January 10th, 2018
Data Storage, Maintenance and Safety for Integrated Electronic Health Records in Cloud-Based Architectures
Cloud computing offers an alternative to enterprise-based architectures for integrating Electronic Health Records (EHRs). For instance, Kuo (2011) observes that cloud computing solutions offer opportunities for reducing the costs associated with integrating EHRs since they provide savings on aspects such as hardware and software that the organization would otherwise need to purchase. Such savings arise since cloud computing, due to its higher virtualization characteristics compared to predecessor technologies such as grid computing, enables users to access records stored in a remote location using standard web browsers (Weinhardt et al., 2009). However, for cloud computing to offer a realistic option for integrating EHRs , aspects such as safety of data stored, building trust in providers, and maintenance of data stored in the cloud must be ensured (Weinhardt et al., 2009; Kuo, 2011). This paper discusses the aspects of data storage, maintenance and safety in cloud computing, with regard to EHRs.
Data Storage and Maintenance in Cloud Computing solutions
Data storage in cloud computing is enabled through three layers of technologies that comprise the cloud computing framework. Firstly, the infrastructure layer concerns businesses such as Amazon that offer storage-space solutions (a storage service) or solutions for computing power (a computing service) (Weinhardt et al., 2009). A second layer of cloud computing models is the platform layer. This refers to the solutions that enable the connection of the user to the data stored in the infrastructure layer, usually presented as a platform-as-a service product (Weinhard et al, 2009). Such platform can either be development oriented, where they offer capabilities for developers to build applications and store them in the cloud from where they can be run using the standard web browsers (Weinhardt et al., 2009). Alternatively, business platforms exist (e.g. Salesforce) that allow for development, installation and management of applications for facilitating business processes in the cloud (Weinhardt et al., 2009). The last layer of cloud computing is the applications layer, which could be presented either as Software-as-a-Service (SaaS) (e.g. Google Apps) or via provisioning of basic web services as needed (e.g. StrikeIron) (Weinhardt et al., 2009).
Data storage in cloud computing mainly involves the infrastructure level of the cloud computing framework. In this respect, the storage service providers offer space where entities can store their electronic health records, thus allowing retrieval using the associated applications when such data is needed (Mueller & Pantos, 2012). Just as in enterprise-based architecture, the data stored is organized into databases maintained in servers provided by the providers of cloud computing infrastructure services such as Amazon (Zhang, 2012). Users of the EHRs information, such as physicians, patients, and healthcare plan sponsors can add the data on such databases and modify the records based on the access level provided through the authorizations offered by the applications that are integrated into the platform. Such changes to the data are effected according to the requests (e.g. GET, POST, DELETE) that are sent via the browser interface once the user provides appropriate log-in details (Zhang, 2012).
The integrity of the EHRs stored in the cloud computing solution can be ensured through the use of electronic signatures. One such approach is the use of public key infrastructure that employs asymmetric cryptographic algorithms such as the Digital Signature algorithm, the standard stipulated by the Federal Government (Pharow & Blobel, 2005). Use of such signatures necessitates validation of the authenticity of the information contained by the records by a trusted third party (TTP) (Pharow & Blobel, 2005). Such a TTP provides the assurance of authenticity of the data through certificates and revocation lists of such certificates. However, the assurance offered by such certificates may fail to provide appropriate guides concerning authenticity of EHRs due to the static nature of such certificates, compared to the dynamic nature of information provided via EHRs that is updated frequently (Pharow & Blobel, 2005). Concerning such a challenge, an additional approach to maintaining the integrity of data stored is to provide qualified time stamps for all transactions affecting the stored records (Pharow & Blobel, 2005). Such time stamps record the time at which access and modification of data were made, thus allowing verification by counterchecking with the user login details.
Another challenge of storing data in the cloud arises that arises with the need for interoperability across various stakeholders in the healthcare delivery system, is providing the data into a standard format that enable access. The data available from various stakeholders such as plan sponsors and healthcare providers have wide differences (Mueller & Pantos, 2012). This arises from the disparate formats in which data concerning aspects such as patient medical records, billeting systems, health risk assessments, benefits systems and claims are stored. Accordingly, to enhance the interoperability, such data needs to be organized into a standard format that can be managed under one platform thus allowing access to the relevant sections of the data by authorized personnel (Mueller & Pantos, 2012). The choice of the location of data storage facilities and the type of cloud to use depends on the security concerns and ability of the provider to meet the entity’s needs. Accordingly, the subsequent section evaluates the security concerns with integrating EHRs in a cloud-computing architecture.
Go to part two here.