Privacy and Security of Storing Patients’ Data in the Cloud
Vimalachandran, Pasupathy (2019) Privacy and Security of Storing Patients’ Data in the Cloud. PhD thesis, Victoria University.
Abstract
A better health care service must ensure patients receive the right care, in the right place, at the right time. In enabling better health care, the impact of technology is immense. Technological breakthroughs are revolutionising the way health care is being delivered. To deliver better health care, sharing health information amongst health care providers who are involved with the care is critical. An Electronic Health Record (EHR) platform is used to share the health information among those health care providers faster, as a result of technological advancement including the Internet and the Cloud. However, when integrating such technologies to support the provision of health care, they lead to major concerns over privacy and security of health sensitive information. The privacy and security concerns include a wide range of ethical and legal issues associated with the system. These concerns need to be considered and addressed for the implementation of EHR systems. In a shared environment like EHRs, these concerns become more significant. In this thesis, the author explores and discusses the situations where these concerns do arise in a health care environment. This thesis also covers different attacks that have targeted health care information in the past, with potential solutions for every attack identified. From these findings, the proposed system is designed and developed to provide considerable security assurance for a health care organisation when using the EHR systems. Furthermore, the My Health Record (MyHR) system is introduced in Australia to allow an individual’s doctors and other health care providers to access the individual’s health information. Privacy and security in using MyHR is a major challenge that impacts its usage. Taking all these concerns into account, the author will also focus on discussing and analysing major existing access control methods, various threats for data privacy and security concerns over EHR use and the importance of data integrity while using MyHR or any other EHR systems. To preserve data privacy and security and prevent unauthorised access to the system, the author proposes a three-tier security model. In this three-tier security model, the first tier covers an access control mechanism, an Intermediate State of Databases (ISD) is included in the second tier and the third layer involves cryptography/data encryption and decryption. These three tiers, collectively, cover different forms of attacks from different sources including unauthorised access from inside a health care organisation. In every tier, a specific technique has been utilised. In tier one, an Improved Access Control Mechanism (IACM) known as log-in pair, pseudonymisation technique is proposed in tier two and a special new encryption and decryption algorithm has been developed and used for tier three in the proposed system. In addition, the design, development, and implementation of the proposed model have been described to enable and evaluate the operational protocol. Problem 1. Non-clinical staff including reception, admin staff access sensitive health clinical information (insiders). Solution 1. An improved access control mechanism named log-in pair is introduced and occupied in tier one. Problem 2. Researchers and research institutes access health data sets for research activities (outsiders). Solution 2. Pseudonymisation technique, in tier two, provides de-identified required data with relationships, not the sensitive data. Problem 3. The massive amount of sensitive health data stored with the EHR system in the Cloud becomes more vulnerable to data attacks. Solution 3. A new encryption and decryption algorithm is achieved and used in tier three to provide high security while storing the data in the Cloud.
Item type | Thesis (PhD thesis) |
URI | https://vuir.vu.edu.au/id/eprint/40598 |
Subjects | Historical > FOR Classification > 0803 Computer Software Historical > FOR Classification > 0806 Information Systems Historical > FOR Classification > 1117 Public Health and Health Services Current > Division/Research > Institute for Sustainable Industries and Liveable Cities |
Keywords | electronic health record systems; health information; health care; privacy; security; sensitive information; My Health Record; Australia; cloud computing; encryption; decryption; medical records; health records; access control; data integrity; pseudonymisation; cryptography; data encryption; log-in pair; intermediate state of database |
Download/View statistics | View download statistics for this item |