Privacy preservation of electronic health records with adversarial attacks identification in hybrid cloud

An increasing trend in healthcare organizations to outsource EHRs' data to the cloud highlights new challenges regarding the privacy of given individuals. Healthcare organizations outsource their EHRs data in a hybrid cloud that elevates the problem of security and privacy in terms of EHRs' access to an unlimited number of recipients in a hybrid cloud environment. In this paper, we investigated the need for a privacy-preserving access control model for the hybrid cloud. A comprehensive and exploratory analysis of privacy-preserving solutions with the help of taxonomy for cloud-based EHRs is described in this work. We have formally identified the existence of internal access control and external privacy disclosures in outsourcing system architecture for hybrid cloud. Then, we proposed a privacy-preserving XACML based access control model (PPX-AC) that supports fine-grained access control with the multipurpose utilization of EHRs alongside state-of-the-art privacy mechanism. Our proposed approach invalidates the identified security and privacy attacks. We have formally verified the proposed privacy-preserving XACML based access control model (PPX-AC) with the invalidation of identified privacy attacks using High-Level Petri Nets (HLPN). Moreover, property verification of the proposed model in SMTlib and Z3 solver and implementation of the model proves its effectiveness in terms of privacy-aware EHRs access and multipurpose usage.

Automated summary

This paper investigates the need for a privacy-preserving access control model for healthcare organizations outsourcing EHRs data to a hybrid cloud. The proposed privacy-preserving XACML based access control model effectively invalidates identified security and privacy attacks, verified using High-Level Petri Nets, SMTlib, and Z3 solver. Implementing the model demonstrates its effectiveness in privacy-aware EHRs access and multipurpose usage.