Integrated block-chain technology in health care services and cloud-based security and privacy : A Systematic Literature Review
Abstract
It is observed that there is a progressive shift towards the cloud in healthcare data and services. The major drivers behind this shift is the cost reduction, sharing and exchanging information, and the real-time data availability. However, the importance and sensitive nature of health data poses challenges to the centralization features in Cloud Computing and give rise to problems regarding the security and privacy of healthcare data. This research identifies and analyzes such security and privacy issues and how to tackle such problems with the integration of block-chain technology. There is a huge potential for block-chain technology to solve the data security and privacy issues with appropriate strategies as it incorporates features such as decentralization, trustlessness(i.e. the participants involved in the system do not need to trust it), distributed storage of data, point-to-point transmission, and encryption algorithms that deviate from the conventional cryptographic primitives. In this paper, we integrate cloud computing with block-chain technology to make the most of strengths in both technologies and eventually introduce a security and privacy scheme for healthcare data and services.
1. Introduction
Healthcare has become a data-intensive domain with the rapid advancements in the field along with economic development where more and more data, i.e., medical reports are being generated. Huge amounts of data are not only generated but also disseminated, stored and accessed on a daily basis. The generated data undergo many processes and states and processed by different health care persons increasing the demand for high quality care for patients given by technology. Technology provides significant benefits in resource allocation, reducing costs, and in efficiently and conveniently managing health care services. However, due to the very nature of this industry, protecting the integrity, accuracy and security of healthcare data is important. It is a sensitive area of study since numerous parties are trying to steal, manipulate information for their personal financial benefits. Cybercriminals seeking data to sell to third parties who are willing to perform analysis on these types of data can be taken as a simple example for this (Esposito, 2018). Due to the complexity of healthcare systems and its components, ensuring security of EMR/EHR/PHR ecosystem (Esposito, 2018) (Nguyen, 2019) is a challenging yet crucial task since the risk implies to not only external attackers, but also unauthorized access attempts from inside the ecosystem which can be a potential data breach or leakage which can lead up to even the organization being penalized under the Health Insurance Portability and Accountability Act. This highlights the need for a secure and more privacy centred data management system for the health care industry.
2. Research Methodology
In order to answer the research questions formulated in the study which are explained further in this section, we present this as a Systematic Literature Review according to the guidelines published by Kitchenham and Charters []. The process of collecting facts/proof/evidence to answer the formulated research questions in a study under a certain topic suiting to the eligibility criteria is known as a Systematic Literature Review[8r][9r]. Such a literature review consists of certain steps to searching protocol, pruning process, collecting data to answer the formulated research questions and analysing the gatherings. Research papers and journals available from 2015 to 2021 are considered in this research.
2.1. Research Questions
As for the above-mentioned motivation and objectives that has been set, this research aims to answer the following four research questions.
According to the objectives set, we have formulated the following research questions. The answers to these research questions will be discussed in section [add].
- What are the issues and challenges in Cloud computing health care services related to privacy and security and how do they affect health care services?
- What are the risks involved in integrating blockchain with cloud computing in healthcare services?
- What are the solutions to deal with security and privacy issues that rise in the cloud network?
- What are the business and technical benefits of integrating blockchain with cloud computing?
- What are the issues and other challenges that occur in integrating the blockchain technology with cloud computing?
We have designed a systematic protocol which helped in identifying the most significant literature in the domain of Blockchain technology published since 2015 up to date.
2.2. Selecting the primary studies
First a list of keywords was selected to find studies related to the selected research domain. These keywords included “Blockchain technology”, “Cloud Technology”, “Security”, “E-health Care services” and “Privacy”. These keywords were combined with the Boolean operators OR and AND which formed the final search strings: “Blockchain and Security”, “Blockchain and Privacy”, “Blockchain and health care services, “Cloud technology and Health care services”, “Cloud technology and security”, “Cloud technology and privacy”, and “Cloud technology or Blockchain”. Among the many platforms that contain scholar articles regarding the selected titles, the following were searched thoroughly.
– IEEE Xplore Digital Library [11]
– ScienceDirect []
– SpringerLink []
– ACM Digital Library [10]
– Google Scholar []
– Research Gate [12]
According to the properties provided by these platforms, the searching was done running it against the title of the research, keywords, and abstract, and famous authors in the field. This process was conducted in the week from 2015 to 2021 and all the studies that had been published up to the end of the week were processed. Then the search results had to go through a filtering criterion proposed in the section 2.3 under inclusion and exclusion criteria. In the other steps, forward and backward referencing was done to ensure there are no remaining research articles that should be included in the review. This process came to and with the researcher having 25 papers on hand to continue the review.
2.3. Inclusion and Exclusion criteria
The key inclusion and exclusion criteria that was followed in the study to find the most aligned research papers under the selected research title are given in Table 1. This helped in ensuring that the collected data matched the scope of the research.
| Inclusion Criteria | Exclusion Criteria |
| Published year should be between 2015 and 2021 | Book reviews and blogs |
| All the studies published should be peer reviewed | Research that are not published in English |
| The publishers should be technical experts in the relevant field. | Studies that do not follow any technical aspect. |
| Studies should be available online. |
2.4 Pruning Process
Once identifying the primary studies for my research was completed, the pruning process was started to determine the final 25 papers. This aided in disregarding the materials that does not fit the aims and objectives of this research work. The pruning process included keyword pruning which was done in the selection of primary studies, duplication deletion which excluded duplicate results and abstract pruning where the topmost suited studies were determined based on reading the abstracts of the studies.
The overall picture of how this process was done using the above steps; selecting the primary studies, inclusion and exclusion criteria, and pruning process is given in figure 1. A total of [add] papers were identified from the initial search performed on the scholar platforms. Under the pruning process, in duplication deletion, the number of studies were reduced to [add]. Then the studies were checked under the inclusion and exclusion criteria which reduced the number of papers to read to [add]. Then forward referencing and backward referencing was done to identify 5 other papers and after reapplying the inclusion and exclusion criteria 25 paper were selected as final.
3. Results and Discussion
3.1.What are the issues and challenges in Cloud computing health care services related to privacy and security and how do they affect health care services?
There are three major health data security requirements: Confidentiality, Integrity, and Availability discussed by Lynda et al [4]. In confidentiality, as medical systems utilize sensitive data, if privacy is violated in any sense, the organizations will be sued by the users. Lots of these data should remain anonymous, however, when it comes to e-healthcare data, this poses limitations in user authentication and the encryption technologies used to ensure confidentiality also introduces other challenges like heavy computation, privacy issues and key management problems. With regards to integrity, it is an essential requirement as any incorrect treatments based on erroneous data may have serious consequences. The third requirement discussed is availability which indicates that relevant data should always be available. Availability of data in critical situations also poses problems like who should be responsible for releasing data in an emergency, what if the provided keys are invalid or forgotten by the authorized people, does the person handling this have the permission to open documents related to the patients or are there any legal requirements.
first concern is largely related to the Confidentiality, and integrity issues discussed. However, a large portion of literature is considered in finding a definition to this issue. The fear of unauthorized people getting access to sensitive data in cloud arises confidentiality issues and this may hurt not only patients but also doctors and other related medical personals. The second issue, reliability, and transparency of data handling by third parties is mainly the fear of technical issues arising. When the data is already stored on a cloud, once cannot guarantee the detection of data as sensitive and the users have to highly depend on the cloud provider losing control of their own data. Thirdly, on the maturity of the cloud service, only few successful implementations can be found in healthcare with cloud computing, hence making the user be doubtful of the experience it gives. Further, there may be hidden costs with related to using cloud models, and a proper estimate has to be done before moving to the cloud.
Another problem raised by the community frequently is the systems and data interoperability. This is the barrier to load, store, and transfer data in different organizations and locations, because of the lack of standardization and common principles. This mostly occurs when various cloud vendors are involved, and when the services are based on different locations. Every cloud supplier has its unique protocols and formats thus making the integration process difficult and inconvenient. In such cases, various institutions may find it hard to communicate with each other.
According to the study conducted by Guo et al [20], the challenges of deploying healthcare services in the cloud comes under the technical barriers to implement in the cloud, maintenance issues after deploying, and the rules and regulations involved when deploying medical records to cloud.
Esposito et al[1] elaborates on how challenging yet crucial it is to ensure the security of EMR/HER/PHR systems because of the complexity and interplay within these systems. Also, the data contained in healthcare services are more attractive to cybercriminals and these data could be sold to third party vendors. They also indicate how the healthcare data must be protected from both internal and external attackers and from attacks that are intentional or unintentional (Figure 2). Cryptographic mechanisms to ensure the integrity and privacy of the data are also discussed here and how they can lead to searching limitations in that the data will have to be decrypted to search them. However, that would mean increasing the time taken for the whole process and the cost will also rise.
3.2.What are the solutions to deal with security and privacy issues that rise in the cloud network?
3.3.What are the business and technical benefits of integrating blockchain with cloud computing?
3.4. What are the issues and other challenges that occur in integrating the blockchain technology with cloud computing?
4. Conclusion and Future Work
5. Bibliography
