Auditing Privacy for Cloud-Based EHR Systems

Auditing Privacy for Cloud-Based EHR Systems

Jonathan Sinclair (RepKnight Ltd., UK), Benoit Hudzia (Stratoscale Ltd., UK) and Alan Stewart (Queen's University Belfast, UK)
DOI: 10.4018/978-1-4666-8756-1.ch074
OnDemand PDF Download:
No Current Special Offers


An EHR is a modern specialisation of a Customer Relationship Management that specifically focuses on the collection and exchange of electronic health information about individual patients between healthcare organisations. Electronic Heath Records systems hold personally identifiable information, especially that which falls under the category of sensitive personal data. As with all industries, the eHealth industry sees potential in cloud-based service offerings and the reduced infrastructure cost they imply, whilst realising the issues regarding security and privacy that may be encountered from outsourcing processing and storage to untrustworthy Cloud Service Providers (CSPs). In this chapter, the authors propose an approach to handle and audit data privacy requirements by leveraging a carefully designed architecture deployed for auditing data privacy in cloud ecosystems.
Chapter Preview



E-Health refers to the utilisation of information systems within the healthcare industry (I.T. Union 2008). Two goals of e-Health as mentioned by Edworthy (2001) are:

  • 1.

    To provide greater efficiency; and

  • 2.

    To scale patient services.

Moreover, the World Health Organisation (WHO) defined e-Health in 2005 as:

Use of information and communications technologies (ICT) in support of health and health-related fields, including health-care services, health surveillance, health literature, health education, knowledge and research.

The E-Health domain is heavily regulated, and Figure 1 shows important healthcare laws taken from the EU, UK and US. Current laws highlighted in red; superseded laws are displayed in black. These laws typically address electronic healthcare considerations but do not extend to issues arising from the use of cloud and virtualisation technologies. Revisions of current laws to address issues arising from technological advances are pending.

Figure 1.

Timeline for healthcare privacy laws


E-Health Technologies

Various E-Health related technologies have been developed. They aim to provide a unified platform for processing health records, which delivers services to a variety of types of user. But also, enable access to health records from a range of platforms and devices while providing integration of health records across different health-care domains and deliver an efficient health management and administration process.

The recent development and evolution of e-Health systems needs address the economies of scale while providing efficient data management processes which operate across cross-jurisdictional boundaries without compromising patients' data privacy rights. It has been identified that, despite the development of laws in some jurisdictions to deal with privacy in EHR's, many in the field argue that regulation is providing an insufficient level of granularity regarding the use of EHR's in the context of the technology stack (WHO, 2005).

Complete Chapter List

Search this Book: