IEEE Access (Jan 2018)

Privacy Preservation in e-Healthcare Environments: State of the Art and Future Directions

  • Muneeb Ahmed Sahi,
  • Haider Abbas,
  • Kashif Saleem,
  • Xiaodong Yang,
  • Abdelouahid Derhab,
  • Mehmet A. Orgun,
  • Waseem Iqbal,
  • Imran Rashid,
  • Asif Yaseen

DOI
https://doi.org/10.1109/ACCESS.2017.2767561
Journal volume & issue
Vol. 6
pp. 464 – 478

Abstract

Read online

e-Healthcare promises to be the next big wave in healthcare. It offers all the advantages and benefits imaginable by both the patient and the user. However, current e-Healthcare systems are not yet fully developed and mature, and thus lack the degree of confidentiality, integrity, privacy, and user trust necessary to be widely implemented. Two primary aspects of any operational healthcare enterprise are the quality of healthcare services and patient trust over the healthcare enterprise. Trust is intertwined with issues like confidentiality, integrity, accountability, authenticity, identity, and data management, to name a few. Privacy remains one of the biggest obstacles to ensuring the success of e-Healthcare solutions in winning patient trust as it indirectly covers most security concerns. Addressing privacy concerns requires addressing security issues like access control, authentication, non-repudiation, and accountability, without which end-to-end privacy cannot be ensured. Achieving privacy from the point of data collection in wireless sensor networks, to incorporating the Internet of Things, to communication links, and to data storage and access, is a huge undertaking and requires extensive work. Privacy requirements are further compounded by the fact that the data handled in an enterprise are of an extremely personal and private nature, and its mismanagement, either intentionally or unintentionally, could seriously hurt both the patient and future prospects of an e-Healthcare enterprise. Research carried out in order to address privacy concerns is not homogenous in nature. It focuses on the failure of certain parts of the e-Healthcare enterprise to fully address all aspects of privacy. In the middle of this ongoing research and implementation, a gradual shift has occurred, moving e-Healthcare enterprise controls away from an organizational level toward the level of patients. This is intended to give patients more control and authority over decision making regarding their protected health information/electronic health record. A lot of works and efforts are necessary in order to better assess the feasibility of this major shift in e-Healthcare enterprises. Existing research can be naturally divided on the basis of techniques used. These include data anonymization/pseudonymization and access control mechanisms primarily for stored data privacy. This, however, results in giving a back seat to certain privacy requirements (accountability, integrity, non-repudiation, and identity management). This paper reviews research carried out in this regard and explores whether this research offers any possible solutions to either patient privacy requirements for e-Healthcare or possibilities for addressing the (technical as well as psychological) privacy concerns of the users.

Keywords