healthcare data privacy on the cloud aka how can we use a
play

Healthcare Data Privacy on the Cloud (AKA How can we use a public - PowerPoint PPT Presentation

Apr 07, 2024 •217 likes •415 views

Healthcare Data Privacy on the Cloud (AKA How can we use a public cloud for patient health records?) Kunwadee Sripanidkulchai, Ph.D. Head of Healthcare Systems and Data Analytics Lab (HDA), NECTEC 1 kunwadee (AT) nectec.or.th Around 2011, we

  1. Healthcare Data Privacy on the Cloud (AKA How can we use a public cloud for patient health records?) Kunwadee Sripanidkulchai, Ph.D. Head of Healthcare Systems and Data Analytics Lab (HDA), NECTEC 1 kunwadee (AT) nectec.or.th

  2. Around 2011, we started this massive healthcare data project... Data Analytics and Health Records SaaS Cloud-based Health Information Exchange and Data Analytics Platform Hospital C Hospital A Hospital B 4 II Electronic Health Records 2 kunwadee (AT) nectec.or.th

  3. Motivation for using a public cloud as the underlying infrastructure for a new SaaS offering • Lower barrier to deployment • Easier to implement • Rapid elasticity and auto-scaling • High availability • Data durability (automatic replication) • Backups • Future-proof approach through automatic patching and upgrade of the hardware, OS and platform services 3 kunwadee (AT) nectec.or.th

  4. Public Cloud Show-Stoppers • Most popular question: Will the data be private? • Caveats (in Thailand’s case): • Cloud location • Legal implications for location of data storage • Network performance • Cost 4 kunwadee (AT) nectec.or.th

  5. For the rest of this talk • Focus on the privacy of data • Assume that cloud provider implements and ensures best practices in infrastructure security • Assume we implement best practices in application-level security 5 kunwadee (AT) nectec.or.th

  6. My users’ worst nightmares Is deleted data really deleted? http://alestic.com/2009/09/ec2-public-ebs-danger 6 kunwadee (AT) nectec.or.th

  7. My users’ worst nightmares Is deleted data really deleted? http://alestic.com/2009/09/ec2-public-ebs-danger Source: wikipedia 6 kunwadee (AT) nectec.or.th

  8. My users’ worst nightmares Is deleted data really deleted? http://alestic.com/2009/09/ec2-public-ebs-danger Remediation: Cloud user must perform secure delete Source: wikipedia 6 kunwadee (AT) nectec.or.th

  9. So secure delete will work for files or instances that I terminate myself... • What about deleted database records? • What about data on instances that are auto-scaled? What happens when they crash or when the provider terminates them? • What about data on “durable” data replicas that the provider automatically creates for me? What happens when they crash or when the provider terminates them? Source: wikipedia 7 kunwadee (AT) nectec.or.th

  10. So secure delete will work for files or instances that I terminate myself... • What about deleted database records? • What about data on instances that are auto-scaled? What happens when they crash or when the provider terminates them? • What about data on “durable” data replicas that the provider automatically creates for me? What happens when they crash or when the provider terminates them? Source: wikipedia 7 kunwadee (AT) nectec.or.th

  11. So secure delete will work for files or instances that I terminate myself... • What about deleted database records? • What about data on instances that are auto-scaled? What happens when they crash or when the provider terminates them? • What about data on “durable” data replicas that the provider automatically creates for me? What happens when they crash or when the provider terminates them? Remediation: Data encryption. Source: wikipedia 7 kunwadee (AT) nectec.or.th

  12. What about other types of breaches? • Heartbleed (SSL) may have exposed sensitive account information • Amazon Cross-Site Scripting (XSS) bug • VENOM (qemu) and other possible cross-VM side channels 8 Source: Crowdstrike kunwadee (AT) nectec.or.th

  13. What about other types of breaches? • Heartbleed (SSL) may have exposed sensitive account information • Amazon Cross-Site Scripting (XSS) bug • VENOM (qemu) and other possible cross-VM side channels Remediation: Data encryption. 8 Source: Crowdstrike kunwadee (AT) nectec.or.th

  14. Encryption sounds easy enough, but is it? • Search over encrypted data • Key management (preferably outside the public cloud) • Manage application user access to data (preferably outside the public cloud) 9 kunwadee (AT) nectec.or.th

  15. Encryption sounds easy enough, but is it? • Search over encrypted data • Key management (preferably outside the public cloud) • Manage application user access to data (preferably outside the public cloud) Remediation: Encryption and decryption of data off the cloud! 9 kunwadee (AT) nectec.or.th

  16. Encryption sounds easy enough, but is it? • Search over encrypted data • Key management (preferably outside the public cloud) • Manage application user access to data (preferably outside the public cloud) Remediation: Encryption and decryption of data Source: wikipedia off the cloud! 9 kunwadee (AT) nectec.or.th

  17. Implications of off-cloud encryption • The cloud must only see and use encrypted data at any point in time, thus data must be encrypted and decrypted off the public cloud • We must run application servers to support encryption Simplified implementation and decryption off the public cloud • Application servers that are off the public cloud no longer Key Application benefit from high availability, auto-scaling, and back-ups management servers offered by the public cloud 10 kunwadee (AT) nectec.or.th

  18. Summary • We can use the public cloud to store encrypted data that will support data privacy, as long as, we have an infrastructure off-the-cloud that will perform all encryption, decryption, and key management • We lose the benefits of cloud computing as the encrypt/decrypt computation infrastructure and the key management infrastructure needs to be off-the-cloud We are left to • No auto-scaling implement these features in our • No high-availability own private • No automated backups cloud. 11 kunwadee (AT) nectec.or.th

Recommend

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

455 views • 10 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data Protection and Ethics Contents Privacy in the Digital age: main issues Ethics: definitions and background Privacy challenges in Health

713 views • 23 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology Transactions Practice Groups November 14, 2017 Linda Rhodes Joe Pennell Brad Peterson Partner Partner Partner 202-263-3382 312-701-8354

313 views • 29 slides
Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned Did you know... 77 percent of all Americans feel their personal health information privacy is very important, and 84 percent said they

770 views • 50 slides
50X 3X 2.7 49% From 2018 to 2020, health data The global healthcare cloud devices used by

50X 3X 2.7 49% From 2018 to 2020, health data The global healthcare cloud devices used by

Cloud Big data Mobile Social 50X 3X 2.7 49% From 2018 to 2020, health data The global healthcare cloud devices used by physicians, on of patients want access to worldwide is expected to grow market could triple from 2018 to average,

405 views • 19 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
Protecting the Privacy of Healthcare Data While Preserving the Utility of Geographic Location

Protecting the Privacy of Healthcare Data While Preserving the Utility of Geographic Location

Protecting the Privacy of Healthcare Data While Preserving the Utility of Geographic Location Information for Epidemiologic Research Daniel C. Barth-Jones, M.P.H., Ph.D. Center for Healthcare Effectiveness Research Wayne State University (

653 views • 61 slides
Alternative Titles: What are the practical implications of the HIPAA privacy rules for

Alternative Titles: What are the practical implications of the HIPAA privacy rules for

Protecting the Privacy of Healthcare Data While Preserving the Utility of Geographic Location Information for Epidemiologic Research Daniel C. Barth-Jones, M.P.H., Ph.D. Center for Healthcare Effectiveness Research Wayne State University (

448 views • 31 slides
Cloud Computing - the basics Rachel Dixon Privacy and Data Protection Deputy Commissioner Office

Cloud Computing - the basics Rachel Dixon Privacy and Data Protection Deputy Commissioner Office

Cloud Computing - the basics Rachel Dixon Privacy and Data Protection Deputy Commissioner Office of the Victorian Information Commission Victorian Privacy Network Meeting State Library of Victoria 9 October 2019 Freedom of Information | Privacy

398 views • 26 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit

Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit

Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit degli Studi di Milano sara.foresti@unimi.it Secure Cloud Services and Storage Workshop 2017 September 10, 2017 Oslo, Norway SPDP Lab c 1/32

761 views • 48 slides
Architecture Principles for Data Privacy of Cloud-based Medical Device Services Dr. Andrzej J.

Architecture Principles for Data Privacy of Cloud-based Medical Device Services Dr. Andrzej J.

Architecture Principles for Data Privacy of Cloud-based Medical Device Services Dr. Andrzej J. Knafel Data Protection Laws Architecture for Selected Technical Controls of Data Privacy Conclusions Data Protection Overview of laws and controls

411 views • 22 slides
Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg, August 2nd, 2010 Cloud

775 views • 43 slides
Privacy in Healthcare Data Sharing Challenges and Opportunities Nan Zhang Associate Professor,

Privacy in Healthcare Data Sharing Challenges and Opportunities Nan Zhang Associate Professor,

Privacy in Healthcare Data Sharing Challenges and Opportunities Nan Zhang Associate Professor, The George Washington University Program Director, National Science Foundation Challenges s e c h i t c c r a a r e P s e e n r

389 views • 23 slides
Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th

The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th

The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th International Conference on Provable Security Xian, China - October 23rd, 2017 David Pointcheval Introduction 2 / 26 Anything from Anywhere

103 views • 7 slides
From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun Pang Why privacy for eHealth?

From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun Pang Why privacy for eHealth?

From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun Pang Why privacy for eHealth? Healthcare data: inherently private. Subversion of data processing: dangerous! FHIES, 29-30 August 2011 Hugo Jonker - p. 2/25 Current

546 views • 32 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Privacy: 10 Facts to handle cross - border data traFFic with oPenstack International + EU +

Privacy: 10 Facts to handle cross - border data traFFic with oPenstack International + EU +

Privacy: 10 Facts to handle cross - border data traFFic with oPenstack International + EU + Germany Daniela Ebert | Open Telekom Cloud Engineer Sebastian Wenner | Open Telekom Cloud Architect contact Sebas astian ian Wenner Danie iela la

548 views • 38 slides

More recommend