A Fine Grained Framework for Selective Sharing of Composite EHRs in Clouds

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1844

A Fine Grained Framework for Selective

Sharing of Composite EHRs in Clouds

Abstract-- Due to huge development of Web applications and Web services which are deployed on the Internet and on the cloud, theuse of a policy-based approach has received considerable attention. It accommodates the security requirements including large, open,distributed and heterogeneous computing environments. In this modern healthcare environment, electronic health records (EHRs) havebeen broadly adopted. It enables healthcare providers, pharmacist, insurance companies and patients to access and manage patients'healthcare information ubiquitously. In such healthcare environment, which is distributed, heterogeneous and Web-orientedcomputing, the growing complexity of policy-based computing demands strong support of automated reasoning techniques. This arisethe question, to see how cloud computing will affect the healthcare business since it is very varied, differing, compounded and uniqueand presents several issues and challenges such as protecting from accessing members health records. In this paper, we concentratedon access control issues in electronic medical record (EMR) systems in clouds. We propose a fine grained access control mechanismto support selective sharing of composite electronic health records (EHRs) integrated from various health care providers in clouds. Ourapproach makes sure that privacy concerns are indulged for processing access requests to patients' healthcare information.

IndexTerms—Electronic Health Records (EHRs), Patient-centric Authorization, Selective Sharing, Ontology matching.

I. INTRODUCTION

The arrival of cloud computing and its business models have been some of the biggest changes impacting not only the computer industry but also several others. It is predicted that around 80% of the businesses from today’s world will be moved to the cloud by the year 2020[1].Organizations that do not have enough resources to invest and build infrastructure and platforms to deploy their applications can now take advantage of the cloud services to suit their specific needs. With the pay per use model the consumers pay for what they use and how much they use. In cloud we get ready infrastructure so consumers can deploy and run their applications. It also has different platforms with various operating systems so consumers can build, test, and deploy their applications in virtual servers. Including this, the cloud

provides highly scalable environment to effectively handle the load.

It is expected that maximum level of service provided by the service providers and the cloud, so their data is protected and restricted through wrong access. The businesses are not negatively impacted, since the real life businesses and organizations normally build applications in quite a complex environment that includes networking, security of data, physical servers like web server and database servers, firewalls etc. and transactions which is worth of higher cost. Healthcare industry has been one of the businesses that traditionally back away outsourcing to cloud mainly because of the security and privacy concerns.

The member’s privacy and medical records are highly sensitive and the companies spend millions in protecting them while following the federal regulated guidelines. However, moving higher medical costs might change the way this business is performed.

II. BACKGROUND:ELECTRONICHEALTHRECORDS

A. What is EHR?

Electronic Health Record (EHR) systems are used instead of maintaining records in paper based systems. It provides advantages by increasing physician efficiency, cut down the costs by saving storage and removing medical errors, improving data availability, and sharing of data over heterogeneous network, etc. Still the privacy and secure sharing of patients’ medical records are arguably most demanding and dominating among all the obstacles to the implementation of EHR systems. Records stored in a cloud environment of a healthcare provider and exchanged over the network for cross-organizational sharing are tends to theft [2] and leads to privacy and security breaches.

With governmental acts and regulations [3], [4], proper standardization and an overall strategy are needed. So it can ensure and make confirm that privacy protections would be built into computer networks linking insurance providers , doctors, physicians, hospitals, and other healthcare providers [5].This is needed, especially when patient data are to be explored outside to the patient’s primary healthcare provider

ShitalPalasagaonkar

Department of Computer Science TSSM’s BSCOER College of Engineering

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1845

collaborative research).

Our work is based on EMR and EHR systems since we are concerned with patient’s e-data shared across network of organizations. A central issue around the sharing of sensitive patient data is the delegation, verification, and cancellation of permissions and access rights with respect to an outside healthcare provider. In its original form, delegation of rights is used. It appoints a proxy signer who signs on behalf of the delegator in case he or she is not available.

In EHR systems, delegation of rights can be used to allow the delegatee’s access for sharing patient data. More challenging still, it should also restrict such access to only the portion(s) of data which is for viewing and sharing. It is due to; illegally disclosure of highly confidential data.

The meaning of data sharing in a cloud infrastructure is, in which we can shift the delegator’s task to each delegatee .Also, thereby making the delegation process transparent to the delegator, approving each cooperating healthcare provider to process and operate data locally for either treatment or research. This type of data sharing delivers tremendous benefits including transparency, higher efficiency, higher scalability, and lower complexity at the end user due to minimum interference.

Designing a secure and functional EMR/EHR system with handling diversity of healthcare practitioner is a requirement for cross-domain delegation. It offers data sharing capability and ensures patient data privacy which is by no means an easy task. It is equivalent to accumulate all the previously mentioned challenges together and to make available a feasible solution and that will be the focus of this paper.

B. Why preferring cloud computing in healthcare?

Cloud computing can play a critical role in healthcare sector containing resource optimization, maintaining backups, integration costs and developing new innovations. Current move towards accessing information anytime, anywhere, which can be gained when moving healthcare information to the cloud.

With this new delivery model we can make healthcare more streamlined and efficient, and at a minimum cost to technology budgets [6, 7], but also, it brings certain obstacles like maintaining confidentiality of patient information and compliance with key regulations. Without being affected these security and privacy risks, healthcare organizations can surely take advantage of cloud computing solutions and bring tremendous benefits such as help to improve in providing quality of service to patient and reduce overall healthcare costs [8,9].

One main advantage will be the ability to exchange data between heterogeneous and diverse systems. This capability is something healthcare IT required seriously. For instance, cloud computing can support healthcare organizations to share

information such as EHR, demographic details,

allergyinformation, laboratory test results, medical histories of patient, doctor’s references, prescriptions, insurance information, test results stored across different information systems. This already exists in the radiological area, where many organizations have moved to the cloud to lower their storage costs and facilitate the exchange of images [10]. Nine times out of 10, it is going to be more financially benefial to moving offsite instead of building out your own organization in-house [11]. When offloading healthcare organizations the IT staff required to maintain network availability, security updates, backups of data and others can be free up to attend to more critical tasks in an efficient and cost-effective manner [8]. In addition, more reliable and powerful infrastructures will be available pay-as-you-go and it can be managed dynamically.

Cloud computing is giving new ways to many types of enterprises to manage information and resources. While before arriving cloud back office IT responsibilities like maintenance of equipment, maintaining skills ability and backup can be avoided as data in the cloud can be accessed at anytime and anywhere, when it is needed. Such benefits are attractive in the healthcare sector also, but still strong security and privacy legislation applies.

According to the cloud computing, the health care industry is in an era of transformation, and cloud computing has proved useful as the industry has been adopting cloud solutions to help in resolving many new information technology challenges that it faces.

Cloud computing has been so helpful, that government encouragement have been driving health care providers to use electronic health records (EHR).It means that they need to manage a huge data, which is a signature attribute of cloud solutions. So it is becoming truth that the cloud is proving to be cost-effective and secure.

Another issue is that it needs addressing the potential candidate to which to move. The last thing an organization wants is to move a lot of their processing data to a third party and find out that it is going to be acquired by a company who’s the organization doesn't necessarily want to be a partner with or just is going to dissolve [7]. The best cloud service provider is one which that has been in the healthcare business already, so they know about HIPAA compliance and issues that go along with it. Also a well-defined plan and the right tools can support the transition to cloud-based systems to take advantage of the benefits it brings [8].

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1846

healthcare once all the challenges it brings are overcome.

III. RELATEDWORK

In [8], they have identified and articulated the accessingselective EHRs issues has been identified and articulated inhealthcare cloud computing environments. To dissolve thisissue, a broker-based access control mechanism has beenproposed. However, for efficient EHRs data schemacomposition this approach requires more fine-grained solutionmethodology.In [12], [13], an access control mechanism was presented forselective sharing of composite EHRs which is patient-centric.However, this proposal assumes that all healthcare providersadopt a unified EHR schema. Such an assumption is notapplicable in cloud environments to represent their healthcaredata, since various health care providers in clouds may utilizevarious EHR schemas.In [9], Zhang et al. integrated a set of security requirements andissues for EHR application Clouds .He also proposed an EHR reference model to support the sharing of EHRs with security.In [14], lafari et al. proposed a patient-centric digital rightmanagement (DRM) approach to protect and prevent privacy ofEHRs which are stored in clouds. Sharing of EHRs based on thepatient preferences. However, such proposals are not fine-grainedand cannot adapt selective EHR sharing requirements.Al Kukhun et al. [15] examined mobile querying of distributedXML databases within a prevalent healthcare system. Whereastheir approach is not cloud-based .Also, does not consider therequirement of EHR integration from various healthcareproviders.

In [16], Li et al. proposed a innovative framework of accesscontrol to realize patient-centric privacy for personal healthrecords in cloud computing. It utilizes attribute basedencryption (ABE) techniques for this proposal. Their approachmainly focused on ensuring that EHRs are shared with aselective set of users. Our approach focuses on sharing selectivesegment of access control objects with authorized users.In [17], a survey on delegation in distributed healthcare contextis given .It has been mentioned major issues recognized in thiscontext, namely least-privilege delegation, revocation, onwarddelegation, and dynamically changing credentials. But, it has nospecific technical design to cope with the cloud environment.Current approaches to delegation in distributed healthcarecontext are identified and categorized as proxy certificates,callbacks, XML-based approaches including SAML [18] andXACML [19], and role-based delegation (refer to [17] and thereferences therein). Among these approaches, role-baseddelegation [20], [21] coincide in idea with some part(s) of ourproposed solution. However, it has problem in making sure leastprivilege assignment, due to the absence of fine-grained accesscontrol.In this work, we tried to overcome such drawbacks byproposing an inclusive access control mechanism to makeeasier the selective sharing

of composite EHRs from variousand multiple healthcare providers in cloud computingenvironments. In proposed system we would conduct morecomprehensive evaluations on our system with a real-worldhealthcare dataset. We would also investigate how to addresspolicy composition issues and how to support fine-graineddelegation mechanism for EHR sharing in cloud computingenvironments.

IV. EXISTINGSYSTEMFOREHRDATAACCESS CONTROLFRAMEWORKINCLOUDCOMPUTING

It is much more advantageous to patients as well as to healthcare service providers to host Electronic Health Recordapplications and its associated services on clouds. Along withadvantages, there are few drawbacks in adopting the clouds.The major challenge is security which includes authorization,access control, integration of standard policies, compliance andso on [22], [23], [24], [25]. There is need to resolve thesedrawbacks or challenges to get medical record systems inclouds. In this paper, we deal with these challenges and aim toprovide an architecture which can be used to integrate multiplestandalone systems into one and handling security whenintegrated system is hosted on the cloud.

A. Problem Definition:

The integration or merging of multiple data schemas is acomplex task and involves ontology and merging of schemas. Ifthe system is on cloud then its necessary to consider securityconcern also. As EHR maycomes from heterogeneous EMRsystem such as medical histories, medical reports, demographicinformation, laboratory test reports, allergy details, etc, thepatient’s privacy is a major concernand there is need to providefine grained access mechanisms for healthcare systemsconsidering heterogeneous EMR system.

B. Requirements.

In ―patient-centric privacy‖, we envision that each patientspecifies her own privacy policy. The owners would like toprotect the server and unauthorized users from the contents oftheir EHR files.In particular, we have the following objectives:

 Fine-grained access control should be enforced,

meaningdifferent users can be authorized to read different sets offiles. Also, the write authentication must be provided to theusers who can contribute information to EHR withaccountability.

 User revocation. There is need to have simple

privilegerevocation module. So whenever required, a user’s accessprivileges can be revoked from future access in an efficientand simple way.

 The data access policies should be flexible, i.e., changes

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1847

thesystem should be highly scalable, in terms of complexity inkey management, user management, and computation andstorage.

C. Existing System:

In [12] an access control mechanism is described to providepatient-centric selective sharing of composite EHRs. In thiswork, it is assumed that all healthcare records are having sameschema and a unified EHR schema is available. But differenthealth care providers may have their own database schema tostore healthcare data. The healthcare providers in clouds aremost like to have their own schemas.In this work, we are proposing a fine grained framework whichcan be used to build a composite EHR data schema usingontology method and merging of data schemas. The privacycontrol mechanism is provided over the composite data set.We talk about EHR data schema composition algorithm andaggregation of cross-domain EHR. The efficiency andeffectiveness of the framework is elaborated usingimplementation of the framework in cloud.The rest of this paper is organized as follows. In Section IV,we present our approach which supports the selective sharingof composite EHRs in cloud computing environments. SectionV discusses the system design of our prototype system with acase study. We conclude the paper and discuss the futureresearch directions in Section VI.

Fig.1: Overall Existing Framework Overview

V. THEPROPOSEDSYSTEMFORPATIENT-CENTRIC DATAACCESSCONTROLFRAMEWORK

In this section, we present our approach to support selectivesharing of EHRs, which manages each access to compositeEHRs that are integrated from various healthcare providers incloud computing. Fig. 1 shows an overview of our approach.

Healthcare providers comes from various domains such asprimary care, pharmacy, clinic lab, emergency care and so

onhost their EMR systems in clouds. Due to this it achieve thefeatures such as lower operation cost, higher interoperability, andubiquitous service delivery. As per deployment needs they canreside in a single cloud or multiple clouds like public cloud,private cloud, or hybrid.This module consists of three sub-modules:

Unifying Schemas Process

This sub-module retrieves and unifies distributed heterogeneousEHRs among clouds to construct unified EHRs and make the schema structure homogeneous.

Merging Unified Schema

This sub module merges multiple EHR data schemas into a oneintegrated composite EHR data schema.

Access Control Mechanism

This sub-module is a Policy Manager which supports thespecification and enforcement of access control policies forregulation of sharing of composite EHRs.

Three types of stakeholders (users) are involved:

 Owners of EHRs will be patients who specify

accesscontrol policies. This controls who can access whichportions of EHRs.

 Healthcare practitioners access or view EHRs of

patientand are usually associated with specific healthcareproviders.

 In addition, administrators perform administrative

tasklike creating or maintaining user.

Fig.2.Framework overview for sharing EHR in heterogeneous EMRsystem

A. Cross Domain EHRs Model

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1848

patient demographics, labs,medications, encounters, imaging and pathology reports, also avariety of other medical domains from primary, specialty andacute care settings.

As per Covington, and X. Zhang[12], shown in Fig.3,it leverages ahierarchical structure to represent EHRs from various healthcaredomains such as pharmacies, primary care, clinic labs, andhealthcare insurance and so on which supports the selectivesharing of EHRs in clouds. In this hierarchical structure eachnode is labeled and the root represents a particular EHR instance.

There are two types of nodes: field node and group node. Fieldnodes are leaves of the hierarchical structure for representingelementary data regarding the EHR. Interrelated field nodes areplaced to each other to form an information group node. Forexample, field node 'name', 'address', 'birthday' of a patient arevery often grouped together to construct an information groupnode 'demographics'. We give the definition of the CrossDomain EHRs Modell as follows, extracted from [12]:

Definition1. [Cross Domain EHRs Model]An EHR object isrepresented as a 3-tuple T = (r, V, E), where

 r is the root of the whole EHR object instance;

 V is a set of nodes within the hierarchical structure of EHR object, such that V = Vf U Vg where Vf is a set

of fieldnodes which are leaves in the hierarchical structure and Vgis a set of group nodes which are

formed by a set of leavesor a set of other group nodes in the hierarchical structure.

 E ⊆V ×V is a set of links between nodes.

Where,eij

∊Erepresents the link between node i∊V

andnodej∊ V.

Fig.3.Logical EHR Model

B. Unifying Schemas Process

In this section, our main motivation lies in the use of ontologymatching for the integration of EHR information. We assume allsource EHR data schemas to be integrated have already beenrepresented in our defined Cross Domain EHRs Model. Asshown in Fig. 2, the input of our approach includes various EHR data schemas from different healthcare environment such aspharmacy, primary care, clinic lab and so

on. The output will becomposite EHR data schema. There are three major steps hasbeen carried for unifying schema such as

Similarity Calculation,Pre-Alignment, and Semantic

Verification.

As illustrated in the block diagram in fig. 3, Ontology matchingprocess is an iterative process divided into two maincomponents: similarity calculation, and semantic verification.The input to the process will be two ontology or schemas fromEMR system. Also, there will be optional input alignment,containing a set of predetermined correspondences between twoschemas.

Most proposals on ontology matching have focused on syntacticor structural approaches [25]. Early work on ontology alignmentand mapping concentrated on mainly the string distancesbetween entity labels and the overall taxonomic structure of theontology[26] However, it became morespecific and clear thatany two ontology constructed for the same domain by differentexperts could be vastly dissimilar when we consider thetaxonomy and lexical features.

Fig. 3.Block diagram for building ontology extracted and updated from [27]

a) Similarity Calculations:First, the similarity

calculationprocess computes a similarity value between all possiblepairs of field nodes, one from each of the two schemaontology. Also, it uses the optional input alignment tosupersede any calculated measures. The details of thiscalculation, including the description of the different fieldnodes examined for each pair of entities. Then, the result ofthis process shown in similarity matrix containing thecalculated similarity values for every pair of field nodes. Let the two labels being compared be l and l’, belonging respectively to entities (classes or properties) e and e’. Let Σ denote a thesaurus, and syn(l)the set of synonyms and ant(l) the set of antonyms of label l; the lexical similarity measure between the labels of e and e’,sL_{(e,e’), is then given as}

follows:

SL_(e,e’)=

1.0, 𝑖𝑓 𝑙 = 𝑙′

0.99, 𝑖𝑓 𝑙′_{∊ 𝑠𝑦𝑛 𝑙}

0.0, 𝑖𝑓 𝑙′_{∊ 𝑎𝑛𝑡 𝑙}

Lin 𝑙, 𝑙′ _{, if𝑙 ∊Σ 𝑙}′_{∉ 𝑠𝑦𝑛 𝑙}

tok 𝑙 ∩tok 𝑙′

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1849

the measure for actual stringequality matches, in order to privilege exact matching between terms. Lin(l,l’) denotes theinformation-theoretic similarity proposed by Lin in [26]; it provides a good measure ofcloseness of meaning between concepts within a thesaurus. The tokenization function tok(l)extracts a set of tokens from the label l, by dividing a string at punctuation and separationmarks, blank spaces, and uppercase changes; when at least one of the labels to be compared isnot found in the thesaurus, and if they are not exactly equal, the lexical similarity is computedas the number of overlapping tokens.

Examples of lexical similarity measures for both labels for some classes in theontologies, are provided in Table 1, where the results have been calculated usingWordNet as the thesaurus.

Table 1:Examples of lexical similarity calculations a: b: slabel _Notes

Book Volume 0.99 Both sysnonyms

CD CD 0.99 Labels are ―CD‖ for a:CD,and

―Certificate of Deposit‖ for b:CD

Book Reference 0.95 5

Not sysnonyms,but closely related

Male Female 0.0 Antonyms

b) Pre-Alignment:From the similarity matrix, a

pre-alignmentis extracted, by selecting the maximum similarityvalue for each entity. For example, <a: Demographic, b: Demo> has the highest value for a: Demographic, while<a: Profile, b: Demo> has the highest value for b: Demo; both are included in the pre-alignment.

c) Semantic verification:The pre-alignment is then

passedthrough a process of semantic verification, designed toverify that certain axioms inferred from an alignment

areactually asserted in ontology, removing

correspondencesthat lead to inferences that cannot be verified. It is importantto underline that the idea is not to find semantically invalidor unsatisfactory alignments, but rather to removecorrespondences that are less likely to be satisfactory basedon the information present in the ontology.The semantic verification which eliminates correspondencesthat cannot be verified by the assertions in the ontology’s,resetting the similarity measures for these unverifiedcorrespondences to zero. For example, the potentialcorrespondence 〈 a: Science, b: Recording〉 is eliminated dueto the existence of 〈 a: Book, b: Volume〉 , because a: Scienceis a subclass of a: Book, while b: Recording is not assertedto be a subclass of b: Volume. This process results in asemantically verified similarity matrix and alignment, whichare then used to

evaluate a finalization condition. If thiscondition is true, then the process terminates, and theresulting alignment is final.

C. Merging Unified Schema

In the next step, we merge multiple EHR data schemasinto a composite EHR data schema. The general mergingprocess is pair-based: for a set of source EHR data schemas tobe integrated, the first two EHR data schemas are mergedfirst. Then, the intermediary composite EHR data schemagenerated by the first two schemas is further merged with thethird EHR data schema. We continue this process until allEHR data schemas are processed. The details of merging twoEHR data schemas are shown in Algorithm 1.

Algorithm1: MergeTwoNodeFields (Ti, Tj)Tc

Two EHR data schemas are fed as an input and the outputis a composite EHR data schema. The generalidea is to insertsub-schemas of one schema into proper locations of the otherschema. The sub-schema may consist of one or more nodes.If both schemas are empty, an empty schema is returned. Ifone of these two schemas is empty, the other schema isreturned. The main body of the algorithm is executed whenboth schemas are not empty. In this case, we first need tochoose one of the two schemas as a destination schema.

Thisprocess is based on following three rules:

(1) if the twoschemas are of different depths, the schema with more levelsis chosen as the destination schema;

(2) for two schemas ofthe same depth, the one with more field nodes is chosen asthe destination schema.

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1850

D. Access Control Mechanism

To get overview of policy assignment,following is the definitionof access control policy:

Definition2. [Access Control Policy] An access control policy isa tuple acp =< sub, ao, pp, effect >, where

 sub∈Sub is a subject;

 ao is an object selection specification resulting in a set

ofnodes Va⊆Vo being selected as target objects;

 pp∈Pp is the intended purposes; and

 effect∈{permit,deny} is the authorization effect of the policy.

Example 1. Let ao1 and ao2 be specified as same as those in

Defination2, the following access control policies can bearticulated:

P1: (<GP, {h2}>, ao1, {treatment}, permit);

P2: (<SP, {h2}>, ao2, {treatment,research}, permit); and

P3: (<Dr. Smith, {h2}>, ao2, {treatment,research}, deny).

In P1, a patient permits all general practitioners (GP) in h2 toaccess his common medical history data for the purpose oftreatment. In P2, the patient allows all specialists (SP) in h2 toaccess his HIV history data for treatment and research intension.Suppose Specialist Dr. Smith in h2 is a relative of the patient, thepatient defines P3 to deny his view access to the HIVinformation. In healthcare practice, a default policy may begenerally accepted to satisfy most patients’ most privacyrequirements. Once a patient understands the default policy andagree that it meets his needs, the patient may not need to furtherspecify any specific access control policies to control the sharingof his medical information. In particular, HIPAA regulations arewidely adopted by healthcare practitioners in the United States.

With the agreement of the default setting, HIPAA generallyallows health care providers to share clinical information withoutthe individual’s explicit permission for treatment, payment andhealth care operations [24]. In addition, in order to accommodatethe emergency situations, a ―Delegation‖ policy (―DP‖ policy forsimplicity) should be specified to allow staffs in emergencyrooms to access the patient’s medical information without thepatient’s explicit authorizations. Both the default policy and―DP‖ policy can be specified conforming to our unified policyschema.

Example 2. The default policy and DP policy can be specified asfollows:

PD :(< HP, {*}>, ({*}, {*},*),

{treatment,payment,HCO},permit);

PBG :(<ERStaff, {*}>, ({*}, {*},*), {treatment}, permit).

VI. IMPLEMENTATION AND EVALUATION

A. Implementation Details

To demonstrate the feasibility of our approach, we developeda secure selective EHRs sharing system on our design discussed in Section III.The core EHRs aggregation and sharinglogic were implemented using C# and the presentation layerwas written in ASP.NET technologies. We usedSQL SERVER for database server.

Four sub modules,corresponding functionalities and related APIs ofCONNECT module shown in Fig. 5 were implemented.

 Registry Management module provides functionalitiesto

register new EMR systems, update existing EMR systems with their IP addresses anddomain types, delete EMR systems from the cloud environments and list all registeredEMR systems with their associated information.

 Patient Discovery module querieseach registered EMR

system in clouds to discover patient’s healthcare practitioners areinterested in with at least three characters of patients’ names. Patient discovery resultswith patients’ detailed demographic information and information about their associatedhealthcare providers will be returned to healthcare practitioners. This patient tohealthcare provider mapping information will be also stored in a local patient correlationdatabase for caching purpose to improve system performance.

EHR Retrievalmodule consists of eight sub-modules:

 ConfigRetrieval sub-module configures EHRsretrieval

transactions with EMR systems. In particular, it sets up the target EMR systems,identity information including user name and password. It also manages sessionopening and closing with EMR systems.

 RetrieveEHRInstance sub-module constructsEHR

instances based on healthcare domains they are associated with; T

 The rest six sub modulesrespectively retrieve healthcare information regarding patients’ demographics,encounters, observations, allergies, medical orders and clinic lab results.

 Aggregator module conducts intra-domain EHR instance

aggregation and inter-domain EHR instanceaggregation. Our system also provides a web-based interface for three differentkinds of users including administrators, patients

and healthcare practitioners to performtheir

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1851

B. Evaluation Results

In this section, we discuss our evaluation from following perspectives: efficiency andscalability of EHRs retrieval and aggregation, policy enforcement.

We randomly deployed EMR systems databases into different VMs for cloud. Those VMshave various configurations in terms of CPU speed, memory and disk size to simulatereal-world healthcare domain. We create three types of VMs to satisfy the different resourceneeds of healthcare systems and arerespectively configured 2.40 GHz CPU, 2 GB RAM,50 GB disk. The healthcare datasets are obtainedfrom OpenMRS software package.

Fig5.EHRs Retrieval Time

Fig5.shows both, composite EHRsretrieval time and individual EHRs without aggregation retrieval time increase as thenumber of EMR systems increases. The time consumption for the composite EHRs retrieval

is slightly larger than the time consumption for individual EHRs retrieval withoutaggregation in terms of the same number of EMR systems. Note that the timeconsumption for individual EHRs retrieval without aggregation here is equal to

thesum of time used to retrieve EHRs from every EMR systems. And when the numberof EMR systems is 2, the retrieval time consumption for composite EHRs is just about4 seconds. When the number of EMR systems increases to 10, the time consumptiongoes to around 19 seconds. Hence, we can see that the time consumption for compositeEHRs is mostly due to gathering and transferring EHRs and our EHRs aggregationprocess is efficient.

Fig.6 Accuracy in evaluation of ontology building Fig.6 shows accuracy in evaluation of semantic matching while building ontology. In first EMR system we get 70% of accuracy due to there are more chances that we did not get all semantic matches with thesaurus.Those matches are not finding in thesaurus we are including those word in ―Database word dictionary‖ manually with their synonyms,as shown in Fig 3. As rounds of EMR system increases in aggregation we get more accuracy due to maintaining of extra word dictionary. Those semantic matches are not found in thesaurus is going to be searched in word dictionary, due to this in every round of aggregation accuracy increases. As shown in Fig.6 EMR10 has been reached to 100% accuracy.

VII. CONCLUSIONANDFUTUREWORK

ISSN: 2278 – 1323 All Rights Reserved © 2014 IJARCET

1852

comprehensive evaluationson our system with more real-world healthcare datasets. We would also investigate how to address policies composition issues and how to support fine-grained delegation mechanism for EHRs in cloud computing environments. Also, in term of HIPAA compliance, we would study how cross-referenced policies can be analyzed. In addition, we would like to apply our approach to support EHRs sharing using consumer devices such as smart phone and tablet to cover border sections of the whole healthcare ecosystem.

REFERENCES

[1] Kuttikrishnan, D. (2011), Cloud Computing: The road ahead,

http://www.datamation.com/cloud-computing/cloud-computing-the-road-ahead-1.html

[2] M.C. Rash, ―Privacy Concerns Hinder Electronic Medical Records,‖ Business J. Greater Triad Area, Apr. 2005.

[3] Moritz Y. Becker Peter Sewell,‖Cassandra: Flexible Trust

Management, Applied to Electronic Health Records‖, Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04) [4] R. Wu, G.-J. Ahn, and H. Hu. Towards hipaa-compliant healthcare

systems. In Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, pages 593-602. ACM, 2012.

[5] R. Pear, ―Warnings over Privacy of US Health Network,‖ New York

Times, Feb. 2007.

[6] P. MeU and T. Grance. The nist definition of cloud computing

(draft).NIST special publication, 800: 145, 20 II.

[7] Goce Gavrilov1, Vladimir Trajkovik2.Security and Privacy Issues and Requirements for Healthcare Cloud Computing, ICT Innovations 2012 Web Proceedings ISSN 1857-7288

[8] RuoyuWul, Gail-JoonAhnl, Hongxin Hu2. Secure Sharing of Electronic Health Records in Clouds. 8th International Conference Conference on Collaborative Computing: Networking, Applications and Worksharing , Collaboratecom 2012 Pittsburgh, PA, United States, October 14-17, 2012

[9] R. Zhang and L. Liu. Security models and requirements for healthcare application clouds. In Proceedings of 3rd IEEE International Conference on Cloud Computing, pages 268-275. IEEE, 2010.

[10] c. DesRoches, E. CampbeU, S. Rao, K. Donelan, T. Ferris, A. Jha,R. Kaushal, D. Levy, S. Rosenbaum, A. Shields, et al. Electronic health records in ambulatory area national survey of physicians. New England Journal of Medicine, 359(1):50-60, 2008.

[11] Goce Gavrilov1, Vladimir Trajkovik2.Security and Privacy Issues and Requirements for Healthcare Cloud Computing, ICT Innovations 2012 Web Proceedings ISSN 1857-7288

[12] J. Jin, G. Ahn, H. Hu, M. Covington, and X. Zhang. ―Patientcentric authorization framework for sharing electronic health records.‖ In Proceedings of the 14th ACM symposium on Access control models and technologies, pages 125-134. ACM, 2009.

[13] M. Jafari, R. Safavi-Naini, and N. Sheppard. ―A rights management approach to protection of privacy in a cloud ofelectronic health records.‖ In Proceedings of the 11th annual ACM workshop on Digital rights management, pages 23-30. ACM, 2011.

[14] D. Al Kukhun and F. Sedes. ―Adaptive solutions for access control within pervasive healthcare systems.‖ Smart Homes and Health Telematics, pages 42-53, 2008.

[15] M. Li, S. Yu, K. Ren, and W. Lou. ―Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings.‖ Security and Privacy in Communication Networks, pages 89-106, 2010.

[16] M. Katzarova and A. Simpson, ―Delegation in a DistributedHealthcare Context: A Survey of Current Approaches,‖

Proc.Information Security Conf. (ISC ’06), S.K. Katsikas et al., eds. 2006.

[17] O.S.S.T. Committee, SAML V2.0, www.oasisopen. org/committees/,

2009.

[18] O. eXstensible Access Control Markup Language Committee,

XACML V2.0, www.oasis-open.org/committees/, 2009.

[19] L. Zhang, G.J. Ahn, and B.T. Chu, ―A Rule-Based Framework for Role-Based Delegation and Revocation,‖ ACM Trans. Information and System Security, vol. 6, no. 3, pp. 404-441, 2003.

[20] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, ―Role- Based Access Control Models,‖ Computer, vol. 29, no. 2, pp. 38-47,Oct. 1996

[21] G. Ahn, H. Hu, J. Lee, and Y. Meng.,‖Representing and reasoning about web access control policies‖, In Computer Software and Applications Conference (COMPSAC), 2010 IEEE 34th Annual, pages 137-146. IEEE, 2010.

[22] I. Citrix Systems. XenServer 6, 20 II. http://www.citrix.comlEnglish/ps2/products/prod uct.as p ?contentID=683 148 .

[23] R. Wu, G. Ahn, H. Hu, and M. Singhal. ―Information flow control in cloud computing‖, In Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Works/wring, pages 1-7. IEEE, 2010.

[24] R. Wu, G.-J. Ahn, and H. Hu. ―Towards hipaa-compliant healthcare

systems‖, In Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, pages 593-602. ACM, 2012.

[25] Stumme, G.; M¨adche, A.‖ FCA-Merge: Bottom-up merging of ontologies‖, The 7th International Conference on Artificial Intelligence (IJCAI); 2001. p. 225-230.

[26] Stumme, G.; M¨adche, A. FCA-Merge: Bottom-up merging of ontologies. The 7th International Conference on Artificial Intelligence (IJCAI); 2001. p. 225-230.

[27] Yves R. Jean-Mary1, E. Patrick Shironoshita1, and Mansur R. Kabuka1, 2, ―Ontology Matching with Semantic

[28] Verification‖, NIH Public Access, Web Semant. Author manuscript; available in PMC 2010 September 1.