Improving Individual Acceptance of Health Clouds through Confidentiality AssuranceFunding The work presented in this paper was performed to support the TRESOR research project, which is funded by the German Federal Ministry of Economic Affairs and Energy under grant number 01MD11062.
03 July 2016
accepted: 12 September 2016
18 December 2017 (online)
Background Cloud computing promises to essentially improve healthcare delivery performance. However, shifting sensitive medical records to third-party cloud providers could create an adoption hurdle because of security and privacy concerns.
ObjectivesThis study examines the effect of confidentiality assurance in a cloud-computing environment on individuals’ willingness to accept the infrastructure for inter-organizational sharing of medical data.
MethodsWe empirically investigate our research question by a survey with over 260 full responses. For the setting with a high confidentiality assurance, we base on a recent multi-cloud architecture which provides very high confidentiality assurance through a secret-sharing mechanism: Health information is cryptographically encoded and distributed in a way that no single and no small group of cloud providers is able to decode it.
ResultsOur results indicate the importance of confidentiality assurance in individuals’ acceptance of health clouds for sensitive medical data. Specifically, this finding holds for a variety of practically relevant circumstances, i.e., in the absence and despite the presence of conventional offline alternatives and along with pseudonymization. On the other hand, we do not find support for the effect of confidentiality assurance in individuals’ acceptance of health clouds for non-sensitive medical data. These results could support the process of privacy engineering for health-cloud solutions.
Citation: Ermakova T, Fabian B, Zarnekow R. Improving individual acceptance of health clouds through confidentiality assurance.
- 1 Abbas A, Khan SU. A Review on the State-of-the-Art Privacy Preserving Approaches in the e-Health Clouds. IEEE Journal of Biomedical and Health Informatics 2014; 18 (04) 1431-1441.
- 2 Acquisti A, Gross R. Imagined Communities: Awareness Information Sharing and Privacy on the Facebook. Proceedings of the 6th International Conference Privacy Enhancing Technologies. 2006
- 3 Ahuja SP, Mani S, Zambrano J. A Survey of the State of Cloud Computing in Healthcare. Network and Communication Technologies 2012; 01 (02) 12-19.
- 4 Ancker JS, Silver M, Miller MC, Kaushal R. Consumer Experience with and Attitudes toward Health Information Technology: A Nationwide Survey. American Medical Informatics Association 2012; 20 (01) 152-156.
- 5 Ancker JS, Edwards AM, Miller MC, Kaushal R. Consumer Perceptions of Electronic Health Information Exchange. American Journal of Preventive Medicine 2012; 34 (01) 76-80.
- 6 Anderson C, Agarwal R. The Digitization of Healthcare: Boundary Risks, Emotion, and Consumer Willingness to Disclose Personal Health Information. Information Systems Research 2011; 22 (03) 469-490.
- 7 Angst C, Agarwal R, Downing J. An Empirical Examination of the Importance of Defining PHR for Research and for Practice. Robert H. Smith School Research Paper. No. RHS-06–011; 2006
- 8 Appari A, Johnson ME. Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management 2010; 06 (04) 279-314.
- 9 Bansal G, Zahedi F, Gefen D. The Impact of Personal Dispositions on Privacy and Trust in Disclosing Health Information Online. Proceedings of the 13th Americas Conference on Information Systems (AMCIS). 2007
- 10 Bansal G, Zahedi F, Gefen D. The Impact of Personal Dispositions on Information Sensitivity, Privacy Concern and Trust in Disclosing Health Information. Online Decision Support Systems 2010; 49 (02) 138-150.
- 11 Bansal G, Davenport R. Moderating Role of Perceived Health Status on Privacy Concern Factors and Intentions to Transact with High versus Low Trustworthy Health Websites. Proceedings of the 5th MWAIS (Midwest Association for Information) Conference. 2010
- 12 Banerjee A, Zosa BM, Allen D, Wilczewski PA, Ferguson R, Claridge JA. Implementation of an Image Sharing System Significantly Reduced Repeat Computed Tomographic Imaging in a Regional Trauma System. Journal of Trauma and Acute Care Surgery 2016; 80 (01) 51-4.
- 13 Bellman S, Johnson EJ, Kobrin SJ, Lohse GL. International Differences in Information Privacy Concerns: A Global Survey of Consumers. The Information Society 2004; 20 (05) 313-324.
- 14 Dinev T, Albano V, Xu H, D’Atri A, Hart P. Individual’s Attitudes Towards Electronic Health Records – A Privacy Calculus Perspective. Annals of Information Systems 2012; 19: 19-50.
- 15 Dijk A, Busman JP, Van der Putten N, Dassen W. Transmural Exchange of Cardiology Related Information between two Academic Centers and Referring Hospitals Using XDS(-I). Proceedings of the IEEE Conference Computing in Cardiology. 2010
- 16 Ermakova T, Fabian B. Secret Sharing for Health Data in Multi-Provider Clouds. Proceedings of the 15th IEEE Conference on Business Informatics (CBI). 2013
- 17 Ermakova T, Fabian B, Zarnekow R. Acceptance of Health Clouds – a Privacy Calculus Perspective. Proceedings of the 22nd European Conference on Information Systems (ECIS). 2014
- 18 Fabian B, Ermakova T, Junghanns P. Collaborative and Secure Sharing of Healthcare Data in Multi-Clouds. Information Systems 2014; 48: 132-150.
- 19 Ford CA, Millstein SG, Halpern-Felsher BL, Irwin Jr. CE. Influence of Physician Confidentiality Assurances on Adolescents’ Willingness to Disclose Information and Seek Future Health Care: A Randomized Controlled Trial. Journal of the American Medical Association 1997; 278 (12) 1029-1034.
- 20 Fujita H, Uchimura Y, Waki K, Omae K, Takeuchi I, Ohe K. Development and Clinical Study of Mobile 12-Lead Electrocardiography Based on Cloud Computing for Cardiac Emergency. Studies in Health Technology and Informatics 2013; 192: 1077.
- 21 Griebel L, Prokosch HU, Köpcke F, Toddenroth D, Christoph J, Leb I, Engel I, Sedlmayr M. A Scoping Review of Cloud Computing in Healthcare. BMC Medical Informatics and Decision Making 2015; 15: 1.
- 22 Haskew J, Rø G, Saito K, Turner K, Odhiambo G, Wamae A, Sharif S, Sugishita T. Implementation of a Cloud-Based Electronic Medical Record for Maternal and Child Health in Rural Kenya. International Journal of Medical Informatics 2015; 84 (05) 349-354.
- 23 Hsieh JC, Li AH, Yang CC. Mobile, Cloud, and Big Data Computing: Contributions, Challenges, and New Directions in Telecardiology. International Journal of Environmental Research and Public Health 2013; 10 (11) 6131-53.
- 24 Ion I, Sachdeva N, Kumaraguru P, Capkun S. Home is Safer than the Cloud! Privacy Concerns for Consumer Cloud Storage. Proceedings of the 7th Symposium on Usable Privacy and Security. 2011
- 25 Karthikeyan N, Sukanesh R. Cloud Based Emergency Health Care Information Service in India. Journal of Medical Systems 2012; 36 (06) 4031-4036.
- 26 Kao HY, Wu WH, Liang TY, Lee KT, Hou MF, Shi HY. Cloud-Based Service Information System for Evaluating Quality of Life after Breast Cancer Surgery. PLoS ONE 2015; 10 (09) e0139252.
- 27 King T, Brankovic L, Gillard P. Perspectives of Australian Adults about Protecting the Privacy of Their Health Information in Statistical Databases. International Journal of Medical Informatics 2012; 81 (04) 279-289.
- 28 Kuo AMH. Opportunities and Challenges of Cloud Computing to Improve Health Care Services. Journal of Medical Internet Research 2011; 13 (03) e67.
- 29 Kuo KM, Ma CC, Alexander J. How do Patients Respond to Violation of their Information Privacy. Health Information Management Journal 2013; 43 (02) 23-33.
- 30 Lafky DB, Horan TA. Personal Health Records: Consumer Attitudes toward Privacy and Security of their Personal Health Information. Health Informatics Journal 2011; 17 (01) 63-71.
- 31 Laric MV, Pitta DA, Katsanis LP. Consumer Concerns for Healthcare Information Privacy: A Comparison of US and Canadian Perspectives. Research in Healthcare Financial Management 2009; 12 (01) 93-111.
- 32 Latif R, Abbas H, Assar S. Distributed Denial of Service (DDoS) Attack in Cloud-Assisted Wireless Body Area Networks: A Systematic Literature Review. Journal of Medical Systems 2014; 38 (11) 128.
- 33 Laudon KC, Laudon JP, Schoder D. Wirtschaftsinformatik – Eine Einführung, 2. aktualisierte Auflage. Pearson Studium. 2010
- 34 Li Y, Baron J. Behavioral Research Data Analysis with R. New York: Springer; 2012
- 35 Li F, Zou X, Liu P, Chen JY. New Threats to Health Data Privacy. BMC Bioinformatics 2011; 12 (12) S7.
- 36 Lin A, Chen NC. Cloud Computing as an Innovation: Perception, Attitude, and Adoption. International Journal of Information Management 2012; 32 (06) 533-540.
- 37 Lin CY, Peng KL, Chen J, Tsai JY, Tseng YC, Yang JR, Chen MH. Improvements in Dental Care Using a New Mobile App with Cloud Services. Journal of the Formosan Medical Association 2014; 113 (10) 742-9.
- 38 Lin CW, Abdul SS, Clinciu DL, Scholl J, Jin X, Lu H, Chen SS, Iqbal U, Heineck MJ, Li YC. Empowering Village Doctors and Enhancing Rural Healthcare Using Cloud Computing in a Rural Area of Mainland China. Computer Methods and Programs in Biomedicine Journal 2014; 113 (02) 585-92.
- 39 Lowry R. Concepts, Applications of Inferential Statistics. 2013 Available from http://vassarstatsnet/text-book/indexhtml
- 40 Manyika J, Chui M, Bughin J, Dobbs R, Bisson P, Marrs A. Disruptive Technologies: Advances That Will Transform Life Business and the Global Economy. 2013 Available from http://wwwmckinseycom/insights/business_technology/disruptive_technologies
- 41 McGuire JM, Graves S, Blau B. Depth of Self-Disclosure as a Function of Assured Confidentiality and Videotape Recording. Journal of Counseling & Development 1985; 64 (04) 259-263.
- 42 McGraw D, Dempsey JX, Harris L, Goldman J. Privacy as an Enabler not an Impediment: Building Trust into Health Information Exchange. Health Affairs 2009; 28 (02) 416-427.
- 43 Melício EJMonteiro, Costa C, Oliveira JL. A Cloud Architecture for Teleradiology-as-a-Service. Methods of Information in Medicine 2016; 55 (03) 203-14.
- 44 Mell P, Grance T. The NIST Definition of Cloud Computing. 2012 Available from http://csrcnistgov/publications/nistpubs/800–145/SP800–145pdf
- 45 Nass SJ, Levit LA, Gostin LO. Beyond the HIPAA Privacy Rule: Enhancing Privacy. Improving Health Through Research. Washington: National Academies Press; 2009
- 46 Perera G, Holbrook A, Thabane L, Foster G, Willison DJ. Views on Health Information Sharing and Privacy from Primary Care Practices Using Electronic Medical Records. International Journal of Medical Informatics 2011; 80 (02) 94-101.
- 47 Piette JD, Mendoza-Avelares MO, Ganser M, Mohamed M, Marinec N, Krishnan S. A Preliminary Study of a Cloud-Computing Model for Chronic Illness Self-Care Support in an Underdeveloped Country. American Journal of Preventive Medicine 2011; 40 (06) 629-32.
- 48 Podsakoff PM, MacKenzie SB, Lee JY, Podsakoff NP. Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies. Journal of Applied Psychology 2003; 88 (05) 879-903.
- 49 Puustjärvi J, Puustjärvi L. Practising Cloud-Based Telemedicine in Developing Countries. International Journal of Electronic Healthcare 2013; 07 (03) 181-204.
- 50 R Development Core Team. R: A Language and Environment for Statistical Computing R Foundation for Statistical Computing. 2012 Available from http://wwwR-projectorg/
- 51 Rabin M. Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance. Journal of the ACM 1989; 36: 335-348.
- 52 Riordan F, Papoutsi C, Reed JE, Marston C, Bell D, Majeed A. Patient and Public Attitudes Towards Informed Consent Models and Levels of Awareness of Electronic Health Records in the UK. International Journal of Medical Informatics 2015; 84 (04) 237-247.
- 53 Rodrigues JPC, de la Torre I, Fernández G, López-Coronado M. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems. Journal of Medical Internet Research 2013; 15 (08) e186.
- 54 Rohm AJ, Milne GR. Just What the Doctor Ordered – The Role of Information Sensitivity and Trust in Reducing Medical Information Privacy Concern. Journal of Business Research 2004; 57 (09) 1000-1011.
- 55 Sajid A, Abbas H. Data Privacy in Cloud-Assisted Healthcare Systems: State of the Art and Future Challenges. Journal of Medical Systems 2016; 40 (06) 155.
- 56 Shamir A. How to Share a Secret. Communications of the ACM 1979; 22 (11) 612-613.
- 57 Sharma R, Yetton P, Crawford J. Estimating the Effect of Common Method Variance: The Method-Method Pair Technique with an Illustration from TAM Research. MIS Quarterly 2009; 33 (03) 473-490.
- 58 Sheskin DJ. Handbook of Parametric and Nonparametric Statistical Procedures. 3rd ed. Chapman: Hall / CRC; 2004
- 59 Simon SR, Evans JS, Benjamin A, Delano D, Bates DW. Patients’ Attitudes toward Electronic Health Information Exchange: Qualitative Study. Journal of Medical Internet Research 2009; 11 (03) e30.
- 60 Singer E, Hippler HJ, Schwarz N. Confidentiality Assurances in Surveys: Reassurance or Threat?. Journal of Public Opinion Research 1992; 04 (03) 256-268.
- 61 Singer E, von Thurn DR, Miller ER. Confidentiality Assurances and Re-sponse: A Quantative Review of the Experimental Literature. Public Opinion Quartaly 1995; 59 (01) 66-77.
- 62 Streiner DL, Norman GR. Correction for Multiple Testing: Is There a Resolution?. Chest 2011; 140 (01) 16-18.
- 63 Sultan N. Making Use of Cloud Computing for Healthcare Provision: Opportunities and Challenges. International Journal of Information Management 2014; 34 (02) 177-184.
- 64 Sultan N. Discovering the Potential of Cloud Computing in Accelerating the Search for Curing Serious Illnesses. International Journal of Information Management 2014; 34 (02) 221-225.
- 65 Teixeira PA, Gordon P, Camhi E, Bakken S. HIV Patients’ Willingness to Share Personal Health Information Electronically. Patient Education and Counseling 2011; 84 (02) e9-e12.
- 66 Terry A, Chesworth B, Stolee P, Bourne R, Speechley M. Joint Replacement Recipients’ Post-Surgery Views about Health Information Privacy and Registry Participation. Health Policy 2007; 85: 293-304.
- 67 Thrall JS, McCloskey L, Ettner SL, Rothman ED, Tighe JE, Emans SJ. Confidentiality and Adolescents’ Use of Providers for Health Information and for Pelvic Examinations. Archives of Pediatrics and Adolescent Medicine 2000; 154 (09) 885-92.
- 68 Wallis LA, Fleming J, Hasselberg M, Laflamme L, Lundin J. A Smartphone App and Cloud-Based Consultation System for Burn Injury Emergency Care. PLoS One 2016; 11 (02) e0147253.
- 69 Weng SJ, Lai LS, Gotcher D, Wu HH, Xu YY, Yang CW. Cloud Image Data Center for Healthcare Network in Taiwan. Journal of Medical Systems 2016; 40 (04) 89.
- 70 Whetstone M, Goldsmith R. Factors Influencing Intention to Use Personal Health Records. International Journal of Pharmaceutical and Healthcare Marketing 2009; 03 (01) 8-25.
- 71 Whiddett R, Hunter I, Engelbrecht J, Handy J. Patients’ Attitudes towards Sharing Their Health Information. International Journal of Medical Informatics 2006; 75 (07) 530-541.
- 72 Wilkowska W, Ziefle M. Privacy and Data Security in e-Health: Requirements from the User’s Perspective. Health Informatics Journal 2012; 18: 191.
- 73 Zulman DM, Nazi KM, Turvey CL, Wagner TH, Woods SS, An LC. Patient Interest in Sharing Personal Health Record Information. Annals of Internal Medicine 2011; 155 (12) 805-811.