SLGP Header

Security Model for Healthcare Application In Cloud Computing

IJCSEC Front Page

Personal Health Records (PHRs) is based on cloud virtual machine in web oriented application in which the lifelong health data of patients, who should be able to show them conveniently and securely to selected disables in an institution. The MyPHRMachines, a cloud-based PHR system taking a radically new architectural solution to health record portability. In MyPHR Machines, health-related data and the application software to view and analyze it are separately deployed in the PHR system. After uploading their medical data to MyPHRMachines, patients can access them again from remote virtual machines that contain the right software to visualize and analyze them without any need for conversion. Patients can share their remote virtual machine session with selected caregivers, my aim at providing patients (and their trusted caregivers) remote desktop or tablet computer access to all their PHR data, and support this access by the software that matches the data format. Since do not tackle semantic data integration in the paper, one can more specifically label this as health record mobility and portability. The person will need only a Web browser to access the pre-loaded fragments of their lifelong PHR.
Index Terms: Cloud computing, electronic health record, personal health record, electronic medical record, radiology, personalized medicine.
IN a recent review paper, Kaelber et al. define a personal health record (PHR) as “a set of computer-based tools that allow people to access and coordinate their lifelong health information and make appropriate parts of it available to those who need it”. PHRs should be portable, i.e., remain with the patient, contain lifelong information, and should not be restricted by file formats or other local issues. In other words, they are electronic health records (EHRs) that are owned by patients. These are usually opposed to hospitals’ electronic medical records (EMRs), which only contain medical data generated within one specific care institution. Attribute based encryption; the on demand user revocation is a challenging problem. So the cipher text policy –attribute based encryption and key- policy based attribute based encryption are also applied for the security of the personal health record. Sustainability in this context refers to the financial and political aspects of the health care and software industries. Point (1) focuses on raw PHR data since care institutions may not be able or willing to provide their EHR data in “one” standardized PHR format. Tang et al. mention in their PHR adoption barrier analysis that “(US) Government can play a number of important roles in increasing PHR use. At the infrastructure level, the federal government could catalyze development and adoption of data and interchange standards for key PHR content areas.” [3]. Such standards are useful and slowly emerging, but we argue that regardless of such evolution, patients should already be empowered with the ability to manage their own (potentially raw) data. With point (2) we aim at the so-called functional interoperability (i.e., “the ability of two or more systems to exchange information so that it is human readable by the receiver” [4]). Concretely, we aim at providing patients (and their trusted caregivers) remote desktop or tablet computer access to all their PHR data, and support this access by the software that matches the data format. Since we do not tackle semantic data integration in this paper, one can more specifically label this as health record mobility and portability. Cloud computing offers unique opportunities for supporting long-term record preservation [5]. In this paper, we present MyPHRMachines, a cloud-based PHR system that answers our research question. One of the agreed key requirements for share-ability of the EHR is to break the nexus between the EHR and the EHR system [4]. The MyPHRMachines architecture clearly separates PHR data from the software to work with these data. This paper demonstrates how this creates novel opportunities for the market of PHR software services without compromising patient privacy. Commercial PHR systems positioning themselves within the cloud computing paradigm are emerging. For example, SeeMyRadiology [6] enables patients to upload their medical images and then selectively share these with caregivers. Unfortunately, such so-called software-as-a-service (SaaS) systems are typically (1) specialized for one medical function and (2) specifically programmed for web browsers. The SeeMyRadiology example indeed consists of a DICOM viewer that has been programmed in HTML 5 and related technologies. MyPHRMachines is an academic prototype that is more generally applicable since it exposes to its users the so-called infrastructure-asa-service (IaaS) tier of cloud architectures [7]. In a nutshell, the system provides infrastructure to (1) store and share (subsets of) patient data and (2) deploy and use specialized software in remote virtual machines (VMs). A hypervisor or virtual machine monitor is a piece of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor is running one or more virtual machines is defined as a host machine. Each machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems.


  1. [1] Accelarad. (2012, July). SeeMyradiology - medical image sharing. OnlineAvailable: www.
  2. Alvaro Garcia-Recuero, Sergio Esteves and Luis Veiga "Quality-of-data for consistency levels in geo-replicated cloud data stores", April 2011.
  3. I. Carrion, J. Fernandez Aleman, and A. Toval, “Personal health records: New means to safely handle our health data?,” IEEE Comput., 2012, vol.pp, no. 99, p. 1, 2012.
  4. Douglas Thain, Todd Tannenbaum, and Miron Livny "Distributed Computing in practice the conder experience", May 2010.
  5. D. C. Kaelber, A. K. Jha, D. Johnston, B. Middleton, and D. W. Bates, “Viewpoint paper: A research agenda for personal health records (PHRs),” J. Amer. Med. Inform. Assoc., vol. 15, no. 6, pp. 729–736, 2008.
  6. D. T. Mon, J. Ritter, C. Spears, and P. Van Dyke, “PHR system Functional model,” HL7 PHR Standard, May 2008.
  7. Giuseppe Decandia, Deniz Hastorun and Madan Jampani "Dynamo: Amazon's highly available key-value store", March 2012. Online Available: www. Amazon .com.
  8. Hiroshi Wade, Alan Feket and Liang Zhao "Data consistency properties and the tradeoffs in commercial cloud storages: The consumer's perspective", Oct 2011).
  9. Pieter Van Gorp and Marco Comuizz "Lifelong Personal Health Data and Application Software via Virtual Machines in the Cloud: IEEE Journal of Engineering and Advanced Technology (IJEAT)", ISSN: 2249 - 8958, Volume-2, Issue-4, and April 2014.
  10. Priyanka Korde, Vijay Panwar and Sneha Kalsh, "Securing personal health records in cloud using attribute based encryption: International Journal of Engineering and Advanced Technology (IJEAT)", ISSN: 2249 - 8958, Volume-2, Issue-4, April 2013.
  11. Robert G.Fichman, Rajiv Kohli and Ranjani Krishnan "The role information systems in healthcare: Current research and future trends" Vol. 22, No. 3, Sep 2011.
  12. S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi, “Cloud computing - The business perspective,” Decis. Supp. Syst., vol. 51, pp. 176–189, April 2011.
  13. Wojciech Gloab, Muntasir Raihan Rahman and Alvin Auyoung "Client-centric benchmarking of eventual consistency for cloud storage systems", March 2010.