Designing a Flow-based Mechanism for Accessing Electronic Health Records on a Cloud Environment
Keywords:Electronic health records, cloud environment, access control, workflow, doctor-patient communication, web-based system
Electronic health record (EHR) implementation not only to facilitate doctor-patient communication reduces paper consumption but also allows the rapid exchange of medical records, integrating patients’ medical information from different locations. However, the costs of establishing massive and repetitive systems, constructing databases, and maintaining and exchanging data, as well as the energy consumption underscoring such an operation, represent substantial costs for a medical institution. Therefore, it is important to develop a cloud solution for EHRs and to provide a platform where resources are truly shareable. This study investigates the feasibility of cloud EHR services provided by trusted third parties. However, not only do medical records stored in an access environment with multiple users potentially endanger patient privacy, but also, without well-designed access control, such an environment may beget excessive unnecessary data access, which is costly and hinders cloud computing. To address the dual challenge of protecting patient privacy and allowing cloud computing, this study proposes the doctor–patient workflow and implements a web-based system. This mechanism ensures patients’ data security and addresses the demand of EHR cloud sharing, i.e., controlling EHR access authorities. The proposed method can protect the privacy of patients’ medical records on the cloud and grant users with minimum granularity access, thereby creating a system with the advantages of data security and cloud computing. This study proposes the doctor–patient workflow as the access control mechanism of cloud medical records, which minimizes the granularity of access. In addition, the access authority of the workflow dynamically changes with the environment, which ensures patients’ access to their medical records and defines the appropriate timing of cloud data access operations, thereby preventing unnecessary energy consumption. In practice, considerable contributions can be made to the establishment of access control and promotion of the cloud environment for medical records.
Rajabion, L., Shaltooki, A. A., Taghikhah, M., Ghasemi, A., and Badfar, A. (2019). Healthcare big data processing mechanisms: the role of cloud computing. International Journal of Information Management, 49, 271–289.
Sher, M. L., Hwang, H. G., and Weng, L. J. (2019). Factors affecting physicians’ intention to use electronic medical record exchange for older patients. Taiwan Gong Gong Wei Sheng Za Zhi, 38(4), 416–430.
Darwish, A., Hassanien, A. E., Elhoseny, M., Sangaiah, A. K., and Muhammad, K. (2019). The impact of the hybrid platform of internet of things and cloud computing on healthcare systems: opportunities, challenges, and open problems. Journal of Ambient Intelligence and Humanized Computing, 10(10), 4151–4166.
Dong, X. D. (2019). Cloud Computing Application to Manage Smart Grid System. Science, 4(3), 369–374.
Gao, F., and Sunyaev, A. (2019). Context matters: A review of the determinant factors in the decision to adopt cloud computing in healthcare. International Journal of Information Management, 48, 120–138.
Shah, S. M., and Khan, R. A. Secondary use of electronic health record: Opportunities and challenges. IEEE Access, 8, 136947–136965.
Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S. (2006). Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Computer Methods and Programs in Biomedicine, 82(3), 277–282.
Ali, O., Shrestha, A., Soar, J., and Wamba, S.F. (2018). Cloud computing-enabled healthcare opportunities, issues, and applications: A systematic review. International Journal of Information Management, 43, 146–158.
Heart, T., Ben-Assuli, O., and Shabtai, I. (2017). A review of PHR, EMR and EHR integration: A more personalized healthcare and public health policy. Health Policy and Technology, 6(1), 20–25.
Masud, M., and Hossain, M. S. (2018). Secure data-exchange protocol in a cloud-based collaborative health care environment. Multimedia Tools and Applications, 77(9), 11121–11135.
Aceto, G., Persico, V., and Pescapé, A. (2018). The role of Information and Communication Technologies in healthcare: taxonomies, perspectives, and challenges. Journal of Network and Computer Applications, 107, 125–154.
Wang, X., and Jin, Z. (2019). An Overview of Mobile Cloud Computing for Pervasive Healthcare. IEEE Access, 7, 66774–66791.
Sajid, A., and Abbas, H. (2016). Data privacy in cloud-assisted healthcare systems: state of the art and future challenges. Journal of medical systems, 40(6), 155.
Gokilavani, M., Mannickathan, G. P., and Dorairangaswamy, M. A. (2018). A Survey of Cloud Environment in Medical Images Processing. Monthly Journal of Computer Science and Information Technology, 7(11), 68–73.
Garets, D., and Davis, M. (2006). Electronic medical records vs. electronic health records: Yes, there is a difference. Policy white paper. Chicago, HIMSS Analytics, 1–14.
Hoofnagle, C. J., van der Sloot, B., and Borgesius, F. Z. (2019). The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law, 28(1), 65–98.
Shao, S. C., Chan, Y. Y., Kao Yang, Y. H., Lin, S. J., Hung, M. J., Chien, R. N., Lai C. C. and Lai, E. C. C. (2019). The Chang Gung Research Database—a multi-institutional electronic medical records database for real-world epidemiological studies in Taiwan. Pharmacoepidemiology and Drug Safety, 28(5), 593–600.
Sligo, J., Gauld, R., Roberts, V., and Villa, L. (2017). A literature review for large-scale health information system project planning, implementation and evaluation. International journal of medical informatics, 97, 86–97.
Joshi, M., Joshi, K. P., and Finin, T. (2018). Delegated authorization framework for EHR services using attribute based encryption. IEEE Transactions on Services Computing, 1–12.
Rauf, A., Abdullah, A. H., Iqbal, S., and Awan, K. (2019). Perception Reasoning Task-Role RBAC for Data Access Control in Cloud Computing. International Journal of Computing and Communication Networks 1(1), 1–9.
Ramu, G., Reddy, B. E., Jayanthi, A., and Prasad, L. N. (2019). Fine-grained access control of EHRs in cloud using CP-ABE with user revocation. Health and Technology, 9(4), 487–496.
Workflow Management Coalition. Workflow management coalition glossary & terminology, 1999. Retrieved from: http://www.aiai.ed.ac.uk/project/wfmc/ARCHIVE/DOCS/glossary/glossary.html.
Ahmad, Z., Nazir, B., and Umer, A. (2021). A fault-tolerant workflow management system with Quality-of-Service-aware scheduling for scientific workflows in cloud computing. International Journal of Communication Systems, 34(1), e4649.