Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Security and Privacy Requirements for Cloud Computing in Healthcare

Security and Privacy Requirements for Cloud Computing in Healthcare Cloud computing promises essential improvements in healthcare delivery performance. However, its wide adoption in healthcare is yet to be seen, one main reason being patients’ concerns for security and privacy of their sensitive medical records. These concerns can be addressed through corresponding security and privacy requirements within the system engineering process. Despite a plethora of related research, security and privacy requirements for cloud systems and services have seldomly been investigated methodically so far, whereas their individual priorities to increase the system success probability have been neglected. Against this background, this study applies a systematic requirements engineering process: First, based on a systematic literature review, an extensive initial set of security and privacy requirements is elicited. Second, an online survey based on the best-worst scaling method is designed, conducted, and evaluated to determine priorities of security and privacy requirements. Our results show that confidentiality and integrity of medical data are ranked at the top of the hierarchy of prioritized requirements, followed by control of data use and modification, patients’ anonymity, and patients’ control of access rights. Availability, fine-grained access control, revocation of access rights, flexible access, clinicians’ anonymity, as well as usability, scalability, and efficiency of the system complete the ranking. The level of agreement among patients is rather small, but statistically significant at the 0.01 level. The main contribution of the present research comprises the study method and results highlighting the role of strong security and privacy and excluding any trade-offs with system usability. Enabling a richer understanding of patients’ security and privacy requirements for adopting cloud computing in healthcare, these are of particular importance to researchers and practitioners interested in supporting the process of security and privacy engineering for health-cloud solutions. It further represents a supplement that can support time-intensive negotiation meetings between the requirements engineers and patients. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM Transactions on Management Information Systems (TMIS) Association for Computing Machinery

Loading next page...
 
/lp/association-for-computing-machinery/security-and-privacy-requirements-for-cloud-computing-in-healthcare-Dbrh0l9EmT
Publisher
Association for Computing Machinery
Copyright
Copyright © 2020 ACM
ISSN
2158-656X
eISSN
2158-6578
DOI
10.1145/3386160
Publisher site
See Article on Publisher Site

Abstract

Cloud computing promises essential improvements in healthcare delivery performance. However, its wide adoption in healthcare is yet to be seen, one main reason being patients’ concerns for security and privacy of their sensitive medical records. These concerns can be addressed through corresponding security and privacy requirements within the system engineering process. Despite a plethora of related research, security and privacy requirements for cloud systems and services have seldomly been investigated methodically so far, whereas their individual priorities to increase the system success probability have been neglected. Against this background, this study applies a systematic requirements engineering process: First, based on a systematic literature review, an extensive initial set of security and privacy requirements is elicited. Second, an online survey based on the best-worst scaling method is designed, conducted, and evaluated to determine priorities of security and privacy requirements. Our results show that confidentiality and integrity of medical data are ranked at the top of the hierarchy of prioritized requirements, followed by control of data use and modification, patients’ anonymity, and patients’ control of access rights. Availability, fine-grained access control, revocation of access rights, flexible access, clinicians’ anonymity, as well as usability, scalability, and efficiency of the system complete the ranking. The level of agreement among patients is rather small, but statistically significant at the 0.01 level. The main contribution of the present research comprises the study method and results highlighting the role of strong security and privacy and excluding any trade-offs with system usability. Enabling a richer understanding of patients’ security and privacy requirements for adopting cloud computing in healthcare, these are of particular importance to researchers and practitioners interested in supporting the process of security and privacy engineering for health-cloud solutions. It further represents a supplement that can support time-intensive negotiation meetings between the requirements engineers and patients.

Journal

ACM Transactions on Management Information Systems (TMIS)Association for Computing Machinery

Published: May 3, 2020

Keywords: Cloud computing

References