, K., Stark, C., Vogl, R., Wilhelmy, I., and Wozak, F., From a paper-based transmission of discharge summaries to electronic communication in health care regions. Int. J. Med. Inform. 75(3):209–215, 2006.
Hsu, C. Y., Chen, Y. C., Luo, R. C., Rau, H. H., Fan, C. T., Hsiao, B. S., and Chiu, H. W., A resource-sharing platform for trading biomedical intellectual property. IT Prof. 12(2):42–49, 2010. doi:10.1109/MITP.2010.48.
Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D., Design and implementation of a Telecare information platform. J. Med. Syst., 2010. doi:10.1007/s10916-010-9625-6.
Takemura, T., Araki, K., Arita, K., Suzuki, T., Okamoto, K., Kume, N., Kuroda, T., Takada, A., and Yoshihara, H., Development of fundamental infrastructure for nationwide EHR in Japan. J. Med. Syst., 2011. doi:10.1007/s10916-011-9688-z.
Heslop, L., Weeding, S., Dawson, L., Fisher, J., and Howard, A., Implementation issues for mobile-wireless infrastructure and mobile health care computing devices for a hospital ward setting. J. Med. Syst. 34(4):509–518, 2010. doi:10.1007/s10916-009-9264-y.
Moore, P., Navigating the Tech Maze, Physicians practice. http://www.physicianspractice.com/display/article/1462168/1590647, 2009
Zhang, R., and Liu, L., Security models and requirements for healthcare application clouds, Cloud Computing (CLOUD), 2010 IEEE 3 rd International Conference on, vol., no., pp. 268-275, 5–10 July 2010, Doi: 10.1109/CLOUD.2010.62
Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organization future proof EHR systems-A review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.
104th United States Congress, Health Insurance Portability and Accountability Act of 1996 (HIPPA), Online at http://aspe.hhs.gov/admnsimp/pl104191.htm, 1996.
Pritts, J., and Connr, K., The implementation of e-Consent mechanisms in three countries: Canada, England, and The Netherlands. SAMHSA report, http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf; 2007.
Künzi, J., Koster, P., and Petković, M., Emergency access to protected health records. Stud. Health Technol. Inform. 150:705–9, 2009.
Coskun, N., and Erol, R., An optimization model for locating and sizing emergency medical service stations. J. Med. Syst. 34(1):43–49, 2010. doi:10.1007/s10916-008-9214-0.
MacKenzie, P., and Reiter, M. K., Networked cryptographic devices resilient to capture. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001, 12–25.
MacKenzie, P., and Reiter, M. K., Delegation of cryptographic servers for capture-resilient devices. In Proceedings of the 2001 ACM Conference on Computer and Communication Security, November 2001, 10–19
Takeda, H., Matsumura, Y., and Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.
Chan, A. T. S., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Comm. ACM 44(9):77–82, 2001.
Wang, D. W., Liu, D. R., and Chen, Y. C., A mechanism to verify the integrity of computer-based patient records. J. Chin. Med. Assoc. 10:71–84, 1999.
Yang, Y., Han, X., Bao, F., and Deng, R. H., A smart-card-enabled privacy preserving E-Prescription system. IEEE Trans. Inf. Technol. Biomed. 8(1):47–58, 2004.
Wu, Z. Y., Chung, Y. F., Lai, F. P., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst., 2010. doi:10.1007/s10916-010-9527-7.
He, D.B., Chen, J.H. and Rui, Z., A more secure authentication scheme for telecare medicine information systems, J. Med. Syst., 10.1007/s10916-011-9658-5, http://dx.doi.org/10.1007/s10916-011-9658-5, 2011
Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for Telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9735-9.
Farzandipour, M., Sadoughi, F., Ahmadi, M., and Karimi, I., Security requirements and solutions in electronic health records: lessons learned from a comparative study. J. Med. Syst. 34:629–642, 2010.
Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76(5):442–448, 2007. doi:10.1016/j.ijmedinf.2006.09.010.
Pharow, P., and Blobel, B., Electronic signatures for long-lasting storage purposes in electronic archives. Int. J. Med. Inform. 74(2):279–287, 2005. doi:10.1016/j.ijmedinf.2004.04.018.
Kluge, W. E. H., Secure e-Health: managing risks to patient health data. Int. J. Med. Inform. 76(5):402–406, 2007. doi:10.1016/j.ijmedinf.2006.09.003.
Ahmad, N., Restrictions on cryptography in India – A case studyof encryption and privacy, Comput. Law Secur. Rev., Volume 25, Issue 2, 2009, Pages 173–180, ISSN 0267–3649, 10.1016/j.clsr.2009.02.001.
Takeda, H., Matsumura, Y., Kuwata, S., Nakano, H., Shanmai, J., Qiyan, Z., Yufen, C., Kusuoka, H., and Matsuoka, M., “An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System). Int. J. Med. Inform. 73(3):311–316, 2004.
Hu, J., Chen, H.H., A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Compu. Stand. Interfaces., 2009
van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78:3, 2009.
Sucurovic, S., Implementing security in a distributed web-based EHCR. Int. J. Med. Inform. 76(5):491–496, 2007. doi:10.1016/j.ijmedinf.2006.09.017.
Bonacina, S., Marceglia, S., Bertoldi, M., and Pinciroli, F., Modelling, designing, and implementing a family-based health record prototype. Comput. Biol. Med. 40(6):580–590, 2010. doi:10.1016/j.compbiomed.2010.04.002.
Gobi, M., and Vivekanandan, K., A new digital envelope approach for secure electronic medical records., IJCSNS Int. J. Comput. Sci. Netw. Secur., VOL. 9 No.1, January 2009
Conflict of Interest
The authors declare that they have no conflict of interest.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, YY., Lu, JC. & Jan, JK. A Secure EHR System Based on Hybrid Clouds. J Med Syst 36, 3375–3384 (2012). https://doi.org/10.1007/s10916-012-9830-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-012-9830-6