Received April 19, 2019, accepted May 20, 2019, date of publication May 30, 2019, date of current

version June 19, 2019.

Digital Object Identifier 10.1109/ACCESS.2019.2919982

Security and Privacy-Preserving Challenges of

e-Health Solutions in Cloud Computing
SHEKHA CHENTHARA , KHANDAKAR AHMED, (Member, IEEE), HUA WANG ,
AND FRANK WHITTAKER
School of Engineering and Science, Victoria University, Melbourne, VIC 3011, Australia
Corresponding author: Shekha Chenthara ([email protected])

ABSTRACT A systematic and comprehensive review of security and privacy-preserving challenges in

e-health solutions indicates various privacy preserving approaches to ensure privacy and security of elec-
tronic health records (EHRs) in the cloud. This paper highlights the research challenges and directions
concerning cyber security to build a comprehensive security model for EHR. We carry an intensive study
in the IEEE, Science Direct, Google Scholar, PubMed, and ACM for papers on EHR approach published
between 2000 and 2018 and summarized them in terms of the architecture types as well as evaluation
strategies. We surveyed, investigated, and reviewed various aspects of several articles and identified the
following tasks: 1) EHR security and privacy; 2) security and privacy requirements of e-health data in the
cloud; 3) EHR cloud architecture, and; 4) diverse EHR cryptographic and non-cryptographic approaches.
We also discuss some crucial issues and the ample opportunities for advanced research related to security and
privacy of EHRs. Since big data provide a great mine of information and knowledge in e-Health applications,
serious privacy and security challenges that require immediate attention exist. Studies must focus on efficient
comprehensive security mechanisms for EHR and also explore techniques to maintain the integrity and
confidentiality of patients’ information.

INDEX TERMS e-health, electronic health record, EHR cryptographic and non-cryptographic, security and
privacy, systematic review.

I. INTRODUCTION comprised of a wide variety of data, such as medical histories,

The beginning of the 21st century has witnessed great leaps
in digital technology that are changing the landscape of
healthcare system across the world. There is a gradual and
systematic transformation in healthcare systems from paper
based records to electronic records ushering in a revolution in
the healthcare industry [1]. Such developments provide high
efficiency and flexibility to healthcare services by providing
a platform that efficaciously shares healthcare data among
different stakeholders. This evolution converts paper based
records into digitalized electronic records such as Electronic
Medical Records (EMR), Electronic Health Records (EHR),
Personal Health Records (PHR), and Electronic Health Data
(EHD). EHR and EMR are health records of patients handled
by healthcare professionals, whereas PHR carry personal data
which is handled and monitored either by patient or their
relatives on a regular basis. EHD as electronic health records
or computerized patient records is a systematized collection
of smart health records of patients [2]. These records are
The associate editor coordinating the review of this manuscript and
approving it for publication was Kaiping Xue.
demographics, medication, immunization status, laboratory
test reports and other sensitive patient information. EHD
systems have remarkable benefits over conventional paper
based records. Unlike paper-based records, EHR incurs less
manpower, time and physical storage [3]. The advantages of
EHRs include easier and swift clinical data access, ability
to maintain effective clinical workflows, mitigation of med-
ical errors, enhanced patient safety, reduced medical costs
and better and stronger support for clinical decision-making.
Realizing the benefits offered by EHD systems more than
90% of healthcare institutions in Australia have adopted this
system to facilitate effective medical resource allocation and
efficient healthcare [3]. The ability of EHDs to provide better
management of healthcare has been ascertained and testified
by various users. However the transition from conventional
healthcare systems to e-health care throws unique challenges
with respect to privacy, confidentiality, and security of medi-
cal information.
Cloud computing is a recent paradigm in digital tech-
nology and is being extensively used in the healthcare
industry [4]. It not only provides convenient storage of

2169-3536
2019 IEEE. Translations and content mining are permitted for academic research only.
VOLUME 7, 2019 Personal use is also permitted, but republication/redistribution requires IEEE permission. 74361
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
medical information but also facilitates the easy exchange
or transmission of medical data among various stakeholders.
The large scale proliferation of health information in the
age of big data necessitates the burgeoning role of cloud
networks not only for hosting unlimited amounts of data but
also for its easy access across the Internet [5]. It facilitates the
creation, storage and retrieval of healthcare information by
all stakeholders viz healthcare providers, doctors and patients
with ease irrespective of the barriers posed by time and space.
Cloud services provide immense benefits in terms of cost
effective storage, access, processing and updating of infor-
mation with improved efficiency and effectiveness. Since the
data is running on a wide network of remote servers, which
are integrated and operated as a single ecosystem accessed
from different locations by multiple users, it is susceptible to
intrusion or compromise, thereby posing a threat to privacy
and security. Moreover the majority of medical data is highly
sensitive and strictly confidential, its storage on third party
servers naturally increases these vulnerabilities [6]. Gener-
ally, a patient may have several healthcare providers viz
primary care physicians, therapists, specialists and several
insurer providers for medical, dental, vision etc [7]. Consider-
ing the susceptible nature of health information in the public
domain there is an imminent need to devise a more secure,
efficient and effective mechanism for sharing and accessing
data among stakeholders.
In the healthcare sector, although the EHRs are subjected
to various challenges with respect to privacy and unau-
thorized access, the most prominent one is pertaining to
data privacy and security [6]. Risks vary from the malware
attack, that compromises the integrity and confidentiality of
medical data, to the Distributed Denial-of-Service (DDoS)
attacks, which are capable of depriving the systems ability
to provide efficient patient care. Cyber-attacks, such as those
caused by Ransomware, have greater ramifications that go
beyond financial loss or privacy breach [8]. In the USA,
hackers broke [9] into the database of Community Health
Systems (CHS) of a prominent hospital group and accessed
a great deal of personal health information, including the
social security numbers of more than a million patients. In a
similar incident, Anonymous, an internet vigilante group,
targeted several hospitals and launched a DDoS attack on
their websites crippling medical services [10]. These inci-
dents highlighted an imminent need to protect and secure
the confidentiality, integrity, availability, security and pri-
vacy of Protected Health Information (PHI) as a primary
priority in EHR. In this context, the role of cyber security
is paramount in preventing, detecting, and acting on unau-
thenticated access to health data, and its impact towards
social, economic, political and cultural conflicts. According
to the Health Insurance Portability and Accountability Act
(HIPAA), it is the responsibility of healthcare providers to
maintain the confidentiality of the health data [11]. Sev-
eral techniques are already being in use to secure the
security and privacy of smart health systems in the cloud
environment.
74362
A. MOTIVATION
The existing privacy-preserving mechanisms are not adequate
to ensure foolproof security in the e-health cloud. Contrary to
most beliefs, the main risk faced by health records hosted in
cloud servers is internal attacks from people who have autho-
rized credentials to access data within organizations, where
database administrators or key managers are attackers, which
is significantly worse than the external attacks. This paper
aims to provide a wide review of the strengths and draw-
backs of existing security and privacy preserving mechanisms
in e-healthcare environments that make electronic health
records vulnerable to threats in the cloud arena. E-health
data contains various sensitive and confidential information
ranging from patient data to financial information including
social security number, credit card details, whose leakage not
only throws open sensitive patients’ information and cause
financial losses but also infringes the most fundamental right
of a citizen in any country i.e. right to privacy.
The existing advanced encryption techniques such as
Attribute Based Encryption (ABE) is inefficient to resolve
this issue due to its expensive computation [2]. Most of the
existing solutions for Key Policy Attribute Based Encryption
(KP-ABE) and Cipher text policy Attribute Based Encryption
(CP-ABE) assumes that a single key management center
chooses a master key randomly and generates decryption keys
for users on the basis of master key. In this case where the key
manager is an attacker, these solutions cannot prevent from
the inside attacks. The insider threats in healthcare include
the theft of PHI such as Social Security Numbers or personal
information for identity theft and fraud, theft of Intellectual
Property and sabotage. Other non-malicious threats include
the accidental loss/disclosure of sensitive information, such
as disclosing sensitive patient information to others, sharing
login credentials, writing down login credentials, or respond-
ing to phishing messages. For example, the largest healthcare
data breach in history is the theft of 80 million healthcare
records from Anthem Inc [12], American Health Insurance
Company is believed to have been made possible because of
stolen credentials. Data encryption, secure storage, authen-
tication, access control, key management, efficient user
revocation etc. are yet to be addressed and resolved. This
paper analyses existing privacy-preserving approaches, their
strengths, drawbacks, research issues and comes up with a
new paradigm supported by blockchain technology that can
offset certain shortcomings but also ensure a framework for
providing efficient privacy preserving and security in e-health
data.
B. METHODS
This section begins with study selection to ensures the
accuracy of search and retrieval process. The study selec-
tion narrows down to search for publications from different
electronic databases related to computer science and health-
care that attempts to collect relevant empirical evidences in
a particular field to assess the techniques critically and to
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
TABLE 1. Literature review - study selection.
obtain conclusions to summarize the research study. This
section also performs a categorical study related to security
and privacy preserving studies of EHR as a part of qualitative
data analysis that makes it easy to compare and analyze the
crux of the work.
1) LITERATURE REVIEW- STUDY SELECTION
This study performs a systematized review of security and
privacy preserving approaches of EHRs in the cloud envi-
ronment from different databases, including IEEE, Google
scholar, PubMed, ACM, Springer, Elsevier, Scopus and
Science Direct. The detailed summary of the selected studies
and the keywords used for searching is shown in Table 1. This
work also involves an extensive review of significant review
papers published between 2000 and 2018.
This review limited its search to relevant papers published
between 2000 and 2018 and found more than 200 arti-
cles. We filtered those by de-duplication based on titles and
authors, then conducted a topic relevant article study based on
abstract and keyword significance. 150 articles remained after
de-duplication, 120 after relevant article study and 103 after
VOLUME 7, 2019
quality review. The literature search study selection is showed
on Fig. 1
2) CATEGORIZING SECURITY AND PRIVACY PRESERVING
STUDIES
The Objective of this review is three fold. Initially, this study
investigates the security and privacy requirements of smart
health data in cloud arena. Secondly, after summarizing a
brief architecture of e-Health system, a prevailing and up-to-
date review of the e-Health clouds is presented using a tax-
onomy over privacy preserving approaches. The survey then
discusses the merits and drawbacks of the furnished mecha-
nisms and finally highlights some future research directions
and open research issues. The rest of this study is catego-
rized as follows. In section II, we discuss the security and
privacy requirements of e-health data in the cloud. Section III
summarizes E-health Overview and Section IV reviews an
intensive analysis of security and privacy preserving mecha-
nisms employed in the e-health cloud environment. Section V
describes research issues and future directions and Section VI
is a discussion of the research gaps in the existing literature
74363
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
FIGURE 1. Literature search study selection.
and Section VII as conclusion. A sketch of categorizing
studies is portrayed in Fig. 2
FIGURE 2. Categorizing studies to sections.
II. SECURITY AND PRIVACY REQUIREMENTS OF
e-HEALTH DATA IN CLOUD
In the current Big data epoch, data proliferation demands
outsourcing of healthcare information to the cloud servers.
Regardless of the tremendous boons provided by the cloud,
it also entails perilous threats to security and privacy of the
healthcare data [1]. Some of the potential attacks include
information disclosure, Denial of Service attacks (DoS),
cloud malware injection attack, man-in-the middle crypto-
graphic attack [13], spoofing [14], collusion attacks [15].The
cloud service providers and many government organizations
have suggested a variety of security measures and guidelines
to ensure and enhance the confidence of patients and orga-
nizations. The first such legislative measure put forward by
the US Congress in 1996 for the US healthcare industry was
the (HIPAA) [11]. There are mainly three categories of cloud
servers: trusted servers, semi-trusted, and untrusted servers.
A trusted server is one that can be entirely trusted without
any information disclosure and threats to the health data
stored can be due to internal adversaries [16]. Semi trusted
servers are honest but curious servers that acquire health data
by colluding with malicious users [17] whereas untrusted
74364
servers are not trustable without any privacy preservation
mechanisms and are vulnerable to attacks from both internal
and external adversaries [18] as shown in Fig 3.
The vital security and privacy requirements in e-health
systems are 1) Data integrity-ensures that the health informa-
tion has not been altered by any unauthorized entity. 2) Data
confidentiality-ensures that the sensitive health data is pre-
vented from reaching unauthorized users. Data encryption is
the most substantial approach to ensure data confidentiality.
3) Authenticity- ensures that only the authorized and authen-
tic authority should have access to the sensitive health data.
4) Accountability- an obligation to be responsible and to jus-
tify the actions and decisions of individuals or organizations.
5) Audit- is a requirement which ensures that the health data
is monitored and protected by keeping track of the activity log
and ensures assurance to the users associated of data privacy
and security. 6) Non-repudiation- refers to the non-denial of
authenticity of sender and receiver. For instance, the patients
or the doctors can’t repudiate after embezzlement of the
health data 7) Anonymity- ensures that the identity of the
subject can be made anonymous so that the cloud servers fails
to access the identity of the stored health data.
III. OVERVIEW OF e-HEALTH SYSTEM IN THE CLOUD
E-health system is a recent healthcare innovation utilizing
electronic processes and communication. In an e-health sys-
tem, EHR or EMR is a systematized aggregation of electronic
health information of patients [2]. These records involve all
the health data information including demographics, medical
histories, medications, laboratory reports, radiology images,
billing information and any additional sensitive patient infor-
mation. The cloud offers great service to both healthcare
providers and patients alike in terms of cost effective stor-
age, processing and updating of information with enhanced
efficiency and quality. Since all this data is stored in multiple
servers, it can be easily accessible by users from various
locations on demand. E-health systems promise rapid, stead-
fast and on-demand access to medical records, fewer medical
flaws, enhanced healthcare quality, however they equally
expose patient privacy, via improper authorization and misuse
of EHR data. Therefore security and privacy are considered
to be critical requirements when sharing or accessing patient
data between several stakeholders. An overview of e-health
architecture is depicted in Fig 3.
E-health cloud architecture types can be public, private,
hybrid and community according to the data stored. Since
EHR data is strictly confidential, carries sensitive patient
information and housed in third party servers, access con-
trol mechanisms are required. Access control is a secu-
rity barrier which preserves data privacy by restricting
the operation and access of healthcare documents in the
healthcare system. The predominant access control tech-
niques in the healthcare systems are Role-Based Access
Control (RBAC), Attribute-Based Access Control(ABAC)
and Identity-Based Access Control (IBAC) techniques. Role
based systems [19] provide for the assignment of certain roles
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
FIGURE 3. Architecture of electronic health data in cloud.
to the users for data access. ABAC [20], which employs cryp-
tographic and non-cryptographic techniques, whereas IBAC
uses identity-based encryption mechanisms that utilizes user
identity for data encryption. Data sharing is a distinctive
feature of e-health systems. It can be shared among various
stakeholders such as healthcare providers, hospitals, health-
care organizations etc. Search is an alternate substantial func-
tion of an e-Health system. Proxy encryption and public-key
encryption are widely used encryption techniques for data
search.
A. CLOUD COMPUTING SECURITY: STATE OF THE ART
AND RESEARCH CHALLENGES IN E-HEALTH
Cloud computing has seen a tremendous growth that has
reformed the landscape of computing with its storage, elastic
resources, easy and fast deployment and reduced costs such
that, it instigated many organizations to move their data in the
cloud. Even though cloud services provide massive benefits,
it still suffers from several security threats. For instance, users
are not aware of the massive amount of data stored with the
cloud service provider [21]. Due to lack of transparency, it is
difficult to be aware of where, how and when the data is
processed and therefore makes it difficult to trust the service
provider, who in turn can also be a reason for huge data
loss. There has been several schemes and developments in the
area of cloud security. Some of the advanced cloud security
techniques are discussed and the pros and cons are outlined
in Table 2.
Some of the advanced privacy-preserving mechanisms that
preserves cloud security can be adopted to e-health, while
some are not due to security concerns. Cloud computing is a
centralized mainframe computing paradigm owned by cloud
provider which is less patient-centric and is prone to insider
attacks that makes the health records more vulnerable. This is
one of the major downsides of cloud computing. Even though
cloud techniques adhere strict security measures, it does not
offer a fool proof solution to be adopted into e-health, taken
into account of its security issues. Zhu et al. [22] proposes an
efficient privacy preserving biometric identification scheme
in which a huge volume of biometric data such as finger-
prints, irises, voice patterns, facial patterns are encrypted
and outsourced to the cloud to avoid expensive storage and
computation costs. The scheme is resistant against collusion
VOLUME 7, 2019
attacks and provides a maximum level of data privacy. This
approach can be applicable to e-health cloud for efficient
data storage in which the health records can be encrypted
and stored in the cloud that achieves a certain level of data
protection. However, as the health records are extremely
sensitive and the data is exposed to the database owner,
this scheme is less acceptable in terms of security. Also,
this scheme cannot be considered for EHRs as it is not
patient-centric and computationally infeasible for real scale
problems. This work [23] proposes a robust and verifiable
hybrid multiauthority CP-ABE access control scheme by
combining (t, n) threshold secret sharing and multi-authority
CP-ABE scheme for public cloud storage with which both
security and performance are improved by overcoming the
single point bottleneck problem. Xue et al. [24] proposes a
robust and efficient access control scheme that resolves the
single-point performance bottleneck in most of the existing
CP-ABE using an auditing mechanism. Even though these
schemes [23], [24] are advanced access control schemes that
has high security measures, they cannot be adopted directly to
e-health as these schemes cannot guarantee protection from
insider attacks since it is controlled by Central Authority
and multiple Attribute Authorities. A special encryption tech-
nique named Deniable ABE scheme based on Waters cipher
text policy-attribute based encryption (CP-ABE) scheme was
proposed that allows cloud storage providers to create forged
user secrets from stored cipher text to prevent the data from
outside coercers [25]. This scheme combines the advantage
of both ABE and symmetric key encryption as it supports
a multi-privileged access control for PHRs by combining
the encryption of data from multi-patients that falls under
the similar access policy [26]. Zhang et al. [27] proposes
an efficient privacy preserving disease prediction scheme by
using Single layer Perceptron learning algorithm. This model
encrypts the symptom information submitted by the patient
and the cloud uses the encrypted prediction models trained by
it to diagnose the patient disease without revealing the patient
privacy. These mechanisms [26], [27] imparts high level of
data privacy, but still impractical for health records due to
its computational complexity and scalability issues. Another
work presented an anonymous CP-ABE with hidden access
policy and provides authorized access control with constant
key length [28]. Wei et al. [29] proposed a revocable storage
Identity Based Encryption (IBE) that provides forward and
backward security of ciphertext. Most of the existing cloud
storage systems with secure provenance lacks poor access
control, incur excessive performance overhead and do not
support dynamic user management. This work solves the
problem by presenting an attribute-based cloud storage sys-
tem with secure provenance [30]. Even though ABE schemes
are most efficient among encryption techniques and provide
fine-grained, well-formed access to health records, it is still
impractical for proper execution on EHRs due to its expen-
sive computation [28], [30], key management complexity and
challenge in managing access control policies [25] when
attributes in the access structure grows.
74365
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing

TABLE 2. Cloud computing security techniques.

Despite the attractive features that cloud offers, the transi- compliance due to the inherent security challenges related
tion of healthcare field towards cloud environment increase to the cloud technology. Patients lose their physical control
the concerns about privacy, security, access control and by storing health information in the cloud servers which can

74366 VOLUME 7, 2019

S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing

be seen as a threat to patient privacy. Data security and data

integrity has also been a challenging issue while storing and
accessing data in the cloud arena [31]. Another downside is
that cloud service providers have a vital role in transaction
analysis, access control, data protection and services inte-
gration. With advancement of technology, the emergence of
advanced cyber threats has escalated, which hinders the pri-
vacy and security of EHRs [32]. Therefore, it is very impor-
tant to guarantee integrity, confidentiality, reliability as well
as authenticity of the e-health data in either a private, public or
hybrid cloud environment. Consequently, this research intro-
duces the concept of a permissioned patient-centric Block
chain for EHRs that eliminates most of the existing bottle-
necks in the cloud.

IV. CLASSIFICATION OF PRIVACY PRESERVING

MECHANISMS IN ELECTRONIC HEALTH RECORDS
In this work, different techniques based on cryptographic
and non-cryptographic approaches are considered based on
their application of healthcare systems in the cloud arena.
Furthermore, some techniques are analyzed that preserves
data security, data privacy and data anonymity in the cloud.
In addition to this, some Searchable Encryption (SE) tech-
niques are presented to query the encrypted data in the
cloud. Since the data is encrypted and stored in third-party
cloud servers, normal searching schemes cannot be applied.
Searching encrypted data is arduous, Searchable Symmetric
Encryption (SSE) has been proposed that enable keyword
searches across encrypted cloud data. Different from the
recent surveys, our research study has systematically covers
all aspects and methods of privacy and security of EHR in
cloud. Moreover, the survey also reveals the advanced cloud
computing security techniques and their research challenges
and at the same time incorporating the potential benefits of
Block chain technique to offset those shortcomings. Apart
from that we also conclude the discussion with open research
problems and future directions that expands the scope of
further research in data security and privacy.
There are several research investigations conducted for
preserving e-health data privacy in the cloud. The two main
types are Cryptographic and Non-Cryptographic. The cryp-
tographic schemes employ encryption techniques, namely:
symmetric key encryption, public key encryption and sev-
eral cryptographic primitives, whereas non-cryptographic
approaches include access control mechanisms such as
RBAC, ABAC, IBAC etc. Classification of the privacy pre-
serving mechanisms is portrayed in Fig. 4
A. CRYPTOGRAPHIC APPROACHES
Cryptography means hidden writing that analyses and con-
structs protocols to prevent third parties from reading
secret messages. Cryptographic approaches can be symmet-
ric key cryptography as well as asymmetric key cryptog-
raphy (see Fig. 5) in which the prior uses the same key
for the encryption and decryption whilst the latter uses dif-
ferent keys. This study includes encryption schemes such
FIGURE 4. Classification of privacy preserving mechanisms in electronic
health records.
FIGURE 5. Basic types of cryptography.
as Symmetric Key Encryption (SKE), Public Key Encryp-
tion (PKE) and a few alternative cryptographic primitives.
In PKE schemes, two different set of keys are employed
ie public key and a private key pair for data encryption
and decryption whereas SKE based approaches utilizes a
single shared secret key for the same. Alternative crypto-
graphic primitives include several encryption schemes viz
Attribute Based Encryption(ABE), Searchable Encryption
(SE), proxy re-encryption, homomorphic encryption, Identity
Based Encryption (IBE) etc.
Non-cryptographic approaches mainly associates with pol-
icy based authorization infrastructure labeled as access
control mechanisms viz RBAC, ABAC, Mandatory Access
Control (MAC), IBAC etc. This section gives a detailed sur-
vey of significant research works based on SKE, PKE and
alternative cryptographic primitives that enforce the security
and privacy of electronic health solutions.
1) SKE BASED APPROACHES
The SKE employs the same shared secret key for encryption
and decryption and it is highly effective in EHR systems. But
it introduces inevitable additional complexity since it requires
additional access control mechanisms for the effective shar-
ing of EHR. The commonly used SKE based algorithms
are Advanced Encryption Standard (AES), Data Encryption

VOLUME 7, 2019 74367

 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
TABLE 3. SKE based approaches.
Standard (DES), stream ciphers such as RC4, A5/1, and Blow
Fish etc. Some of the SKE based approaches are described
below and the comparison is shown in Table 3.
Lee and Lee [33] proposed a cryptographic key manage-
ment protocol based on symmetric cryptosystems to meet
HIPAA regulations. The three entities used are government
healthcare office (SG), server of a healthcare provider (SH),
and patients. The main three phases of the scheme include
registration, encryption and decryption. Initially, the patient
needs to register with SG to avail a healthcare card that makes
him appropriate for the medical services offered by SH. The
encryption phase involves encrypting PHI through enabling
the health data card by entering the user PIN or by biometric
verification. This can be done by generating a session key
and cryptographic checksum by concatenating the hash value
of patients’ master key and the session key of healthcare
provider. The decryption conducted is two fold, one with
patient consent and the other with emergency cases. This
can be done by computing the master key and session key
of the healthcare provider. A secure EMR sharing scheme
has been proposed by Li et al. [34] to improve the unlinka-
bility between patient and EMR. EMRs are encrypted using
74368
symmetric key encryption using a one-time key and records
are stored anonymously. Doctors use digital signatures using
a private key to process electronic medical records. This
approach requires an EMR number i.e. the PID, SID, the iden-
tity seed which is stored in the patients’ medical card and the
random value R, which created by the doctor to access the
EMR of the patient. Each key used in this process is used
for encrypting one EMR, increasing the confidentiality of
each electronic medical record. Since the identity seed SID
is based on smart data card, medical records cannot be read
without authorization.
An EHR sharing and integration system has been proposed
by Chen et al. [35] to protect the EHRs in normal and emer-
gency situations in hybrid healthcare clouds. This approach
encrypts each medical record using an individual symmet-
ric key ck using a symmetric encryption scheme in public
and private cloud environments. Here, the doctor creates the
patients’ health record and it is encrypted by the symmetric
key ck along with a license L. This license provides an
emergency key to access the encrypted data by the cloud
even if the server is not provided with direct access. The
patient has to provide the smart card to the doctor for the
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
decryption of their EHR. This design encrypts all the medical
records and decryption is possible only by patients’ private
keys in which the private key is split into two parts, whereas
one among the keys will be escrowed by the hospital server
and the other key will be stored on the patient’s smart card.
The downside of this approach is that the license file also
need to be encrypted with the hospital’s public key. A new
dynamic access control scheme for PHR is proposed by
Chen et al. [36] under the cloud computing environment. This
scheme uses Lagrange interpolation polynomial to establish
a secure PHR information access that ensures security which
is suitably scaled for large number of users. The approach
adopted cryptography based on Lagrange multipliers for
encrypting the health records ensuring that every patient has
maximum control over their medical records. By allowing
every patient to generate his/her own related keys, users can
choose with whom to share their health records. This reduces
key management complexity, and at the same time allows
users to not only retain access control of PHR, but also per-
mits issuance of limited access rights to other users, such as
doctors, pharmacists, nurses, researchers etc. This approach
carries computational overhead. To reduce the complexity
of key distribution, this method overhaul past hierarchical
models and created partial order relation to manage users.
This is a very flexible approach for multi-user dynamic access
control in coordinating the needs for immediate addition,
or removal of user access, and also for the addition and
modification of PHR, making it more suitable for PHR cloud
application.
Zhang et al. [37] presents a role-based and time-bound
access control (RBTBAC) model which is an integration of
RBAC and a time-based access control model that ensures the
security and privacy of EHRs on untrusted cloud servers. This
model is a logorithmic composition of RBAC and time-bound
hierarchical key management in which an authorized user of
the EHR system who is alloted a time period can access the
data on the basis of his role. This model extends greater flex-
ibility in spatial and temporal capabilities to restrict access
to sensitive data. The EHR are encrypted through SKE. This
work developed a role-based privacy aware access control and
management of EHR data and also utilized a time tree method
which offers time bound access control and authorization.
In this approach, a user requires to work in several roles
and also owns and administers multiple keys. It is requisite
to encrypt the sensitive medical healthcare records prior to
uploading to the semi-trusted cloud servers. As searching
encrypted data is arduous, Searchable Symmetric Encryp-
tion (SSE) [38] has been proposed that enables keyword
searches across encrypted cloud data. This approach presents
a highly efficient and Secure Dynamic Searchable Symmetric
Encryption (SEDSSE) in medical cloud data by leveraging
the secure k-nearest neighbor (kNN) and ABE techniques.
This approach used an AES symmetric encryption algorithm
to encrypt the documents and shares the symmetric secret key
only with authorized doctors who satisfy the access policy
related to ABE.
VOLUME 7, 2019
From Table 3, it is evident that even though most of the
SKE based approaches satisfies IN and CO, but still lacks
AN, UN, AC and NR due to the following reasons. In SKE
approaches, both the sender and the receiver are required
to trust each other as they will be sharing the same secret
key for encryption and decryption that makes anonymity
almost impossible. In SKE techniques, non-repudiation and
unlinkability would be violated if the user-credentials such
as passwords or smart cards were lost, shared or stolen.
Moreover, the use of shared user IDs and passwords destroys
accountability. Most of the methods in SKE fails to mention
the procedure to restore anonymity or the key. Moreover,
these schemes are unable to operate in dynamically changing
cloud environment because of its inflexible access control and
inability to manage multiple user roles.
2) PKE BASED APPROACHES
The PKE approaches entails two separate keys; one public
key and one private key. Autonomous PKE schemes are
computationally inefficient because of its slower operations
and large key sizes. Therefore, PKE schemes can be more
efficient in combination with SKE schemes in which SKE
schemes can be used for encrypting the contents and public
private key pairs can be used to secure the symmetric keys.
This framework [39] used Public Key Infrastructure (PKI) to
address diverse security requirements such as authentication,
confidentiality, integrity, access-control, non-repudiation etc
whereas the EHR are encrypted using a shared symmetric
key generated by healthcare providers. PKI binds public keys
with unique user identities which consist of digital certifi-
cates, a Registration Authority, a Certificate Authority, a Cer-
tificate Repository Database and a Certificate Management
System. This proposed architecture builds a secure EHR
sharing framework that ensures effective sharing of EHRs
between patients and several healthcare providers. Authenti-
cation between EHR sharing cloud and healthcare providers
are achieved by signing the documents with sender’s private
key so that only the targeted healthcare provider can ver-
ify the signature to retrieve the equivalent health records.
PHR privacy is ensured in this framework [40] by creating
a security model called Online Referral and Appointment
Planer (ORAP) in which medical information is encrypted
at the client side. In ORAP model, EHR are cached in a
trusted environment, i.e. at physicians’ practice locale. EHRs
are encrypted by the public key of the receiving entity and
signed before being transmitted to the cloud and decryption
is restricted to authenticated entities only. This framework
used the Amazon S3 cloud for temporary storage and German
healthcare telematics infrastructure components for provid-
ing secure and strong encryption and signatures for all docu-
ments transferred to the patients’ health record. Comparison
of a few PKE based approaches is portrayed in Table 4.
Mashima and Ahamad [18] designed a patient-centered
monitoring system to safeguard the risk of storing and access-
ing electronic health information in the cloud. This work
developed a system that allow the patients to have explicit
74369
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
TABLE 4. PKE based approaches.
or implicit control regarding when and how the medical
information is accessed. Health records are encrypted through
Public Key Encryption with associated hash values [41]. Uni-
versal Designated Verifier Signatures (UDVS) that generates
a designated verifier signature is also introduced as part
of this work to ensure patient record usage is restricted to
authorized entities. The main drawback with this system is
that the confidentiality of the record is compromised as the
health data is initially built by an issuer who has information
about the details of record, hash values, and signatures. One
of the prominent works mentioned in the literature is that
of Yi et al. [2] that provides a multiparty framework which
ensures patient privacy in which all the EHRs are encrypted
with a common public key and decryption needs the coopera-
tion of all concerned parties. This approach is constructed on
PKI based on the ElGamal Threshold public key encryption
scheme [2]. This scheme uses modular exponentiation which
is less computationally expensive and where re-encryption is
74370
not required. This prevents any server and collusion of up to
n − 1 servers and therefore can succeed from internal and
external attacks and also achieves n server joint authentication
over only one database. Narayan proposed a cloud based
EHR system by integrating [16] symmetric key cryptog-
raphy, public key cryptography and attribute based encryp-
tion. In this approach, medical data will be encrypted by a
patient’s symmetric key and the metadata file which describes
information regarding access policy. Location information
is encrypted using broadcast CP-ABE before storage in the
cloud. This approach supports direct revocation without data
re-encryption but entails additional costs on the patient side
since re-encryption and updating of access policies are borne
by them. Another drawback is that all the encrypted files can
be accessible by the trusted authority.
A solution to address the security issues is by using a
security architecture on Trusted Virtual Domains (TVDs) in
e-health infrastructure. This work [42] make use of TVD to
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
establish access control by employing three privacy domains;
trusted, e-Health and untrusted domains. TVDs are a collec-
tion of different Virtual Machines that have common security
policies and trust each other. TVD systems have the advan-
tage of flexibility when integrating with legacy systems. This
approach make use of PKE encryption for storing and trans-
mitting e-health data in external storage. The main drawback
associated with this approach is the complexity to deploy
the TVD based solutions and scalability issues where these
domains are executed on a host computer. Pecarina et al. [43]
described a PKE-based framework to enhance privacy by
providing anonymity in data storage and efficient access
control to authorized collaborators in a semi-trusted health
cloud [44]. PHRs will be encrypted by the patient using the
public key of a CSP (Cloud Service Provider) prior to storage
in the cloud. Decryption of the patient records is carried out
by CSP using its private key. After storing PHR at a location,
the location is finally encrypted through the SKE of CSP. This
work [45] proposed an efficient homomorphic encryption for
the encryption of medical data images without hindering the
data confidentiality. A Probabilistic algorithm is used for both
key generation and encryption. This approach stored images
in a standard format, namely Digital Imaging and Com-
munications in Medicine (DICOM), and converts the input
image into a matrix followed by performing key generation
based on the homomorphic property and encryption using
homomorphic public key encryption before transmitting to
the cloud. Efficiency of the data is performed by using Peak
Signal to Noise ratio (PSNR) and Mean Square Error (MSE)
analysis, histogram analysis, and correlation analysis etc.
An efficient key word search mechanism which employes
public key encryption has been proposed by Ma et al. [46] for
a flexible healthcare system in cloud servers. This approach
constructs an encrypted keyword index with users public key
attached to encrypted health data prior to uploading to the
cloud server. It makes use of a trusted key generation center
to generate the master key, public parameters and the user’s
partial private key. This work addressed key management
problems and key escrow problems with minimum compu-
tational cost and complexity.
From the discussion, indisputably PKE schemes in the
cloud are computationally inefficient to some scenarios due
to their larger key sizes. Some of the existing PKE tech-
niques fails on the confidentiality of health data as it is
compromised by an authorized entity who exploits the data
ownership. In some PKE techniques, authenticity is not sat-
isfied considering all the encrypted files are accessible by
the trusted authority who exploits the trust. Many of the
Public key systems use a third party called a Certification
authority (CA) to digitally sign their public key, turning into
a digital certificate to make it safe. However, if the CA gets
compromised, the attacks can happen by masqueraders so that
the data will be sending to a wrong destination. Furthermore,
public key cryptography can encrypt data only up to the key
size hence the distribution of public keys are troublesome in
environments to handle large data sets. While some schemes
VOLUME 7, 2019
are designed to protect against insider attacks, other schemes
focus on patient centered PHR in which the records are
first created by record issuers who knows the content of
records, corresponding hash values and signatures. Conse-
quently, inside attacks can happen when an issuer himself
misuses health records created by him, forfeits data integrity.
Compromising secret keys Sk of the patient and Monitoring
by third party loses the data confidentiality. In addition, some
other schemes have also discussed that PKE technique has
a slightly higher computational cost due to re-encryption of
records when updating access policies.
3) OVERVIEW OF ALTERNATIVE CRYPTOGRAPHIC PRIMITIVE
APPROACHES
This section discusses an overview of alternative crypto-
graphic approaches for securing privacy in e-health clouds.
The primitives include ABE, SE, IBE, homomorphic encryp-
tion, proxy re-encryption etc.
a: ATTRIBUTE-BASED ENCRYPTION (ABE) APPROACHES
Attribute based encryption introduced by
Sahai and Waters [47] is based on public key encryption
to protect cloud data where the encryption and decryption
is on the basis of user attributes. In ABE, the encryp-
tion is based on the access-structure policy in which the
cipher text can be decrypted only when the user attributes
match with the ciphertext attributes. The two main types
of ABE are Cipher Text Policy Attribute-Based Encryption
(CP-ABE) [48] and Key Policy Attribute-Based Encryption
(KP-ABE). In KP-ABE, the access policy is enciphered in the
user’s secret key and decryption of cipher text is possible only
when the user attribute matches with the access policy [47],
whereas in CP-ABE [49] the private key of each user is
tied to a set of attributes and a cipher text is associated
with a universal set of attributes which can be decrypted
when the user attributes match the access policy. This ABE
based approach [50] preserves the confidentiality of EHR
by using PKE for scalable authorization. The smartcard of
the patient generates a Transaction Code (TAC) which is
the authorization secret, before the medical data is uploaded
to the cloud server. PKE is used for authentication and the
patient’s smart card and TAC as authorization. The health
professional needs to enter the TAC to encrypt the medical
data and the Encryption/Decryption function generates a
public key for encryption which is the hash value of the
patient’s identity and TAC. The decryption can be performed
using TAC and authentication from a Private Key Generator
(PKG). The problem of achieving confidentiality, scalability,
and fine-grained access of outsourced data in the cloud
are enumerated by Yu et al. [17]. This approach resolves
problems, including key distribution and data management
issues, by combining techniques such as ABE, KP-ABE,
Proxy Re-encryption (PRE), and lazy re-encryption as a
hybrid encryption scheme to secure fine-grained access con-
trol. The data encrypted by a single user will be shared
among different users by key distribution. In this approach
74371
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
TABLE 5. ABE based approaches.
re-encryption of data files and updates of secret keys are
consigned to cloud servers. A copy of users secret key is
kept with the cloud servers for updating of secret key com-
ponents and re-encryption of data files. Lazy re-encryption
is used to reduce computational overhead in cloud servers.
It can restrain the revoked users from capturing the updated
information once the file contents and keys are modified
post user revocation. A patient centered cloud based EHR
system that integrates symmetric key cryptography, public
key cryptography and an attribute based broadcast cipher
text policy Attribute-Based Encryption (bABE) architecture
is proposed [16]. This method allows for the encryption of
health data using a symmetric key and metadata files that
include a description of the file, attribute based access policy.
Location based information is encrypted using broadcast
CP-ABE by the patient and enables them to store within
a cloud platform. This approach also includes a key word
search functionality by amalgamating bABE and PKE with
Keyword Search (PEKS) [51] to carry out private searches in
encrypted data without unveiling the matches to the cloud.
Even though this approach facilitates direct revocation with-
out data re-encryption it entails additional computational
costs as re-encryption and updating of access policies are
74372
borne by the patient. An additional drawback exists with
the internal vulnerability of access to encrypted files by the
trusted authority without referenced to a permissioned user.
The comparison of a few ABE based approaches with its
strength and weakness is shown in Table 5.
Efficient and Secure Patient-centric Access Control
Scheme (ESPAC) [52] for the cloud using CP-ABE ensures
PHI privacy permitting data requesters to access the health
data in accordance with role based access privileges. For
secure communication between remote patient and e-health
cloud provider, IBE is employed, wherein the access con-
trol is handled by CP-ABE. A novel technique by Ruj
et al. [53] presented an ABE-based access control mechanism
that maintains user anonymity for storing PHRs in the cloud.
The user identity is unknown to the cloud but the verification
of user credentials and communications between users and
the cloud are secured by Secure Shell Protocol, SSH. This
approach is collision resistant and is resistant to replay attacks
and has a decentralized key distribution. To facilitate flexible
and effective access control for PHR, this scheme suggests
an efficient patient centric framework [48] which employs
ABE to encrypt a patient’s PHR file before uploading to the
cloud. This scheme provides several data owner settings and
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
also categorizes the PHRs into two different sub-domains viz
public and private to address key management hurdles. This
approach [54] instigates hierarchical attribute based encryp-
tion with a keyword search scheme that ensures confidential-
ity of EHRs in the cloud environment. This scheme encrypts
a single access structure in which the trusted authority will
issue public and private key pairs.The access policy and time
period is set by the information owner before outsourcing
the data to the cloud. A proxy re-encryption scheme is also
implemented to deny access after the predefined time period
defined by the information owner. This work assures fine
grained access control, versatile client revocation and lesser
storage and encryption time costs compared to other systems.
Even though ABE provides dynamic access control and
key management, it still experiences some drawbacks. One
of the limitations with ABE is that the data owner needs to
use the authenticated users’ public key for encryption [21].
The drawback with KP-ABE is that the owner of the data
cannot decide who can decrypt the encrypted data as the data
owner has to trust the key issuer and also suffers with poor
scalability issues. Consequently, the Non-repudiation can’t
be guaranteed. In CP-ABE, attribute management and key
distribution are managed by a trusted authority. ABE schemes
are most efficient among encryption techniques and provide
fine-grained and well-formed access to health records but still
infeasible for proper execution on EHRs due to its expen-
sive computation [28], [30], key management complexity and
challenge in managing access control policies [25] when
attributes in the access structure grows [26]. Another down
side is that since most of the ABE schemes use a semi trusted
entity who manages the servers and provide cloud services,
and for this reason become a threat to data integrity.
b: SEARCHABLE ENCRYPTION
Due to the massive growth of big data there exists large scale
outsourcing of data into cloud servers. As medical data and
EHRs are outsourced to remote cloud servers that are exposed
to cloud service providers, this leads to various attacks such as
either DoS attacks or adversary attacks that destroys the data
confidentiality in the cloud. For protection of data and pre-
vention of information leakage, cloud data will be encrypted.
Since the health data is encrypted and stored in third-party
Cloud servers, normal searching schemes cannot be applied.
It requires some searchable encryption implementation to
query the data as shown in Fig. 6. As searching encrypted
data is arduous, SSE has been proposed that enable keyword
searches across encrypted cloud data. This poses challenges
such as (1) How the data owner permits search permissions
to the data user? (2)How the authenticated data users search
the encrypted stored data? One of the solutions is SE. SE
is a cryptographic primitive that permits search operations
over encrypted data without disclosing the information to
untrusted servers. These search operations are performed on
encrypted ciphertext with the support of a trapdoor func-
tion from user. The main two types are symmetric search-
able encryption and asymmetric searchable encryption [55].
VOLUME 7, 2019
FIGURE 6. Searchable encryption.
FIGURE 7. Classification of SE techniques.
This approach is initially introduced based on symmetric
cryptography [56] that facilitates controlled searching where
the untrusted server is unable to retrieve the original plaintext.
Here we discuss SE and categorize its use cases into
four schemes viz Searchable Symmetric Encryption (SSE),
Public Key Encryption with Keyword Search (PEKS),
Attribute-based Encryption with Keyword Search (ABKS),
Proxy Re-encryption with Keyword Search (PRKS) as shown
in Fig. 7 and their comparison is presented in Table 6 and
Table 7. A searchable encryption service contains three types
of entities: a data owner, a data user (data users), and the
untrusted cloud [57]. The data owner is a cloud service user
who outsourced the original data to a third-party cloud.
Different healthcare application scenarios require different
searchable encryption schemes. We can characterize exist-
ing healthcare application scenarios into four categories: (1)
When the outsourced data are searched only by the data
owner, where the data owner is the only authorized data user
to search the encrypted data, SSE schemes can be applied in
this scenario. (2) When the outsourced data are shared with
another user, i.e. there is only one authorized data user who
can create the search tokens and search the encrypted data,
PEKS schemes are suitable for this one-to- one scenario. (3)
When the outsourced data are shared with several users, i.e.
more than one authorized user have the permission to search
the encrypted data, ABKS schemes can be used in this one-
to-many scenario. (4) When the data owner is unavailable
and cannot directly grant the search authorization upon emer-
gency, it needs an authorized delegate user to re-authorize the
search permission to other user(s) on behalf of the data owner.
PRES schemes are applicable to this authorization-delegation
scenario [57].
• Searchable Symmetric Encryption (SSE) SSE is a
symmetric key encryption technique which outsources the
data confidentially from one party to another by provid-
ing selective search capabilities. This model uses proxy
re-encryption [58] that shares medical data in the cloud
74373
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
TABLE 6. Comparison of SE techniques (SSE and PEKS) based on server set Ups.
TABLE 7. Comparison of ABKS and PRKS techniques based on security
facets.
with end-to-end data encryption that confines data access
only to authenticated recipients. This approach [59] pre-
serves the privacy and security in e-Health systems with a
74374
new cryptographic technique named as a conjunctive key-
word search with designated tester and timing dependent SE
schemes named proxy rencryption function (Re-dtPECK).
The EHR documents are encoded by symmetric encryption
algorithms and a symmetric key is encapsulated with the
patient’s public key by key encapsulation. This makes use
of a delegation function θ to perform operations and uses
a conjunctive keyword search mechanism. This approach
proposes a novel SSE scheme [60] which provides searching
according to the unique keywords stored on the server. The
search time is logarithmic and the client can search and
update the document whenever required. This makes use of
two variant schemes in which the first one is an interactive
scheme and the second one is non-interactive in which the
former needs two rounds of communication for the index
generation, updates, and search whereas the latter can be
deployed using a hash chain. This method [61] states an SSE
procedure which supports conjunctive search and Boolean
queries on stored data which is symmetrically encrypted and
focus on a single keyword search mechanism. This model
provides higher security and scales to very large databases.
By preserving keyword privacy, this approach [62] validates
and resolves the issue regarding fuzzy keyword searches
across encrypted data in the cloud. Fuzzy keyword searches
enrich system utility by providing matching files or nearest
possible matching files for the user input with the prede-
fined keywords based on keyword similarity semantics, oth-
erwise. This solution precomputes fuzzy keyword sets with
edit distance to evaluate keyword similarity and also mini-
mizes the storage and representation overheads by developing
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
an advanced mechanism on constructing fuzzy keyword
sets.
• Public Key Encryption with Keyword Search (PEKS)
PEKS is a cryptographic approach that uses a public key
system to search across encrypted data. Boneh et al. [63] pro-
posed PEKS as an initial scheme which does not uncover any
information pertaining to user’s searching in the public-key
setting and with lesser communication complexity. This
technique [64] proposes a weak key unlinkability that pro-
vides a broader view on trapdoor privacy in asymmetric
searchable encryption for IBE. The main purpose of this
scheme is to build an anonymous IBE scheme that fulfills
both key unlinkability and enhanced functional privacy. This
approach [65] addresses three main issues of a PEKS scheme
viz removal of secure channel, refreshing keywords, and pro-
cessing multiple keywords. The idea of PKE with registered
keyword search (PERKS) has been presented by Tang and
Chen [66]. This scheme provides flexibility in such a way that
the sender is able to register a keyword with the receiver prior
to the sender generating a tag to build searchable content. This
makes the scheme more efficient and secure against offline
keyword-guessing attacks.
• Attribute Encryption with Keyword Search (ABKS)
ABKS is a cryptographic searching approach which uses
attribute-based encryption for data encryption. This search-
ing technique permits keyword searches over encoded EHR
data by authorized users whose attributes fulfill the access
policy. Yang [67] proposed a multi sender and user sce-
nario that enhances fine grained access control and supports
flexible user revocation using a flexible keyword search-
ing technique and attribute based encryption. This scheme
introduced a novel fundamental named as Attribute Based
Searchable Encryption with Synonym Keyword search func-
tion (SK-ABSE). An ABE scheme described by Li et al. [68]
implements keyword search functions with outsourcing
key-issuing and outsourcing decryption (KSFOABE). In this
scheme, the cloud service provider undertakes partial decryp-
tion tasks assigned by data user without having any infor-
mation regarding the plaintext which is secure and robust
against chosen plaintext attack. Verifiable Attribute-Based
Keyword Search (VABKS) [69] solution permits a data user
to only search over the data owner’s outsourced encrypted
data whose credentials match with the data owner’s access
control policy. Liu et al. [70] presented a new approach called
Key Policy Attribute-Based Keyword Search(KP-ABKS) that
removes secure channel for validation of the searched result
from the cloud that reduces the computation complexity on
VABKS.
• Proxy Re-Encryption with keyword Search (PRKS)
PRKS is a cryptographic fundamental that uses a proxy
re-encryption system for searching encrypted data. It per-
mits an authenticated data user who permissions the
search capability to other users by re-encrypting the out-
sourced data [57]. The proxy re-encryption with keyword
search functions (PRKS) as the union of two schemes,
Proxy Re-Encryption (PRE) and PEKS. This approach [71]
VOLUME 7, 2019
provides two security concepts for bidirectional PRES (Proxy
Re-encryption Scheme): privacy for keyword and privacy for
message. In keyword privacy, the opponent is permitted to
obtain the plaintext of any ciphertext, and nearly all trapdoors,
excluding those which are connected to the two specific
keywords. Nevertheless, it cannot determine which keyword
matches to a given ciphertext. This security idea ensures that
the test can only be done by the person who has the trapdoor
or token. For message privacy, the opponent is permitted
to obtain the plaintexts of nearly all ciphertexts, excluding
one and all the trapdoors, but it cannot determine which
message matches with the particular plaintext. This secu-
rity concept ensures that the one who holds the private key
can decrypt the ciphertexts. A new cryptographic approach
described by Fang et al. [72] called Conditional Proxy
Re-Encryption with Keyword Search (C-PRES) is an asso-
ciation of C-PRE and PEKS. This approach offers various
benefits over previous schemes, such as chosen-ciphertext
security, non-interactivity keyword-anonymity, unidirection-
ality, and collusion-resistance. Shi et al. [73] presented an
approach in which the encrypted data will be outsourced to
the cloud by the data owner to perform the keyword search
on encrypted data with the specified search token. The idea
is to combine ABE and PRE in which the data owner permits
keyword searches over encrypted data to authenticated users
in accordance with access control policies.
We have discussed a survey of Searchable encryption
techniques for healthcare applications. However, all existing
multi-user SE schemes are not practical with respect to the
performance required by critical real-world applications and
do not scale well for extensive databases. We categorize and
compare the different SE schemes in terms of their security,
effïciency, and functionality. However, SSE is not a preferred
method [65] for querying the search in EHR due to key
management issues. Nevertheless, PEKS and PRKS exhibit
better performance in terms of security and privacy and are
commonly adopted to EHR that supports search functionality.
c: PROXY RE-ENCRYPTION
Proxy Re-encryption is a cryptographic approach that per-
mits a semitrusted proxy server to re-encrypt the cipher-
text, which is encrypted by one user’s public key, into
another ciphertext i.e. encrypted by the public key of another
user [74]. For example, Alice sends a message (M) to
Bob through a semi-trusted proxy server, Without shar-
ing Alice’s private key to either the proxy or Bob, and
without disclosing the secret message to the proxy shown
in Fig. 8. Yang and Ma [59] introduced a novel cryptographic
approach called as Conjunctive Keyword Search with a
designated tester and a timing enabled proxy re-encryption
function, Re-dtPECK, that uses a delegation indicator θ to
perform operations and uses conjunctive keyword for search-
ing mechanism. This scheme proposes a proxy re-encryption
mechanism [75] for on the road emergencies that permits
an emergency medical center to decrypt a patient’s health
74375
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
FIGURE 8. Proxy re-encryption.
records wth the aid of cloud servers and user credentials
without disclosing the secret key.
Timing enabled proxy re-encryption systems over conjunc-
tive keyword search have been proposed [76] that allow users
to access the patient records under a predefined time inter-
val, T. This technique achieves objectives such as Efficient
Access Control, User revocation, Efficiency, and Time based
revocation.
d: HOMOMORPHIC ENCRYPTION
Homomorphic encryption is a type of encryption which
performs computation on ciphertexts in which the data is
acquired in an encrypted format, when decrypted returns
the result of operations if they had been performed on the
plaintext. A simple example for homomorphic encryption is
shown in Fig. 9.
FIGURE 9. Example of homomorphic encryption.
Barni et al. [77] introduced a multiparty approach for
processing the encrypted Electrocardiogram (ECG) using
homomorphic encryption to preserve patient privacy. Privacy
Preserving Attribute based authentication systems have been
introduced [78] for e-health networks which contribute users’
verifiable attributes to authenticate users in an e-health sys-
tem. The proposed scheme relies on homomorphic encryption
to guarantee data security, which preserves the privacy
of attributes but the computation cost is extremely high.
Gentry [79] proposed the idea of fully homomorphic encryp-
tion which permits a random number of additions and
74376
FIGURE 10. Classification of access control mechanism.
multiplications over the encrypted data, whereas, Some-
what Homomorphic Encryption(SwHE) executes restricted
numbers of homomorphic operations by evaluating cir-
cuits of specified depth. Fully homomorphic encryption
based approaches are impractical because of their inef-
ficacy. Naehrig et al. [80] presented SwHE to perform
computations over the encrypted data. This approach [81]
implements a hybrid architecture that uses homomorphic
encryption and RSA (Rivest-Shamir-Adleman) to enhance
e-health data security in private cloud OpenStack platforms.
This architecture enables cloud clients to take control of their
cryptographic operations and key management rather than the
cloud provider. Carpov et al. [82] designed a privacy preserv-
ing diagnosis model using homomorphic encryption which
processes data without allowing any information breach to
the cloud provider. Data will be encrypted with the private
key of the user before uploading to cloud servers and data
evaluation will be done on encrypted data in which the results
are oblivious to the cloud. This approach integrates state-of-
the art components such as, trans-ciphering, automatic com-
pilation, parallelisation, and message packing, to preserve
user privacy.
B. NON-CRYPTOGRAPHIC APPROACHES
Non-cryptographic approaches mainly use policy-based
authorization infrastructure such as, access control policies,
to enforce privacy control to the data. In EHR systems where
data access is of a highly confidential nature and data is
housed on third party severs. Access control mechanisms are
inevitable and vital as encryption approaches. In a health
care information system access control offers fundamental
security barriers to data privacy whereby it limits the access
and operation of documents in the EHR system. Some of
the main access control techniques are depicted in Fig. 10.
Comparison of a few privacy preserving Non-cryptographic
mechanisms is shown in Table 8.
Discretionary Access Control (DAC) is a form of access
control in which the object’s owner has whole control over the
programs. DAC is based on giving access to objects based on
the subject’s identity [83]. In MAC, access policy decisions
are not made by the individual owners of an object but by
a central authority and also the owner cannot change access
rights [84]. RBAC defines access decisions on basis of their
job functions in which roles have been allocated to subjects,
and the roles are associated with permissions that defines
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
TABLE 8. Comparison of privacy preserving non-cryptographic mechanisms.
which actions can be operated over which objects. ABAC is
an authentication based access control in which the decisions
for access are performed according to the set of user defined
attributes and requesters will be given object access according
to attributes that satisfy the policy rules. IBAC is an approach
to regulate access based upon the authenticated identity of an
individual.
Khan and Sakamura [85] proposed a context sensitive
fine-grained access control mechanism of personal health
information by means of discretionary access control and
RBAC models. This approach uses eTRON architecture in
which authentication is performed using public key cryp-
tography and secure key sharing is established through
the Diffie-Hellman algorithm. Pussewalage and Oleshchuk
[86] presented a patient-centric attribute based method in
which each PHR file is encrypted and stored along with
an attribute based access policy in an e-health cloud that
controls the access to the particular resource and also uti-
lizes a proxy re-encryption technique that aids the authen-
ticated users to decrypt the appropriate PHR files. This
scheme can resist attacks mounted via attribute collusion
and is also capable of provisioning on-demand user revo-
cation. Alshehri and Raj [87] presented a framework which
eliminates the limitations of RBAC and ABAC. This work
proposed a BiLayer Access Control (BLAC) in which
attributes are integrated with roles and an access request
is examined against pseudo-roles before checking the rules
VOLUME 7, 2019
within the policy. Sandhu et al. [88] proposed RBAC in
which the roles have been assigned to subjects and roles
are also associated with permissions that define which
actions can be operated over which objects. This scheme
has several drawbacks. It is an expensive process to define
and structure the roles, and it only supports policies that
are static and defined in advance. Furthermore it can-
not support dynamically changing environments [89], and
also RBAC’s coarse-granularity causes internal attacks [90].
Yuan and Tong [20] proposed ABAC in which specific
attributes of each subject are used to explain access policies
for access permission. ABAC resolves issues of RBAC but
it has two problems. Initially, ABAC is arduous because of
the large number of rules that are required to be examined for
access decisions, and secondly for n attributes ABAC may
require 2n rules [20].
A secure attribute based access control technique for EHR
has been presented by Pussewalage and Oleshchuk [91] using
selective disclosure of the attributes in which the access
decisions are made in such a way that the user must acquire
the same attribute set that satisfies the defined access policy
to the requested resource. This approach employed a Public
Key Infrastructure (PKI) for establishing a secure channel to
authenticate with the health center. This model [92] integrates
several mechanisms such as RBAC and ABAC to provide
confidentiality for Electronic health records. A framework
that introduces the concept of a provenance based access
74377
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
control combines with RBAC with a distributed rule-based
mechanism is proposed [93] to enhance the security of cloud
data. Bahga and Madisetti [94] proposed an EHR architecture
that attains semantic interoperability between stakeholders.
This framework adopts a two level modeling that provides
better security and addresses the key requirements of HIPAA
and HITECH (Health Information Technology for Economic
and Clinical Health act). For secure data storage and secure
access a cryptographic model for EHR systems has been
proposed [95]. Location awareness and biometric authentica-
tion techniques are used for user authentication and steganog-
raphy techniques are used to conceal EHR data in the cloud
by embedding in ECG signals.
Gajanayake et al. [96] presented a new access control
technique to preserve patient privacy and confidentiality
for EHR by combining three prevalent techniques such as
MAC, DAC, RBAC along with a purpose based access
control. This work [97] adopted an XACML (Extensible
Access Control Markup Language) ABAC mechanism for
the protection of EHR against unauthorized intruder access,
which supports interoperability. This approach makes use of
semantic technologies and an inference engine which uses
attributes as classes and rule based policies for decision mak-
ing. Seol et al. [98] proposed an EHR model that combines
ABAC using XACML to preserve patient privacy and ensure
security in the cloud environment. This work makes use of
partial encryption based on XML and XML digital signature
technology for authentication purposes. An attribute based
access control scheme [99] for an e-health environment, inte-
grated with controlled access delegation, has been proposed.
This approach also performs multilevel access delegation
with on-demand attribute revocation mechanisms. An authen-
tication algorithm and RBAC to preserve patient privacy
in smart health systems [100] has been proposed. It makes
use of three parties, namely Health Authority, Healthcare
Professionals, and the Information Consumer. Liu et al [101]
introduced an RBAC scheme for EHR on the basis of two
roles. One for patients and another for medical staff. Patients
are identified by their identity whereas medical staff will
be recognized by their roles and access will be given per
access policies. This approach also supports user revocation
mechanisms.
V. RESEARCH ISSUES AND FUTURE DIRECTIONS
This section discusses the research issues and future direc-
tions related to privacy and security in EHR. Since EHR data
is sensitive, confidential, and housed in third party servers
entails serious risks in terms of data privacy and security.
Higher levels of security is utmost needed to prevent, detect,
and act on unauthorized access to healthcare system and is
required to mitigate social, economic, political and cultural
conflicts. Some of the main research issues include:
1. How to secure and safeguard security of stored data in
the cloud?
2. How to implement privacy preserved health care data
storage?
74378
3. Which access control mechanism will be more efficient
for the secure transfer of EHR?
4. Which encryption scheme can be used for preserving
data security?
5. How the health data can be effectively shared against
multiple healthcare providers?
6. How to maintain integrity of health records?
7. Who will be able to access the patient data with health-
care providers during an emergency situation?
8. What kind of access can be given to Administrative staff
to offset inside attacks?
9. How to handle user revocation when an authorized user
leaves the system?
10. How to handle key management complexity while shar-
ing healthcare data between disparate healthcare providers?
This review highlighted various research issues pertaining
to the privacy and security of e-health data. Therefore we
found that there is an imminent need to strengthen the security
infrastructure in e-health systems aiming towards patients’
to ensure the privacy and security of data thereby securing
patient confidentiality and sovereignity. Thus, we bring forth
some future research directions as follows:
• From the discussion, we have examined several cryp-
tographic and non-cryptographic mechanisms. Even though
ABE is most efficient among encryption schemes, Yi et al. [2]
investigated and proved that even though ABE is most
efficient among encryption schemes, it still suffers from
expensive computation and complexity in bi-linear pairing
operations. Therefore, recognizing new techniques for reduc-
ing the complexity of bi-linear operations or finding ways
to outsourcing computations will be an interesting research
direction.
• we have observed several access control mechanisms
that ensure privacy in which ABAC is the most flexible and
convenient providing fine grained access. So, ABAC will
be efficient to introduce more flexibility into authorizations
which can also be considered as a research direction.
• Introducing secure Provenance for tracking information
flow for e-health data would be another interesting area to
work on.
• Integrity of health data in the cloud can be another interest-
ing research direction.
• Privacy is a crucial aspect in healthcare. Maintaining
privacy and tracking privacy violations by means of account-
ability mechanisms in healthcare records is essential for fraud
detection and prevention. Keeping track of provenance for
both data and programs is advisable.
• The great leaps in digital technologies characterized by
Social networking, IoT, Big Data Analytics and Cloud com-
puting calls for the immediate attention of all stakeholders
to ensure stricter norms of privacy and security with respect
to big data. Therefore, combinations of Data Analytics and
Artificial Intelligence will be a better research focus to ana-
lyze, examine, and prevent threats in healthcare.
• A combination of encryption mechanisms and access
control mechanisms to preserve big data security and privacy
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing

can also be considered as a future research direction for

maintaining a foolproof security mechanism in e-healthcare.
VI. DISCUSSION
From the comparitive review of existing cryptographic
and non-cryptographic approaches, we have discussed
how several privacy and security mechanisms can be
applied to e-health data efficiently. For the comparison,
we have examined several crucial factors including the
strengths and weakness of existing techniques and char-
acterized each method using several privacy preserving FIGURE 11. Challenges in cloud.

requirements such as IN (Integrity), CO (Confidentiality),

AU (Authenticity), NR (Non-repudiation), AC (Accountabil-
ity), AN (Anonymity), UN (Unlinkability).
The comparison results are indexed in Table 1 to Table 5 in
which the symbols ‘‘X’’, ‘‘7’’ denotes whether the specific
privacy preserving requirement is accomplished or not and ‘‘-
’’ denotes that a specific requirement is not discussed. From
the detailed survey it is evident that most of the techniques
are adhere to the privacy preserving requirements but none
adhere completely.
From the discussion, it is apparent that most of the existing
cryptographic approaches suffer from higher computational
cost, complexity in key management and distribution, in addi-
tion to vulnerability to a wide range of intruder attacks
due to the nature of design, portability and scalability. The
review provides a detailed study of cryptographic approaches
such as SKE, PKE, ABE, SSE, Proxy Re-encryption and
Homomorphic Encryption in which the SKE suffers from
inflexible access control which further entails user pres-
ence for every smart card access. SKE schemes are unable
to operate in a dynamically changing cloud environment
because of its inability to manage multiple user roles. It is
evident that PKE schemes are computationally inefficient
due to larger key sizes. Even though existing ABE based
mechanisms have the advantage of defining access structures
and are superior in preserving privacy levels, the computation
of bilinear pairing in ABE is very expensive. One of the
main limitations found in the existing techniques is that
they are administered and controlled by a central trusted
entity. Moreover, among the access control mechanisms,
RBAC is inflexible in dynamically changing environments
and the task of defining structure and roles in RBAC is quite
expensive too. ABAC is significantly efficient in handling
access control, but it requires a large number of rules for
decision making. The non-cryptographic approaches have
several limitations on their expensive processes to define and
structure roles, policies, and are inefficient operating with in
a dynamic environment. From the review, it is also evident
that SE schemes are not extensively used for handling health-
care data in the cloud environment due to computational
limitations and an inability to withstand intruder attacks.
The majority of the approaches described are incapable to
withstand internal and external attacks due to the lack of
proper privacy preserving mechanisms. However, we have
discussed several mechanisms and pointed out the advantages
and disadvantages, but these existing techniques still fail to
VOLUME 7, 2019
FIGURE 12. Secure blockchain based EHR System in cloud.
achieve security, privacy and integrity of health data in an
e-health deployment. From Fig. 11 it is obvious that security
is a crucial concern in the cloud environment as cyber threats
are increasing exponentially. Therefore, there is an imminent
need to preserve security of EHRs against security breaches
and to stregthen the security infrastructure in healthcare to
ensure patient confidentiality.
One of the solutions to overcome all these limitations in
the existing system is to introduce patient centered elec-
tronic health system namely, Personally Controlled Elec-
tronic Health Record System, in which the patient will be
the universal consent provider of their data (except in emer-
gency situations) to all stakeholders viz doctors, pharmacists,
nurses, scientists etc. Blockchain technology [102] can be
used as an underlying access control tool to support this dis-
tributed ledger mechanism in the cloud. A secure Blockchain
based EHR system in cloud is depicted in Fig. 12. Smart
contracts are intelligent permission contracts or codes that
are written which verifies data ownership, permissions and
integrity of data [103]. This approach will be a tamper proof
mechanism as every health transaction information will be
stored as hash values in the blockchain. It has immense poten-
tial to ensure security, privacy, confidentiality, availability
and integrity of the e-health information. The introduction of
this technological advancement that integrates cryptograph-
ical aspects provides a secure and efficient framework for
efficient storage, transfer and access of electronic health
records in the cloud environment.
VII. CONCLUSION
Smart health care services are a great boon and are dom-
inantly used by patients, doctors and other healthcare
74379
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
providers nowadays. Since the majority of data is stored
in cloud servers, which is highly susceptible to threats and
breaches, there is an imminent need to safeguard them from
unauthorized access. Existing smart health solutions provide
a certain level of immunity but not a foolproof mechanism.
In this context a major breakthrough in research to sustain
the confidence and credibility of patients is essential for the
wide scale usage and success of the digital health care. This
review highlights a comprehensive study of existing e-health
cloud preserving cryptographic and non-cryptographic mech-
anisms to secure privacy aspects in cloud and their vulner-
abilities in fast changing digital era. Moreover, our work
also provides and identifies key research areas with diverse
aspects viz architecture, encryption techniques, access con-
trol mechanisms and has also identified some remarkable
research issues and future research directions to bring delib-
erate action for ensuring foolproof privacy in smart health
solutions. The evolution of a holistic security mechanism as
suggested by this work can make health care data more secure
and sustainable.
VIII. CONFLICT OF INTEREST
None.
ACKNOWLEDGMENT
The authors would like to thank Prof. Yuan Miao and Dr. Hui
Cui for their valuable comments, suggestions and reviews.
REFERENCES
[1] N. Dong, H. Jonker, and J. Pang, ‘‘Challenges in ehealth: From enabling
to enforcing privacy,’’ in Proc. Int. Symp. Found. Health Inform. Eng. Syst.
Berlin, Germany: Springer, 2011, pp. 195–206.
[2] X. Yi, Y. Miao, E. Bertino, and J. Willemson, ‘‘Multiparty privacy protec-
tion for electronic health records,’’ in Proc. IEEE Global Commun. Conf.
(GLOBECOM), Dec. 2013, pp. 2730–2735.
[3] C. S. Kruse, M. Mileski, A. G. Vijaykumar, S. V. Viswanathan,
U. Suskandla, and Y. Chidambaram, ‘‘Impact of electronic health records
on long-term care facilities: Systematic review,’’ JMIR Med. Inform., vol. 5,
no. 3, p. e35, 2017.
[4] L. Griebel, H.-U. Prokosch, and F. Köpcke, D. Toddenroth, J. Christoph,
I. Leb, I. Engel, and M. Sedlmayr, ‘‘A scoping review of cloud computing
in healthcare,’’ BMC Med. Inform. Decis. Making, vol. 15, no. 1, p. 17,
Mar. 2015.
[5] P. Li, S. Guo, T. Miyazaki, M. Xie, J. Hu, and W. Zhuang, ‘‘Privacy-
preserving access to big data in the cloud,’’ IEEE Cloud Comput., vol. 3,
no. 5, pp. 34–42, Sep./Oct. 2016.
[6] A. Abbas and S. U. Khan, ‘‘A review on the state-of-the-art privacy-
preserving approaches in the e-health clouds,’’ IEEE J. Biomed. Health
Informat., vol. 18, no. 4, pp. 1431–1441, Apr. 2014. [Online]. Available:
http://ieeexplore.ieee.org/abstract/document/6714376/
[7] R. Zhang and L. Liu, ‘‘Security models and requirements for healthcare
application clouds,’’ in Proc. IEEE 3rd Int. Conf. Cloud Comput., Jul. 2010,
pp. 268–275.
[8] M. Ahmed and A. S. S. B. Ullah, ‘‘False data injection attacks in health-
care,’’ in Proc. Australas. Conf. Data Mining, 2017, pp. 192–202.
[9] M. R. Fuentes. (May 14, 2018). Cybercrime and Other Threats Faced by
the Healthcare Industry. Trend Micro. Accessed: Jan. 10, 2019. [Online].
Available: https://documents.trendmicro.com/assets/wp/wp-cybercrime-
and-other-threats-faced-by-the-healthcare-industry.pdf
[10] E. AbuKhousa, N. Mohamed, and J. Al-Jaroodi, ‘‘e-Health cloud:
Opportunities and challenges,’’ Future Internet, vol. 4, no. 3,
pp. 621–645, 2012.
[11] D. McGraw, ‘‘Building public trust in uses of health insurance portability
and accountability act de-identified data,’’ J. Amer. Med. Inform. Assoc.,
vol. 20, no. 1, pp. 29–34, Jan. 2013.
74380
[12] B. Edwards, S. Hofmeyr, and S. Forrest, ‘‘Hype and heavy tails: A closer
look at data breaches,’’ J. Cybersecur., vol. 2, no. 1, pp. 3–14, Dec. 2016.
[13] N. Asokan, V. Niemi, and K. Nyberg, ‘‘Man-in-the-middle in tun-
nelled authentication protocols,’’ in Proc. Int. Workshop Secur. Protocols.
New York, NY, USA: Springer, 2003, pp. 28–41.
[14] Y. Chen, W. Trappe, and R. P. Martin, ‘‘Detecting and localizing wireless
spoofing attacks,’’ in Proc. 4th Annu. IEEE Commun. Soc. Conf. Sensor,
Mesh Ad Hoc Commun. Netw., Jun. 2007, pp. 193–202.
[15] C. Meadows, R. Poovendran, D. Pavlovic, L. Chang, and P. Syverson,
‘‘Distance bounding protocols: Authentication logic analysis and collusion
attacks,’’ in Secure Localization and Time Synchronization for Wireless
Sensor and Ad Hoc Networks, New York, NY, USA: Springer, 2007,
pp. 279–298.
[16] S. Narayan, M. Gagné, and R. Safavi-Naini, ‘‘Privacy preserving EHR
system using attribute-based infrastructur,’’ in Proc. ACM Workshop Cloud
Comput. Secur. Workshop, Oct. 2010, pp. 47–52.
[17] S. Yu, C. Wang, K. Ren, and W. Lou, ‘‘Achieving secure, scalable, and
fine-grained data access control in cloud computing,’’ in Proc. IEEE
INFOCOM, Mar. 2010, pp. 1–9.
[18] D. Mashima and M. Ahamad, ‘‘Enhancing accountability of electronic
health record usage via patient-centric monitoring,’’ in Proc. 2nd ACM
SIGHIT Int. Health Inform. Symp., Jan. 2012, pp. 409–418.
[19] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, ‘‘Role-based
access control models,’’ Computer, vol. 29, no. 2, pp. 38–47, 1996.
[20] E. Yuan and J. Tong, ‘‘Attributed based access control (ABAC) for Web
services,’’ in Proc. IEEE Int. Conf. Web Services, Jul. 2005, p. 569.
[21] R. Charanya and M. Aramudhan, ‘‘Survey on access control issues in
cloud computing,’’ in Proc. Int. Conf. Emerg. Trends Eng., Technol. Sci.
(ICETETS), pp. 1–4, Feb. 2016.
[22] L. Zhu, C. Zhang, C. Xu, X. Liu, and C. Huang, ‘‘An efficient and privacy-
preserving biometric identification scheme in cloud computing,’’ IEEE
Access, vol. 6, pp. 19025–19033, Mar. 2018.
[23] W. Li, K. Xue, Y. Xue, and J. Hong, ‘‘TMACS: A robust and verifi-
able threshold multi-authority access control system in public cloud stor-
age,’’ IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 5, pp. 1484–1496,
May 2016.
[24] K. Xue, Y. Xue, J. Hong, W. Li, H. Yue, D. S. Wei, and P. Hong, ‘‘RAAC:
Robust and auditable access control with multiple attribute authorities for
public cloud storage,’’ IEEE Trans. Inf. Forensics Security, vol. 12, no. 4,
pp. 953–967, Apr. 2017.
[25] P.-W. Chi and C.-L. Lei, ‘‘Audit-free cloud storage via deniable attribute-
based encryption,’’ IEEE Trans. Cloud Comput., vol. 6, no. 2, pp. 414–427,
Apr./Jun. 2018.
[26] W. Li, B. M. Liu, D. Liu, R. P. Liu, P. Wang, S. Luo, and W. Ni, ‘‘Unified
fine-grained access control for personal health records in cloud comput-
ing,’’ IEEE J. Biomed. Health Informat., vol. 23, no. 3, pp. 1278–1289,
May 2018.
[27] C. Zhang, L. Zhu, C. Xu, and R. Lu, ‘‘PPDP: An efficient and privacy-
preserving disease prediction scheme in cloud-based e-healthcare system,’’
Future Gener. Comput. Syst., vol. 79, pp. 16–25, Feb. 2018.
[28] C. Huang, K. Yan, S. Wei, G. Zhang, and D. H. Lee, ‘‘Efficient anonymous
attribute-based encryption with access policy hidden for cloud comput-
ing,’’ in Proc. Int. Conf. Progr. Informat. Comput. (PIC), Dec. 2017,
pp. 266–270.
[29] J. Wei, W. Liu, and X. Hu, ‘‘Secure data sharing in cloud computing
using revocable-storage identity-based encryption,’’ IEEE Trans. Cloud
Comput., vol. 6, no. 4, pp. 1136–1148, Oct./Dec. 2016.
[30] H. Cui, R. H. Deng, and Y. Li, ‘‘Attribute-based cloud storage with secure
provenance over encrypted data,’’ Future Gener. Comput. Syst., vol. 79,
no. 2, pp. 461–472, Feb. 2018.
[31] N. S. Safa, M. Sookhak, R. von Solms, S. Furnell, N. A. Ghani, and
T. Herawan, ‘‘Information security conscious care behaviour formation in
organizations,’’ Comput. Secur., vol. 53, pp. 65–78, Sep. 2015.
[32] C. S. Kruse, B. Smith, H. Vanderlinden, and A. Nealand, ‘‘Security tech-
niques for the electronic health records,’’ J. Med. Syst., vol. 41, no. 8,
p. 127, Aug. 2017.
[33] W. B. Lee and C. D. Lee, ‘‘A cryptographic key management solution for
HIPAA privacy/security regulations,’’ IEEE Trans. Inf. Technol. Biomed.,
vol. 12, no. 1, pp. 34–41, Jan. 2008.
[34] Z.-R. Li, E.-C. Chang, K.-H. Huang, and F. Lai, ‘‘A secure electronic
medical record sharing mechanism in the cloud computing platform,’’
in Proc. IEEE 15th Int. Symp. Consum. Electron. (ISCE), Jun. 2011,
pp. 98–103.
VOLUME 7, 2019
S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
[35] Y. Y. Chen, J. C. Lu, and J. K. Jan, ‘‘A secure EHR system based on hybrid
clouds,’’ J. Med. Syst., vol. 36, no. 5, pp. 3375–3384, 2012. [Online].
Available: https://link.springer.com/article/10.1007/s10916-012-9830-6
[36] T.-S. Chen, C.-H. Liu, T.-L. Chen, C.-S. Chen, J.-G. Bau, and T.-C. Lin,
‘‘Secure dynamic access control scheme of PHR in cloud computing,’’
J. Med. Syst., vol. 36, no. 6, pp. 4005–4020, Dec. 2012.
[37] R. Zhang, L. Liu, and R. Xue, ‘‘Role-based and time-bound access
and management of EHR data,’’ Secur. Commun. Netw., vol. 7, no. 6,
pp. 994–1015, Jun. 2014.
[38] H. Li, Y. Yang, Y. Dai, J. Bai, S. Yu, and Y. Xiang, ‘‘Achieving secure
and efficient dynamic searchable symmetric encryption over medical cloud
data,’’ IEEE Trans. Cloud Comput., to be published.
[39] A. Ibrahim, B. Mahmood, and M. Singhal, ‘‘A secure framework for
sharing electronic health records over clouds,’’ in Proc. IEEE Int. Conf.
Serious Games Appl. Health (SeGAH), May 2016, pp. 1–8.
[40] A. Kaletsch and A. Sunyaev, ‘‘Privacy engineering: Personal health records
in cloud computing environments,’’ in Proc. 32nd Int. Conf. Inf. Syst.
(ICIS), Shanghai, China, Dec. 2011, pp. 1–11.
[41] X. Sun, M. Li, H. Wang, and A. Plank, ‘‘An efficient hash-based algorithm
for minimal k-anonymity,’’ in Proc. 31st Australas. Conf. Comput. Sci. Vol.,
vol. 74, Jan. 2008, pp. 101–107.
[42] H. Löhr, A.-R. Sadeghi, and M. Winandy, ‘‘Securing the e-health cloud,’’
in Proc. 1st ACM Int. Health Inform., Nov. 2010, pp. 220–229.
[43] J. Pecarina, S. Pu, and J.-C. Liu, ‘‘SAPPHIRE: Anonymity for enhanced
control and private collaboration in healthcare clouds,’’ in Proc. 4th IEEE
Int. Conf. Cloud Comput. Technol. Sci. Proc., Dec. 2012, pp. 99–106.
[44] X. Sun, H. Wang, J. Li, and Y. Zhang, ‘‘Satisfying privacy requirements
before data anonymization,’’ Comput. J., vol. 55, no. 4, pp. 422–437,
Apr. 2012.
[45] A. A. Vengadapurvaja, G. Nisha, R. Aarthy, and N. Sasikaladevi,
‘‘An efficient homomorphic medical image encryption algorithm for
cloud storage security,’’ Procedia Comput. Sci., vol. 115, pp. 643–650,
Aug. 2017.
[46] M. Ma, D. He, M. K. Khan, and J. Chen, ‘‘Certificateless searchable public
key encryption scheme for mobile healthcare system,’’ Comput. Electr.
Eng., vol. 65, pp. 413–424, Jan. 2017.
[47] A. Sahai and B. Waters, ‘‘Fuzzy identity-based encryption,’’ in Proc.
Annu. Int. Conf. Theory Appl. Cryptograph. Techn., New York, NY, USA:
Springer, pp. 457–473, 2005.
[48] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, ‘‘Scalable and secure
sharing of personal health records in cloud computing using attribute-
based encryption,’’ IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1,
pp. 131–143, Jan. 2013.
[49] J. Bethencourt, A. Sahai, and B. Waters, ‘‘Ciphertext-policy attribute-
based encryption,’’ in Proc. IEEE Symp. Secur. Privacy, May 2007,
pp. 321–334.
[50] T. Hupperich, H. Löhr, A.-R. Sadeghi, and M. Winandy, ‘‘Flexible patient-
controlled security for electronic health records,’’ in Proc. 2nd ACM
SIGHIT Int. Health Informat. Symp., Jan. 2012, pp. 727–732.
[51] D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano, ‘‘Public
key encryption with keyword search,’’ in Proc. Int. Conf. Theory Appl.
Cryptograph. Techn., New York, NY, USA: Springer, 2004, pp. 506–522.
[52] M. Barua, X. Liang, R. Lu, and X. Shen, ‘‘ESPAC: Enabling security and
patient-centric access control for ehealth in cloud computing,’’ Int. J. Secur.
Netw., vol. 6, nos. 2–3, pp. 67–76, 2011.
[53] S. Ruj, M. Stojmenovic, and A. Nayak, ‘‘Privacy preserving access control
with authentication for securing data in clouds,’’ in Proc. 12th IEEE/ACM
Int. Symp. Cluster, Cloud Grid Comput., May 2012, pp. 556–563.
[54] B. K. Gowda and R. Sumathi, ‘‘Hierarchy attribute-based encryption with
timing enabled privacy preserving keyword search mechanism for e-health
clouds,’’ in Proc. 2nd IEEE Int. Conf. Recent Trends Electron., Inf. Com-
mun. Technol. (RTEICT), May 2017, pp. 425–429.
[55] N. Pramanick and S. T. Ali, ‘‘A comparative survey of searchable encryp-
tion schemes,’’ in Proc. 8th Int. Conf. Comput., Commun. Netw. Technol.
(ICCCNT), Jul. 2017, pp. 1–5.
[56] D. X. Song, D. Wagner, and A. Perrig, ‘‘Practical techniques for searches
on encrypted data,’’ in Proc. IEEE Symp. Secur. Privacy, May 2000,
pp. 44–55.
[57] R. Zhang, R. Xue, and L. Liu, ‘‘Searchable encryption for health-
care clouds: A survey,’’ IEEE Trans. Services Comput., vol. 11, no. 6,
pp. 978–996, Nov./Dec. 2017.
[58] A. D. Gupta, Y. Polyakov, K. Rohloff, and G. Ryan, ‘‘Securely sharing
encrypted medical information,’’ in Proc. IEEE 1st Int. Conf. Connected
Health, Appl., Syst. Eng. Technol. (CHASE), Jun. 2016, pp. 330–331.
VOLUME 7, 2019
[59] Y. Yang and M. Ma, ‘‘Conjunctive keyword search with designated
tester and timing enabled proxy re-encryption function for e-health
clouds,’’ IEEE Trans. Inf. Forensics Security, vol. 11, no. 4, pp. 746–759,
Apr. 2017.
[60] P. van Liesdonk, S. Sedghi, J. Doumen, P. Hartel, and W. Jonker, ‘‘Compu-
tationally efficient searchable symmetric encryption,’’ in Proc. Workshop
Secure Data Manage. New York, NY, USA: Springer, 2010, pp. 87–100.
[61] D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Roşu, and M. Steiner,
‘‘Highly-scalable searchable symmetric encryption with support for
Boolean queries,’’ in Advances in Cryptology—CRYPTO. New York, NY,
USA: Springer, 2013, pp. 353–373.
[62] J. Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, ‘‘Fuzzy keyword
search over encrypted data in cloud computing,’’ in Proc. IEEE INFO-
COM, Mar. 2010, pp. 1–5.
[63] D. Boneh, E. Kushilevitz, R. Ostrovsky, and W. E. Skeith, ‘‘Public key
encryption that allows PIR queries,’’ in Proc. Annu. Int. Cryptol. Conf.,
2007, pp. 50–67.
[64] A. Arriaga, Q. Tang, and P. Ryan, ‘‘Trapdoor privacy in asymmet-
ric searchable encryption schemes,’’ in Proc. Int. Conf. Cryptol. Afr.
New York, NY, USA: Springer, 2014, pp. 31–50.
[65] J. Baek, R. Safavi-Naini, and W. Susilo, ‘‘Public key encryption with
keyword search revisited,’’ in Proc. Int. Conf. Comput. Sci. Its Appl., 2008,
pp. 1249–1259.
[66] Q. Tang and L. Chen, ‘‘Public-key encryption with registered keyword
search,’’ in Proc. Eur. Public Key Infrastruct. Workshop. New York, NY,
USA: Springer, 2009, pp. 163–178.
[67] Y. Yang, ‘‘Attribute-based data retrieval with semantic keyword search for
e-health cloud,’’ J. Cloud Comput., vol. 4, no. 1, p. 10, Dec. 2015.
[68] J. Li, X. Lin, Y. Zhang, and J. Han, ‘‘KSF-OABE: Outsourced
attribute-based encryption with keyword search function for cloud stor-
age,’’ IEEE Trans. Services Comput., vol. 10, no. 5, pp. 715–725,
Sep./Oct. 2017.
[69] Q. Zheng, S. Xu, and G. Ateniese, ‘‘VABKS: Verifiable attribute-based
keyword search over outsourced encrypted data,’’ in Proc. IEEE Conf.
Comput. Commun., Apr. 2014, pp. 522–530.
[70] P. Liu, J. Wang, H. Ma, and H. Nie, ‘‘Efficient verifiable public key
encryption with keyword search based on KP-ABE,’’ in Proc. 9th Int. Conf.
Broadband Wireless Comput., Commun. Appl., Nov. 2014, pp. 584–589.
[71] J. Shao, Z. Cao, X. Liang, and H. Lin, ‘‘Proxy re-encryption with keyword
search,’’ Inf. Sci., vol. 180, no. 13, pp. 2576–2587, 2010.
[72] L. Fang, W. Susilo, C. Ge, and J. Wang, ‘‘Chosen-ciphertext secure
anonymous conditional proxy re-encryption with keyword search,’’ Theor.
Comput. Sci., vol. 462, pp. 39–58, Nov. 2012.
[73] Y. Shi, J. Liu, Z. Han, Q. Zheng, R. Zhang, and S. Qiu, ‘‘Attribute-based
proxy re-encryption with keyword search,’’ PloS One, vol. 9, no. 12, 2014,
Art. no. e116325.
[74] M. Blaze, G. Bleumer, and M. Strauss, ‘‘Divertible protocols and atomic
proxy cryptography,’’ in Proc. Int. Conf. Theory Appl. Cryptograph. Techn.
New York, NY, USA: Springer, 1998, pp. 127–144.
[75] K. Rabieh, K. Akkaya, U. Karabiyik, and J. Qamruddin, ‘‘A secure and
cloud-based medical records access scheme for on-road emergencies,’’ in
Proc. 15th IEEE Annu. Consum. Commun. Netw. Conf. (CCNC), Jan. 2018,
pp. 1–8.
[76] R. Bhateja, D. P. Acharjya, and N. Saxena, ‘‘Enhanced timing enabled
proxy re-encryption model for E-health data in the public cloud,’’ in
Proc. Int. Conf. Adv. Comput., Commun. Inform. (ICACCI), Sep. 2017,
pp. 2040–2044.
[77] M. Barni, P. Failla, R. Lazzeretti, A. Sadeghi, and T. Schneider,
‘‘Privacy-preserving ECG classification with branching programs and
neural networks,’’ IEEE Trans. Inf. Forensics Security, vol. 6, no. 2,
pp. 452–468, Jun. 2011.
[78] L. Guo, C. Zhang, J. Sun, and Y. Fang, ‘‘PAAS: A privacy-preserving
attribute-based authentication system for eHealth networks,’’ in Proc.
IEEE 32nd Int. Conf. Distrib. Comput. Syst., Jun. 2012, pp. 224–233.
[79] C. Gentry and S. Halevi, ‘‘Implementing gentry’s fully-homomorphic
encryption scheme,’’ in Proc. Annu. Int. Conf. Theory Appl. Cryptograph.
Techn., 2011, pp. 129–148.
[80] M. Naehrig, K. Lauter, and V. Vaikuntanathan, ‘‘Can homomorphic
encryption be practical?’’ in Proc. 3rd ACM Workshop Cloud Comput.
Secur. Workshop, Oct. 2011, pp. 113–124.
[81] A. E. Bouchti, S. Bahsani, and T. Nahhal, ‘‘Encryption as a service for data
healthcare cloud security,’’ in Proc. 5th Int. Conf. Future Gener. Commun.
Technol. (FGCT), Aug. 2016, pp. 48–54.
74381
 S. Chenthara et al.: Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing
[82] S. Carpov, T. H. Nguyen, R. Sirdey, G. Constantino, and
F. Martinelli, ‘‘Practical privacy-preserving medical diagnosis using
homomorphic encryption,’’ in Proc. IEEE 9th Int. Conf. Cloud Comput.
(CLOUD), Jul. 2016, pp. 593–599.
[83] K. Punithasurya and S. Jeba Priya, ‘‘Analysis of different access control
mechanism in cloud,’’ Int. J. Appl. Inf. Syst., vol. 4, no. 2, pp. 34–39, 2012.
[84] V. C. Hu, D. Ferraiolo, and D. R. Kuhn, Assessment of Access Control
Systems. Gaithersburg, MD, USA: Nat. Inst. Standards Technol., 2006.
[85] M. F. F. Khan and K. Sakamura, ‘‘Fine-grained access control to medical
records in digital healthcare enterprises,’’ in Proc. Int. Symp. Netw., Com-
put. Commun. (ISNCC), May 2015, pp. 1–6.
[86] H. S. G. Pussewalage and V. Oleshchuk, ‘‘A patient-centric attribute based
access control scheme for secure sharing of personal health records using
cloud computing,’’ in Proc. 2nd Int. Conf. Collaboration Internet Comput.
(CIC), Nov. 2016, pp. 46–53.
[87] S. Alshehri and R. K. Raj, ‘‘Secure access control for health information
sharing systems,’’ in Proc. IEEE Int. Conf. Healthcare Inform., Sep. 2013,
pp. 277–286.
[88] R. Sandhu, D. Ferraiolo, and R. Kuhn, ‘‘model for role-based access
control: Towards a unified standard,’’ in Proc. ACM Workshop Role-Based
Access Control, Jul. 2000, pp. 1–11.
[89] D. R. Kuhn, E. J. Coyne, and T. R. Weil, ‘‘Adding attributes to role-based
access control,’’ IEEE Comput., vol. 43, no. 6, pp. 79–81, Jun. 2010.
[90] E. Chickowski. (May 2012). ‘‘Healthcare unable to keep up with insider
threats,’’ Dark Reading, 2012. Accessed: May 12, 2018. [Online].
Available: https://www.darkreading.com/vulnerabilities—threats/
healthcare-unable-to-keep-up-with-insider-threats/d/d-id/1137610?
[91] H. S. G. Pussewalage and V. A. Oleshchuk, ‘‘An attribute based access
control scheme for secure sharing of electronic health records,’’ in Proc.
8th Int. Conf. E-Health Netw., Appl. Services (Healthcom), pp. 1–6,
Sep. 2016.
[92] M. Sicuranza and A. Esposito, ‘‘An access control model for easy manage-
ment of patient privacy in EHR systems,’’ in Proc. 8th Int. Conf. Internet
Technol. Secured Trans., Dec. 2013, pp. 463–470.
[93] J. Lacroix and O. Boucelma, ‘‘Trusting the Cloud: A PROV + RBAC
Approach,’’ in Proc. IEEE 7th Int. Conf. Cloud Comput., Jul. 2014,
pp. 652–658.
[94] A. Bahga and V. K. Madisetti, ‘‘A cloud-based approach for interoperable
electronic health records (EHRs),’’ IEEE J. Biomed. Health Informat.,
vol. 17, no. 5, pp. 894–906, Sep. 2013.
[95] U. Premarathne, A. Abuadbba, A. Alabdulatif, I. Khalil, Z. Tari,
A. Zomaya, and R. Buyya, ‘‘Hybrid cryptographic access control for
cloud-based EHR systems,’’ IEEE Cloud Comput., vol. 3, no. 4, pp. 58–64,
Aug. 2016. [Online]. Available: http://ieeexplore.ieee.org/abstract/
document/7571083/
[96] R. Gajanayake, R. Iannella, and T. Sahama, ‘‘Privacy oriented access con-
trol for electronic health records,’’ Electron. J. Health Inform., vol. 8, no. 2,
p. 15, 2014. [Online]. Available: http://www.ejhi.net/ojs/index.php/ejhi/
article/view/265
[97] J. Calvillo-Arbizu, I. Román-Martínez, and L. M. Roa-Romero, ‘‘Stan-
dardized access control mechanisms for protecting ISO 13606-based elec-
tronic health record systems,’’ in Proc. IEEE-EMBS Int. Conf. Biomed.
Health Inform. (BHI), Jun. 2014, pp. 539–542.
[98] K. Seol, Y.-G. Kim, E. Lee, Y.-D. Seo, and D.-K. Baik, ‘‘Privacy-
preserving attribute-based access control model for XML-based electronic
health record system,’’ IEEE Access, vol. 6, pp. 9114–9128, 2018.
[99] H. S. G. Pussewalage and V. A. Oleshchuk, ‘‘Attribute based access con-
trol scheme with controlled access delegation for collaborative E-health
environments,’’ J. Inf. Secur. Appl., vol. 37, pp. 50–64, Dec. 2017.
[100] P. Tasatanattakool and C. Techapanupreeda, ‘‘User authentication algo-
rithm with role-based access control for electronic health systems to
prevent abuse of patient privacy,’’ in Proc. 3rd IEEE Int. Conf. Comput.
Commun. (ICCC), Dec. 2017, pp. 1019–1024.
[101] W. Liu, X. Liu, J. Liu, Q. Wu, J. Zhang, and Y. Li, ‘‘Auditing and revo-
cation enabled role-based access control over outsourced private EHRs,’’
in Proc. 17th Int. Conf. High Perform. Comput. Commun., pp. 336–341,
Aug. 2015.
[102] M. Zhang and Y. Ji, ‘‘Blockchain for healthcare records: A data perspec-
tive,’’ PeerJ Preprints, vol. 6, May 2018, Art. no. e26942v1.
[103] A. Ekblaw, A. Azaria, J. D. Halamka, and A. Lippman, ‘‘A case study for
blockchain in healthcare:‘MedRec’ prototype for electronic health records
and medical research data,’’ in Proc. IEEE Open Big Data Conf., vol. 13,
Aug. 2016, p. 13.
74382
SHEKHA CHENTHARA the M.Tech. degree in
computer science from Mahatma Gandhi Univer-
sity, India. She is currently pursuing the Ph.D.
degree in computer science from the School
of Engineering and Science, Victoria University,
Melbourne, VIC, Australia. She has good expe-
rience in teaching and was a Full-Time Lecturer
in computer science with the Cochin University of
Science and Technology, India. Her research inter-
ests include cloud computing, big data security and
privacy, visual cryptography, cyber security, and block chain technology and
their applications in the e-health domain.
KHANDAKAR AHMED (M’11) the M.Sc. degree
in Networking and e-Business Centred Comput-
ing (NeBCC) under the joint consortia of Uni-
versity of Reading, U.K.; Aristotle University of
Thessaloniki, Greece; and Charles III University
of Madrid (UC3M), Spain, in 2011, and the Ph.D.
degree from RMIT University, Australia, in 2014.
He is currently a Lecturer with the Discipline of
IT, School of Engineering and Science, Victo-
ria University, Melbourne, VIC, Australia. During
his Ph.D., he was an Active Scholar with the Network Research Group,
School of Engineering, where he explored Data-Centric Storage (DCS)
in Wireless Sensor Network (WSN). Before joining Victoria University,
he was a Full-Time Lecturer with the School of IT and Engineering (SITE),
Melbourne Institute of Technology (MIT), Melbourne, and a Researcher
with Australia–India Research Centre for Automation Software Engineering
(AICAUSE), RMIT University, from 2016 to 2017. He was with AICAUSE
as a Postdoctoral Researcher, before he takes the full-time position at MIT,
from 2015 to 2016. He serves as a member of the Editorial Board of the Aus-
tralian Journal of Telecommunications and the Digital Economy (AJTDE)
and the TPC Chair for ITNAC 2017. He has also been serving as a Reviewer
for several international A* journals and conferences.
HUA WANG received the Ph.D. degree in com-
puter science from the University of Southern
Queensland (USQ), in 2004. He was a Professor
with USQ, from 2011 to 2013. He is currently a
Full-Time Professor with the Centre for Applied
Informatics, Victoria University. He has authored
or coauthored over 150 peer-reviewed research
papers mainly in data security, data mining, access
control, privacy, and web services, as well as
their applications in the fields of e-health and
e-environment.
FRANK WHITTAKER received the master’s
degree in international business and the Ph.D.
degree. His thesis was entitled Electronic Commu-
nities of Care—Measuring the Benefits.
At the forefront of digital care solutions for
more than two decades, he has been working
closely with providers, government, and research
institutions to transform the delivery of coordi-
nated care services and facilitate provider—client
collaboration. Over this time, he has been involved
in the design and implementation of a range of innovative solutions, gained
an extensive understanding of the challenges faced by community ser-
vice providers, and demonstrated the impact that personalized technologies
can have on care outcomes. He is involved in a number of postdoctoral
research projects. He is an Industry Relationship Manager with the Centre
for Applied Informatics, Victoria University. He is an experienced Project
Manager with an accounting/IT background. For his Ph.D., he investigated
the impact of technology on the delivery of three health care programs
using a five-perspective evaluation model to measure: access, participation,
health outcomes, safety and quality, and resource efficacy. His research and
evaluation framework were published, in 2013 and have since been utilized
and cited in many projects.
VOLUME 7, 2019