Privacy and Security Challenges in Cloud Based Electronic Health Record: Towards Access Control Model

Over the years, data theft has been rampant in financial institutions, however at present medical data is in the spotlight. Healthcare industry is considered as a potential target for hackers and cyber criminals for accessing patients’ data. Electronic Health Record (EHR) provide flexibility, timely access and interoperability of patient information which is key in decision making by physicians and medical officers. With the advancement of technology, cloud has been spotted as a solution for healthcare practitioners to implement interconnected EHR as it reduces cost and hassle of infrastructure maintenance. Cloud platform allows data to be replicated in different geographical locations and retrieved and shared among various organizations in a timely manner. Healthcare sector is facing a dilemma on how patients’ information can be protected while it is being managed by cloud vendors. Several cloud-based EHR apply cryptographic techniques to encrypt data at rest/data in motion and access control to eliminate unauthorized access. As a result, existing access control mechanisms in cloud mainly focuses on giving data access to physicians and other medical officers but overlooks privacy requirements of patients. This research discusses various access control models, their merits, limitations, and roles to promote privacy in cloud based solutions.