Secure Sharing of Electronic Medical Records in Cloud Computing
|
|
- Fay Bradford
- 8 years ago
- Views:
Transcription
1 Secure Sharing of Electronic Medical Records in Cloud Computing MS Thesis Defense: Ruoyu Wu Graduate Supervisory Committee: Dr. Gail-Joon Ahn, Chair Dr. Sik-Sang Yau Dr. Dijiang Huang The Laboratory of Security Engineering for Future Computing (SEFCOM) URL : sefcom.asu.edu BYENG 486 ASU
2 Outline Introduction Problem Summary Secure EHRs Sharing Framework in Clouds Selective EHRs sharing HIPAA-compliant EHRs sharing System Design Implementation and Evaluation Related Work Conclusion and Future Work Q & A Slide 2
3 Internet-centric Cloud-driven World SaaS Ecosystem PaaS IaaS Slide 3
4 Healthcare Evolution Paper-based records transform to EHRs EHRs are shifting to Clouds Transform Shift Paper-based Sharing Efficiency Ubiquitous Access EMRs Cost efficiency Dynamically scalable Cloud Platform Slide 4
5 Security and Privacy Identity Management Authentication Trust Management Policy Management Access Control Compliance Management H. Takabi, J. Joshi, and G. Ahn. Security and privacy challenges in cloud computing environments. Security & Privacy, IEEE, 8(6):24 31, Slide 5
6 Access Control Issue Cross-domain EHRs integration Diversity of healthcare practitioners Slide 6
7 Compliance Management Issue Manual and labor-intensive process Additional overheads to health information transactions. HIPAA is complex and in part vague Updates of HIPAA regulation and upscales of EMRs System Policies All System States EMR System define enforce to comply HIPAA Regulations Treats cause loss R. Wu, G.-J. Ahn, and H. Hu. Towards hipaa-compliant healthcare systems. In Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, pages ACM, Slide 7
8 Hypothesis We propose a framework that ensures secure sharing of EHRs supporting Selective sharing on composite EHRs Logical EHR model EHR data schema composition Cross-domain EHR instance aggregation Access control policy specification HIPAA-compliant EHRs sharing Extracting policy patterns Formulating policy specification Transformation Compliance analysis Slide 8
9 Secure EHRs Sharing Framework Overview Slide 9
10 Hypothesis We propose a framework that ensures secure sharing of EHRs supporting Selective sharing on composite EHRs Logical EHR model EHR data schema composition Cross-domain EHR instance aggregation Access control policy specification HIPAA-compliant EHRs sharing Extracting policy patterns Formulating policy specification Transformation Compliance analysis Slide 10
11 Logical EHR Model An EHR object is represented as a tuple T = (r, V, E) r is the root of the whole EHR object; V is a set of nodes within the whole EHR object hierarchical structure E V V is a set of links between nodes. J. Jin, G. Ahn, H. Hu, M. Covington, and X. Zhang. Patient-centric authorization framework for sharing electronic health records. In Proceedings of the 14th ACM symposium on Access control models and technologies, pages ACM, Slide 11
12 EHR Data Schema Composition Slide 12
13 Algorithm for Merging Two EHR Data Schemas Slide 13
14 EHR Data Schema Composition Example r s T s m r d m T d m Merge to Call insertsubschema(t d, r d, T s, r s ) r d = r s -> m = r d Otology Classes Demographic, Demo Gender, Sex DoB, Birthday, Birth Date Slide 14
15 EHR Data Schema Composition Example Slide 15
16 Cross-domain EHR Instance Aggregation Slide 16
17 Policy Specification An access control policy is a tuple acp= (sub, obj v, pur, effect), where A subject sub is defined as a tuple sub = <u, so > or sub = <r, so >; An object obj v is a set of nodes in a sub-schema of T rooted at node v; pur is a set of business practices in healthcare domains; effect {permit,deny} is the authorization effect of the policy. Examples: P1: (<GP, h1>, obj Encounters, {treatment}, permit) P2: (<SP, h2>, obj Medications, {treatment,research}, permit) P3: (<Dr.Nic, h2>, obj Labs, research, deny) Slide 17
18 Policy Specification Cont d Slide 18
19 Hypothesis We propose a framework that ensures secure sharing of EHRs supporting Selective sharing on composite EHRs Logical EHR model EHR data schema composition Cross-domain EHR instance aggregation Access control policy specification HIPAA-compliant EHRs sharing Extracting policy patterns Formulating policy specification Transformation Compliance analysis Slide 19
20 HIPAA-compliant EHRs Sharing Process of compliance management Slide 20
21 Extracting Policy Pattern Goal Define a uniform policy scheme for HIPAA and system policy transformation Methodology Identify key words from HIPAA rules or system policies; Categorize identified key words into different class and give a label; Given a new rule or a policy, map each word to a class; The composition of different labels construct a structured pattern. Slide 21
22 Extracting Policy Pattern-Cont d Structured Examples (b)(1) A covered entity may obtain consent of the individual to use or disclose protected health information to carry out treatment, payment, or health care operations. Extracted Pattern: <actor> <modality> <action> <object> to <action> <object> for <purpose> (c)(1) A covered entity may use or disclose protected health information for its own treatment, payment, or health care operations. Extracted Pattern: <actor> <modality> <action> <object> for <purpose> (c)(2) A covered entity may disclose protected health information for treatment activities of a health care provider. Extracted Pattern: <actor> <modality> <action> <object> for <purpose> Slide 22
23 Generic Policy Specification Our policy specification scheme is built upon the identified policy patterns as a 8-tuple p = <actor, modality, action, object, purpose, condition, id, effect>, where actor = < D, R, O > is a 3-tuple, where D, R and O represent disseminator, receiver, and owner, respectively; modality depends on the implication that a policy expresses; action is a particular action defined by a policy; object is a protected healthcare resource; purpose is the reason for an actor to perform an action on an object; condition = < C D, C R, C O, C CON > is a 4-tuple, where C D, C R, C O and C CON indicate conditions on disseminator, receiver, owner and context, respectively; id is the citation to the portion of HIPAA regulations to which a policy refers to; effect is the authorization effect of a policy including permit and deny. The Laboratory of Security Engineering for Future Computing 2012 年 8 月 12 日 星 期 日 Slide 23
24 Transformation: Abstract Representation Transform both HIPAA regulations and healthcare system policies into abstract representation; The Laboratory of Security Engineering for Future Computing 2012 年 8 月 12 日 星 期 日 Slide 24
25 Transformation: Logic Representation Transform the abstract representation into a logic representation. Adopt Answer Set Programming(ASP) as the underlying logic programming; ASP is a logic programming language It represents the search problem as a logic program whose stable models, called answer sets correspond to the solutions of the problem It finds these models using an answer set solver - a system for computing stable models. The syntax of a ASP rule is as: <result> :- <precondition1>, <precondition1>,, <preconditionn>. V. Lifschitz. What is answer set programming. In Proc. of the AAAI Conference on Artificial Intelligence, pages , The Laboratory of Security Engineering for Future Computing 2012 年 8 月 12 日 星 期 日 Slide 25
26 Transformation-Cont'd Based on each element of the generic policy definition, we define following ASP predicates: decision(id, EFFECT) where ID is a policy id variable and EFFECT is a policy authorization decision variable; actor(d, R, O) where D, R and O are variables respectively for disseminator, receiver, and owner; modality(m); action(a); object(obj); purpose(p) and condition(c). ASP representation of generic policy is expressed as follows: decision(id, EFFECT) :- actor(d, R, O), modality(m), action(a), object(obj), purpose(p), condition(c). The Laboratory of Security Engineering for Future Computing 2012 年 8 月 12 日 星 期 日 Slide 26
27 Transformation Example Step 1 Input (Natural language representation of HIPAA Policy) (c)(1) A covered entity may use or disclose protected health information for its own treatment, payment, or health care operations. Output (Abstract representation) (<CE, CE, CE>, may, use, phi, treatment, N/A, (c)(1), allow) (<CE, CE, CE>, may, use, phi, payment, N/A, (c)(1), allow) (<CE, CE, CE>, may, use, phi, healthcare operation, N/A, (c)(1), allow) (<CE, CE, CE>, may, disclose, phi, treatment, N/A, (c)(1), allow) (<CE, CE, CE>, may, disclose, phi, payment, N/A, (c)(1), allow) (<CE, CE, CE>, may, disclose, phi, healthcare operation, N/A, (c)(1), allow) Step 2 Input (Abstract representation) (<CE, CE, CE>, may, use, PHI, treatment, N/A, (c)(1)(1), permit) Output (Logic representation) decision(164506c11, permit):- actor(ce, ce, ce), modality(may), action(use), object(phi), purpose(treatment), condition(na). The Laboratory of Security Engineering for Future Computing 2012 年 8 月 12 日 星 期 日 Slide 27
28 Analysis Methodology After two-step transformation, we have both ASP representations of HIPAA regulations and healthcare system policies Consider the ASP representation of HIPAA regulations as the privacy/security property program F Consider the ASP representation of system policies as the program G Cast the compliance checking problem into the problem of checking whether the program G F H has no answer sets, where H is the program expressing program G and program F has conflict decision results If no answer set is found, that implies the privacy/security property F is verified Otherwise, an answer set returned by an ASP solver servers as a counterexample that indicates why the program G does not entail F G. Ahn, H. Hu, J. Lee, and Y. Meng. Representing and reasoning about web access control policies. In th Annual IEEE Computer Software and Applications Conference, pages IEEE, Slide 28
29 System Design System Architecture Slide 29
30 Case Study_1 - Selective EHRs Sharing Scenario illustration Slide 30
31 Case Study_1 - Selective EHRs Sharing System workflow Slide 31
32 Case Study_2 - HIPAA-compliant EHRs sharing Steps Step1: Choose Healthcare System Policies Step2: Policy Transformation Step3: Terminology Mapping Step4: Compliance Checking Slide 32
33 Step 1 Example healthcare provider - OSF Healthcare It is owned and operated by the Sisters of the Third Order of St. Francis, Peoria, Illinois. Chosen healthcare local policy examples Example 1. OSF may share your information with your doctors, hospitals or other health care providers to help them provide medical care to you. Example 2. OSF may use or share your information for certain types of public health or disaster relief efforts. Slide 33
34 Step 2 Transformation Generic policy specification based representation of policy example 1 (<OSF, doctor, patient>, may, share, information, treatment, N/A, l11, permit) (<OSF, hospitals, patient>, may, share, information, treatment, N/A, l12, permit) (<OSF, health care providers, patient>, may, share, information, treatment, N/A, l13, permit) Corresponding ASP-based representation decision(l11, permit) :- actor(osf, doctor, patient), modality(may), action(share), object(information), purpose(treatment), condition(na). decision(l12, permit) :- actor(osf, hospitals, patient), modality(may), action(share), object(information), purpose(treatment), condition(na). decision(l13, permit) :- actor(osf, hcp, patient), modality(may), action(share), object(information), purpose(treatment), condition(na). Slide 34
35 Step 3 Terminology Mapping It entails mapping the natural language phrases in halthcare systems policies onto the terminology used in HIPAA regulations. Slide 35
36 Step 4 Experiment Results 1 st run: no answer set is found, which means the local healthcare policy complies with the HIPAA regulations. 2 nd run: add following local healthcare system s policy with a policy ID of l12: decision local(l12, deny) :- actor(osf, hospitals, patient), modality(may), action(share), object(information), purpose(treatment), condition(na). ASP solver find one answer set: modality(may) action(share) action(use) object(information) object(phi) purpose(treatment) condition(na) actor(osf, hospitals, patient) actor(ce, ce, ce) decision local(l12, deny) decision hipaa(c11, permit) It indicates a counterexample explaining the violation of HIPAA regulations Slide 36
37 Implementation Cloud environment illustration Slide 37
38 Implementation-Cont'd Home Page & Policy Specification Page Slide 38
39 Implementation-Cont'd Patient Discovery Page & Composite EHRs Access Page Slide 39
40 Implementation-Cont'd CONNECT implementation details Slide 40
41 Implementation-Cont'd A transformation tool to support our two-step transformation is implemented based on OpenNLP open source project Slide 41
42 Evaluation Analyze efficiency and scalability Analyze time consumption by ASP Slide 42
43 Related Works Access Control Presented a patient-centric authorization framework to secure the sharing of electronic health records[jin'09]. Adopted the Chinese Wall security policy to control information flow in cloud computing[wu'10][wu'12]. Presented a security model for healthcare application clouds[zhang'10] Presented patient-centric and fine-grained access control mechanism for securing personal health records in cloud computing[li'10]. Compliance Management Presented a methodology to represent and reason about web access control policies[ahn'10]. Rigorous extraction of requirements from policies and regulations[breaux'06][lee'06]. Presented a methodology to extract access rights and obligations directly from regulation texts[breaux'07]. Presented a production rule framework that software engineers can use to specify compliance requirements for software[maxwell'10]. Slide 43
44 Conclusion & Contributions We articulate access control and compliance management issues in healthcare cloud computing environments. A novel framework based on access control policy and logical techniques has been presented, which support selective EHRs sharing and HIPAA-compliant EHRs sharing A prototype cloud-based EHRs sharing system has been designed, implemented and evaluated to demonstrate the effectiveness and efficiency of our proposed approach. Slide 44
45 Future Work We would conduct more comprehensive evaluations on our system with real-world healthcare datasets. We would investigate how to address policy composition issues and how to support fine-grained delegation mechanism for EHRs in cloud computing environments. In addition, we would like to apply our approach to support EHRs sharing using consumer devices such as smart phone and tablet to cover border sections of the whole healthcare ecosystem. We would also study how cross-referenced policies can be considered and accommodated to address all aspects of HIPAA requirements. Slide 45
46 Publications Towards HIPAA-compliant Healthcare Systems, Ruoyu Wu, Gail-Joon Ahn and Hongxin Hu (ACM IHI 12) Information Flow Control in Cloud Computing, Ruoyu Wu, Gail-Joon Ahn, Hongxin Hu, and Mukesh Singhal (TrustCol 10) Information Flow Control in Clouds, Gail-Joon Ahn, Ruoyu Wu, Hongxin Hu and Mukesh Singhal (IEEE Transactions on SMC, revision) Risk-Aware Mitigation for MANET Routing Attacks, Ziming Zhao, Hongxin Hu, Gail-Joon Ahn and Ruoyu Wu (IEEE TDSC 10) Risk-Aware Response for Mitigating MANET Routing Attacks, Ziming Zhao, Hongxin Hu, Gail-Joon Ahn and Ruoyu Wu (GLOGBECOM 10) Slide 46
47 Questions Slide 47
Secure Sharing of Electronic Health Records in Clouds
Secure Sharing of Electronic Health Records in Clouds Ruoyu Wu, Gail-Joon Ahn Arizona State University Hongxin Hu Delaware State University The Laboratory of Security Engineering for Future Computing (SEFCOM)
More informationTowards HIPAA-compliant Healthcare Systems in Cloud Computing
1 Towards HIPAA-compliant Healthcare Systems in Cloud Computing Ruoyu Wu, Arizona State University, USA Gail-Joon Ahn, Arizona State University, USA Hongxin Hu, Delaware State University, USA Abstract
More informationSecure Sharing of Electronic Health Records in Clouds
Secure Sharing of Electronic Health Records in Clouds Ruoyu Wu 1, Gail-Joon Ahn 1, Hongxin Hu 2 1 Arizona State University, 2 Delaware State University {ruoyu.wu, gahn}@asu.edu; hhu@desu.edu Abstract In
More informationTowards HIPAA-compliant Healthcare Systems
Towards HIPAA-compliant Healthcare Systems Ruoyu Wu, Gail-Joon Ahn and Hongxin Hu Arizona State University Tempe, AZ 85287, USA {ruoyu.wu,gahn,hxhu}@asu.edu ABSTRACT In healthcare domain, there is a gap
More informationSecure Sharing of Electronic Medical Records in Cloud Computing. Ruoyu Wu
Secure Sharing of Electronic Medical Records in Cloud Computing by Ruoyu Wu A Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Science Approved April 2012 by the Graduate
More informationInformation Flow Control in Cloud Computing
Information Flow Control in Cloud Computing Ruoyu Wu, Gail-Joon Ahn, Hongxin Hu Arizona State Univeristy Mukesh Singhal University of Kentucky The Laboratory of Security Engineering for Future Computing
More informationPrivacy in Health Informatics
i Guest editorial Preface Privacy in Health Informatics Soon Ae Chun, Columbia University & CUNY-College of Staten Island, USA Jaideep Vaidya, Rutgers, The State University of New Jersey, USA INTRODUCTION
More informationPatient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange
Patient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange Mahmoud Awad and Larry Kerschberg Center for Health Information Technology George
More informationUMA in Health Care: Providing Patient Control or Creating Chaos?
SESSION ID: IDY-F03 UMA in Health Care: Providing Patient Control or Creating Chaos? David Staggs JD, CISSP Technologist / IP Attorney Staggs PLLC UMA Value Proposition User Managed Access (UMA) brings
More informationSome Research Challenges for Big Data Analytics of Intelligent Security
Some Research Challenges for Big Data Analytics of Intelligent Security Yuh-Jong Hu hu at cs.nccu.edu.tw Emerging Network Technology (ENT) Lab. Department of Computer Science National Chengchi University,
More informationLi Xiong, Emory University
Healthcare Industry Skills Innovation Award Proposal Hippocratic Database Technology Li Xiong, Emory University I propose to design and develop a course focused on the values and principles of the Hippocratic
More informationAuditing EMR System Usage. You Chen Jan, 17, 2013 You.chen@vanderbilt.edu
Auditing EMR System Usage You Chen Jan, 17, 2013 You.chen@vanderbilt.edu Health data being accessed by hackers, lost with laptop computers, or simply read by curious employees Anomalous Usage You Chen,
More informationPrivacy and Identity Management for Europe
Privacy and Identity Management for Europe Pierangela Samarati Università degli Studi di Milano Milan, Italy samarati@dti.unimi.it Page 1 Vision and Objectives Users disclose vast amounts of personal information
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering University of Ontario Institute of Technology
More informationPatient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange
Patient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange Mahmoud Awad and Larry Kerschberg, Center for Health Information Technology,
More informationProviding Flexible Security as a Service Model for Cloud Infrastructure
Providing Flexible Security as a Service Model for Cloud Infrastructure Dr. M. Newlin Rajkumar, P. Banu Priya, Dr. V. Venkatesakumar Abstract Security-as-a-Service model for cloud systems enable application
More informationReview of the Techniques for User Management System
, pp.87-91 http://dx.doi.org/10.14257/astl.2014.46.20 Review of the Techniques for User Management System Jaegeol Yim *, Gyeyoung Lee *, Kyungsoo Ham * *Dongguk University at Gyeongju Korea, {yim, lky,
More informationAN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationRelationship of HL7 EHR System Draft Standard to X12N
Relationship of HL7 EHR System Draft Standard to X12N EHR Technical Committee Co-Chairs: Gary Dickinson Linda Fischetti Sam Heard Excerpt of EHR-S DSTU Class Overview of Discussion Background Where We
More informationHorizontal IoT Application Development using Semantic Web Technologies
Horizontal IoT Application Development using Semantic Web Technologies Soumya Kanti Datta Research Engineer Communication Systems Department Email: Soumya-Kanti.Datta@eurecom.fr Roadmap Introduction Challenges
More informationEnabling the Big Data Commons through indexing of data and their interactions
biomedical and healthcare Data Discovery Index Ecosystem Enabling the Big Data Commons through indexing of and their interactions 2 nd BD2K all-hands meeting Bethesda 11/12/15 Aims 1. Help users find accessible
More information1. Introduction. 2. Background. 2.1. Cloud computing in a nutshell
Title: Towards new access control models for Cloud computing systems Category: 'In the Cloud' - Security Author name: Gouglidis Antonios City, Country: Thessaloniki, Greece Year of study, Course Title:
More informationACaaS: Access Control as a Service for IaaS Cloud
ACaaS: Access Control as a Service for IaaS Cloud Ruoyu Wu, Xinwen Zhang, Gail-Joon Ahn, Hadi Sharifi and Haiyong Xie Arizona State University, Tempe, AZ 85287, USA Email: {ruoyu.wu, gahn, hsharif1}@asu.edu
More informationHow To Create A Privacy Preserving And Dynamic Load Balancing System In A Distributed System
Enforcing Secure and Privacy-Preserving Information Brokering with Dynamic Load Balancing in Distributed Information Sharing. 1 M.E. Computer Engineering Department GHRCEM, Wagholi, Pune. Jyotimore2283@gmail.com
More informationHarmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006
Harmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006 Office of the National Coordinator for Health Information Technology (ONC) Table of Contents American Health
More informationAccess Control patient centric selective sharing Emergency Access Information Exchange
Electronic Health Record Software Required Security Features and Recommendations for Technical Specifications of Single Source Contracts and RFI for the Behavioral Health Information Technology Grant Scope:
More informationSWIFT Identity Management Model
ENHANCING THE SECURITY FRAMEWORK SECURECLOUD WITH THE SWIFT IDENTITY MANAGEMENT FRAMEWORK Abdulrahman H. Altalhi 1, Zailani Mohamed Sidek 2, Norjihan Abdul Ghani 3, Fazidah Othman 4 and Maged Abdelkhaleq
More informationFlowGuard: Building Robust Firewalls for Software-Defined Networks. Hongxin Hu, Wonkyu Han, Gail-Joon Ahn and Ziming Zhao
FlowGuard: Building Robust Firewalls for Software-Defined Networks Hongxin Hu, Wonkyu Han, Gail-Joon Ahn and Ziming Zhao HotSDN 2014 Outline Introduction Challenges for Building FW in SDN FlowGuard framework
More informationUsing Cloud Computing with RETE Algorithms in a Platform as a Service (PaaS) for Business Systems Development
Using Cloud Computing with RETE Algorithms in a Platform as a Service (PaaS) for Business Systems Development Richard Poblete 1, David de la Fuente 2, and Margarita Alonso 3 1 Department of Business Administration,
More informationCMS & ehr - An Update
Health Informatics in Hong Kong CMS & ehr - An Update Dr NT Cheung HA Convention 2010 CMS / epr is essential in the HA Each Day... 12,000 users 90,000 patients 8M CMS transactions 700,000 epr views In
More informationCLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS
CLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS Shilpa G S 1, Maria Navin J R 2 1 PG Student, Dept. of Computer Science and Engineering, SVCE Bangalore,
More informationA Secure Personal Healthcare Records Integrated System based on IaaS
A Secure Personal Healthcare Records Integrated System based on IaaS Cloud Computing 1 Youngbok Cho, 2 Sunghee Woo, 3 Sangho Lee 1, First Author Dept. of Softerwear, Electrical Information, Chungbuk National
More informationPolicy-based Pre-Processing in Hadoop
Policy-based Pre-Processing in Hadoop Yi Cheng, Christian Schaefer Ericsson Research Stockholm, Sweden yi.cheng@ericsson.com, christian.schaefer@ericsson.com Abstract While big data analytics provides
More informationCLOUD-BASED DEVELOPMENT OF SMART AND CONNECTED DATA IN HEALTHCARE APPLICATION
CLOUD-BASED DEVELOPMENT OF SMART AND CONNECTED DATA IN HEALTHCARE APPLICATION S. Naisha Sultana 1, Gandikota Ramu 2 and Prof. B. Eswara Reddy 3 1, 2&3 Dept of Computer Science & Engineering, JNTUA College
More informationInternational Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518
International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 Software as a Model for Security in Cloud over Virtual Environments S.Vengadesan, B.Muthulakshmi PG Student,
More informationSix Challenges for the Privacy and Security of Health Information. Carl A. Gunter University of Illinois
Six Challenges for the Privacy and Security of Health Information Carl A. Gunter University of Illinois The Six Challenges 1. Access controls and audit 2. Encryption and trusted base 3. Automated policy
More informationWEB: WWW.XTREAMIT.COM EMAIL: SALES@XTREAMIT.COM PHONE:
EMR365 A PRODUCTIVITY SOLUTION FOR HEALTH CARE EMR365 is an end user productivity solution by XtreamIT for hospitals and healthcare organizations. It provides a user familiar interface to doctors and medical
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationHIPAA/HITECH Compliance Using VMware vcloud Air
Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the
More informationA Comparison Study of Information Security Risk Management Frameworks in Cloud Computing
A Comparison Study of Information Security Risk Management Frameworks in Cloud Computing Mohammed Alnuem Information Systems Department King Saud University Riyadh, Saudi Arabia Email: malnuem@ksu.edu.sa
More informationSecurity Concerns about Cloud Computing in Healthcare. Kate Borten, CISSP, CISM President, The Marblehead Group
Security Concerns about Cloud Computing in Healthcare Kate Borten, CISSP, CISM President, The Marblehead Group Agenda What is cloud computing? Advantages Security concerns Suggestions 2009 The Marblehead
More informationModels Supporting Development of Complex Information Systems in Healthcare. Case study: an Obstetrics-Gynecology Department
en18 Original Article Models Supporting Development of Complex Information Systems in Healthcare. Case study: an Obstetrics-Gynecology Department Mihaela Crisan-Vida 1, Lăcrămioara Stoicu-Tivadar 1, Oana
More informationCloud Information Accountability Framework for Auditing the Data Usage in Cloud Environment
International Journal of Computational Engineering Research Vol, 03 Issue, 11 Cloud Information Accountability Framework for Auditing the Data Usage in Cloud Environment D.Dhivya 1, S.CHINNADURAI 2 1,M.E.(Cse),
More information15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM
RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN
More informationMaster of Science Advanced Software Services. Courses description
Master of Science Advanced Software Services Courses description Architecture of Service Oriented Information Systems The course explains the concept of the different architectural views (e.g. function
More informationDistributed Attribute Based Encryption for Patient Health Record Security under Clouds
Distributed Attribute Based Encryption for Patient Health Record Security under Clouds SHILPA ELSA ABRAHAM II ME (CSE) Nandha Engineering College Erode Abstract-Patient Health Records (PHR) is maintained
More informationIntegration Architecture & (Hybrid) Cloud Scenarios on the Microsoft Business Platform. Gijs in t Veld CTO BizTalk Server MVP BTUG NL, June 7 th 2012
Integration Architecture & (Hybrid) Cloud Scenarios on the Microsoft Business Platform Gijs in t Veld CTO BizTalk Server MVP BTUG NL, June 7 th 2012 Agenda Integration architecture; what & why? On-premise
More informationSecurity and Privacy System Requirements for Healthcare Medical Data Sharing
and Privacy System Requirements for Healthcare Cloud and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios ABSTRACT Research-in-Progress Tatiana Ermakova Benjamin
More informationCloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology
Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG Cloudy with Showers of Business Opportunities and a Good Chance of
More informationKeywords Distributed Computing, On Demand Resources, Cloud Computing, Virtualization, Server Consolidation, Load Balancing
Volume 5, Issue 1, January 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Survey on Load
More informationA Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing
International Journal of Emerging Engineering Research and Technology Volume 3, Issue 5, May 2015, PP 1-7 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) A Survey on Security Issues and Security Schemes
More informationSERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED DISCOVERY AND ANALYSIS MODEL LANGUAGE SPECIFICATIONS
SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) VERSION 2.1 SERVICE-ORIENTED DISCOVERY AND ANALYSIS MODEL LANGUAGE SPECIFICATIONS 1 TABLE OF CONTENTS INTRODUCTION... 3 About The Service-Oriented Modeling Framework
More informationTwo patterns for HIPAA regulations
Two patterns for HIPAA regulations Eduardo B. Fernandez 1 and Sergio Mujica 2 1 Florida Atlantic University, Boca Raton, FL, USA 2 Escuela de Ingeniería, Universidad Finis Terrae, Santiago, Chile Abstract
More informationAnalysis of Different Access Control Mechanism in Cloud
Analysis of Different Access Control Mechanism in Cloud Punithasurya K Post Graduate Scholar Department of Information Technology Karunya University, India Jeba Priya S Lecturer Department of Information
More informationAn Efficient data storage security algorithm using RSA Algorithm
An Efficient data storage security algorithm using RSA Algorithm Amandeep Kaur 1, Sarpreet Singh 2 1 Research fellow, Department of Computer Science and Engineering, Sri Guru Granth Sahib World University,
More informationInternet of Things (IoT): A vision, architectural elements, and future directions
SeoulTech UCS Lab 2014-2 st Internet of Things (IoT): A vision, architectural elements, and future directions 2014. 11. 18 Won Min Kang Email: wkaqhsk0@seoultech.ac.kr Table of contents Open challenges
More informationContext-Aware Role Based Access Control Using User Relationship
International Journal of Computer Theory and Engineering, Vol. 5, No. 3, June 2013 Context-Aware Role Based Access Control Using User Relationship Kangsoo Jung and Seog Park We suggest relationship-based
More information[Sudhagar*, 5(5): May, 2016] ISSN: 2277-9655 Impact Factor: 3.785
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY AVOID DATA MINING BASED ATTACKS IN RAIN-CLOUD D.Sudhagar * * Assistant Professor, Department of Information Technology, Jerusalem
More informationBenefits of Image-Enabling the EHR
Benefits of Image-Enabling the EHR MU2 Implications for Hospitals, Imaging Providers and EHR Vendors A Merge Healthcare Whitepaper Introduction Meaningful Use (MU) Stage 2 has new requirements for imaging
More informationImplementing XML-based Role and Schema Migration Scheme for Clouds
Implementing XML-based Role and Schema Migration Scheme for Clouds Gurleen Kaur 1, Sarbjeet Singh 2 Computer Science and Engineering, UIET Panjab University, Chandigarh, India 1 gurleenturka@gmail.com
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationStudy on Redundant Strategies in Peer to Peer Cloud Storage Systems
Applied Mathematics & Information Sciences An International Journal 2011 NSP 5 (2) (2011), 235S-242S Study on Redundant Strategies in Peer to Peer Cloud Storage Systems Wu Ji-yi 1, Zhang Jian-lin 1, Wang
More informationHigher National Unit specification: general information
Higher National Unit specification: general information Unit code: H179 34 Superclass: CE Publication date: March 2012 Source: Scottish Qualifications Authority Version: 01 Unit purpose This Unit is intended
More informationAggregating IaaS Service
Aggregating IaaS Service Bu Sung Lee, Shixing Yan, Ding Ma, Guopeng Zhao HP Laboratories HPL-2011-22 Keyword(s): Cloud computing, service management, IaaS Abstract: Infrastructure-as-a-Service (IaaS) is
More informationSecure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka. www.ijreat.org
Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks Kruthika S G 1, VenkataRavana Nayak 2, Sunanda Allur 3 1, 2, 3 Department of Computer Science, Visvesvaraya Technological
More informationA generalized Framework of Privacy Preservation in Distributed Data mining for Unstructured Data Environment
www.ijcsi.org 434 A generalized Framework of Privacy Preservation in Distributed Data mining for Unstructured Data Environment V.THAVAVEL and S.SIVAKUMAR* Department of Computer Applications, Karunya University,
More informationSecuring Patient Privacy in E-Health Cloud Using Homomorphic Encryption and Access Control
International Journal of Computer Networks and Communications Security VOL.2, NO.1, JANUARY 2014, 15 21 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S Securing Patient Privacy in E-Health Cloud
More informationCLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS
CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS April 2014 Cloud Conceptual Reference Model The ease of use a Cloud Consumer experiences results from a complex, behind-the-scenes, orchestration of interchangeable,
More informationScalable and secure sharing of data in cloud computing using attribute based encryption
Volume :2, Issue :4, 416-420 April 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Ghodake Shubhangi Joshi Priyanka Khobragade Pranjali Chandak Manjiri Scalable
More informationand Deployment Roadmap for Satellite Ground Systems
A Cloud-Based Reference Model and Deployment Roadmap for Satellite Ground Systems 2012 Ground System Architectures Workshop February 29, 2012 Dr. Craig A. Lee The Aerospace Corporation The Aerospace Corporation
More informationSEMANTICS ENABLED PROACTIVE AND TARGETED DISSEMINATION OF NEW MEDICAL KNOWLEDGE
SEMANTICS ENABLED PROACTIVE AND TARGETED DISSEMINATION OF NEW MEDICAL KNOWLEDGE Lakshmish Ramaswamy & I. Budak Arpinar Dept. of Computer Science, University of Georgia laks@cs.uga.edu, budak@cs.uga.edu
More informationMeasuring the Interoperability Degree of Interconnected Healthcare Information Systems Using the LISI Model
Measuring the Interoperability Degree of Interconnected Healthcare Information Systems Using the LISI Model Mihaela Vida*, Lăcrămioara Stoicu-Tivadar*, Elena Bernad**, *Faculty of Automatics and Computers,
More informationCloud Database Storage Model by Using Key-as-a-Service (KaaS)
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah
More informationSecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments
2010 34th Annual IEEE Computer Software and Applications Conference Workshops SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments Hassan Takabi School of Information
More informationPrivacy for Healthcare Data in the Cloud - Challenges and Best Practices
Privacy for Healthcare Data in the Cloud - Challenges and Best Practices Dr. Sarbari Gupta sarbari@electrosoft-inc.com 703-437-9451 ext 12 Cloud Standards Customer Council (CSCC) Cloud Privacy Summit Electrosoft
More informationHow To Understand The Health Care System In Canada
Healthcare Interoperability Between Canada and the United States A Presentation to IAPP Canada Privacy Symposium May 9, 2014 Rick Shields - nnovation LLP and Joan Roch Canada Health Infoway 1 This is not
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More information3-12 Autonomous Access Control among Nodes in Sensor Networks with Security Policies
3-12 Autonomous Access Control among Nodes in Sensor Networks with Security Policies This paper describes a new framework of policy control sensor networks. Sensor networks are shared by various applications,
More informationReport on a preliminary analysis of the dataflow(s) in HealthConnect system
Report on a preliminary analysis of the dataflow(s) in HealthConnect system Electronic Health Records: Achieving an Effective and Ethical Legal and Recordkeeping Framework Australian Research Council Discovery
More informationBig Data Mining Services and Knowledge Discovery Applications on Clouds
Big Data Mining Services and Knowledge Discovery Applications on Clouds Domenico Talia DIMES, Università della Calabria & DtoK Lab Italy talia@dimes.unical.it Data Availability or Data Deluge? Some decades
More informationHIT Workflow & Redesign Specialist: Curriculum Overview
HIT Workflow & Redesign Specialist: Curriculum Overview Component - Description Units - Description Appx. Time 1: Introduction to Health Care and Public Health in the U.S. Survey of how healthcare and
More informationMonitoring Performances of Quality of Service in Cloud with System of Systems
Monitoring Performances of Quality of Service in Cloud with System of Systems Helen Anderson Akpan 1, M. R. Sudha 2 1 MSc Student, Department of Information Technology, 2 Assistant Professor, Department
More informationChapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments
Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments Abhishek Majumder, Suyel Namasudra and Samir Nath Abstract Cloud computing is an emerging and highly attractive technology
More informationCopyright IEEE. Citation for the published paper:
Copyright IEEE. Citation for the published paper: This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of BTH's products
More informationTHE HIPAA PRIVACY RULE S RIGHT OF ACCESS AND HEALTH INFORMATION TECHNOLOGY
THE HIPAA PRIVACY RULE S RIGHT OF ACCESS AND HEALTH INFORMATION TECHNOLOGY BACKGROUND AND INTRODUCTION Since its inception, the HIPAA Privacy Rule s right of an individual to access protected health information
More informationEHR Glossary of Terms
EHR Glossary of Terms American Recovery and Reinvestment Act of 2009 (ARRA): budget bill enacted by Congress and signed by President Obama on February 17, 2009 that was designed to provide an economic
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationA Novel Approach to QoS Monitoring in the Cloud
A Novel Approach to QoS Monitoring in the Cloud 2nd Training on Software Services- Cloud computing - November 11-14 Luigi Sgaglione EPSILON srl luigi.sgaglione@epsilonline.com RoadMap Rationale and Approach
More informationWhat You Need to Know About CLOUD INFORMATION PROTECTION SOLUTIONS
What You Need to Know About CLOUD INFORMATION PROTECTION SOLUTIONS Table of Contents Cloud Adoption Drivers Key Capabilities and Technologies Usability and User Experience Security Technology Architecture
More informationNOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019
Effective Date: 5/18/15 NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationEvent-based data dissemination control in healthcare
Event-based data dissemination control in healthcare Jatinder Singh and Jean Bacon Computing Laboratory University of Cambridge firstname.lastname@cl.cam.ac.uk Abstract. There is a movement in healthcare
More informationThe Need for Service Catalog Design in Cloud Services Development
The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental
More informationDevelop HIPAA-Compliant Mobile Apps with Verivo Akula
Develop HIPAA-Compliant Mobile Apps with Verivo Akula Verivo Software 1000 Winter Street Waltham MA 02451 781.795.8200 sales@verivo.com Verivo Software 1000 Winter Street Waltham MA 02451 781.795.8200
More informationCHAPTER 3 PROPOSED SCHEME
79 CHAPTER 3 PROPOSED SCHEME In an interactive environment, there is a need to look at the information sharing amongst various information systems (For E.g. Banking, Military Services and Health care).
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. A federal regulation,
More informationFuture of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST
Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service
More informationPARCA Certified PACS System Analyst (CPSA) Requirements
PARCA Certified PACS System Analyst (CPSA) Requirements Copyright notice: Copyright 2005 PACS Administrators in Radiology Certification Association (PARCA). All rights reserved. All rights reserved. This
More informationHow To Write An Electronic Health Record
EHR Requirements David LLOYD and Dipak KALRA CHIME Centre for Health Informatics and Multiprofessional Education, University College London N19 5LW, by email: d.lloyd@chime.ucl.ac.uk. Abstract. Published
More information