Skip to main content

Advertisement

SpringerLink
Log in

A Secure EHR System Based on Hybrid Clouds

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. HIMSS, definition of an electronic health record, http://www.himss.org/ASP/topics_ehr.asp.

  2. Rau, H. H, Hsu, C. Y, Lee, Y. L., Chen, W., and Jian, W. S., Developing electronic health records in Taiwan, IT Professional, pp. 17–25, March/April, 2010

  3. Schabetsberger, T., Ammenwerth, E., Andreatta, S., Gratl, G., Haux, R., Lechleitner, G., Schindelwig, K., Stark, C., Vogl, R., Wilhelmy, I., and Wozak, F., From a paper-based transmission of discharge summaries to electronic communication in health care regions. Int. J. Med. Inform. 75(3):209–215, 2006.

    Article  Google Scholar 

  4. Hsu, C. Y., Chen, Y. C., Luo, R. C., Rau, H. H., Fan, C. T., Hsiao, B. S., and Chiu, H. W., A resource-sharing platform for trading biomedical intellectual property. IT Prof. 12(2):42–49, 2010. doi:10.1109/MITP.2010.48.

    Article  Google Scholar 

  5. Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., and Yen, D., Design and implementation of a Telecare information platform. J. Med. Syst., 2010. doi:10.1007/s10916-010-9625-6.

  6. Takemura, T., Araki, K., Arita, K., Suzuki, T., Okamoto, K., Kume, N., Kuroda, T., Takada, A., and Yoshihara, H., Development of fundamental infrastructure for nationwide EHR in Japan. J. Med. Syst., 2011. doi:10.1007/s10916-011-9688-z.

  7. Heslop, L., Weeding, S., Dawson, L., Fisher, J., and Howard, A., Implementation issues for mobile-wireless infrastructure and mobile health care computing devices for a hospital ward setting. J. Med. Syst. 34(4):509–518, 2010. doi:10.1007/s10916-009-9264-y.

    Article  Google Scholar 

  8. Moore, P., Navigating the Tech Maze, Physicians practice. http://www.physicianspractice.com/display/article/1462168/1590647, 2009

  9. Zhang, R., and Liu, L., Security models and requirements for healthcare application clouds, Cloud Computing (CLOUD), 2010 IEEE 3 rd International Conference on, vol., no., pp. 268-275, 5–10 July 2010, Doi: 10.1109/CLOUD.2010.62

  10. Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organization future proof EHR systems-A review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.

    Article  Google Scholar 

  11. 104th United States Congress, Health Insurance Portability and Accountability Act of 1996 (HIPPA), Online at http://aspe.hhs.gov/admnsimp/pl104191.htm, 1996.

  12. Pritts, J., and Connr, K., The implementation of e-Consent mechanisms in three countries: Canada, England, and The Netherlands. SAMHSA report, http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf; 2007.

  13. Künzi, J., Koster, P., and Petković, M., Emergency access to protected health records. Stud. Health Technol. Inform. 150:705–9, 2009.

    Google Scholar 

  14. Coskun, N., and Erol, R., An optimization model for locating and sizing emergency medical service stations. J. Med. Syst. 34(1):43–49, 2010. doi:10.1007/s10916-008-9214-0.

    Article  Google Scholar 

  15. MacKenzie, P., and Reiter, M. K., Networked cryptographic devices resilient to capture. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001, 12–25.

  16. MacKenzie, P., and Reiter, M. K., Delegation of cryptographic servers for capture-resilient devices. In Proceedings of the 2001 ACM Conference on Computer and Communication Security, November 2001, 10–19

  17. Takeda, H., Matsumura, Y., and Kuwata, S., Architecture for networked electronic patient record systems. Int. J. Med. Inform. 60(2):161–167, 2000.

    Article  Google Scholar 

  18. Chan, A. T. S., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Comm. ACM 44(9):77–82, 2001.

    Article  Google Scholar 

  19. Wang, D. W., Liu, D. R., and Chen, Y. C., A mechanism to verify the integrity of computer-based patient records. J. Chin. Med. Assoc. 10:71–84, 1999.

    Google Scholar 

  20. Yang, Y., Han, X., Bao, F., and Deng, R. H., A smart-card-enabled privacy preserving E-Prescription system. IEEE Trans. Inf. Technol. Biomed. 8(1):47–58, 2004.

    Article  Google Scholar 

  21. Wu, Z. Y., Chung, Y. F., Lai, F. P., and Chen, T. S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst., 2010. doi:10.1007/s10916-010-9527-7.

  22. He, D.B., Chen, J.H. and Rui, Z., A more secure authentication scheme for telecare medicine information systems, J. Med. Syst., 10.1007/s10916-011-9658-5, http://dx.doi.org/10.1007/s10916-011-9658-5, 2011

  23. Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for Telecare medicine information systems. J. Med. Syst., 2011. doi:10.1007/s10916-011-9735-9.

  24. Farzandipour, M., Sadoughi, F., Ahmadi, M., and Karimi, I., Security requirements and solutions in electronic health records: lessons learned from a comparative study. J. Med. Syst. 34:629–642, 2010.

    Article  Google Scholar 

  25. Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76(5):442–448, 2007. doi:10.1016/j.ijmedinf.2006.09.010.

    Article  Google Scholar 

  26. Pharow, P., and Blobel, B., Electronic signatures for long-lasting storage purposes in electronic archives. Int. J. Med. Inform. 74(2):279–287, 2005. doi:10.1016/j.ijmedinf.2004.04.018.

    Article  Google Scholar 

  27. Kluge, W. E. H., Secure e-Health: managing risks to patient health data. Int. J. Med. Inform. 76(5):402–406, 2007. doi:10.1016/j.ijmedinf.2006.09.003.

    Article  Google Scholar 

  28. Ahmad, N., Restrictions on cryptography in India – A case studyof encryption and privacy, Comput. Law Secur. Rev., Volume 25, Issue 2, 2009, Pages 173–180, ISSN 0267–3649, 10.1016/j.clsr.2009.02.001.

  29. Takeda, H., Matsumura, Y., Kuwata, S., Nakano, H., Shanmai, J., Qiyan, Z., Yufen, C., Kusuoka, H., and Matsuoka, M., “An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System). Int. J. Med. Inform. 73(3):311–316, 2004.

    Article  Google Scholar 

  30. Hu, J., Chen, H.H., A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Compu. Stand. Interfaces., 2009

  31. van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78:3, 2009.

    Google Scholar 

  32. Sucurovic, S., Implementing security in a distributed web-based EHCR. Int. J. Med. Inform. 76(5):491–496, 2007. doi:10.1016/j.ijmedinf.2006.09.017.

    Article  Google Scholar 

  33. Bonacina, S., Marceglia, S., Bertoldi, M., and Pinciroli, F., Modelling, designing, and implementing a family-based health record prototype. Comput. Biol. Med. 40(6):580–590, 2010. doi:10.1016/j.compbiomed.2010.04.002.

    Article  Google Scholar 

  34. Gobi, M., and Vivekanandan, K., A new digital envelope approach for secure electronic medical records., IJCSNS Int. J. Comput. Sci. Netw. Secur., VOL. 9 No.1, January 2009

Download references

Conflict of Interest

The authors declare that they have no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Management Information System, National Chung Hsing University, 250 Kuo Kuang Road, 402, Taichung, Taiwan, Republic of China

    Yu-Yi Chen

  2. Department of Computer Science and Engineering, National Chung Hsing University, 250 Kuo Kuang Road, 402, Taichung, Taiwan, Republic of China

    Jun-Chao Lu & Jinn-Ke Jan

Authors
  1. Yu-Yi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun-Chao Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jinn-Ke Jan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu-Yi Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, YY., Lu, JC. & Jan, JK. A Secure EHR System Based on Hybrid Clouds. J Med Syst 36, 3375–3384 (2012). https://doi.org/10.1007/s10916-012-9830-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-012-9830-6

Keywords

Search

Navigation