Skip to main content
Log in

Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

The widespread deployment and utility of Wireless Body Area Networks (WBAN’s) in healthcare systems required new technologies like Internet of Things (IoT) and cloud computing, that are able to deal with the storage and processing limitations of WBAN’s. This amalgamation of WBAN-based healthcare systems to cloud-based healthcare systems gave rise to serious privacy concerns to the sensitive healthcare data. Hence, there is a need for the proactive identification and effective mitigation mechanisms for these patient’s data privacy concerns that pose continuous threats to the integrity and stability of the healthcare environment. For this purpose, a systematic literature review has been conducted that presents a clear picture of the privacy concerns of patient’s data in cloud-assisted healthcare systems and analyzed the mechanisms that are recently proposed by the research community. The methodology used for conducting the review was based on Kitchenham guidelines. Results from the review show that most of the patient’s data privacy techniques do not fully address the privacy concerns and therefore require more efforts. The summary presented in this paper would help in setting research directions for the techniques and mechanisms that are needed to address the patient’s data privacy concerns in a balanced and light-weight manner by considering all the aspects and limitations of the cloud-assisted healthcare systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Dong, X., Yu, J., Luo, Y., Chen, Y., Xue, G., and Li, M., Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing. Comput. Sec. 42:151–164, 2014. doi:10.1016/j.cose.2013.12.002.

    Article  Google Scholar 

  2. Othman, S., Bahattab, A., Trad, A., and Youssef, H., Secure data transmission protocol for medical wireless sensor networks. AINA ’14 Proc. 2014 I.E. 28th Int. Conf. Adv. Inform. Networking Appl. 649–656, 2014. doi:10.1109/AINA.2014.80.

  3. Divi, K., and Liu, H., Modeling of WBAN and cloud integration for secure and reliable healthcare. Proc. 8Th International Conf. Body Area Networks. 128–131, 2013. doi:10.4108/icst.bodynets.2013.253706.

  4. Waqar, A., Raza, A., Abbas, H., and Khurram Khan, M., A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. J. Network Comput. Appl. 36(1):235–248, 2013. doi:10.1016/j.jnca.2012.09.001.

    Article  Google Scholar 

  5. Wooten, R., Klink, R., Sinek, F., Bai, Y., and Sharma, M., Design and implementation of a secure healthcare social cloud system. 2012 12Th IEEE/ACM Int. Symp. Cluster, Cloud Grid Comput. (Ccgrid 2012). 805–810, 2012. doi:10.1109/CCGrid.2012.131.

  6. Javadi, S., and Razzaque, M., Security and privacy in wireless body area networks for health care applications. Sign. Commun. Technol. 165–187, 2013. doi:10.1007/978-3-642-36169-2_6.

  7. Li, M., Lou, W., and Ren, K., Data security and privacy in wireless body area networks. IEEE Wireless Commun. 17(1):51–58, 2010. doi:10.1109/mwc.2010.5416350.

    Article  Google Scholar 

  8. Kitchenham, B., Pearl Brereton, O., Budgen, D., Turner, M., Bailey, J., and Linkman, S., Systematic literature reviews in software engineering—a systematic literature review. Inform. Software Technol. 51(1):7–15, 2009. doi:10.1016/j.infsof.2008.09.009.

    Article  Google Scholar 

  9. Shen, Q., Liang, X., Shen, X., Lin, X., and Luo, H., Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation. IEEE J. Biomed. Health Inform. 18(2):430–439, 2014. doi:10.1109/JBHI.2013.2292829.

    Article  PubMed  Google Scholar 

  10. Lounis, A., Hadjidj, A., Bouabdallah, A., and Challal, Y., Healing on the cloud: Secure cloud architecture for medical wireless sensor networks. Futur. Gener. Comput. Syst. 55:266–277, 2015. doi:10.1016/j.future.2015.01.009.

    Article  Google Scholar 

  11. Fabian, B., Ermakova, T., and Junghanns, P., Collaborative and secure sharing of healthcare data in multi-clouds. Inf. Syst. 48:132–150, 2015. doi:10.1016/j.is.2014.05.004.

    Article  Google Scholar 

  12. Han, N., Han, L., Tuan, D., In, H., and Jo, M., A scheme for data confidentiality in cloud-assisted wireless body area networks. Inf. Sci. 284:157–166, 2014. doi:10.1016/j.ins.2014.03.126.

    Article  Google Scholar 

  13. Tong, Y., Sun, J., Chow, S., and Pan, L., Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18(2):419–429, 2014. doi:10.1109/JBHI.2013.2294932.

    Article  PubMed  Google Scholar 

  14. Nabeel, M., and Bertino, E., Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9):2268–2280, 2014. doi:10.1109/tkde.2013.68.

    Article  Google Scholar 

  15. Yang, J., Li, J., and Niu, Y., A hybrid solution for privacy preserving medical data sharing in the cloud environment. Futur. Gener. Comput. Syst. 43–44:74–86, 2015. doi:10.1016/j.future.2014.06.004.

    Article  Google Scholar 

  16. Wang, H., Wu, Q., Qin, B., and Domingo-Ferrer, J., FRR: Fair remote retrieval of outsourced private medical records in electronic health networks. J. Biomed. Inform. 50:226–233, 2014. doi:10.1016/j.jbi.2014.02.008.

    Article  PubMed  Google Scholar 

  17. Zhang, K., Liang, X., Baura, M., Lu, R., and Shen, X., PHDA: A priority based health data aggregation with privacy preservation for cloud assisted WBANs. Inf. Sci. 284:130–141, 2014. doi:10.1016/j.ins.2014.06.011.

    Article  Google Scholar 

  18. Wang, Z., Huang, D., Zhu, Y., Li, B., and Chung, C., Efficient attribute-based comparable data access control. IEEE Trans. Comput. 64(12):3430–3443, 2015. doi:10.1109/tc.2015.2401033.

    Article  Google Scholar 

  19. Liu, X., Lu, R., Ma, J., Chen, L., and Qin, B., Privacy-preserving patient-centric clinical decision support system on naive Bayesian classification. IEEE J. Biomed. Health Inform. 20(2):655–668, 2015. doi:10.1109/jbhi.2015.2407157.

    Article  Google Scholar 

  20. Zhou, J., Cao, Z., Dong, X., Xiong, N., and Vasilakos, A., 4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks. Inf. Sci. 314:255–276, 2015. doi:10.1016/j.ins.2014.09.003.

    Article  Google Scholar 

  21. Sujansky, W., and Kunz, D., A standard-based model for the sharing of patient-generated health information with electronic health records. Personal Ubiquitous Comput. 19(1):9–25, 2014. doi:10.1007/s00779-014-0806-z.

    Article  Google Scholar 

  22. Yu, H., Lai, H., Chen, K., Chou, H., Wu, J., Dorjgochoo, S., et al., A sharable cloud-based pancreaticoduodenectomy collaborative database for physicians: Emphasis on security and clinical rule supporting. Comput. Methods Programs Biomed. 111(2):488–497, 2013. doi:10.1016/j.cmpb.2013.04.019.

    Article  PubMed  Google Scholar 

  23. Zhou, J., Lin, X., Dong, X., and Cao, Z., PSMPA: Patient self-controllable and multi-level privacy-preserving cooperative authentication in distributed m-healthcare cloud computing system. IEEE Trans. Parallel Distrib. Syst. 26(6):1693–1703, 2015. doi:10.1109/tpds.2014.2314119.

    Article  CAS  Google Scholar 

  24. Sawand, A., Djahel, S., Zhang, Z., and Na¨ıt-Abdesselam, F., Multidisciplinary Approaches to achieving efficient and trustworthy eHealth monitoring systems. IEEE/CIC ICCC 2014 Symp. Privacy Sec. In Commun 187–192, doi:10.1109/ICCChina.2014.7008269.

  25. Wang, C., Zhang, B., Ren, K., M. Roveda, J., Wen Chen, C., and Xu, Z., A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing. IEEE INFOCOM 2014 - IEEE Conf. Comput. Communi. 2130–2138, 2014. doi:10.1109/INFOCOM.2014.6848155.

  26. Zhou, J., Cao, Z., Dong, X., and Lin, X., PPDM: A privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE J. Sel. Top. Sign. Process 9(7):1332–1344, 2015. doi:10.1109/jstsp.2015.2427113.

    Article  Google Scholar 

  27. Hoang, D., and Chen, L., Mobile Cloud for Assistive Healthcare (MoCAsH). 2010 I.E. Asia-Pacific Serv. Comput. Conf. 325–332, 2010. doi:10.1109/APSCC.2010.102.

  28. Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., and Luo, H., Security and privacy for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless Commun 22(4):104–112, 2015. doi:10.1109/mwc.2015.7224734.

    Article  Google Scholar 

  29. Liu, C., Lin, F., Chiang, D., Chen, T., Chen, C., and Lin, H. et al., Secure PHR access control scheme for healthcare application clouds. 2013 42Nd Int. Conf. Parallel Process. 1067–1076, 2013. doi: 10.1109/icpp.2013.127.

  30. Barua, M., Liang, X., Lu, R., and Shen, X., ESPAC: Enabling security and patient-centric access control for eHealth in cloud computing. Int. J. Sec. Networks 6(2/3):67–76, 2011. doi:10.1504/ijsn.2011.043666.

    Article  Google Scholar 

  31. Narayan, S., Gagné, M., and Safavi-Naini, R., Privacy preserving EHR system using attribute-based infrastructure. Proc. 2010 ACM Workshop Cloud Comput. Sec. Workshop - CCSW ’10. 47-52, 2010. doi:10.1145/1866835.1866845

  32. Aljumah, F., Leung, R., Pourzandi, M., and Debbabi, M., Emergency mobile access to personal health records stored on an untrusted cloud. Health Inform. Sci. 30–41, 2013. doi:10.1007/978-3-642-37899-7_3.

  33. Huang, J., Sharaf, M., and Huang, C., A hierarchical framework for secure and scalable ehr sharing and access control in multi-cloud. 2012 41St Int. Conf. Parallel Process. Workshops. 279–287, 2012. doi: 10.1109/icppw.2012.42.

  34. Chen, L., and Hoang, D., Novel data protection model in healthcare cloud. 2011 I.E. Int. Conf. High Perform. Comput. Commun. 550–555, 2011. doi: 10.1109/hpcc.2011.148.

  35. Narayan, S., Gagné, M., and Safavi-Naini, R., Privacy preserving EHR system using attribute-based infrastructure. Proc. 2010 ACM Workshop Cloud Comput. Sec. Workshop - CCSW ’10. 47–52, 2010. doi:10.1145/1866835.1866845.

  36. Löhr, H., Sadeghi, A., and Winandy, M., Securing the e-health cloud. Proc. ACM Int. Conf. Health Inform. - IHI ’10. 220–229, 2010. doi: 10.1145/1882992.1883024.

  37. Yu, Z., Thomborson, C., Wang, C., Wang, J., and Li, R., A cloud-based watermarking method for health data security. 2012 Int. Conf. High Perform. Comput. Simulation (HPCS. 642–647, 2012. doi: 10.1109/hpcsim.2012.6266986.

  38. Alabdulatif, A., Khalil, I., and Mai, V., Protection of electronic health records (EHRs) in cloud. 2013 35Th Ann. Int. Conf. IEEE Eng. Med. Biol. Soc. (EMBC). 4191–4194, 2013. doi: 10.1109/embc.2013.6610469.

  39. Ermakova, T., and Fabian, B., Secret sharing for health data in multi-provider clouds. 2013 I.E. 15Th Conf. Bus. Inform. 93–100, 2013. doi:10.1109/CBI.2013.22.

  40. Huang, M., Chen, Y., Chen, B., Liu, J., Rho, S., and Ji, W., A semi-supervised privacy-preserving clustering algorithm for healthcare. Peer-To-Peer Network. Appl. 1–12, 2015. doi:10.1007/s12083-015-0356-9.

  41. Rahman, S., Masud, M., Hossain, M., Alelaiwi, A., Hassan, M., and Alamri, A., Privacy preserving secure data exchange in mobile P2P cloud healthcare environment. Peer-To-Peer Network. Appl. 1–16, 2015. doi:10.1007/s12083-015-0334-2.

  42. Xhafa, F., Feng, J., Zhang, Y., Chen, X., and Li, J., Privacy-aware attribute-based PHR sharing with user accountability in cloud computing. J Supercomput. 71(5):1607–1619, 2014. doi:10.1007/s11227-014-1253-3.

    Article  Google Scholar 

  43. Chen, C., Yang, T., Chiang, M., and Shih, T., A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38:143, 2014. doi:10.1007/s10916-014-0143-9.

    Article  PubMed  Google Scholar 

  44. Chen, C., Yang, T., and Shih, T., A secure medical data exchange protocol based on cloud environment. J. Med. Syst. 38:112, 2014. doi:10.1007/s10916-014-0112-3.

    Article  PubMed  Google Scholar 

  45. Jafari, M., Safavi-Naini, R., and Sheppard, N., A rights management approach to protection of privacy in a cloud of electronic health records. Proc. 11Th Ann. ACM Workshop Digit. Rights Manag. - DRM ’11. 23–30, 2011. doi:10.1145/2046631.2046637.

  46. Lam, P., Mitchell, J., Scedrov, A., Sundaram, S., and Wang, F., Declarative privacy policy. Proc. 2Nd ACM SIGHIT Symp. Int. Health Inform. - IHI ’12. 323–332, 2012. doi:10.1145/2110363.2110401.

  47. Mohanty, M., Atrey, P., and Ooi, W., Secure cloud-based medical data visualization. Proc. 20Th ACM Int. Conf. Multimed. - MM ’12. 1105–1108, 2012. doi:10.1145/2393347.2396394.

  48. Sanz-Requena, R., Mañas-García, A., Cabrera-Ayala, J., and García-Martí, G., A cloud-based radiological portal for the patients: IT contributing to position the patient as the central axis of the 21 st century healthcare cycles. Proc. First Int. Workshop Tech. Legal Aspects Data Privacy. 54–57, 2015. Retrieved from http://dl.acm.org/citation.cfm?id=2821479.

  49. Francis, T., Madiajagan, M., and Kumar, V., Privacy issues and techniques in E-Health systems. Proc. 2015 ACM SIGMIS Conf. Comput. People Res. - SIGMIS-CPR ’15. 113115, 2015. doi:10.1145/2751957.2751981.

  50. Balinsky, H., and Mohammad, N., Fine grained access of interactive personal health records. Proc. 2015 ACM Symp. Doc. Eng. - DocEng ’15. 207–210, 2015. doi:10.1145/2682571.2797098.

  51. Hei, X., and Lin, S., Multi-part file encryption for electronic health records cloud. Proc. 4Th ACM Mobihoc Workshop Pervasive Wireless Healthcare - Mobilehealth ’14. 31–36, 2014. doi:10.1145/2633651.2637473.

  52. Mohandas, A., and S, S., Privacy preserving content disclosure for enabling sharing of electronic health records in cloud computing. Proc. 7Th ACM India Comput. Conf. - COMPUTE ’14. article no. 7, 2014. doi:10.1145/2675744.2675753.

  53. Ragesh, G., and Baskaran, K., CRYPE. Proc. First Int. Conf. Sec. Internet Things - Sec. ’12. 204–209, 2012. doi:10.1145/2490428.2490457

  54. Lin, H., Shao, J., Zhang, C., and Fang, Y., CAM: Cloud-assisted privacy preserving mobile health monitoring. IEEE Trans. Inform. Forensic Sec. 8(6):985–997, 2013. doi:10.1109/tifs.2013.2255593.

    Article  Google Scholar 

  55. Li, M., Yu, S., Zheng, Y., Ren, K., and Lou, W., Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1):131–143, 2013. doi:10.1109/tpds.2012.97.

    Article  Google Scholar 

  56. Li, M., Yu, S., Ren, K., and Lou, W., Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. Lecture Notes Inst. Comput. Sci. Soc. Inform. Telecommun. Eng. 89–106, 2010. doi:10.1007/978-3-642-16161-2_6.

  57. Castiglione, A., Pizzolante, R., De Santis, A., Carpentieri, B., Castiglione, A., and Palmieri, F., Cloud-based adaptive compression and secure management services for 3D healthcare data. Futur. Gener. Comput. Syst. 43–44:120–134, 2015. doi:10.1016/j.future.2014.07.001.

    Article  Google Scholar 

  58. Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., and Alem, L., A platform for secure monitoring and sharing of generic health data in the Cloud. Futur. Gener. Comput. Syst. 35:102–113, 2014. doi:10.1016/j.future.2013.09.011.

    Article  Google Scholar 

  59. Liu, J., Huang, X., and Liu, J., Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Futur. Gener. Comput. Syst. 52:67–76, 2015. doi:10.1016/j.future.2014.10.014.

    Article  Google Scholar 

  60. Taneja, H., Kapil, and Singh, A., Preserving privacy of patients based on re-identification risk. Proc. Comput. Sci. 70:448–454, 2015. doi:10.1016/j.procs.2015.10.073.

    Article  Google Scholar 

  61. Khan, F., Ali, A., Abbas, H., and Haldar, N., A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Proc. Comput. Sci. 34:511–517, 2014. doi:10.1016/j.procs.2014.07.058.

    Article  Google Scholar 

  62. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M., and Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 2014. doi: 10.1007/s10916-014-0041-1.

  63. Mishra, D., Srinivas, J., and Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):120, 2014. doi:10.1007/s10916-014-0120-3.

    Article  PubMed  Google Scholar 

  64. Abbas, H., Magnusson, C., Yngstrom, L., and Hemani, A., Addressing dynamic issues in information security management. Info. Mngmnt. Comp. Sec. 19(1):5–24, 2011. doi:10.1108/09685221111115836.

    Article  Google Scholar 

  65. Ali, A., and Khan, F., Energy-efficient cluster-based security mechanism for intra-WBAN and inter-WBAN communications for healthcare applications. EURASIP J. Wirel. Commun. Netw. 2013(1):216, 2013. doi:10.1186/1687-1499-2013-216.

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to extend their sincere appreciation to the Deanship of Scientific Research at King Saud University for its funding of this research through the Research Group Project no. RG-1435-048.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Haider Abbas.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sajid, A., Abbas, H. Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges. J Med Syst 40, 155 (2016). https://doi.org/10.1007/s10916-016-0509-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0509-2

Keywords

Navigation