Skip to main content
SpringerLink
Log in

An Access Control Framework for Secure and Interoperable Cloud Computing Applied to the Healthcare Domain

  • Chapter
  • First Online:
Research Advances in Cloud Computing

Abstract

The healthcare domain is an emergent application for cloud computing, in which the Meaningful Use Stage 3 guidelines recommend health information technology (HIT) systems to provide cloud services that enable health-related data owners to access, modify, and exchange data. This requires mobile and desktop applications for patients and medical providers to obtain healthcare data from multiple HITs, which may be operating with different paradigms (e.g., cloud services, programming services, web services), use different cloud service providers, and employ different security/access control techniques. To address these issues, this chapter introduces and discusses an Access Control Framework for Secure and Interoperable Cloud Computing (FSICC) that provides a mechanism for multiple HITs to register cloud, programming, and web services and security requirements for use by applications. FSICC supports a global security policy and enforcement mechanism for cloud services with role-based (RBAC), discretionary (DAC), and mandatory (MAC) access controls. The Fast Healthcare Interoperability Resources (FHIR) standard models healthcare data using a set of 93 resources to track a patient’s clinical findings, problems, etc. For each resource, an FHIR Application Program Interface (API) is defined to share data in a common format for each HIT that can be accessed by mobile applications. Thus, there is a need to support with a heterogeneous set of information sources and differing security protocols (i.e., RBAC, DAC, and MAC). To demonstrate the realization of FSICC, we apply the framework to the integration of the Connecticut Concussion Tracker (CT\(^{2})\) mHealth application with the OpenEMR electronic medical record utilizing FHIR.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Aitken, M. (2013). Patient apps for improved healthcare: From novelty to mainstream. Retrieved May 9, 2016, from http://www.imshealth.com/en/thought-leadership/ims-institute/reports/patient-apps-for-improved-healthcare.

  2. Alterovitz, G., Warner, J., Zhang, P., Chen, Y., Ullman-Cullere, M., Kreda, D., & Kohane, S. (2015). SMART on FHIR genomics: Facilitating standardized clinico-genomic apps. Journal of the American Medical Informatics Association, 1–6.

    Google Scholar 

  3. Amato, A., & Venticinque, S. (2013). Multi-objective decision support for brokering of cloud SLA. In 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 1241–1246).

    Google Scholar 

  4. Amato, A., Di Martino, B., & Venticinque, S. (2012). Evaluation and brokering of service level agreements for negotiation of cloud infrastructures. In International Conference on Internet Technology and Secured Transactions (pp. 144–149).

    Google Scholar 

  5. Amazon.com. (2016). Cloud products. Retrieved May 24, 2016, from https://aws.amazon.com/products/?nc1=f_cc.

  6. AT&T. (2016). Cloud services. Retrieved May 23, 2016, from http://www.business.att.com/enterprise/Portfolio/cloud/#fbid=FlPXyoa3SmP.

  7. Baihan, M., Rivera SĂ¡nchez, Y., Shao, X., Gilman, C., Demurjian, S., & Agresta, T. (2017). A blueprint for designing and developing an mHealth application for diverse stakeholders utilizing fast healthcare interoperability resources. In R. Rajkumar (Ed.), Contemporary Applications of Mobile Computing in Healthcare Settings. IGI Global.

    Google Scholar 

  8. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., et al. (2003). Xen and the art of virtualization. ACM SIGOPS Operating Systems Review, 37(5), 164–177.

    Article  Google Scholar 

  9. Bell, D., LaPadula, L., Ben-Ari, M., et al. (1988). Secure computer system unified exposition and multics interpretation. Communications of the ACM, 1, 271–280.

    Google Scholar 

  10. Buyya, R., Ranjan, R., & Calheiros, R. (2010). Intercloud: Utility-oriented federation of cloud computing environments for scaling of application services. In International Conference on Algorithms and Architectures for Parallel Processing (pp. 13–31).

    Google Scholar 

  11. Dell.com. (2016). Cloud computing. Retrieved May 20, 2016, from http://www.dell.com/en-us/work/learn/dell-cloud-computing.

  12. Dittrich, K., Härtig, M., & Pfefferle, H. (1988). Discretionary access control in structurally object-oriented database systems. In DBSec (pp. 105–121).

    Google Scholar 

  13. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3), 224–274.

    Article  Google Scholar 

  14. Foster, I. (2002). What is the grid? A three point checklist. Retrieved May 4, 2016, from http://www.mcs.anl.gov/~itf/Articles/WhatIsTheGrid.pdf.

  15. HAPI Community. (2016). About HAPI. Retrieved March 23, 2016, from http://hl7api.sourceforge.net/.

  16. Health Level 7. (2016). Clinical document architecture. Retrieved March 15, 2016, from http://www.hl7.org/implement/standards/product_brief.cfm?product_id=7.

  17. Health Level 7. (2016). FHIR overview. Retrieved June 16, 2016, from http://hl7.org/fhir/overview.html.

  18. Health Level 7. (2016). Health intersections FHIR server. Retrieved March 8, 2016, from http://fhir2.healthintersections.com.au/open.

  19. Health Level 7. (2016). Health level seven international. Retrieved June 11, 2016, from http://www.hl7.org/index.cfm?ref=nav.

  20. Health Level 7. (2016). HL7 Version 2. Retrieved March 14, 2016, from http://www.hl7.org/implement/standards/product_brief.cfm?product_id=185.

  21. Health Level 7. (2016). HL7 Version 3. Retrieved March 14, 2016, from https://www.hl7.org/implement/standards/product_brief.cfm?product_id=186.

  22. Himss.org. (2012). Meaningful use stage 2 overview. Retrieved April 17, 2016, from https://www.cms.gov/regulations-and-guidance/legislation/ehrincentiveprograms/downloads/stage2overview_tipsheet.pdf.

  23. Himss.org. (2015). Meaningful use stage 3 final rule. Retrieved May 11, 2016, from http://www.himss.org/ResourceLibrary/genResourceDetailPDF.aspx?ItemNumber=44987.

  24. Idc.com. (2015). Public cloud computing to reach nearly $70 billion in 2015 worldwide. Retrieved May 11, 2016, from https://www.idc.com/getdoc.jsp?containerId=prUS25797415.

  25. Jamcracker. (2016). Jamcracker platform. Retrieved May 12, 2016, from http://www.jamcracker.com/.

  26. Kasthurirathne, N., Mamlin, B., Kumara, H., Grieve, G., & Biondich, P. (2015). Enabling better interoperability for healthcare: Lessons in developing a standards based application programing interface for electronic medical record systems. Journal of Medical Systems, 39(11), 1–8.

    Article  Google Scholar 

  27. Kelion, L. (2014). Apple toughens iCloud security after celebrity breach. Retrieved May 17, 2016, from http://www.bbc.com/news/technology-29237469.

  28. Kephart, J., & Chess, D. (2003). The vision of autonomic computing. Computer, 36(1), 41–50.

    Article  MathSciNet  Google Scholar 

  29. Mandel, C., Kreda, A., Mandl, D., Kohane, S., & Ramoni, B. (2016). SMART on FHIR: A standards-based, interoperable apps platform for electronic health records. Journal of the American Medical Informatics Association, 23, 899–908.

    Article  Google Scholar 

  30. Mandl, D., Mandel, C., Murphy, N., Bernstam, V., Ramoni, L., Kreda, A., & Kohane, S. (2012). The SMART platform: Early experience enabling substitutable applications for electronic health records. Journal of the American Medical Informatics Association, 597–603.

    Google Scholar 

  31. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. Retrieved May 2, 2016, from http://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf.

  32. Microsoft.com. (2016). Service oriented architecture. Retrieved May 7, 2016, from https://msdn.microsoft.com/en-us/library/bb833022.aspx.

  33. Nair, S., Porwal, S., Dimitrakos, T., Ferrer, A., Tordsson, J., Sharif, T., et al. (2010). Towards secure cloud bursting, brokerage and aggregation. In IEEE 8th European Conference on Web services (ECOWS) (pp. 189–196).

    Google Scholar 

  34. National Archives. (2016). Executive orders. Retrieved April 21, 2016, from https://www.archives.gov/federal-register/codification/executive-order/12356.html.

  35. Newcomer, E., & Lomow, G. (2005). Understanding SOA with Web services. New Jersey: Addison-Wesley.

    Google Scholar 

  36. OAuth. (2016). About OAuth 2.0. Retrieved March 06, 2016, from https://oauth.net/2/.

  37. OpenEMR. (2016). What is OpenEMR. Retrieved April 12, 2015, from http://www.open-emr.org/.

  38. OpenID. (2016). About OpenID connect. Retrieved March 24, 2016, from http://openid.net/connect/.

  39. OpenID. (2016). What is HEART WG. Retrieved June 7, 2016, from http://openid.net/wg/heart.

  40. Pallis, G. (2010). Cloud computing: The new frontier of internet computing. IEEE Internet Computing, 5, 70–73.

    Article  Google Scholar 

  41. Rappa, M. (2004). The utility business model and the future of computing services. IBM Systems Journal, 43(1), 32–42.

    Article  Google Scholar 

  42. Sandhu, R., & Park, J. (2003). Usage control: A vision for next generation access control. Computer network security (pp. 17–31). Berlin, Heidelberg: Springer.

    Chapter  Google Scholar 

  43. Senate and House of Representatives in General. (2014). An act concerning youth athletics and concussions. Retrieved April 12, 2016, from http://www.cga.ct.gov/2014/act/pa/pdf/2014PA-00066-R00HB-05113-PA.pdf.

  44. Shetty, S. (2013). Gartner says cloud computing will become the bulk of new IT spend by 2016. Retrieved May 10, 2016, from http://www.gartner.com/newsroom/id/2613015.

  45. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11.

    Article  Google Scholar 

  46. Takabi, H., Joshi, J., & Ahn, G. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 6, 24–31.

    Article  Google Scholar 

  47. The Direct Project. (2016). Direct project overview. Retrieved April 18, 2016, from http://directproject.org/content.php?key=overview.

  48. Tordsson, J., Montero, R., Moreno-Vozmediano, R., & Llorente, I. (2012). Cloud brokering mechanisms for optimized placement of virtual machines across multiple providers. Future Generation Computer Systems, 28(2), 358–367.

    Article  Google Scholar 

  49. University Health Network. (2016). HAPI-FHIR. Retrieved May 29, 2016, from http://hapifhir.io.

  50. Vordel. (2016). Vordel products. Retrieved May 12, 2016, from http://www.vordel.com/solutions/cloud-servicebroker.html.

  51. Wang, L., Von Laszewski, G., Younge, A., He, X., Kunze, M., Tao, J., et al. (2010). Cloud computing: A perspective study. New Generation Computing, 28(2), 137–146.

    Article  MATH  Google Scholar 

  52. Wingfield, E. (2015). Personal cloud will be a $90 billion a year business by 2020. Retrieved May 12, 2016, from http://www.cloudwedge.com/personal-cloud-will-be-a-90-billion-a-year-business-by-2020/.

  53. Yuan, E., & Tong, J. (2005). Attributed based access control (ABAC) for web services. In IEEE International Conference on in Web Services (ICWS’05) (pp. 569–577).

    Google Scholar 

  54. Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: State-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, University of Connecticut, 371 Fairfield Way, Storrs, CT, 06269-4155, USA

    Mohammed S. Baihan & Steven A. Demurjian

Authors
  1. Mohammed S. Baihan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven A. Demurjian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed S. Baihan .

Editor information

Editors and Affiliations

  1. School of Engineering and Applied Science, Ahmedabad University, Ahmedabad, Gujarat, India

    Sanjay Chaudhary

  2. Department of Computer Science and Engineering, Central University of Rajasthan, Ajmer, Rajasthan, India

    Gaurav Somani

  3. School of Computing and Information Systems, The University of Melbourne, Melbourne, Victoria, Australia

    Rajkumar Buyya

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Baihan, M.S., Demurjian, S.A. (2017). An Access Control Framework for Secure and Interoperable Cloud Computing Applied to the Healthcare Domain. In: Chaudhary, S., Somani, G., Buyya, R. (eds) Research Advances in Cloud Computing. Springer, Singapore. https://doi.org/10.1007/978-981-10-5026-8_16

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-5026-8_16

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-5025-1

  • Online ISBN: 978-981-10-5026-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation