Privacy-aware Cloud-based Architecture for Sharing Healthcare Information
The advancement in the field of information and communications technology has led to generating a significant amount of information in various fields and domains. The healthcare industry like other industries has generated large amounts of information-driven by record-keeping, compliance, regulatory requirements, and of course the patient care. This has resulted in a large amount of data that has volume, enormous velocity, and a vast variety which makes hospitals today tend to implement electronic health record systems (EHR systems). Patient health-related information generates special value when it is shared and collaboratively used among different parties involved in the healthcare domain. Several interviewed experts consider immediate access to previously generated medical records during healthcare service delivery as highly important. The use of collected data is a valuable source for analysis that benefits both medical research and practice. Information systems in the healthcare domain are required to collaborate by exchanging information for medical care purposes. In the healthcare domain, patients usually acquire medical care from various caregivers such as hospitals, pharmacies, laboratories, school clinics, public health places, etc., and as a consequence, information collected about patients is stored in different locations, making it difficult to access when a holistic picture of the patient's health is required for medical treatment purposes. The challenge for exchanging information among heterogeneous systems is related to two aspects namely lack of interoperability and information privacy-related concerns. To realize the full potential of collected medical data, healthcare information systems and products are required to share information seamlessly among each other, but unfortunately, the vast majority of medical devices, electronic health records, and other information technology systems lack interoperability. Privacy is another challenge that hinders the share of information among different parties in the healthcare sector. The privacy-related regulations are considered one of the biggest challenges to healthcare data sharing. Such regulations prohibit the transmission of personal health information among collaborating organizations impeding research and reducing the utility of the datasets. Cloud computing matches the need of healthcare information sharing directly to various healthcare-related parties over the internet, regardless of their locations and the amount of data being shared. However, the adoption of cloud computing in the healthcare domain requires solving several issues and information privacy is a major one. This thesis aimed to identify the desired characteristics of healthcare information systems, and further propose a solution for adopting the cloud technology for sharing healthcare information in a privacy-preserving manner. The research was conducted in a multi-methodological approach underpinned by the Design Science research methodology. A case study method was followed for identifying the characteristics required for healthcare information systems. Six healthcare-related institutions participated in the research from which medical practitioners were interviewed. A cloud architecture design for the healthcare information system was proposed. The proposed architecture enables for storing and sharing patient information for both; medical treatment and research purposes in a privacy-preserving manner. Patients information in the proposed architecture is divided into four categories identified in the case study data analysis. User identity management protocol (U-IDM) is employed for controlling the access to patients’ information that is stored in the cloud, and patients are granted with means of control over who can access their information. Further, the proposed architecture enables for sharing healthcare information for research purposes in a privacy-preserving manner; it performs many anonymization operations on patients’ information to preserve the privacy of the information when it is aggregated and used for research purposes. A scenario-based instantiation was developed for validating the proposed architecture in terms of sharing patient information in a privacy-preserving manner. The instantiation showed that the proposed architecture allows for sharing healthcare information without compromising the privacy of individual patients concerning the privacy policies and regulations relating to healthcare information.