A framework with confidentiality integrity and access control mechanisms for secure storage of electronic health records in cloud

Abstract

Data storage in cloud has found its application in almost all areas like e-commerce, education, research etc. and healthcare is one such important area which can exploit the advantages of cloud for storing Electronic Health Records (EHRs). The use of EHRs have proved to reduce costs and many health care providers have switched over to EHRs for maintaining patients health information rather than manual paper based records and files. However, the sudden increase in the number of patients and the need to preserve their records for several years, has introduced difficulties in storage, retrieval and maintenance of such records by the health care providers. Hence there has been a growing interest among health service providers to migrate to cloud. The migration of EHRs to the cloud has intensified the security risks in terms of data leakage, integrity breach and unauthorized access of EHRs as these EHRs are stored in computers located in remote geographical locations not known to Health Service Providers (HSPs). So, new security mechanisms are required to handle various security issues such as confidentiality, integrity, access control etc. Though the works available in the literature provide solutions to these issues individually, there is still the need for efficient security mechanisms and there are very few works that provide a security framework that can handle all these security issues involved in the use of cloud storage for EHRs. Hence, this research work attempts to provide a security framework with mechanisms to address confidentiality, integrity and access control for secure storage and retrieval of EHRs in the cloud. The initial contribution of this research work presents the proposed confidentiality mechanism SEGCRYPT to segregate sensitive and insensitive attributes of EHRs and to strongly encrypt the sensitive attributes newline