A Secure Role-Based Cloud Storage System For Encrypted Patient-Centric Health Records

With the rapid developments occurring in cloud services, there has been a growing trend to use cloud for large-scale data storage. Due to the increasing popularity of cloud storage, many healthcare organizations have started moving electronic health records (EHRs) to cloud-based storage systems. However, this has raised the important security issue of how to protect and prevent unauthorized access to EHR data stored in a public cloud. Several cryptographic access control schemes have been proposed to protect the security of data stored in the cloud by integrating cryptographic techniques with access control models. In this paper, we consider a novel role-based encryption technique to build a secure and flexible large-scale EHR system where role-based access control policies are enforced in a cloud environment. Then we discuss a practical EHR system called the personally controlled electronic health record (PCEHR) system recently developed by the Australian Government, and show how the security weaknesses in the PCEHR system can be addressed by our proposed scheme. The proposed system has the potential to be useful in commercial healthcare systems as it captures practical access policies based on roles in a flexible manner and provides secure data storage in the cloud enforcing these access policies

Analyzing the Effectiveness of Legal Regulations and Social Consequences for Securing Data

There is a wide range of concerns and challenges related to stored data security – which range from privacy and management to operations readiness, These challenges span from financial to personal and public impact. With an abundance of regulations for the enforcement of data security and emerging requirements proposed every year, organizations cannot avoid the legal or social implications of inadequate data protection. Today, public spotlight and awareness are challenging organizations to enhance how data is protected more than at any other time. For this reason, organizations have made significant efforts to improve security. When looking at precautions or changes, the factors considered are costs associated with such action, a potential consequence of not acting, impact on users, the effort required, and the scope. For this reason, leaders need to make the hard decisions of which risks they can live with and which need to be reduced because it is unrealistic to think that data security can be guaranteed. However, it is essential to have physical, administrative, and technical controls to mitigate data risks. Data protection regulations define requirements, create procedures to identify the associated risks, determine the extent of the impact, and identify what precautions should be taken. This dissertation defined seven areas for consideration related to stored data security. The research facilitated developing a measurement tool to gather and analyze the knowledge and opinions of working professionals within the United States. The study was performed from July to October 2020, which resulted in a quantitative data sample used to analyze the effectiveness of legal regulations and social consequences for securing data