Electronic Health Record Security in Cloud

Advances in Healthcare Information Systems and Administration - Smart Medical Data Sensing and IoT Systems Design in Healthcare ◽

10.4018/978-1-7998-0261-7.ch002 ◽

2020 ◽

pp. 22-47

Author(s):

Desam Vamsi ◽

Pradeep Reddy

Keyword(s):

Data Privacy ◽

Storage Systems ◽

Homomorphic Encryption ◽

Cost Effective ◽

Healthcare Organizations ◽

Sensitive Data ◽

Privacy And Security ◽

Encrypted Data ◽

Electronic Health ◽

Somewhat Homomorphic Encryption

Security is the primary issue nowadays because cybercrimes are increasing. The organizations can store and maintain their data on their own, but it is not cost effective, so for convenience they are choosing cloud. Due to its popularity, the healthcare organizations are storing their sensitive data to cloud-based storage systems, that is, electronic health records (EHR). One of the most feasible methods for maintaining privacy is homomorphism encryption (HE). HE can combine different services without losing security or displaying sensitive data. HE is nothing but computations performed on encrypted data. According to the type of operations and limited number of operations performed on encrypted data, it is categorized into three types: partially homomorphic encryption (PHE), somewhat homomorphic encryption (SWHE), fully homomorphic encryption (FHE). HE method is very suitable for the EHR, which requires data privacy and security.

Download Full-text

Logistic Regression on Homomorphic Encrypted Data at Scale

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v33i01.33019466 ◽

2019 ◽

Vol 33 ◽

pp. 9466-9471 ◽

Cited By ~ 2

Author(s):

Kyoohyung Han ◽

Seungwan Hong ◽

Jung Hee Cheon ◽

Daejun Park

Keyword(s):

Logistic Regression ◽

Data Privacy ◽

Homomorphic Encryption ◽

Training Data ◽

Sensitive Data ◽

Encrypted Data ◽

The Public ◽

Private Data ◽

First Time ◽

Practical Feasibility

Machine learning on (homomorphic) encrypted data is a cryptographic method for analyzing private and/or sensitive data while keeping privacy. In the training phase, it takes as input an encrypted training data and outputs an encrypted model without ever decrypting. In the prediction phase, it uses the encrypted model to predict results on new encrypted data. In each phase, no decryption key is needed, and thus the data privacy is ultimately guaranteed. It has many applications in various areas such as finance, education, genomics, and medical field that have sensitive private data. While several studies have been reported on the prediction phase, few studies have been conducted on the training phase.In this paper, we present an efficient algorithm for logistic regression on homomorphic encrypted data, and evaluate our algorithm on real financial data consisting of 422,108 samples over 200 features. Our experiment shows that an encrypted model with a sufficient Kolmogorov Smirnow statistic value can be obtained in ∼17 hours in a single machine. We also evaluate our algorithm on the public MNIST dataset, and it takes ∼2 hours to learn an encrypted model with 96.4% accuracy. Considering the inefficiency of homomorphic encryption, our result is encouraging and demonstrates the practical feasibility of the logistic regression training on large encrypted data, for the first time to the best of our knowledge.

Download Full-text

Computing Blindfolded on Data Homomorphically Encrypted under Multiple Keys: A Survey

ACM Computing Surveys ◽

10.1145/3477139 ◽

2022 ◽

Vol 54 (9) ◽

pp. 1-37

Author(s):

Asma Aloufi ◽

Peizhao Hu ◽

Yongsoo Song ◽

Kristin Lauter

Keyword(s):

Homomorphic Encryption ◽

Lessons Learned ◽

Secret Key ◽

Sensitive Data ◽

Encrypted Data ◽

Outsourced Computation ◽

Secret Keys ◽

Comprehensive Survey ◽

Multiple Keys ◽

Cryptographic Techniques

With capability of performing computations on encrypted data without needing the secret key, homomorphic encryption (HE) is a promising cryptographic technique that makes outsourced computations secure and privacy-preserving. A decade after Gentry’s breakthrough discovery of how we might support arbitrary computations on encrypted data, many studies followed and improved various aspects of HE, such as faster bootstrapping and ciphertext packing. However, the topic of how to support secure computations on ciphertexts encrypted under multiple keys does not receive enough attention. This capability is crucial in many application scenarios where data owners want to engage in joint computations and are preferred to protect their sensitive data under their own secret keys. Enabling this capability is a non-trivial task. In this article, we present a comprehensive survey of the state-of-the-art multi-key techniques and schemes that target different systems and threat models. In particular, we review recent constructions based on Threshold Homomorphic Encryption (ThHE) and Multi-Key Homomorphic Encryption (MKHE). We analyze these cryptographic techniques and schemes based on a new secure outsourced computation model and examine their complexities. We share lessons learned and draw observations for designing better schemes with reduced overheads.

Download Full-text

Privacy-Preserving Sorting Algorithms Based on Logistic Map for Clouds

Security and Communication Networks ◽

10.1155/2018/2373545 ◽

2018 ◽

Vol 2018 ◽

pp. 1-10

Author(s):

Hua Dai ◽

Hui Ren ◽

Zhiye Chen ◽

Geng Yang ◽

Xun Yi

Keyword(s):

Data Privacy ◽

Logistic Map ◽

Security Analysis ◽

Privacy Preserving ◽

Service Recommendation ◽

Sensitive Data ◽

Encrypted Data ◽

Sorting Algorithms ◽

Common Operation ◽

Cloud Servers

Outsourcing data in clouds is adopted by more and more companies and individuals due to the profits from data sharing and parallel, elastic, and on-demand computing. However, it forces data owners to lose control of their own data, which causes privacy-preserving problems on sensitive data. Sorting is a common operation in many areas, such as machine learning, service recommendation, and data query. It is a challenge to implement privacy-preserving sorting over encrypted data without leaking privacy of sensitive data. In this paper, we propose privacy-preserving sorting algorithms which are on the basis of the logistic map. Secure comparable codes are constructed by logistic map functions, which can be utilized to compare the corresponding encrypted data items even without knowing their plaintext values. Data owners firstly encrypt their data and generate the corresponding comparable codes and then outsource them to clouds. Cloud servers are capable of sorting the outsourced encrypted data in accordance with their corresponding comparable codes by the proposed privacy-preserving sorting algorithms. Security analysis and experimental results show that the proposed algorithms can protect data privacy, while providing efficient sorting on encrypted data.

Download Full-text

A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud Storage

Security and Communication Networks ◽

10.1155/2018/7254305 ◽

2018 ◽

Vol 2018 ◽

pp. 1-7 ◽

Cited By ~ 11

Author(s):

Run Xie ◽

Chanlian He ◽

Dongqing Xie ◽

Chongzhi Gao ◽

Xiaojun Zhang

Keyword(s):

Cloud Computing ◽

Mobile Devices ◽

Data Privacy ◽

Security Analysis ◽

Data Retrieval ◽

Sensitive Data ◽

Encrypted Data ◽

Security Issues ◽

Efficiency Comparison ◽

Cloud Servers

With the advent of cloud computing, data privacy has become one of critical security issues and attracted much attention as more and more mobile devices are relying on the services in cloud. To protect data privacy, users usually encrypt their sensitive data before uploading to cloud servers, which renders the data utilization to be difficult. The ciphertext retrieval is able to realize utilization over encrypted data and searchable public key encryption is an effective way in the construction of encrypted data retrieval. However, the previous related works have not paid much attention to the design of ciphertext retrieval schemes that are secure against inside keyword-guessing attacks (KGAs). In this paper, we first construct a new architecture to resist inside KGAs. Moreover we present an efficient ciphertext retrieval instance with a designated tester (dCRKS) based on the architecture. This instance is secure under the inside KGAs. Finally, security analysis and efficiency comparison show that the proposal is effective for the retrieval of encrypted data in cloud computing.

Download Full-text

Privacy, security, and the public health researcher in the era of electronic health record research

Online Journal of Public Health Informatics ◽

10.5210/ojphi.v8i3.7251 ◽

2016 ◽

Vol 8 (3) ◽

Author(s):

Neal D Goldstein ◽

Anand D Sarwate

Keyword(s):

Public Health ◽

Data Privacy ◽

Large Scale ◽

Health Data ◽

Shared Responsibility ◽

Privacy And Security ◽

The Public ◽

Health Researcher ◽

Public Health Researcher ◽

Electronic Health

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

Download Full-text

The Impact of Operating System on Bandwidth in Open VPN Technology

Baghdad Science Journal ◽

10.21123/bsj.13.1.204-211 ◽

2016 ◽

Vol 13 (1) ◽

pp. 204-211

Author(s):

Baghdad Science Journal

Keyword(s):

Operating System ◽

Operating Systems ◽

Data Privacy ◽

The Internet ◽

Sensitive Data ◽

Privacy And Security ◽

Basic Source ◽

Basic Functions ◽

And Performance ◽

The Impact

The internet is a basic source of information for many specialities and uses. Such information includes sensitive data whose retrieval has been one of the basic functions of the internet. In order to protect the information from falling into the hands of an intruder, a VPN has been established. Through VPN, data privacy and security can be provided. Two main technologies of VPN are to be discussed; IPSec and Open VPN. The complexity of IPSec makes the OpenVPN the best due to the latter’s portability and flexibility to use in many operating systems. In the LAN, VPN can be implemented through Open VPN to establish a double privacy layer(privacy inside privacy). The specific subnet will be used in this paper. The key and certificate will be generated by the server. An authentication and key exchange will be based on standard protocol SSL/TLS. Various operating systems from open source and windows will be used. Each operating system uses a different hardware specification. Tools such as tcpdump and jperf will be used to verify and measure the connectivity and performance. OpenVPN in the LAN is based on the type of operating system, portability and straightforward implementation. The bandwidth which is captured in this experiment is influenced by the operating system rather than the memory and capacity of the hard disk. Relationship and interoperability between each peer and server will be discussed. At the same time privacy for the user in the LAN can be introduced with a minimum specification.

Download Full-text

Protection of Data Privacy in Computer Systems

Israel Law Review ◽

10.1017/s0021223700008840 ◽

1986 ◽

Vol 21 (1) ◽

pp. 5-14

Author(s):

Benjamin G. Walker

Keyword(s):

Data Privacy ◽

Computer Systems ◽

Cost Effective ◽

Diagnostic Information ◽

Sensitive Data ◽

Technical Problems ◽

System Failures ◽

Telephone Conversation ◽

Computer Based ◽

Maintenance Personnel

The protection of data in computer-based systems is a serious and growing problem. It is one of the most challenging technical problems in the field of computer science today. The objective of this paper is to provide a technical overview of the problem and to suggest some steps that need to be taken to assure progress in the field toward cost-effective systems that provide adequate protection.The Problem: Protecting the privacy of data in computer systems involves establishing safeguards against accidental disclosure as well as protection against a deliberate attack. During system failures and restart procedures errors in coding procedures often cause data to be stored in the wrong files or put sensitive data out on the printer along with diagnostic information intended for maintenance personnel. You have probably had the experience at some time of being wired into someone else's telephone conversation.

Download Full-text

Proposing an Intelligent Cloud-Based Electronic Health Record System

International Journal of Business Data Communications and Networking ◽

10.4018/jbdcn.2012070104 ◽

2012 ◽

Vol 8 (3) ◽

pp. 57-71 ◽

Cited By ~ 8

Author(s):

Lara Khansa ◽

Jonathan Forcade ◽

Girivaraprasad Nambari ◽

Saravanan Parasuraman ◽

Patrick Cox

Keyword(s):

Best Practices ◽

Electronic Health Record ◽

Service Level ◽

Health Record ◽

Healthcare Organizations ◽

Privacy And Security ◽

Private Patient ◽

Record System ◽

Electronic Health ◽

Reducing Costs

With the aging United States population, healthcare costs have considerably increased and are expected to keep rising in the foreseeable future. In this paper, the authors propose an intelligent cloud-based electronic health record (ICEHR) system that has the potential to reduce medical errors and improve patients’ quality of life, in addition to reducing costs and increasing the productivity of healthcare organizations. They developed a set of best practices that encompass end-user policies and regulations, identity and access management, network resilience and service level agreements, advanced computational power, “Big Data” mining abilities, and other operational/managerial controls that are meant to improve the privacy and security of the ICEHR, and make it inherently compliant to healthcare regulations. These best practices serve as a framework that offers a single interconnection agreement between the cloud host and healthcare entities, and streamlines access to private patient information based on a unified set of access principles.

Download Full-text

An Enhanced Methodology on Internet of Things with Cloud in Smart Electrical Systems

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c3842.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 2295-2299

Keyword(s):

Internet Of Things ◽

Performance Management ◽

Data Privacy ◽

Homomorphic Encryption ◽

Human Life ◽

Vital Role ◽

Electrical System ◽

Privacy And Security ◽

Security Issues ◽

Electrical Systems

The smart management system plays a vital role in many domains and improves the reliability of protection and privacy of a system. Electrical systems have become a part in everyday human life. The next generation electrical systems will entirely depends on fully automated and smart control systems. In the present paper various mechanisms of cloud gateways and security issues are explored for smart management of an electrical system. The present survey work is reconnoitred with Internet of Things (IoT) in association with cloud. Cloud based IoT in smart electrical system provides potential enhancement of performance, management, and resilience of the smart system. However, the espousal of cloud based IoT system in smart electrical system to store and retrieve the data from cloud may increase risks in data privacy and security. Despite the different flaws in global integration of cloud with IoT through internet, various end-to-end security schemes are discussed to overcome these flaws. As a result in many of the applications easy IoT cloud gateway along with homomorphic encryption technique is set up to solve communication overheads and security issues.

Download Full-text

The Use of Electronic Health Record Systems During COVID-19 at a Local Community Hospital on the West Coast

International Journal of Business and Applied Social Science ◽

10.33642/ijbass.v7n8p7 ◽

2021 ◽

pp. 53-58

Author(s):

Malini Krishnamurthi, Ph.D.

Keyword(s):

Health Care ◽

Electronic Health Record ◽

Patient Care ◽

Data Privacy ◽

Local Community ◽

Quality Care ◽

The United States ◽

Health Record ◽

Privacy And Security ◽

Electronic Health

The United States Federal government looks toward information technology to curtail health care costs while increasing the quality of patient care through the adoption of electronic health record (EHR)systems. This paper examined the experience of a hospital with its EHR system in the context of the pandemic. Results showed that the hospital maintains a state-of-the-art health care system to provide quality care to its community and was responsive to the recent crisis. The results were consistent with other comparable hospitals examined in this study. The hospitals were successful in adopting EHR systems. They were able to identify gaps that could be filled with technology add-ons from different software vendors to improve their functionality and thereby provide better & timely patient care. Managing large volumes of data generated in the normal process of EHR operation and ensuring data privacy and security were the significant challenges faced and are likely to continue in the future.

Download Full-text