Embed Size (px)
Citation preview
to study the Security issues of security in cloud computing in the malaysian health sector
Research Proposal
Abstract
The field of cloud computing is still developing and in Malaysia the scenario is no different. In
Malaysian health care sector there are various organizations that focus on implementing cloud
computing but eventually they fail to do so because of the various security issues involved with
the process. There are also various factors related to adoption of cloud computing such as the
need to adopt new trends in technology, effective cost management, effective cloud computing
management and reliable data being obtained from the application on demand (Abukhousa et al,
2012). However as the server of cloud computing is open, it is often misused for illegal purposes
especially in the health care sector such as to gain information of patients from electronic health
records.
There are various researchers and several organizations that have agreed on the fact that cloud
computing will help in providing definition to a new trend in the coming few years as it will
impact almost all businesses with regard to the way they function. Companies related to creation
of large technologies are investing a large sum on developing their infrastructure, enhancing their
services, looking for tools that can help in cloud computing facilitation along with using cloud
computing in businesses so as to gain benefit out of the process (ENISA, 2009). Cloud
computing in health care businesses of Malaysia has a diversified, complicated and unique
scenario as there are various barriers existing such as health record protection from members and
HIPAA guidelines being followed as established by regulations to monitor federal compliance.
Additionally, the rising healthcare solutions cost has added further to the problem. Actions have
been taken for reducing consumer costs and a major role will be played by IT to achieve and
improve the patient’s clinical outcomes with quality in Malaysia (Eichelberg et al, 2005). It also
becomes intriguing to understand the way in which cloud computing in Malaysian health care
sector needs to be addresses to the security issues of the process. The main aim of this paper has
been justified by exploring the present state and security issues of cloud computing within
Malaysian health care industry in order to present suggestions for negating these security issues.
Keywords: healthcare, security issues, cloud computing, Malaysia, Electronic health records
(EHR)
Table of Contents
Abstract............................................................................................................................................1
1. Introduction..............................................................................................................................2
1.1 Research Problem.............................................................................................................3
1.2 Research Significance.......................................................................................................3
1.3 Research Question.............................................................................................................4
Main research Question...........................................................................................................4
Sub-Questions:.........................................................................................................................4
1.4 Aims and Objectives.........................................................................................................4
2. Literature Review (900 words)................................................................................................4
2.1 Adoption of Cloud computing..........................................................................................4
3. Methodology (300 words).......................................................................................................5
4. Results and Discussion (200 words)........................................................................................5
5. Recommendations and Conclusion (200 words).....................................................................5
References........................................................................................................................................6
1. Introduction
In the current period, cloud computing is a new technology which organizations use without
much data on the application and so often they end up failing in efficient implementation of the
same. The model of cloud computing consists of wider data rages and several store of
application. Furthermore, the model consists of stored networks through which users through
internet are able to access servers located in distant locations.
However, when companies consider to apply cloud computing, consumers of healthcare have to
have a clear knowledge of the applications benefits and associated risks in order to set
expectation that are realistic with regard to provider of cloud (Disha et al, 2013). Different
models need to be considered such as Infrastructure as a service, platform as a service and
software as a service as every model is responsible to bring several needs and responsibilities.
Models of cloud deployment need to be heavily weighed under decisions made strategically.
Cloud users face challenges of security not only externally but also internally. Most of the
matters of security are involved in cloud protection from barriers externally. In the cloud,
however, the responsibility of information security is shared by several clients (DesRouches et
al, 2008). These clients are inclusive of user of cloud, the CSPs and several other providers of
service on which the customer depends upon for obtaining software security sensitive
configurations in the health sector of Malaysia. The CSP here implies the security provision
given physically and external policies of firewall application.
This research proposal has been based in order to identify and briefly describe the issues in
health care sector of Malaysia in order to establish practical recommendations to deal with these
risks.
1.1 Research Problem
The research problem of this thesis will lies in the research statement, “to study the impact of
security issues related to cloud computing in the industry of health care, Malaysia”.
1.2 Research Significance
Users of cloud computing face challenges of security and most of these issues are related to
lesser protected cloud from threats externally existing. In Malaysia health sector, there have been
various examples wherein cloud computing usage has been found risky such as with regard to
electronic health records. It is important for health care institutions to maintain data
confidentiality and privacy as it involves patient’s individual data that is highly sensitive due to
being personal. There exists a gap in literature mainly because it has yet not been understood that
the infrastructure of cloud computing has the capability of supporting sensitive information
storage without breaking regulations of privacy (Amatayakul, 1999). Systems of cloud
authorization are believed to be strong and authorization can only be attained by correct
username and password but the cloud infrastructure is wide and involves complications posing
security challenges which need to be understood. The significance of this research lies in
understanding and filling this gap and adding relevance to future researches.
1.3 Research Question
Main research Question
What are the security issues associated with cloud computing in the Malaysian health care
industry and how can they be dealt?
Sub-Questions:
What are the challenges faced by Malaysia health sector in association to cloud
computing usage?
Is an improvement possible?
How can recommendations help in solving the security issues?
1.4 Aims and Objectives
The aim of this research lies in understanding completely the problems of cloud computing and
the issues of security involved with it within the industry of Malaysian health care. The objective
of this study on the other hand lies in the following (Buvya et al, 2009):
To study the influence of cloud computing security issues on the industry of Malaysian
health sector.
To study the way by which these security issues can be dealt with.
2. Literature Review (900 words)
2.1 Adoption of Cloud computing
The innovation theory of distribution as established by Roger helps in understanding why
innovative cloud computing practices are being adopted by industries all across the world. Cloud
computing is that model which helps attain convenience, on-demand access to network, shared
configuration of computable resources from resource pools such as servers, applications and
freedom from making efforts in managing the interaction with service provider. The cloud
computing upsurge has opened new doors for Malaysian health care deliver (Alvarez, 2004). The
network model of cloud computing has its basis on the thought of subcontracting the setup of
information technology for several service provides making the facilities and resources of health
care to be available on demand. The main challenge of cloud computing security lies in the fact
that the hardware is not controlled by the owner working on the information (Chhanabhai et al,
2007). Therefore, cloud computing requires a new model of security for Electronic Health
records that can help in distributing the responsible security existence between providers of
cloud services, the users and the clients. More and more researchers have used services of cloud
computing for solving various issues in information technology adoption in Malaysian healthcare
sector but there have been very limited research to integrate the cloud services with EHR (the
significant issue existing). By analyzing the problems of cloud computing integration with regard
to systems of health care such as EHR, several changes can be worked upon to simplify the
health industry operations in Malaysia.
2.2 Cloud Computing and Healthcare:
In a versatile application is created for walking electro-cardio graphic observing focused around
Android and IoS (iPhone Operating System). (Chowdhury, 2014, p. 5478)This application helps
medicinal work force to guide diagnose methodology effectively utilizing their cell phone and
deal with the day by day exercises associating distinctive zones. Kardia board is utilized to
procure ECG information from patient and this information is sent to cell phone (Android
telephone or telephone use Apple IOS).(Chowdhury, 2014) The created application at cell phone
examinations, transforms, and transfers information to remote server in cloud where further
transforming is carried out. The application helps specialists and patients to get to, view and
screen the patient wellbeing status. By utilizing this application, specialists have the capacity get
ECG waveform from information bases in cell phones which may lead the conclusion to genuine
issues. The disservice is that the created application can be utilized just on Android based
telephone or apple IoS telephone.(Chowdhury, 2014) The creators of have created a wearable –
material stage focused around open equipment and programming that gathers movement and
pulse information and stores them remotely on an open Cloud framework for observing and
further preparing. Sensors are connected to patient body which gathers bio-signal (heart rate,
heartbeat rate, circulatory strain and temperature), movement information of the patient and send
information to the cell phone of patient utilizing Bluetooth link.(Chowdhury, 2014) Cell phone
advances information to Google Cloud Service focus utilizing REST Web administrations.
(Chowdhury, 2014)Creators use java based application in cloud for information transforming and
sending wellbeing caution to patient. In cloud Google diagram is utilized for information
visualization. In paper, creators utilize cloud computing to unite distinctive restorative
foundations at Malaysia to impart therapeutic data. In wellbeing area medicinal applications can
be stacked into cloud's dynamic surroundings and treating the therapeutic gadgets as the piece of
the cloud, where programming modules are consequently sent on interest at the point when
needed with proper assets which can enhance restorative usefulness. (Chowdhury, 2014)
Neighborhood HIMS (Hospital Management Information framework) is facilitated into cloud.
Likewise this framework associate distinctive therapeutic gadgets in cloud to enhance their
handling capacity. TCLOUD proposes a home health awareness framework utilizing cloud
computing. In TCLOUD framework patients, therapeutic staff's and specialists will be associated
with get distinctive administrations. (Chowdhury, 2014)The administrations gave are medication
treatments administration (to enhancing consistence with specialist proposals), rest and light
administration (slumber checking) and physical action administration of patients. (Chowdhury,
2014)To execute TCLOUD OPENSTACK is utilized as IAAS. Quick segment of open Stack is
utilized to give database usefulness by means of excess stockpiling and NOVA part enables
Virtual machines. Apache is utilized as web server and Mysql as database server. (Chowdhury,
2014) Client speaks with the TCLOUD through a Web Portal and SOAP interface. STRIDE
strategy is utilized for security danger demonstrating. LIDDUN system is utilized for protection
string displaying and gear elicitation.(Chowdhury, 2014)
2.3 Advantages & Disadvantages of Cloud computing in a healthcare setting:
Cloud computing is helpful and decently acknowledged by business group however it is
generally new to the healthcare business. (Siang, 2010)Utilization of this innovation in
healthcare industry is by and large restricted by the concerns of how to classify of the patients'
information. In perspective of an incredible capability of helpful patient information stockpiling
and offering got from this cloud computing abilities, the utilization and the expectation to utilize
the innovation warrant legitimate investigation. (Siang, 2010) Obstruction to the reception of the
innovation needs to be investigated particularly by clinic heads. Customary system for medicinal
record stockpiling is not successful.(Siang, 2010) Paper stockpiling restrains flow of restorative
data due to its mass and the requirement for manual recovery and transportation. There is
additionally stockpiling issue by expanding number of patients with time. In addition, paper-
based medicinal record made duplication of record troublesome. Losing a patient envelope
normally means losing part or the majority of the persistent restorative data permanently. This
missing data will conceivably prompt duplication of unnecessary techniques and examinations.
Erroneous medicine may happen and this is the primary preventable therapeutic lapse which
spares life. (Siang, 2010)Making patient restorative record accessible whenever and anyplace by
means of innovation advancement permits specialist to settle on precise choice. In any case, there
are likewise burdens which join the appropriation of the cloud innovation.(Siang, 2010) The
merchants serve huge customer base with institutionalized item. Certain peculiarities which are
discriminating to the association may not be accessible and the doctor's facility is thinking that it
exceptionally hard to work around with the condition without a group of in-house IT specialists
since the administration has been outsourced. This condition constrains the control of the
doctor's facility's IT assets. (Siang, 2010)
As of late, the traditionalist open financed healthcare framework in United Kingdom- National
Health System (NHS) reported the plan to move its restorative database to cloud. (Siang, 2010)
An organization called Flexient has been designated to begin the pilot venture. (Siang,
2010)Presently, with the cloud computing, NHS's patient can expect better correspondence
between their General Practitioner (GP) and the healing facility advisors, but in the meantime
they have complete control over who ought to be permitted to view their therapeutic record.
(Siang, 2010) The move highlighted the vital part of the innovation in future healthcare.
3. Methodology Research Design
The research has been designed in a mixed way. Both primary as well as secondary sources will
be reviewed in the course of this research. By Secondary sources, we mean work done by
previous researches on the subject, including, but not limited to various journals, articles, reports
and white papers by eminent scholars. The primary research will be conducted in various health
care settings in Malaysia, with the aim to identify the problems in cloud computing and the
problems faced by healthcare professionals or institutions with respect to Cloud Computing,
especially the security risks involved.
Data Collection
Data collection will be carried out in five top hospitals in Malaysia, all of which used Cloud Computing. A questionnaire which has been prepared [attached below] will be uploaded on Surveymonkey.com and the participants shall be asked to answer some open ended as well as close ended questions.
Sample population
The general population for the purpose of this study is all the healthcare professionals in
Malaysia, who may be medical doctors, nurses, clinic specialists etc.
As it is not possible to survey the entire population, a smaller sample has been chosen, which
comprises of 100 healthcare professionals and administrative staff working in 5 hospitals over
Malaysia.
Data Analysis instrument (interviews or questionnaire)
Sample Questionnaire:
1. Work done at the hospital:
Medical Professional
Lab Assistant
Administration
2. Age:
25-35
35-45
Above 45
3. Technology makes most tasks easy
Strongly Agree
Agree
Do not know
Disagree
Strongly Disagree
4. Do you have any experience in using any form of electronic medical record?
Yes
No
5. Have you ever used Cloud Computing for medical records?
Always
Sometimes
Sparingly
Occasionally
Never
6. Use of cloud computing or any other electronic form of medical records shall:
Make my work easier
Have no effect on my work
Make my work more difficult
7. What is your opinion of the Cloud Computing for medical records?
8. What problems do you face while using the Cloud Computing System?
9. Do you prefer any other system than Cloud Computing? If Yes, Please mention which and why.
10. Additional comments that you may have.
THANK YOU FOR YOUR VALUABLE TIME.
4. Results and DiscussionThe results of the primary research will be classified according to the work done by the
respondents. That is, it will be initially divided according to Health care professionals, Lab
Assistants and Administration Staff. A propensity toward the use of technology shall be
measured. Respondents with a low propensity will be weighted 1, and ones with a high
propensity toward technology will be weighted 5. Similarly other respondents will be weighted
2, 3 or 4 as per their propensity toward technology. The logic of using weights is to try and
negate the biases some people have towards technology. In the analysis using multivariate
techniques, it is important that there is a test of normality. Hence, we will assume the distribution
to be normal when it comes to dependency on variables.
5. Recommendations and Conclusion With the study, at slightest the analyst will likely have more thought what are the primary
concerns of potential end client. The worry is essential as it may be the potential hindrance of
item buy and selection. The consequence of the study is essential in controlling the configuration
of the engineering and its peculiarities. It's additionally essential in managing outline of
showcasing project to advance the use. The study would expect end client of cloud computing
base EMR will in any event be less impervious to the beginning selection if a percentage of the
essential concerns are tended to. On the other hand, consequent use and its joining into every day
work without getting around the innovation will be difficult to be anticipated with the aftereffect
of the study. The gimmicks of the innovation also how it fit into the work process and cognitive
methodology of therapeutic experts will be critical. Dissimilar to other engineering for instance
cell telephone and web keeping money, the methodologies that took care of by the innovation is
less difficult and the client is primarily overall population. Cloud based EMR engineering is
diverse as it is considerably more unpredictable and the end client is medicinal experts The study
populace is decently instructed and the majority of them have great information about machine
and web.
ReferencesAbuKhousa, E., Mohamed, N., & Al-Jaroodi, J. (2012). e-Health Cloud: Opportunities and
Threats. J. Network and Computer Applications 35 (1), 211-220.
Alvarez, R. (2004). The Electronic Health Record: A Leap Forward in Patient Safety. Healthcare
Papers, 33-36.
Amatayakul, M. (1999). EHRs and the Consumer: A New Opportunity. In Murphy GF, Hanken
MA, Waters KA eds, 26-68.
Buyya, R., Yeo, C., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud Computing
Emerging IT Platforms: Vision, Hype and Reality for Delivering Computing as the 5th Utility.
Future Generation Computer Systems, 25(6), 599-616.
Chhanabhai, P., & Holt, A. (2007). Consumers are Ready to Accept the Transition to Online and
Electronic Records if they can be Assured of the Security Measures. Medscape General, 9(1).
Chowdhury, C. R. (2014). A Survey of Cloud Based Health Care System. International Journal
of Innovative Research in Computer and Communication Engineering , 5477-5481.
DesRouches, C., Campbell, E., & Rao, S. (2008). Electronic Health Records in Ambulatory Care
and National Survey of Physicians. N Engl J Med, 50-60.
Disha, P. H., & Sridaran, R. (2013). An Analysis of Security Challenges in Cloud. International
Journal of Advanced Computer Science and Applications, 4(1).
Eichelberg, M. (2005). A Survey and Analysis of Electronic Heaelthcare Record Standards.
ACM Computing Surveys, 37(4), 277-315.
ENISA. (2009). Cloud Computing: Benefits, Risks and Recommendations for Information
Security.
Finance, B., Medjdoub, S., & Pucheral, P. (2005). Privacy of Medical Records: From Law
Principles to Practice. 18th IEEE Symposium on Computer-based Medical Systems, (pp. 220-
225).
Gottlieb, L., Stone, E., Stone, D., Dunbrack, L., & Calladine, J. (2005). Regulatory and Policy
Barries to Effective Clinical Data Exchange.
HealthConnect Business Architecture. (2003). HealthConnect Business Architecture.
Jha, A., DesRoches, C., Campbell, E., Donelan, K., Rao, S., Ferris, T., et al. (2009). Use of
Electronic Health Records in US Hospitals. The New England Journal of Medicine, 10, 1628-
1638.
Jha, A., Doolan, D., Grandt, D., Scott, T., & Bates, D. (2008). The Use of Health Information
Technology in Seven Nations. International Journal of Medical Informatics, 77(12), 848-854.
Mell, P., & Grance, T. (2011). NIST Definition of Cloud Computing. USA: National Institute of
Standards and Technology.
Mirza, H., & El-Masri , S. (2013). Cloud Computing System for Integrated Electronic . Stud
Health Technol Inform.
Ray, P., & Wimalasiri, J. (2006). The Need for Technical Solutions for Maintaining the Privacy
of EHR. 28th Annual International Conference of the IEEE, Engineering in Medicine and
Biology Society, (pp. 4686-4689).
Romanow, R. (2002). Building on Values: The Future of Healthcare in Canada-Final Report.
Canada: Commission on the Future of Healthcare in Canada.
Siang, S. Y. (2010). ASSESSING MALAYSIAN HEALTHCARE PROFESSIONALS’
PERCEPTION AND INTENTION IN UTILIZING CLOUD COMPUTING MEDICAL
RECORD. UNIVERSITI TUNKU ABDUL RAHMAN.
Silverman, D. (1998). The Electronic Medical Record System: Healthcare Marvel or Morass.
Physician Executive, 24(3), 26-36.
Spil, T. (2010). Value, Participation and Quality of Electronic Health Records in the
Netherlands. 43rd Hawaii International Conference on System Sciences, (pp. 1-10).
Stanoevska-Slabeva, K., Wozniak, T., & Ristol, S. (2009). Grid and Cloud Computing: A
Business Perspective on Technology and Applications. Springer.
Sun, J., & Fang, Y. (2010). Cross-domain Data Sharing in Distributed Electronic Health Record
Systems. IEEE Transactions on Parallel and Distributed Systems, 21(6), 754-764.
Wayne, P. (2008). Cloud versus Cloud-A Guided Tour of Amazon, Google, AppNexus and
GoGrid. InfoWorld.
Wimalasiri, J., Ray, P., & Wilson, C. (2004). Maintaining Security in an Ontology Driven Multi-
agent System for Electronic Health Records. In K. Kurokawa, I. Nakajima, & Y. Ishibashi (Ed.),
6th International Workshop on Enterprise Networking and Computing in Healthcare Industry,
(pp. 19-24). Odawara, Japan.
Zhang, L., & Zhou, Q. (2009). Cloud Computing Open Architecture. IEEE International
Conference on Web Services, (pp. 607-617). Los Angeles, CA.
