In the recent age of globalization, healthcare service is spreading its reach to the each and every end of the society, integrating almost all of the population in the healthcare system (Abouelmehdi et al, 2017). Due to this, it has created a need of using information technology of software so that all the healthcare related data and information, medication information, personal data and insurance related data could be saved over internet and then could be protected from mishap or theft and the efficiency and efficiency of the healthcare data could be protected from hacking and other aspects (Liu et al., 2013). This age therefore is famous for storing the healthcare data over cloud which increases the ability to electronically store and transfer the health information to improve the quality of health so that service provided to the healthcare system could be protected (Yuvaraj, 2015). Despite the ability of the healthcare information system in maintaining and protecting the data of patients for the benefit of patients and healthcare facility, there are instances in which the data of the healthcare facilities are compromised. This compromised data is a major challenge for the healthcare facility as well as the healthcare service provider as it can affect their health and can degrade the quality of healthcare provided in the healthcare facility (Aiswarya et al., 2013).
In this section, discussion about the healthcare data security and several aspects of this cloud computing in changing the paradigm shift for the infrastructure and the system software will be discussed in the assignment with the help of hypothesis and multiple research questions. Further, the requirement of the cloud computing in determining the data security its effectiveness and future prospects will also be discussed in this research article.
Healthcare data must be handled with the utmost of care as it involves personal information of people. Almost all healthcare transactions are converted to online transactions, as x-rays, MRI images, patient lab reports, digital images, and video files are saved in patients records. Online records are safely, encrypted and transmitted without any delay, compared to mailing and faxing the healthcare documents (Yuvaraj, 2015). Every day millions of online record transactions take place between healthcare providers, hospitals, and medical groups. Online data is fast, accurate, cost-efficient, and easy to integrate the use for analysis and research purposes. With online data advantages, there are also some risks. In terms of risks associated with online medical records, any theft of data could mean a few thousands to millions of accounts are compromised. This data is used in the black market for personal identification or duplicate identity. Some hackers are sponsored by the government or private parties to steal information that’s available online. With advancement in technology, many companies need to move to the cloud for security, expansion, faster processing, and reduced cost. It is riskier to have applications in-house and add protection individually rather than to work as a group in the cloud so that any security can be applied to all forms at once(SOURCE). Cloud computing is a service model delivering on-demand computing resources over the Internet (Yuvaraj, 2015).
Healthcare data is considered as private and most secured, as every individual wants to keep their health data private and do not want to share this data without proper permission. “We have a very active intelligence program. We don’t rely just on our own monitoring. I work with a lot of third parties. I work with our government agencies, with our own healthcare agencies, other financial agencies to understand where the real threats are. You can’t rely on your own systems. You have to collaborate with other partners.” (Chris Elwell, 2016). It is very difficult for one organization to shield data from hackers, so it’s better to work in virtual private cloud (VPC) environment where security is maintained by technical giants. According to Google virtual private cloud offering in 2017 there are around seven hundred security engineers working on data security and monitoring any suspicious activity (Google Keynote, 2018). Data Security in healthcare data is difficult to maintain for one organization. In Anthem data breach occurred on database could have avoided if data is maintained in cloud. Data breach is an issue to millions of customers in healthcare industry as this data leaks privacy of the citizens. Healthcare data is difficult to maintain and to provide right data to right individual, In this study we will review How data can be masked and encrypted before transferring data and maintaining security through during transmission and receiving end.
The purpose of this study is to learn new technologies and see available options to mask healthcare data and maintain its security. To review rules provided by National institute of standards and technology (NIST) on HIPAA security rule as how data should be transferred to mobile devices and follow Health Information Exchange (HIE) Security Architecture. These rules are covered by many cloud providers and they claim as HIPAA certified cloud storage (Google keynote, 2017). This study can guide any individual who wants to maintain healthcare data either at Doctors office or a health insurance company to protect the privacy of the individuals.
A mixed method design study was conducted with developers from healthcare industry to provide feedback on better technologies and better methods to adapt for low system resources and high security for healthcare data. Data is collected and loaded in database table for analysis and uses reporting tool to display results.
Significance of the Study
This study is important as it explains recent data breaches and check for loopholes in existing systems and how to prevent it in happening in future. Study the hackers, their motivation for data breaches and their funding, to know the source of attack and how it can be prevented or how to build a shield. This study will overall help in applying latest technologies with high-security measures on data. Protection can be applied at different levels as an operating level by encryption and data level by data masking as if one is compromised other is of no value, and the attack is detected. This study will adapt new technologies and how technical companies are coming up with resolving potential data breach in systems.
The research questions that guided this study were:
Research Question 1: How safe is your healthcare data in the cloud ?
Research Question 2: What security measures do cloud computing companies provide to their tenants?
Research Question 3: What security measures does healthcare companies take to data masking or data encryption so that in case of data breach damages are minimized?
Research Question 4: Overall its public opinion and market sentiment needed from people as for how they take up the changes in technology?
The following hypotheses were tested:
Data in the cloud is secure
Data in the cloud is not secure
Migration, Maintenance, and operations are costly in the cloud compared to in-house maintenance
Migration, Maintenance, and operations are not costly in the cloud compared to in-house maintenance
As the healthcare sector is proliferating and globalization is expanding its reach, people using healthcare services are increasing, due to which, it has become important to maintain the healthcare data safety and security. To implement this in the healthcare process, majority of the healthcare providers nowadays store their healthcare related data including patients personal or medication data, health insurance related data and patient information in the cloud protected by a specific organization. Governments are also implementing several rules and regulations such as HIPAA in USA, so that personal healthcare information could be protected. However, there are instances where the cloud security of healthcare data are compromised, affecting a major portion of service users as well as providers. One such research about the security and safety was conducted by Mehraeen et al. (2016), as their systematic review included more than 210 papers from 2000 to 2015 so that investigation related to the challenges while maintaining safety and safety of healthcare data could be conducted. From the systematic review the researchers concluded that to ensure the healthcare data security, it is important to authenticate, authorize and implement access control so that access of the data could be provided to minimum person and the data could be protected from internet based compromise, cybercrime and hacking. Further, the researchers accepted the fact that despite the presence of layers of security in the cloud computing system, incidences of cybercrime could affect the security of the data. Hence, the researchers recommended to include events such as Hypervisor Security Architecture, Hybrid execution model, which could be used as a threat management programs for such cloud storage systems (Aiswarya et al., 2013).
Further, while looking for the reasons due to which such cloud storage systems become corrupted or compromised, it was found that despite of a disciplined environment and a proper infrastructure, due to sharing software, communication methods and passwords, it affects the privacy and security of the cloud and stored data within that. Further, due to this sharing and cumulative usage, the server becomes compromised and leads to cybercrime in the process. Researchers also included that due to one compromised healthcare data within a cloud, there is a possibility that hackers can access all the confidentially, integrated and informative data from the system thereby affecting all the healthcare facilities and associated data in the vicinity. Therefore from the researches mentioned in the above-mentioned section it is evident that the healthcare sector is destined to protect the patient data associated with their health and health insurance so that they could perform properly by providing the patients with quality healthcare service. However, there are situations and environment, which leads to situations due to which the cloud system is affected and data security and safety becomes compromised.
While understanding the services and security measures which is provided to the service providers in healthcare sector by the cloud computing companies depend on the requirement of the healthcare facilities and the degree of security they require for the protection of their clients healthcare data. Therefore, in such situation, the cloud computing companies, as per Abouelmehdi et al. (2017) provides service software such as email, and communication software so that the communication process could be protected from the attack of hackers. Further, it also provides healthcare service providers with location independent resource pooling so that multiple service providers of that organization could be connected under single cloud and also included ubiquitous network access so that the security and safety of the data could be managed from mobile phones or other electronic devices. Further, as per the local government and federal government rules, the healthcare service providers are provided with multi tenacity software so that all the policy and regulation related effective measures could be implemented in the process and this tenacity is according to the process so that required legislation could be followed by the cloud computing organization as well as the service provider. This is an important aspect for the healthcare facilities and their cloud computing system so that with the help of cloud computing scale and collaborative and availability collection and distribution of the data could be achieved and whenever required, data masking could be achieved which ensures that healthcare facility and service users personal data are protected. in this aspect Aiswarya et al. (2013) mentioned that there are several models depending on which the level of healthcare data security is achieved and this imparts high level of security and safety of the data stored in the cloud depending on the size and degree of required security by the healthcare organization.
Information Technology remains one of the vital issue because healthcare companies are costly trying to evolve and improve the electronic healthcare system (EHS). The companies are trying to improve and enhance the EHS systems so that they can comply with the HITECH Act of 2009. It is also important to note that the data breach occurs to more than 500 patients every year and are affected due to it. Thus it is mandatory that the healthcare providers must notify the same to the Department of Health and Human Services and the data breach becomes a subject of fine which may scale up to 1.5 million dollars (Mennemeyer et al., 2016). Conduct a risk assessment- Companies can conduct a risk assessment system and this includes the risk assessment of the Information technology systems. The risk assessment is in accordance with the HIPAA privacy and the Security Rules and this rule governs the transmission of the electronic patient information or EPR. The procedures of the risk assessment force the providers assess the vulnerabilities present within the system, identify the threats, and review the policies as well (Albakri et al, 2014). Persistent HIPAA education for the employee- Educate the employees so that they can act according to the rules mentioned in the HIPAA rules and regulations. It is also important to share and review the regulations present in the State which includes the provision of patient safety and privacy of the patient information. If employees are trained about the implications of the data breaches,then it will help them to use the system against the viruses and the spywares (Miller & Payne, 2016). Monitor the records and the devices- the employees must be reminded to be cautious and alert of the papers and the devices that are left unattended. The tendency of the data breaches increases only when the data handling is not done properly or mishandled. Thus, it is mandatory to note that the employees must be reminded to keep the data safe and use the multifactor authentication process (Liu et al., 2013).Encrypt dataand hardware- encryption technology is vital in data breach. The HIPAA rules and regulation does not require the data to be in the decrypted form. However, the data loss is not considered to be a loss of encrypted data or a breach of data. Thus, the companies always advise to encrypt the patient information and avoid the any potential penalties. It is also important to note that hardware must be protected along with the medical devices, mobile devices, network endpoints, servers and the things that are vulnerable (Cao et al., 2014). Subnet wireless networks- companies ensure that the networks are made available for the public and they at the same time do not expose private information of the patients. This can be however achieved by creating a sub-network system which is entirely dedicated for the guest activity and it has the network systems for the medical applications and medical devices that carry the sensitive patient information (Chen et al., 2013).
Cloud computing has acted as a paradigm shift for both the infrastructure and the software services that are delivered. Studies have revealed that the laymen have a higher perception of risk in comparison to the experts, due to the fact that the experts use a different type of the assessment procedure for the risk assessment in the cloud services. However, it cannot be established how the laymen analyses the issues present in the cloud services. The lack of knowledge might be one of the reason that influences the perception of risk. On the other hand, perceptions of the experts are entirely based on the knowledge and they analyse the benefits and risks rather than the personal attitude and personal benefits. The laymen generally focus on the magnitude of the risk and the possible consequences of the risk (Zissis & Lekkas, 2012). Considering the fact that the healthcare companies are adopting cloud storage and cloud computing at a faster rate, the security perspective are taken quite seriously. The HIPAA Act has made the data protection a necessary step for the judicious use of the heath data and data storage and access. The HIPAA Act is in place to made the healthcare vendors comply with the certain guidelines. It has been an important step towards the helping the patients access the healthcare data through a monitored channel. However, there are often the chances of speculation and it will be occurring through the data breach and data theft (Par & Soysal, 2012).
The research area presents an overview of the issues that arise in the storage of healthcare data in the cloud services and the ability of the same to be accessible through the various electronic devices. This eliminates the technology challenges and the technologies associated with it. Different healthcare providers prefer to move their focus towards the best way of providing the best healthcare provision. There are risks of storing the data over the cloud due to the insider threats. There are times when the security breaches occur due to data theft and it is on the rise. Once a hacker gets access to the cloud data then there can be a major breach of the security and data theft which can also involve the intellectual property. There are a lot of problems because the administrative access is even shared between multiple platforms (King & Raja, 2012).
As healthcare data management and security system is a modern aspect of healthcare which involves majority of information technology, the rate of errors and presence of skilled healthcare professionals are few of the aspects which affects the healthcare facilities and their ability to provide quality care. However, there is very limited amount of research that has been conducted so that the positive and negative aspects of healthcare data management system and cloud computing could be understood. Further, the researches present, are unable to provide details of the cloud computing in healthcare system, and the level of safety they provide to the healthcare facilities and patients so that they can be convinced that the data stored in the cloud are safe and secure. Hence, depending on this theory, the study could be determined as an important part to determine the effectiveness of the topic (Ramachandran, Paramjothi & Mukherjee, 2013).
Healthcare data management related issues such as cybercrime, hacking and data compromise related incidents are increasing tremendously nowadays that pulled the attention of the researchers so that they can find out the situations and reasons which is responsible for the improper data protection and data management in the healthcare data management system and the reason due to which the hackers are able to hack the cloud computer security system to utilize the healthcare data. Therefore, this context is an important which increases the relevancy and requirement of this study so that proper reason for such data theft and cybercrime in healthcare security system could be understood (King & Raja, 2012).
Similar studies were found while searching for keywords related to helathcare data management and cybercrime related to data theft or misplace within the cloud computer determined for healthcare facilities. In this aspect of the research of Anitha and Mukherjee (2014) should be mentioned as these researchers were researched about the application of several measures that limited the data heft related phenomenon present in the helathcare management system. This study indicated towards the need of several means so that data present in the helathcare facilities cloud computing system could be protected against several hackers and bugs. Further in the conclusion, the article provided several means using which these cloud applications could be protected from different theft and security related aspects. Further, another research was conducted by Abouelmehdi et al. (2017) in which the researchers reviewed the privacy and security related data so that the data security mechanism and strategies could be spread among the healthcare facilities.
All the literature included in the study were conducted by researchers as systematic review and within that they included papers from different journals. Therefore, the literature gap present in this study was inclusive of all those research papers which were discussed in those systematic review articles. As the research conducted by Aiswarya et al. (2013) mentioned that the limitation mentioned in the literature was the presence of multiple articles and their statistical data which were not properly adjusted in the article. Further, in the research articles it was mentioned that despite of all the security measures, the cloud computing data was unable to provide authentication and encryption, confidentiality and integrity to the system so that it could protect the data provided to the cloud computing organization by the healthcare service providers. Hence, it is one of primary limitations mentioned in the research articles mentioned in the literature review (Ramachandran, Paramjothi & Mukherjee, 2013).
The conceptual framework includes several factors that play a major role in the cloud data computing with special emphasis on the health data. The factors that play vital role in the cloud healthcare are data privacy and security, compliance to the regulation; high standards of the care, outcome and quality at the low cost, masked data stored on servers and databases that that can mask the original data present in cloud. The next factor includes the hospital and the patient that are inter connected with the cloud data. The patient data are stored as an Electronic Health Record (EHR). On the other hand, the healthcare data of the patient are fed into the EHR and this same data is fed into the cloud and are accessed by both the patient and the hospital. The hospital receives the patientand proceeds with the treatment procedures. The procedures of treatment are then entered into the EHR system by the physicians, nurses and the data entry operators. The EHR data are stored om the cloud and both the patient and the hospital access the health data from the clouds (Jensen, Jensen & Brunak, 2012).
The other section of the cloud data includes the healthcare institutes, business organizations that explicitly use the healthcare data for the research and survey. Data privacy and the data security is a major provision which includes the HIPAA Act all the business process, healthcare institutional data access and usage all depend on the process of complying with the HIPAA healthcare data. The HIPAA rules and regulations are meant to be guide the operations and the actions of the institutions that are accessing the healthcare data and using them for the purpose of the making better healthcare provisions (Greene, 2012). It is important to note that the higher standards of the care, quality and outcomes at the low cost are based on the proper research and analysis of the healthcare data that are available on the cloud. The business agility will depend on tackling the serious challenges that come up due to handling of the EHR data. The organizations will embrace the cloud once the cloud data becomes user friendly (Hsiao, Hing & Ashman, 2014).
Data masking is another procedure which includes masking of the health data so that the original data can be used in some other form. The masked data will be stored in a remote server which will communicate with the cloud and it will be made available to the users so that the original data remains intact and using such data will not violate any HIPAA rule and regulation. Data masking will prove a novel place where the dummy data sets can be created from the original data and the such data will be used for research purpose and also for the academic purpose as well (Rosano et al., 2014).
Framework has been attached in the appendix section.
Assumptions, Limitations/ Delimitations
As per the framework mentioned in the previous section, it was mentioned that all the businesses or healthcare facilities were destined to follow the rules and regulations related to healthcare data security such as the HIPAA and without compliance to these, the healthcare facility was not approved to provide data security to the patients, affecting their credibility as a quality healthcare provider. Hence, it was assumed that the healthcare facilities used the cloud computing by complying to the rules and regulations of HIPAA so that it could provide the patients with safety and security of their data. On the other hand, the end users of these facilities such as the research communities, payers and customers were also provided with a masked data, which is a copied data created to secure the original data from hacking and data theft. In this section, these end users assumed that the data provided by the healthcare facilities were authentic and depending on that they conducted their future studies or research and hence, this was the assumption which was indicated in the framework mentioned in the above section.
The limitations or delimitations of this study were related to the healthcare facility and its stored data. It was mentioned in the framework that the data storage system within the cloud computing stored the data and masked them so that the data security could be ensured and safety and security of the data could be imparted in the storage system. Hence, the limitation in this aspect was that it was not confirmed that the data was properly masked or copied for its security hence, the chance of data theft or corruption was still alive. Secondly, in the other section, it was shown that the research communities are keeping the data as per the rules and regulations so that the data protection could be complied however, the limitation is associated with the usage of data as it was not ensured through any process that the research communities are using proper way to maintain the data. Hence, these were the data limitations present in the system.
HIPAA- Health Insurance Portability and Accountability Act that provides the data security and data privacy provisions for safeguarding the medical information.
Data privacy- data privacy can also be termed as information privacy and it helps the organizations or an individual to access and share the data with a specific third party.
Data security- data security is a process of data protection from unauthorized access and also preventing the same from data corruption.
Data masking- data masking is a procedure of creating a similar data from an authentic data source and the purpose of the same is to create provision for testing and training.
Compliance- compliance can be defined as a process of adherence to recommended guidelines or a course.
Conclusion
This chapter included an outline of this study, background of the problem, and research questions. An in-depth review of the literature follows in Chapter 2, which will expound upon the development and significance of the study and its literature. Chapter 3 includes a discussion on the methodology of the data collection. In Chapter 4, the results and analysis of the study will be presented. Finally, Chapter 5 consists of commenting on the study combined with suggestions for future studies stemming from this research effort.
References
Abouelmehdi, K., Beni-Hssane, A., Khaloufi, H., & Saadi, M. (2017). Big Data security and privacy in healthcare: a review. Procedia Computer Science, 113, 73-80.
Aiswarya, R., Divya, R., Sangeetha, D., & Vaidehi, V. (2013, July). Harnessing healthcare data security in cloud. In Recent Trends in Information Technology (ICRTIT), 2013 International Conference on (pp. 482-488). IEEE.
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk assessment framework for cloud computing environments. Security and Communication Networks, 7(11), 2114-2124.
Anitha, R., & Mukherjee, S. (2014). Data Security in Cloud for Health Care Applications. In Advances in Computer Science and its Applications (pp. 1201-1209). Springer, Berlin, Heidelberg.
Cao, N., Wang, C., Li, M., Ren, K., & Lou, W. (2014). Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Transactions on parallel and distributed systems, 25(1), 222-233.
Chen, Y. C., Lim, Y. S., Gibbens, R. J., Nahum, E. M., Khalili, R., & Towsley, D. (2013, October). A measurement-based study of multipath tcp performance over wireless networks. In Proceedings of the 2013 conference on Internet measurement conference (pp. 455-468). ACM.
Greene, A. H. (2012). HIPAA compliance for clinician texting. Journal of AHIMA, 83(4), 34-36.
Hsiao, C. J., Hing, E., & Ashman, J. (2014). Trends in Electronic Health Record System Use Among Office-based Physicians, United States, 2007-2012. US Department of Health and Human Services, Centers for Disease Control and Prevention, National Center for Health Statistics.
Jensen, P. B., Jensen, L. J., & Brunak, S. (2012). Mining electronic health records: towards better research applications and clinical care. Nature Reviews Genetics, 13(6), 395.
King, N. J., & Raja, V. T. (2012). Protecting the privacy and security of sensitive customer data in the cloud. Computer Law & Security Review, 28(3), 308-319.
Liu, F., Shu, P., Jin, H., Ding, L., Yu, J., Niu, D., & Li, B. (2013). Gearing resource-poor mobile devices with powerful clouds: architectures, challenges, and applications. IEEE Wireless communications, 20(3), 14-22.
Mehraeen, E., Ghazisaeedi, M., Farzi, J., & Mirshekari, S. (2016). Security Challenges in Healthcare Cloud Computing: A Systematic Review. Global Journal of Health Science, 9(3), 157.
Mennemeyer, S. T., Menachemi, N., Rahurkar, S., & Ford, E. W. (2016). Impact of the HITECH act on physicians’ adoption of electronic health records. Journal of the American Medical Informatics Association, 23(2), 375-379.
Miller, A. S., & Payne, B. R. (2016). Health IT Security: An Examination of Modern Challenges in Maintaining HIPAA and HITECH Compliance.
Par, O. E., & Soysal, E. (2012, August). Security standards for electronic health records. In Advances in Social Networks Analysis and Mining (ASONAM), 2012 IEEE/ACM International Conference on (pp. 815-817). IEEE.
Ramachandran, A. B., Paramjothi, P., & Mukherjee, S. (2013, January). Security as a service using data steganography in cloud. In ICCSM2013-Proceedings of the International Conference on Cloud Security Management: ICCSM 2013 (p. 81). Academic Conferences Limited.
Rosano, G., Pelliccia, F., Gaudio, C., & Coats, A. J. (2014). The challenge of performing effective medical research in the era of healthcare data protection. International journal of cardiology, 177(2), 510-511.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download