Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2013 Aug 21;15(8):e186.
doi: 10.2196/jmir.2494.

Analysis of the security and privacy requirements of cloud-based electronic health records systems

Joel J P C Rodrigues  1 Isabel de la TorreGonzalo FernándezMiguel López-Coronado
Affiliations

Analysis of the security and privacy requirements of cloud-based electronic health records systems

Joel J P C Rodrigues et al. J Med Internet Res. .

Abstract

Background: The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered.

Objective: To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed.

Methods: To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers.

Results: Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA).

Conclusions: Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

Keywords: cloud-computing; eHealth; electronic health records (EHRs); privacy; security.

PubMed Disclaimer

Conflict of interest statement

Conflicts of Interest: None declared.

Figures

Figure 1
Figure 1
Role-based system with different electronic health record versions available depending on the kind of user of the Health Cloud.
See this image and copyright information in PMC

References

    1. Furth B, Escalante A. Handbook of Cloud Computing 1st Edition. London: Springer; 2010.
    1. Chen YY, Lu JC, Jan JK. A secure EHR system based on hybrid clouds. J Med Syst. 2012 Oct;36(5):3375–84. doi: 10.1007/s10916-012-9830-6. - DOI - PubMed
    1. Low C, Hsueh Chen Y. Criteria for the evaluation of a cloud-based hospital information system outsourcing provider. J Med Syst. 2012 Dec;36(6):3543–53. doi: 10.1007/s10916-012-9829-z. - DOI - PubMed
    1. Poulymenopoulou M, Malamateniou F, Vassilacopoulos G. Emergency healthcare process automation using mobile computing and cloud services. J Med Syst. 2012 Oct;36(5):3233–41. doi: 10.1007/s10916-011-9814-y. - DOI - PubMed
    1. Buyya R, Ranjan R. Special section: Federated resource management in grid and cloud computing systems. Future Generation Comput Syst. 2010;26(8):1189–1191.

Publication types

LinkOut - more resources