Abstract
The healthcare domain is an emergent application for cloud computing, in which the Meaningful Use Stage 3 guidelines recommend health information technology (HIT) systems to provide cloud services that enable health-related data owners to access, modify, and exchange data. This requires mobile and desktop applications for patients and medical providers to obtain healthcare data from multiple HITs, which may be operating with different paradigms (e.g., cloud services, programming services, web services), use different cloud service providers, and employ different security/access control techniques. To address these issues, this chapter introduces and discusses an Access Control Framework for Secure and Interoperable Cloud Computing (FSICC) that provides a mechanism for multiple HITs to register cloud, programming, and web services and security requirements for use by applications. FSICC supports a global security policy and enforcement mechanism for cloud services with role-based (RBAC), discretionary (DAC), and mandatory (MAC) access controls. The Fast Healthcare Interoperability Resources (FHIR) standard models healthcare data using a set of 93 resources to track a patient’s clinical findings, problems, etc. For each resource, an FHIR Application Program Interface (API) is defined to share data in a common format for each HIT that can be accessed by mobile applications. Thus, there is a need to support with a heterogeneous set of information sources and differing security protocols (i.e., RBAC, DAC, and MAC). To demonstrate the realization of FSICC, we apply the framework to the integration of the Connecticut Concussion Tracker (CT\(^{2})\) mHealth application with the OpenEMR electronic medical record utilizing FHIR.
References
Aitken, M. (2013). Patient apps for improved healthcare: From novelty to mainstream. Retrieved May 9, 2016, from http://www.imshealth.com/en/thought-leadership/ims-institute/reports/patient-apps-for-improved-healthcare.
Alterovitz, G., Warner, J., Zhang, P., Chen, Y., Ullman-Cullere, M., Kreda, D., & Kohane, S. (2015). SMART on FHIR genomics: Facilitating standardized clinico-genomic apps. Journal of the American Medical Informatics Association, 1–6.
Amato, A., & Venticinque, S. (2013). Multi-objective decision support for brokering of cloud SLA. In 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 1241–1246).
Amato, A., Di Martino, B., & Venticinque, S. (2012). Evaluation and brokering of service level agreements for negotiation of cloud infrastructures. In International Conference on Internet Technology and Secured Transactions (pp. 144–149).
Amazon.com. (2016). Cloud products. Retrieved May 24, 2016, from https://aws.amazon.com/products/?nc1=f_cc.
AT&T. (2016). Cloud services. Retrieved May 23, 2016, from http://www.business.att.com/enterprise/Portfolio/cloud/#fbid=FlPXyoa3SmP.
Baihan, M., Rivera SĂ¡nchez, Y., Shao, X., Gilman, C., Demurjian, S., & Agresta, T. (2017). A blueprint for designing and developing an mHealth application for diverse stakeholders utilizing fast healthcare interoperability resources. In R. Rajkumar (Ed.), Contemporary Applications of Mobile Computing in Healthcare Settings. IGI Global.
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., et al. (2003). Xen and the art of virtualization. ACM SIGOPS Operating Systems Review, 37(5), 164–177.
Bell, D., LaPadula, L., Ben-Ari, M., et al. (1988). Secure computer system unified exposition and multics interpretation. Communications of the ACM, 1, 271–280.
Buyya, R., Ranjan, R., & Calheiros, R. (2010). Intercloud: Utility-oriented federation of cloud computing environments for scaling of application services. In International Conference on Algorithms and Architectures for Parallel Processing (pp. 13–31).
Dell.com. (2016). Cloud computing. Retrieved May 20, 2016, from http://www.dell.com/en-us/work/learn/dell-cloud-computing.
Dittrich, K., Härtig, M., & Pfefferle, H. (1988). Discretionary access control in structurally object-oriented database systems. In DBSec (pp. 105–121).
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3), 224–274.
Foster, I. (2002). What is the grid? A three point checklist. Retrieved May 4, 2016, from http://www.mcs.anl.gov/~itf/Articles/WhatIsTheGrid.pdf.
HAPI Community. (2016). About HAPI. Retrieved March 23, 2016, from http://hl7api.sourceforge.net/.
Health Level 7. (2016). Clinical document architecture. Retrieved March 15, 2016, from http://www.hl7.org/implement/standards/product_brief.cfm?product_id=7.
Health Level 7. (2016). FHIR overview. Retrieved June 16, 2016, from http://hl7.org/fhir/overview.html.
Health Level 7. (2016). Health intersections FHIR server. Retrieved March 8, 2016, from http://fhir2.healthintersections.com.au/open.
Health Level 7. (2016). Health level seven international. Retrieved June 11, 2016, from http://www.hl7.org/index.cfm?ref=nav.
Health Level 7. (2016). HL7 Version 2. Retrieved March 14, 2016, from http://www.hl7.org/implement/standards/product_brief.cfm?product_id=185.
Health Level 7. (2016). HL7 Version 3. Retrieved March 14, 2016, from https://www.hl7.org/implement/standards/product_brief.cfm?product_id=186.
Himss.org. (2012). Meaningful use stage 2 overview. Retrieved April 17, 2016, from https://www.cms.gov/regulations-and-guidance/legislation/ehrincentiveprograms/downloads/stage2overview_tipsheet.pdf.
Himss.org. (2015). Meaningful use stage 3 final rule. Retrieved May 11, 2016, from http://www.himss.org/ResourceLibrary/genResourceDetailPDF.aspx?ItemNumber=44987.
Idc.com. (2015). Public cloud computing to reach nearly $70 billion in 2015 worldwide. Retrieved May 11, 2016, from https://www.idc.com/getdoc.jsp?containerId=prUS25797415.
Jamcracker. (2016). Jamcracker platform. Retrieved May 12, 2016, from http://www.jamcracker.com/.
Kasthurirathne, N., Mamlin, B., Kumara, H., Grieve, G., & Biondich, P. (2015). Enabling better interoperability for healthcare: Lessons in developing a standards based application programing interface for electronic medical record systems. Journal of Medical Systems, 39(11), 1–8.
Kelion, L. (2014). Apple toughens iCloud security after celebrity breach. Retrieved May 17, 2016, from http://www.bbc.com/news/technology-29237469.
Kephart, J., & Chess, D. (2003). The vision of autonomic computing. Computer, 36(1), 41–50.
Mandel, C., Kreda, A., Mandl, D., Kohane, S., & Ramoni, B. (2016). SMART on FHIR: A standards-based, interoperable apps platform for electronic health records. Journal of the American Medical Informatics Association, 23, 899–908.
Mandl, D., Mandel, C., Murphy, N., Bernstam, V., Ramoni, L., Kreda, A., & Kohane, S. (2012). The SMART platform: Early experience enabling substitutable applications for electronic health records. Journal of the American Medical Informatics Association, 597–603.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. Retrieved May 2, 2016, from http://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf.
Microsoft.com. (2016). Service oriented architecture. Retrieved May 7, 2016, from https://msdn.microsoft.com/en-us/library/bb833022.aspx.
Nair, S., Porwal, S., Dimitrakos, T., Ferrer, A., Tordsson, J., Sharif, T., et al. (2010). Towards secure cloud bursting, brokerage and aggregation. In IEEE 8th European Conference on Web services (ECOWS) (pp. 189–196).
National Archives. (2016). Executive orders. Retrieved April 21, 2016, from https://www.archives.gov/federal-register/codification/executive-order/12356.html.
Newcomer, E., & Lomow, G. (2005). Understanding SOA with Web services. New Jersey: Addison-Wesley.
OAuth. (2016). About OAuth 2.0. Retrieved March 06, 2016, from https://oauth.net/2/.
OpenEMR. (2016). What is OpenEMR. Retrieved April 12, 2015, from http://www.open-emr.org/.
OpenID. (2016). About OpenID connect. Retrieved March 24, 2016, from http://openid.net/connect/.
OpenID. (2016). What is HEART WG. Retrieved June 7, 2016, from http://openid.net/wg/heart.
Pallis, G. (2010). Cloud computing: The new frontier of internet computing. IEEE Internet Computing, 5, 70–73.
Rappa, M. (2004). The utility business model and the future of computing services. IBM Systems Journal, 43(1), 32–42.
Sandhu, R., & Park, J. (2003). Usage control: A vision for next generation access control. Computer network security (pp. 17–31). Berlin, Heidelberg: Springer.
Senate and House of Representatives in General. (2014). An act concerning youth athletics and concussions. Retrieved April 12, 2016, from http://www.cga.ct.gov/2014/act/pa/pdf/2014PA-00066-R00HB-05113-PA.pdf.
Shetty, S. (2013). Gartner says cloud computing will become the bulk of new IT spend by 2016. Retrieved May 10, 2016, from http://www.gartner.com/newsroom/id/2613015.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11.
Takabi, H., Joshi, J., & Ahn, G. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 6, 24–31.
The Direct Project. (2016). Direct project overview. Retrieved April 18, 2016, from http://directproject.org/content.php?key=overview.
Tordsson, J., Montero, R., Moreno-Vozmediano, R., & Llorente, I. (2012). Cloud brokering mechanisms for optimized placement of virtual machines across multiple providers. Future Generation Computer Systems, 28(2), 358–367.
University Health Network. (2016). HAPI-FHIR. Retrieved May 29, 2016, from http://hapifhir.io.
Vordel. (2016). Vordel products. Retrieved May 12, 2016, from http://www.vordel.com/solutions/cloud-servicebroker.html.
Wang, L., Von Laszewski, G., Younge, A., He, X., Kunze, M., Tao, J., et al. (2010). Cloud computing: A perspective study. New Generation Computing, 28(2), 137–146.
Wingfield, E. (2015). Personal cloud will be a $90 billion a year business by 2020. Retrieved May 12, 2016, from http://www.cloudwedge.com/personal-cloud-will-be-a-90-billion-a-year-business-by-2020/.
Yuan, E., & Tong, J. (2005). Attributed based access control (ABAC) for web services. In IEEE International Conference on in Web Services (ICWS’05) (pp. 569–577).
Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: State-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Baihan, M.S., Demurjian, S.A. (2017). An Access Control Framework for Secure and Interoperable Cloud Computing Applied to the Healthcare Domain. In: Chaudhary, S., Somani, G., Buyya, R. (eds) Research Advances in Cloud Computing. Springer, Singapore. https://doi.org/10.1007/978-981-10-5026-8_16
Download citation
DOI: https://doi.org/10.1007/978-981-10-5026-8_16
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5025-1
Online ISBN: 978-981-10-5026-8
eBook Packages: Computer ScienceComputer Science (R0)