Importance of Data Privacy in Healthcare

Maintaining Trust in a Doctor–Patient Relationship

It is vital for the healthcare professionals to build trust with their patients by keeping the patient’s data safeand protecting them from any kind of unauthorized disclosure. If a patient believes that the highly sensitive information (PII, name, age, date of birth, medical history, insurance claims, etc.) provided by them to their doctors is not protected, then the patient will be reluctant to provide their complete details for their own health and well-being, hence taking risksin their own lives [3].

Better Data Quality

A transparent system, where a patient can have full access to his own details, can provide higher quality and ultimately provides better healthcare for the patients.

In an electronic health system, the healthcare data are prone to errors. However, if a patient can access their personal records after the required authorization, it can help in increased transparency and better quality in healthcare data [19].

Improved Balance and Integrity in Current Industry Data Monopolies

In today’s world where data are considered as “gold,” industries misuse the confidential data of patients and outsource them to untrusted parties for personal profits and benefits. The complete picture of a patient’s PII and PHI, including finances, insurance and medical history, is prone to data breach. The data privacy laws are essential in seeking answers to questions such as:Who owns the complete picture of the user? What risks are associated with situations of massive data leaks [31]?

Protecting the Basic Human Rights

The UN declared the “right to privacy” as a basic human right, which gives users the right to have privacy for their critical information. Suitable action takes place in case the law is not practised and the privacy of an individual is harmed [22].

Under the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, patients have a number of rights including:

  • • The right to receive notice of the privacy practices of any healthcare provider
  • • The right to view their protected health information and receive a copy
  • • The right to request changes to their records to correct errors or add information
  • • The right to have a list of the parties to whom their protected healthcare information has been disclosed to
  • • The right to request confidential communication
  • • The right to complain

Who Is Responsible for Data Security?

To date, there is not unanimous consent on the sole stakeholder responsible for protecting the user’s data privacy.

Some organizations feel that it is the responsibility of each individual to protect his/her own sensitive data by themselves; while some feel that it is the responsibility of the organization that is collecting the user’s data. Others feel that the government should set appropriate standards for the organization for protecting users’ data and monitor their activities [32, 33].

The Gigya report showed the distribution of privacy responsibility in 2017 as shown in Figure 2.7.

In the year 2020, many big companies such as Google and Facebook do value their profitsmore than protecting their users’ privacy. They sell their customers’ sensitive data to advertisement companies for monetary gain. Although these companies give the users the right to decide to use or to not use their particular service by signing the “Terms and Conditions,” the users agree to the conditions without thoroughly going through them. This leads to the misuse or disclo- sureof personal information of the users and makes the service prone to security attacks [32].

In an effort to strengthen the process of protecting the users’ privacy, the EU introduced a piece of legislation called the General Data Protection Regulation (GDPR) in 2019. It was an attempt to give control of data to the users rather than the

Responsibility distribution for protecting data privacy

FIGURE 2.7 Responsibility distribution for protecting data privacy.

companies. However, companies like Google and Facebook didn’t agree to follow it and faced billion-dollar fines.

Some of the key privacy and data protection requirements of the GDPR include:

  • • Requiring the consent of subjects for data processing
  • • Anonymizing collected data to protect privacy
  • • Providing data breach notifications
  • • Safely handling the transfer of data across borders
  • • Requiring certain companies to appoint a data protection officer to oversee GDPR compliance

In order to control the privacy breaches ofusers’ data, California, USA, also came up with a bill called the California Consumer Privacy Act (CCPA) bill on January 1, 2020.

To date, the privacy issues still exist since no stringent controls are in place to protect users’ sensitive data, especially in the healthcare sector, and privacy continues to be an important domain for discussion and further research.

Comparison of Various Privacy Attacks over the Years and Possible Techniques to Contain Them

Table 2.1

TABLE 2.1

Privacy Attacks and Techniques for Protecting Privacy

Year

Attacks/Vulnerabilities

Techniques

Tabrizchi et al. (2020) [1]

  • • Eavesdropping
  • • Masquerade attack
  • • Man-in-the-middle attack

Attribute-based file encryption mechanism from the cloud (ERFC)

Padmaja et al. (2019) [4]

  • • Data integrity loss
  • • Data segregation authentication
  • • Data breaches

Searchable encryption and proxy re-encryption method

Marwan et al. (2018)110]

• Unauthorized disclosure of information by intruders

Segmentation approach for healthcare images

Shomrani et al. (2018) [7]

• Encryption of “all” available data on the network

Proper segregation of data, for example,patients’ personal details and illness, to decrease encryption time and to encrypt only the sensitive data

Hamid et al. (2017)[19]

• Challenges faced while transporting data from utility to storage server in the cloud

Edge/fog computing is suggested which keeps the processing and storage of data closer to the user

Singh & Singh (2017)[15]

  • • User data privacy
  • • Audibility
  • • Access control

Blockchain technology is used to prepare a decentralized framework for the sharing of information

Li et al. (2016)[34]

  • • Loss of confidentiality
  • • Loss of integrity

Key-based auditing

Liang et al. (2016)[29]

  • • Loss of confidentiality
  • • No data minimization

Encryption using regular language

Zhang et al. (2016)[35]

• Loss of confidentiality

Multi keyword search

Anitha et al. (2014) [18]

  • • Loss of confidentiality
  • • Loss of isolation of computing resources in a public cloud

Authentication, authorization and auditing (AAA) are used and encryption of data is performed using Secure Socket Layer 3.0

Yu et al. (2010) [23]

• Loss of accessibility

Exception-based access control solution

References

  • 1. Tabrizchi, H., & Rafsanjani, K. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. The Journal of Supercomputing, 76, 9493-9532, Issuer 12/2020. doi: 10.1007/sl 1227-020-03213-1
  • 2. Deepa, N., & Pandiaraja, P. (2020). E health care data privacy preserving efficient file retrieval from the cloud service provider using attribute based file encryption. Journal of Ambient Intelligence and Humanized Computing, doi: 10.1007/sl2652-020-019U-5.
  • 3. Jathanna, R., & Jagli, D. (2017). Cloud computing and security issues. International Journal of Engineering Research and Application, 7(6), 31-38.
  • 4. Padmaja, K., & Seshadri, R. (2019). Analytics on real time security attacks in healthcare, retail and banking applications in the cloud. Evolutionary Intelligence, doi: 10.1007/sl2065-019-00337-z.
  • 5. Boss, G., Malladi, P., Quan, D., Legregni, L., & Hall, H. (2007). Cloud Computing. IBM White Paper, Version 1.0. October 2007.
  • 6. V. Chang, & Wills, G. (2016). A model to compare cloud and non-cloud storage of big data. Future Generation Computer Systems, 57, 56-76. http://eprints.soton.ac.uk /382709/.
  • 7. Al-Shomrani, A., Eassa, F., & Jambi, K. (2018). Big data security and privacy challenges. International Journal of Engineering Development and Research, 6, 894-900.
  • 8. Kumar, P. R., Herbert Rajb, P., & Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing, 6th International Conference on Smart Computing and Communications, ICSCC 2017,7-8 December 2017, Kurukshetra, India. Procedia Computer Science, 125, 691-697.
  • 9. Mahesh U. Shankarwar, Ambika V. Pawar (2015). Security and privacy in cloud computing: A Survey. In Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing (FICTA) 2014, Vol. 2, Advances in Intelligent Systems and Computing (p. 328). DOI: 10.1007/978-3-319-12012-6J.
  • 10. Marwan, M., Kartit, A., & Ouahmane, H. (2018). Security enhancement in healthcare cloud using machine learning. The First International Conference on Intelligent Computing in Data Sciences. Procedia Computer Science, 127, 388-397.
  • 11. Ramachandra, G., Iftikhar, M., & Khan, F. A. (2017). A comprehensive survey on security in cloud computing. The 3rd International Workshop on Cyber Security and Digital Investigation (CSDI 2017). Procedia Computer Science 110, 465-472.
  • 12. L. D. Dhinesh Babu, P. Venkata Krishna, A. Mohammed Zayan, & Vijayant Panda. (2011). An analysis of security related issues in cloud computing. In International Conference on Contemporary Computing (pp. 180-190). Berlin Heidelberg: Springer.
  • 13. Pardeep Sharma, Sandeep K. Sood, and Sumeet Kaur. (2011). Security issues in cloud computing. In International Conference on High Performance Architecture and Grid Computing (HPAGC) (pp. 36-45). Berlin Heidelberg: Springer.
  • 14. K. S. Wong, M. H. Kim. (2012). Secure biometric-based authentication for cloud computing. In International Conference on Cloud Computing and Services Science (vol. 28,

pp. 86-101).

  • 15. Singh, N„ & Singh, A., (2017). Data privacy protection mechanisms in cloud. Data Science and Engineering, 3, 24-39. DOI: 10.1007/s41019-017-0046-0.
  • 16. Big Data Working Group: Expanded Top Ten Big Data Security and privacy Chal lenges. (2013). By CSA (Cloud Security Alliance).Link: https://downloads.cloudsecurityalli ance.org/initiatives/bdwg/Expanded_Top_Ten_Big_Data_Security_and_Privacy_Ch allenges.pdf
  • 17. Privacy and Security in Personal Data Clouds, Report. (2016). European Union Agency for Network and Information Security. ISBN: 978-92-9204-182-3, DOI: 10.2824/24216
  • 18. R. Anitha, Saswati Mukherjee. (2014). Data security in cloud for health care applications. In H.-Y. Jeong, et al. (eds.), Advances in Computer Science and Its Applications, Lecture Notes in Electrical Engineering (p. 279). DOI: 10.1007/978-3-642-41674- 3_ 167. Berlin Heidelberg: Springer.
  • 19. Al Hamid, H. A., Rahman, S. M. M., Hossain, M. S., Almogren, A., & Alamri, A. (2017). A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography. IEEE Access, 5, 22313-22328.
  • 20. Amandeep Verma, Sakshi Kaushal (2011). Cloud computing security issues and challenges: A survey. In International Conference on Advances in Computing and Communications (ACC) (pp. 445-454). Berlin Heidelberg: Springer.
  • 21. Q., Zhang, L., Cheng, R., Boutaba. (2010). Cloud computing: State-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7-18.
  • 22. Tim Mather, Subra Kumaraswamy, Shahed Latif. (2009). Cloud Security and Pr/vacy.Gravenstein Highway North, Sebastopol, CA: O’Reilly Media, Inc.
  • 23. S. Yu, C. Wang, K. Ren, W. Lou. (2010). Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proceedings IEEE INFOCOM, San Diego, CA (pp. 1-9). DOI: 10.1109/INFCOM.2010.5462174.
  • 24. V. Chang, M. Ramachandran. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services Computing, 9(1), 138-151.
  • 25. W. Itani, A. Kayssi, A. Chehab. (2009). Privacy as a service: Privacy-aware data storage and processing in cloud computing architectures. In 8th IEEE International Conference on Dependable, Autonomic and Secure Computing, Chengdu (pp. 711-716). DOI: 10.1109/DASC.2009.139.
  • 26. Dr. Ragesh, G. K., & Dr. Baskaran, K. (2016). Cryptographically enforced data access control in personal health record systems, global colloquium in recent advancement and effectual researches in engineering, science and technology (RAEREST 2016). Procedia Technology, 25,473-480.
  • 27. H. Takabi, J. B. Joshi, & G. J. Ahn. (2010). Securecloud: Towards a comprehensive security framework for cloud computing environments. In IEEE 34th Annual Confererence.
  • 28. Elisa Bertino, Robert H. Deng, Xinyi Huang, Jianying Zhou. (2015). Security and privacy of electronic health information systems. International Journal of Information Security, 14,485-486. DOI 10.1007/sl0207-015-0303-z.
  • 29. Liang, K., Huang, X., Guo, R, & Liu, J. K. (2016). Privacy-preserving and regular language search over encrypted cloud data. IEEE Transactions on Information Forensics and Security, 11(10), 2365-2376.
  • 30. J. J. Cebula, L. R. Young. (2010). A taxonomy of operational cyber security. Technical Note: CMU/SEI-2010-TN-028. Software Engineering Institute. USA.
  • 31. X.. Zhang, M.. Nakae. M. J., Covington. & R., Sandhu, (2008), “Toward a usage-based security framework for collaborative computing systems”, ACM Transactions on Information and System Security (TISSEC), 11(1), 3.
  • 32. Weblink: https://www.pwc.com/us/en/library/risk-regulatory/strategic-policy/top-poli cy-trends/data-privacy.html.
  • 33. Weblink: https://thenextweb.eom/podium/2020/01/25/its-2020-and-we-still-have-a- data-privacy-problem/.
  • 34. Li, Y., et al. (2016). Privacy preserving cloud data auditing with efficient key update. Future Generation Computer Systems 78: 789-798.
  • 35. Zhang, W., et al. (2016). Privacy preserving ranked multi-keyword search for multiple data owners in cloud computing. IEEE Transactions on Computers, 65(5), 1566-1578.
 
Source
< Prev   CONTENTS   Source   Next >