A Research Proposal for Managing Privacy and Security in Cloud Computing For Health Care

The continuous growth in technology accounts for a paradigm shift and tremendous growth witnessed in the modern world (Jonker & Petkovic, 2012). Today, a plethora of business organizations and key economic sectors such as healthcare are adopting cloud based solutions as part of their business application portfolios. The use of cloud computing technologies in healthcare and business organizations in overall has numerous documented benefits (Furnell, Lambrinoudakis, & Lopez, 2013). These technologies are associated with advantages such as lowering of the healthcare costs spent on maintaining privacy and security of patient's information, reduces the maintenance costs, improves the availability of healthcare information, and provides a global access of the healthcare facility. It thus aims to attract potential customers across the world (Rodrigues, Lin, & Lloret, 2014; Gupta, 2015).Besides, cloud computing allows different healthcare firms to offer healthcare related services all over the world effectively and simply.

Halpert (2011) argues that greatest concern associated with the deployment of this technique in different economic sectors is that the cloud provider must ensure that their applications are embedded on a private, secure, and confidential platform. This platform must have the capacity to protect itself from illegal accesses of data from unauthorized individuals including outsiders, employees or other organizational clients (Gutwirth, 2011; Shoniregun, Dube, & Mtenzi, 2010). Information security, privacy, and confidentiality problems are still questionable and even become more challenging under the cloud computing framework. Provision of security and assurance of privacy regarding access to healthcare information is a continuous process and a critical role for each health care firm (Furnell, Lambrinoudakis, &Lopez, 2013). This proposal discusses vital processes and structures that should be put in place to ensure sustainable management of privacy and security in cloud computing for Health Care.

Aims of the Project

According to Halpert (2011), necessary security measures, processes, and guidelines need to be planned and executed from a security perspective to achieve success when using cloud computing technology in healthcare. These measures are highly critical when outsourcing different information computing services available on a cloud platform to assure the availability of different level of information security (Bhatt & Peddoju, 2017). Indeed the health care sector lacks a particular and suitable framework for effective management of security and privacy when using the cloud computing technique. This proposal seeks to address these issues of concern. The main aim of the proposal is to provide an appropriate framework to help in the effective and sustainable management of security and privacy in healthcare cloud-based scenarios.

Section 2 offers a comprehensive review of the current narrative to support the contemporary situation of the art regarding the use of cloud computing technologies in healthcare. Section 3 provides a succinct overview of the framework and the plan that will be followed when carrying out the research. The fourth section presents the outcomes gathered from the framework, offers project deliverables and provides a critical analysis of the entire work regarding what will be produced and how to test it using the necessary resources available. The last section looks at different risk factors associated with the project and their solutions while providing a summary of the intermediate outcomes and providing an overview of the future research endeavors.

Literature Review

An Overview of Cloud Computing Concept

According to Murphy (2015), the concept of cloud computing exists in different forms and can be comprehended as a form of the well-known computing services used in the process of accessing vital information regarding particular phenomenon in a given economic sector such as healthcare. Halpert (2011) adds that cloud computing has rapidly evolved from a typical marketing hype to a critical option to the field of classical computing of information used numerous fields including the health care industry. Today, some of the technical experts are already considering the cloud-computing concept as a paradigm shift in the area of information computing (Furnell, Lambrinoudakis, & Lopez, 2013). Nevertheless, the decision of an organization to utilize cloud computing technology to carry out its activities is a vital and strategic step towards achieving its set goals and the overall desired success.

Murphy (2015) adds that the capacity to deliver scalable computing services as a set of soft- and hardware in a virtual environment consisting of usage-bound payment system is known as the basic elements that make up cloud computing. Another basic element of cloud computing is the shared utilization of computing resources (Gutwirth, 2011; Shoniregun, Dube, & Mtenzi, 2010). Cloud systems have rapidly shifted from the old on-premise software products towards the new technology and service oriented products offering a variety of solutions to the information management processes of different organizations operating in various economic sectors including healthcare industry (Bhatt & Peddoju, 2017).

Security Management

Bhatt and Peddoju (2017) ascertain that the constant reliance on nearly all companies on suitable security information processing calls for appropriate management of cloud computing platforms as a way of achieving the organizational desired success. Different organizations have developed firm-based and industry-based policies comprising of standards and guiding rules for the efficient management of information security (Herzig, Walsh, &Tuleya, 2013). Besides, these organizational strategies encompass a combination of the best practice measures and procedures aimed at effective management of security. ISO is the most common known relevant Standards for the establishment and operation of an information security management system (ISMS) in a given organization. Every principle has its core aims and helps in the management of security (Gutwirth, 2011; Shoniregun, Dube, & Mtenzi, 2010).

Management of Information Security and Privacy in CloudComputing

According to (IRMA, 2012), security and privacy are the most common issues of concern when deciding to manage the information of a given healthcare facility through cloud computing technology. Security as a priority issue of concern has prevented many organizations from implementing the cloud computing technology in their management operations as a result of the increase associated risks. However, there is inadequate research regarding the integration of security in cloud computing leaving the efficient management of security across a business enterprise as one of the significant challenges to be addressed by firms to attain their goals (Hoyt &Yoshihashi, 2014).

As such, organizations must always frame their security strategies and goals in the context of risk to allow them to assess and treat their identified specific risks in the cloud computing risk management process. Research identifies a variety of sources that bring about the proliferation of these particular privacy and security risks (Herzig, Walsh, & Tuleya, 2013). First, most of these risks arise from information authentication and access control entailing issues associated with physical access alongside credential and identity management concerns. Secondly, security issues result from shared organizational utilization of computing resources with an exemption of the private clouds if managed by the organizations themselves (Hoyt &Yoshihashi, 2014).

IRMA (2012) adds that it is important to understand that data regarding different processes and activities carried out by a given organization can be found freely in a shared environment; however, the owner of the data should assume its full control. This exclusive right allows the enterprise to exercise control over who has the authority to use the available information and what they are authorized to do with it once they gain full access. Thirdly, virtualization is increasingly becoming an essential component for almost every cloud and presents a variety of risks to the firm alongside the source associated with outsourced and distributed computing (Moumtzoglou & Kastania, 2014).

However, outsourcing provides risks to the organization except private firms managed by the firm itself (IRMA, 2012; Zeadally & Badra, 2015). The practice of employees accessing information stored on cloud platforms regarding firm processes and procedures via the internet exposes the company to numerous security risks including data leakages and violation of privacy. Lastly, risks may sprout from organizational flexible and rapidly alterable services as well as service providers as many people are continuously engaged on the running cloud platforms (Hoyt &Yoshihashi, 2014).

Sources of Cloud Computing Risks in the Health Care Sector

Several factors cause a plethora of risks in the healthcare system as a result of using cloud computing services (Bhatt & Peddoju, 2017). Most of these risks are associated with availability, data ownership, data management, security, privacy, reliability, flexibility, interoperability, scalability, trust and liability issues, usability and organizational change (Pearson & Yee, 2013). Regarding availability, it is important to ensure that e-health cloud services are available throughout without performance degradation since many healthcare providers depend on it to work efficiently and continuously (Moumtzoglou & Kastania, 2014). The services offered should also be reliable since when using cloud computing since healthcare is an extremely sensitive field.

Also, organizations should put up a sustainable database management system for handling data since healthcare is a highly diversified field (IRMA, 2012; Zeadally & Badra, 2015). Regarding scalability, the e-health cloud may be in procession of several healthcare providers having many patients. An organizational e-health cloud system can be offered by a variety of service providers but should function on the same platform regardless of differing healthcare requirements from health care providers to meet the flexibility and in interoperability demands. The sixth issue of concern regarding healthcare organizational shift to cloud computing would be security (Hammaker & Knadig, 2018, Cheung, Weber, & University of Hong Kong, 2015). This risk increases as a result of having many providers that offer numerous e-health cloud services to be used by multiple health care providers.

However, the problem can be reduced by the decision of the organization using a single and specific provider who offers IT related services and ensures their sustainability through continuous maintenance (IRMA, 2012; Zeadally & Badra, 2015). Shared platforms require numerous authentication techniques and access controls to be incurred. The decision to use e-health cloud services in the health care organization requires the firm to implement several changes. These fundamental changes include the creation of new policies, procedures, and workflows as well as transformations in the manner in which documentation is carried out (Moumtzoglou & Kastania, 2014). Nevertheless, the healthcare sector still faces some challenges regarding data ownership since no legal entity owns data in this industry.

According to IRMA (2012), the risk of exposing private data, data leakage and data l...