A Secure Cloud-Based Patient Electronic Medical Records System Using Two-Factor Authentication
A Secure Cloud-Based Patient Electronic Medical Records System Using Two-Factor Authentication
Volume 5, Issue 10, October – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
A Secure Cloud-Based Patient Electronic Medical
Records System Using Two-Factor Authentication
Chigoziri B. Marcus1
1Department of Computer Science
Faculty of Natural and Applied Science
Ignatius Ajuru University of Education,
Rivers State, Nigeria.
Abstract:- This work demonstrates a model that In cloud computing, individual users and companies
enhances security and predictive analytics of cloud-based are allowed to oversee the communications of files,
clinical and patients’ medical records for hospital information, and applications without specific software
management systems with adequate storage capacity, installed on their devices; only internet access is required
access to data for only authorized users, low cost medical [9]. Figure 1 shows a typical cloud computing environment.
services and implementation. The enhanced system uses
Two-Factor Authentication (Password and Token) to
grant access to authorized users in the system.
Specifically aiming at providing greater security for
sensitive information transmission, thereby enhancing
the level of security in hospital management systems. The
application was built with Python programming
language, Django framework and machine learning
algorithm with the capability to handle analytics. The
efficiency of the model developed was tested and
observed to be higher than previous models in terms of
Security, Stakeholders’ Participation, Access Control,
Data Privacy and Flexibility.Thetoken authentication
and verification time were performed and an average of
10.95 seconds is required to access a patient’s medical
record which is not significant enough to compromise
security.
Keywords:- Cloud Computing, Electronic Medical Record,
Data Mining, Two-Factor Authentication.
I. INTRODUCTION
Fig 1:- Cloud computing environment (Source: Mansor et al.
Cloud computing generally is referred to as the 2013)
delivery of technological services over the web [1].It offers a
simple on-demand network access model to an easily Data mining is simply the process of extracting and
distribution, reduced management efforts, interaction analyzing a large set of information in order to discern
between service providers and a communal pool of trends and patterns. Data mining depends on effective data
configurable computing resources[2].Cloud Computing and collection, warehousing, and computer processing.The
its business models have impacted immensely on method of retrieving and processing data efficiently has
developments in the twenty-first century, not only in the been a major problem for many years of data management,
computing industry but in many other sectors [7].Cloud given the exponential growth of data generated ranging from
computing delivers computing and storage capacity as a Petabytes to Exabytes.
service to a community of end recipients [6].
A medical record is a confidential record maintained
Cloud computing is the advancement of dispersed by a medical practitioner or agency for a patient. This
Computing, Parallel Computing, and Grid Computing, and includes a description of the patient's medical history and
the coordinates advancement result of Virtualization, Utility information about each of the cases, including symptoms,
Computing, IaaS (infrastructure as a service), PaaS diagnosis, care, and results, such as the patient's name,
(platform as a service), and SaaS (Software as a service) [8]. address, birth date.The primary aim of the medical record is
to document the interaction and treatment of the patient with
a health care provider to ensure sufficient healthcare for
future references.
IJISRT20OCT245 www.ijisrt.com 387
Volume 5, Issue 10, October – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
The integration of cloud storage and automated data financial and billing systems, the user is permitted to
mining promises easy technological connectivity and retrieve meaningful information from virtually integrated
agility.As a consequence of the convergence, vast amount of data warehouse that reduces the cost of infrastructure and
data from different data warehouse can be easily retrieved storage. By Kamala’s approach, small companies will
[6]. With this approach, patient’s records such as blood benefit by using IDMCC.
sugar, high blood pressure will be stored in the cloud first.
The user of the system can be the patient or the health In order, to ensure that the challenges facing
officer. Patient’s details can be stored in the form of text, x- Healthcare Delivery Organizations in developing countries
ray images or scan in a secured manner. Registered patient’s in terms of securing medical data and its lack of adequate
do not need to carry their medical report on the go as the data mining tools, Samuel et al (2013) proposed an
medical records are stored in the cloud and mining algorithm enhanced model integrating Healthcare Delivery
will be used to retrieve their data wherever, whenever it is Organizations (HDOs) in developing countries into the
required by a nearby licensed medical practitioner. cloud. Their proposed model was intended to provide Data
Security and User Authentication Engine (DSUAE) which
II. LITERATURE REVIEW prevents unauthorized access to patient medical records and
as well employs standard encryption/decryption techniques
A. Electronic Health Record to guarantee the confidentiality of such records. In
Electronic health (medical) records (EHRs) are conclusion, Samuel et al (2013) claimed that with the
digitalized health records of patients collected from various information provided from the proposed model, effective
health care settings. An electronic health record gathers, decisions could be made by the management of Health
creates, and stores the health record electronically. With this Delivery Organizations or other concerned stakeholders and
system, medical information can be stored and shared as well lead to social/economic stability of nations of the
conveniently through the cloud or other servers. Healthcare developing countries.
providers have been embracing the electronic health record
cautiously. With no doubt that security and privacy have been a
major hindrance to the growth of the electronic health
Electronic health records can enhance clinical system since inception. Therefore, Gajanayake et al. (2016)
documentation reliability, tracking, billing, and coding for came up with an access control architecture for the
health use, and make health records portable. A typical electronic health system. This system was attainable via the
electronic healthcare record comprises patients’ bio-data, combination of three security models: Discretionary Access
Medications, Allergies, Vital Signs, previous lab tests and Control (DAC), Mandatory Access Control (MAC) and Role
results, Doctors' appointments and administration. EHR Based Access Control (RBAC). Their system provides
systems can be accessed by physicians from authorized healthcare practitioners and patients the privilege to detect
healthcare facilities or individual organizations, as and set access to electronic health records. The major
interoperating systems in affiliated health care units such as setback to this system is its inability to be used elsewhere
laboratories, medical imaging facilities, pharmacies, schools, other than in attaining electronic health record requirements.
and workplace clinics on a regional, or nationwide level.
With the adoption of cloud computing into the
B. Two-Factor Authentication healthcare sector, vital health information is now stored
Two-Factor Authentication (2FA) is a security remotely in a third party server. Kester et al. (2015)
mechanism which requires two authentication method from considered guaranteeing the privacy, safety, and security of
the independent categories of identifications to verify the information by engaging the encryption to ensure
identity of the user for a login or other transaction. Two- confidentiality and authentication methods in the sector. In
factor authentication uses the combination oftwo order, to achieve this, encryption and watermarking
independent authorization technique: what the user knows techniques of digital image data in the domain were reversed
(Password) Knowledge Base Authentication, what the user and they further proposed a recoverable watermarked and
has (Token) Possession Base Authentication or what the encrypted image processing technique for security and
user is (Biometric Verification) Inherence Based privacy of medical images. This scheme is been used in
Authentication [10]. 2FA seeks to create a layered defense securing electronic health images. However, the framework
and to make access to a destination like a physical location, is limited to images only and not voice or text.
a computer system, the network or a database for an
unauthorized person more difficult.If one layer is Since the existing e-health system failed to preserve
compromised or breached, at least one more barrier must patients’ private attribute information while maintaining
also be ruptured before the target is successfully accessed. original functionalities of medical services, Guo et al. (2012)
proposed a framework called PAAS (Privacy-Preserving
C. Related Work Attribute-Based Authentication System) which they claim
B. Kamala (2013) claimed that with the integration of leverages users’ verifiable attributes to authenticate users
data mining services in cloud computing (IDMCC) with and preserve the private issues. They developed a two-way
case studies such: Hospital-based electronic health records administrative system that involves the patient and the
(EHRs), Community-based health information sharing, doctor to handle authentication and authorization procedures
Personal Health Records (PHRs), Patient accounting, instead of the traditional centralized process. By so doing,
IJISRT20OCT245 www.ijisrt.com 388
Volume 5, Issue 10, October – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
users are provided access based on their privileges without IV. MATERIALS AND METHODS
revealing their identities and health conditions. Their
approach addresses the issue of security, privacy, and the A. Methodology
variability of all users’ attributes. However, the possibilities For this study, Object Oriented Methodology
of different domains seamlessly sharing medical data are (OOM)wasadopted to develop an all-inclusive stakeholder
slim. This framework might be good on paper but, the participation cloud-based electronic hospital management
implementation to prove its efficiency in reality as claimed system.OOM is an approach to system architecture that
by the authors would be a lot difficult. encourages and enables the reuse to software components
(architecture). This methodology allows the development of
The need for security enhancement in the e-health a computer system based on components to permit the
system once again arises as Fan et al. (2014) carried out efficient reusability of existing components and facilitate
investigative research on the Data Capture and Auto their component sharing with other components. These
Identification Reference (DACAR) and came up with the components can be combined in various ways to meet the
design and implementation of a core component of the new requirements specified by the user.
DACAR platform named Single Point of Contact (SPoC).
This component they claimed provides claims-based B. Design
authentication and authorization functionalities that Deploy The motive behind this architecture was to build a
reliable e-health service to be hosted in the cloud domain. secured, dynamic, and dependable electronic health records
The results of this system are a bit fair. However, their (EHR) system. The architectural framework is controlled by
proposed system is limited to a small number of users authorized health officers and patients who are considered as
access. major stakeholders in the EHR system. A patient will obtain
his full access through authentication into a designated
Revisiting the Attribute Based Encryption (ABE) medical institution (hospital). At this point, he chooses who
Technique as Kumar et al. (2013) proposed a new his medical personnel is. A health officer (HO) can also
framework for electronic health. Here, they designed a have access to patient’s information that is available in the
system where users are divided into domains: the Public and cloud through the patients' Token Verification security
Private Domains. In this design, a private user can encrypt / scheme.
access information only in its personal domain attributes
while the public domain permits the user to use multi- Figure 2 shows a secured cloud-based hospital
authority ABE to improve security measures in these management system architecture.
domains. This approach is commendable. However, it
presents a great challenge of scalability and flexibility
because the integration of attribute based encryption in the
Electronic Health Record system is a major and serious
management task.
III. CHALLENGES FACING CLOUD-BASED
MEDICAL RECORD SYSTEMS
Whether the system is automated or manual, the
objectives of all medical record systems are the same.
Nevertheless, from a user's perspective, both methods vary
profoundly in how data is entered and retrieved from the
record, and the mechanisms for achieving these objectives
differ. Although, electronic health records are embraced as
an opportunity to rationalize and overcome problems in a
broken healthcare system, EHRs often pose a range of
important, emerging obstacles to resolve. Since patients
often change physicians and see several physicians and
specialists for primary healthcare, EHRs have the potential
to improve the quality of healthcare, to allow multiple
physician coordination, to improve medicinal safety, and to
enhance healthcare assessment speed. However, many have
feared for the inadequate safety and integrity measures of
their records being put out in the open. High profile patients’
will disagree with this technique despite its enormous
benefit. For the sake of getting everyone to accept this trend, Fig. 2:- Secured Cloud-Based for Electronic hospital
it is important to incorporate patient’s participation as a key management system.
stakeholder to the system. Using the 2FA mechanism, a
health officer is mandated to be authorized by the patient of
choice before accessing his/her medical record.
IJISRT20OCT245 www.ijisrt.com 389
Volume 5, Issue 10, October – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
The framework as seen in figure 3 consists of
components such as Health Delivery organization (HDOs),
Cloud, Data Mining/ Analysis and Pattern Prediction Engine
(DMAPPE), and Patients and Health Officials (Users) Two-
Factor Verification Engine.
i. Each HDO maintains EHRs, and all the information in
EHRs is collected from several HDO units such as
hospitals, radiology, laboratory, pharmacy, billing and so
forth. It is also important to note that users are connected
to the cloud through HDOs across the platform.
ii. The cloud system hosts patients and general hospital
information and provides different services to authorized
users. Also, its computing part supplies the necessary
services over the network.
iii. User Verification: Users here are usually the patients,
doctors, nurses, specialists, technicians, researchers, or
other individuals, or groups. Due to the fact that several
users are assumed to be connected to the cloud, privacy
and security of data are an obvious concern to lookout.
This is why the Multi-Factor scheme has been put in
place as individual users have a unique identification.
iv. DMAPPE analyses requests to match them with stored
data for similarities before coming up with an outcome.
Figure 4 shows the step by step breakdown of the Fig.4.Sequence Diagram for the developed system.
operations of the system using a sequence diagram.
V. RESULTS ANDDISCUSSION
Features Rate Scale
Access Control XXX 30
Security Analysis XXXX 40
Data Privacy XXXX 40
Data Integrity XXXX 40
Flexibility XXX 30
Data Sharing XXX 30
Table 1:- System Metrics Indicator
Figure 5 illustrates the performance metrics of the
developed system.
Fig.3.Use Case Diagram for the developed system
Fig. 5. System Performance Indicator Chart
IJISRT20OCT245 www.ijisrt.com 390
Volume 5, Issue 10, October – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
The system was examined using three analysis tools Then the token authentication and verification were
(Use Case, UML and Sequence Diagram), the data collected performed to obtain the time interval in sending, receiving
were analyzed to create a quantitative understanding of the OTP and logging into a patient’s EMR. From Table 2
systems security level and general performance. A specific and figure 6, it is calculated that an average of 10.95
level of performance metrics are required to quantify the seconds is required to access a patient’s medical record and
security exposure. These metrics expresses the current level in a security settings, a 10.95 seconds’ waiting time is not
of security in the system. The key performance indexes are: significant enough to compromise security.
Access Control, Security Analysis, Data Privacy, Data
Integrity, Flexibility and Data Sharing. VI. CONCLUSION
In order to attain a quantifiable measurement of the All in all, health delivery organizations (HDOs) are
system, a unit point scale of X = 10 is allocated to each lacking in terms of data management. A significant number
metric assuming if true. Table 1 and Figure 5 illustrates the of deaths are been recorded annually due to mismanagement
table and graphical representation of the systems security of clinical records. Some factors responsible for these are;
level respectively. high cost of medical services, inadequate access to quality
healthcare personnel and infrastructure, inaccurate
Patients Time Sec Patients Time Sec diagnostic and therapeutic procedures, and poor storage of
1 9 11 10 medical/clinical data.This work provides a better and
2 11 12 7 secured cloud-based Platform for Healthcare Delivery
3 5 13 5 Organizations in the cloud to enable them to carry out their
4 7 14 10 operations efficiently. The proposed system incorporates a
5 15 15 13 one-time password (OTP) Scheme that guarantees the
6 8 16 15 security and confidentiality of patients’ electronic health
7 20 17 6 records as well as prevents unauthorized access to such
8 15 18 7 records. The platform also provides a means which useful
information can be mined through its machine learning
9 10 19 16
predictive support system.
10 18 20 12
Table 2: Token Time Interval
REFERENCES
Figure 6 shows demonstrates the token time interval
[1]. Srinivasa, R., Nageswara, R., and Ekusuma, K., 2009.
.
“Cloud computing: An overview,” Journal of
Theoretical and Applied Information Technology
(JATIT), Pp. 71-76.
[2]. IBM Corporate Marketing White paper, “Cloud
computing: Building a new foundation for
Healthcare,”.ibm.com/cloud, 2011.
[3]. Zimmermann, H. J. (2006). Knowledge Management,
Knowledge Discovery, and Dynamic Intelligent Data
Mining. Cybernetics and Systems: An International
Journal, 37(6), pp. 509- 531.
[4]. Becerra-Fernandez, I. &Sabherwal, R. (2010).
Knowledge Management: Systems and processes...
New York: ME Sharpe.
[5]. DU, H. 2010. Data Mining Techniques and
Applications: An Introduction. Hampshire: Cengage.
[6]. K. ShanthaShalini, R. Shobana, S. Leelavathy andV.
Sridevi.A Cloud Based Approach for Health
CareManagement. Int. J. Chem. Sci.: 14(4), 2016,
2927-2932.
Fig. 6. Token Time Interval [7]. Sanjay, P. A., Sindhu, M., and Jesus, Z. 2012. “A
Survey of the state of Cloud computing in Healthcare,”
A salient aspect of this system is the time taken to gain in Canadian Center of Science and Education, Network
access to the patient’s EMR, in other words, the time and Communication Technologies; Vol. 1, No. 2;
interval in sending the token, receiving and verifying the ISSN 1927-064X E.
token in order to access the medical record is negligible. [8]. Jun Zeng (2018). The Development and Application of
Although, there are several factors that affects the time Data Mining Based on Cloud Computing. J. Phys.:
interval in delivering the token on the patient’s device, such Conf. Ser. 1087032008
as internet speed and mobile phone capability.An [9]. MansorZauir, Mohamad M. Al Rahhal, Abdullah Al-
experiment of 20 persons from different locations were Faifi, Alaaeldin M. Hafez, Hassan Abdalla (Jan, 2013).
assumed as patients and registered into the EHR system. Survey of Data Mining Usage in Cloud Computing
IJISRT20OCT245 www.ijisrt.com 391
Volume 5, Issue 10, October – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[10]. Tamara S Mohamed (2019) Security of Multifactor
Authentication Model to Improve Authentication
Systems. Cihan university Sulaimaniah, Iraq
[11]. B. Kamala, (2013) A Study on Integrated Approach of
Data Mining and Cloud Mining. International Journal
of Advances in Computer Science and Cloud
Computing, ISSN: 2321-4058 Volume- 1, Issue- 2,
[12]. Samuel, O.W, Omisore, M.O, Ojokoh, B.A,
Atajeromavwo, E.J, (2013) Enhanced Cloud based
Model for Healthcare Delivery Organizations in
Developing Countries. International Journal of
Computer Applications (0975 – 8887) Volume 74–
No.2, (July 2013)
[13]. Gajanayake R, Iannella R, Sahama T. Privacy oriented
access control for electronic health records. e-J Health
Inf (2014);8(2):175–86.
[14]. Kester, Q, Nana, L, Pascu, A, Gire, S, Eghan, J,
Quaynor, N. A Security Technique for Authentication
and Security of Medical Images in Health Information
Systems. In: 2015 15th International Conference on
Computational Science and Its Applications, Banff,
AB, Canada, (2015), pp. 8–13.
[15]. Guo, L, Zhang, C, Sun, J, Fang, Y. PAAS: A Privacy-
Preserving Attribute-based Authentication System for
eHealth Networks. In: 2012 32nd IEEE International
Conference on Distributed Computing Systems,
Macau, China, (2012), pp. 224–233.
[16]. Fan, L, Lo, O, Buchanan, W, Ekonomou, E, Sharif, T,
Sheridan, C., SPoC: Protecting Patient Privacy for e-
Health Services in the Cloud. (2014), pp. 1–6.
[17]. Kumar M, Fathima M, Mahendran M. Personal health
data storage protection on cloud using MA-ABE. Int J
ComputAppl (2013); 75 (8):11–6.
