Data Management and Governance










Part A: Cryptography


Now a day’s most of the medical data are stored in an electronic format as Electronic Health Records (EHR) and are mostly stored in cloud environment which give raise to security and privacy issues. In this paper I have discussed about the different security issues and cryptographic methods to secure the stored EHR document. The privacy protection policies and their requirements are discussed. The medical records are classified into different attributes and based on the classification security policies are applied for the medical reports. The quality of healthcare services lie in the effectiveness and efficiency of detection of health problems, identification of innovative solution and allocation of medical resource. (Mu-HsingKuo, 2011).


The purpose of this paper is to describe the privacy and security requirements for an Electronic health record (EHR). Identification of service required for interoperable EHR to facilitate the identification of the necessary privacy and security services. How the communication is securely made between the internal and external stakeholders. Provide a privacy and security architecture for an interoperable EHR. All the security requirements of the EHR and the connection points of organization and the host components are discussed. All the policy related to the business and security requirement that have an impact on the architecture for an interoperable EHR along with the legislative requirement are identified.

Common security issues in EHR

Since most of the healthcare institution has centralized the access of medical records with the use of cloud computing to share the records which offers several benefits and also have privacy and security threats to the health data. (N. Dong, 2015). The cloud service providers also provide a security concern to enhance the expectation level of the patient and the healthcare providers (A. Abbas, 2014). Security and private issues of HER are defined in the ISO/TS 18308 standard (ANSI, 2003). Many investigation are done by the International Medical Informatics Association (IMLA) on security issues on data protection of healthcare industry and published a report on the Personal health records (PHR) and provided a vision that “would create a PHR that patients, doctors and other healthcare providers could securely access through the Internet, no matter where a patient is seeking medical care” (HHS, 2005). Cloud security assurance and analyze approaches and recommendation for assurance solutions are provided by (C.A.Ardagna, 2015).  The confidentiality, integrity, authenticity and availability of EHR was proposed in a framework to allow secure sharing of EHR through the cloud between the healthcare providers (A.Ibrahim, May 2016).


Confidentiality in healthcare is to maintain the patient’s health records safely without undisclosed to unauthorized users. Since data are stored in the cloud which increases the risk of the store data since it can be accessible by anyone in the cloud. The increase in number of applications and device the risk level in data security is also increased. Patient should trust the healthcare system to make a good relationship and work effectively. If the patient is not confident about the threat of data compromise it will hinder the medical diagnosis and treatment (P.Duquenoy, 2015).


Integrity of data is that the captured health data should be provided to the patient should be accurate and consistent. Since data are stored in the cloud the eHealth cloud need assurance for the reliability of the service provided and the data stored must be error-free. If the data provided are improper then the treatment will also be improper and lead to serious consequences in the patient health. As per the HIPAA Security Rule which states “implement policies and procedures to protect electronic personal healthcare information from improper alteration or destruction (M.Scholl, 2008). An integrity check should be implemented in storing and manipulating data in e-healthcare using some checksums or hash function if the integrity check fails it should report an error message to the end user and should terminate without processing the data.


To serve the needs of the patient the information stored should be available at any time. During critical situation for example when carrying out an operation for a patient if the data of the patient is not available due to security breach it will lead to a critical situation. Availability of data should be high to prevent disruptions like power shortage, hardware failure, denial of service attacks etc. To preserve the healthcare records and its usability HIPAA security and privacy rules should be enforced.


The trustfulness of the origins, attribution, intentions and commitments are generally referred to authenticity. The system should ensure the authenticity of the request. To avoid man-in-the-middle attack is done using the combination of username and password so the system should have an endpoint authentication to prevent such attacks. All the information stored or retrieved in the healthcare system should be verified during every access.

Cryptographic techniques used

Cryptography with digital signatures is most commonly used cryptographic method and it uses asymmetric keys both private and public key. The data are encrypted using the public key and can be decrypted using the private key and vice-versa. Digital signature is a message authentication technique. In this technique both the participating entities will share the public key and may generate the private key based on the shared public key. Hashing techniques are also used along with the digital signature. To preserve the integrity of the data and to identify the alterations made in the data hashing algorithms are used as an encryption technique. Along with the digital signature a certificate can also be added to the data to prove the identities of the sender and the receiver (Onuiri Ernest E, 2015). For authentication and to ensure the security of the data stored Biometric authentication can be used to access the stored record which is more effective than other methods like user name and passwords. But it requires adequate training. Identity based encryption (IBE) is an appropriate security solution for EHR it address the problems. It uses three interconnected servers to ensure the security of EHR. The data stored are encrypted using IBE such that each server will encrypt and decrypt the data while exchanging the data. The servers that have id can extract the data (D.N.Purnamasari, 2018).

Data protection in Transit and at Rest

Data that are in transit or as a static document both require protection. Encryption is the most commonly used technique to protect both the data in transit and as a static document. While transmitting the data the sender will encrypt the data to protect the data from intruders before sending the data to encrypted connections like HTTPS, SSL etc to protect the record during the transit. The static document can be encrypted before storing it in the server or any other storage device to enable security. The data that are not protected will lead to vulnerable attack. In addition to encryption network security protections like firewall and access control mechanism will be useful to secure the data during transmit. Use of proactive security measures will be more useful to identify the data that are under risk and can implement effective protection for the data this can be done for both the data in transit and in rest. Automatic encryption can be implemented for sensitive data while transit.

Compatibility issues between NHS and organizations cryptographic policies

The National Health Service (NHS) of UK has hosted a beta site Digital Apps Library which consists of more than 70+ apps for medical conditions which include cancer, pulmonary disease, mental health, pregnancy etc (NHS, 2018). The main aim is to provide a high quality and safety app for medical supports. The criteria for approval of the app are defined in the NHS Digital for effectiveness, privacy and security policies of the medical or clinical records. But the policies of the organization and that provided by NHS overlap. It provides an advanced field but does not clearly mention the direction for patients and the providers the details about the specific requirements to be integrated. It also limits the confidence and application practices due to the lack of objective and standard based evaluation (Boudreaux, 2014). There are many products available on evaluation organization such as UL and consumer reports that provide many digital healthcare models and it mainly focus on the safety by providing certificate. Beyond safety it also includes portability, interoperability and usability of the data. At present most of the digital health industry lack of user requirement and it focus on high-level requirements which limit the verification and validation of the data. A requirement driven digital health record will promote the benefits of the stake holders. The components used in the digital healthcare record also vary depending upon the functionality. It is a difficult task to incorporate all the preferences of the clinic and the patients into the EHR.

Possible future development

In future while creating an application for EHR after collecting the requirement the framework will be separated based on the domains like technical, clinical, usability and cost


Based on the domain the application and the storage of data can be split and access rights to the data can be provided to the stakeholders of the concern domains which will improve the security of the data.

Cryptography key generation

The encryption of data security and confidentiality of data also depends upon the keys used in encryption and to ensure the non duplication of the generated key. There are many key generation algorithms one such algorithm is iris-based fingerprint approach. It consists of three models feature extraction, biometric template creation and encryption key creation. At the beginning the characteristics of the finger prints are extracted and an iris image is created and the resulting features are combined to create a multi-template biometric and finally a 256 bit biometric encryption key is generated. TDD channel are used as a log field differential (LDD) and analyzed as mean square error (MSE) between the communication channels and an effective error-to-error ratio (ESER) is calculated which eliminate the HFD.  With the use of LDD the secret key can be generated in the TDD channel (Li, 2015). RC4 is used to create a evolutionary algorithm with high degree of random key. RC4-EA is the secret key that has been created dynamically which increase the strength of the algorithm.


Different levels of authentication

The data stored in the database or in the cloud cannot be accessed by all the employees in the healthcare institution for example only doctors can view the reports of the patient access is denied to ward boys, receptionist and other staffs. Doctor have rights to share the data to other doctor to get the opinion about the treatment that should be done to the patient if the doctor wish to do or if any patient request the doctor to get a second opinion. Data can be viewed by the patient by providing proper authentication. If the data stored is encrypted the patient or other users who have the secret key only can decrypt the data and view the stored information.


Medical records of the patient should be maintained confidentially and the data integrity should also be monitored. Based on the records only treatment will be given to the patient if any unauthorized person has accessed the data and changed the stored data it lead to wrong treatment and may even lead to patient death so more care should be taken in the data integrity and security of the EHR.


  1. Abbas, S. ,2014. A Review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE Journal of Biomedical and Health Informatics , 1431-1441.

A.Ibrahim, B. M., 2016. A secure framework for sharing electronic health records over clouds. IEEE Intrernational Conference on Serious Games and Applications for Health(SeGAH).

ANSI, T. ,2003. 18308 Health Informatics-Requirements for an Electronic Health Record Architecture. ISO, Genevam Switzerland.

Boudreaux, E. e. ,2014. Evaluating and selecting mobile health apps: strategies for healthcare providers and healthcare Organizations. Transl. Behanv. Med.

C.A.Ardagna, R. E. ,2015. From security to assurance in the cloud a survey. ACM Computing Surveys.

D.N.Purnamasari, A. P. ,2018. Secure Data Sharing Scheme using Identity-based Encryption for e-Health Record. International Electronics Symposium on Engineering Technology and Applications (IES-ETA), Bali , 60-65.

HHS, U. D. ,2005. Health Information Privacy. US Department of Health & Human Services (HHS), Washington, DC, USA.

Li, G. H. ,2015. A Novel Transform for Secret Key Generation in Time-Varying TDD Channel under Hardware Fingerprint Deviation. IEEE 82nd Vehicular Technology Conference (VTC2015-Fall).

M.Scholl, K. J. ,2008. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Information Technology Laboratory, NIST, Gaithersburg, MD, USA.

Mu-HsingKuo, A. ,2011. Opportunities and challenges of cloud computing to improve health care services. J. Med. Internet Res.

  1. Dong, H. J. ,2015. Challenges in eHealth from enabling to enforcing privacy. Foundations of Health Informatics Engineering and System.

NHS. ,2018. NHS Apps Library. Retrieved from ttps://

Onuiri Ernest E, I. S. ,2015. Electronic Health Record Systems and CyberSecurity Challenges. International conference on African Development Issues (CU-ICADI) 2015: Information and Communication Technology Track.

P.Duquenoy, N. ,2015. Patients, trust and ethics in information prrivacy in ehealth. eHealth: Legal, Ethical and Governance Challenges, Springer.




Part B: Data Governance and Identity Theft


Data governance are the policies, process and standards that ensure the effective used of data stored by an organization. It ensures the processing of data in the organization is highly secure and also defines the structure of the data and access control over the data. Well designed data governance is required in healthcare industries. Today most of the medical records of the patients are maintained as Electronic Patient Record (EPR) and are stored in cloud. Most of the data are hacked by hackers. A study has revealed that medical record are stolen and sold for high cost in the black market which is nine time more than the breach of financial records in 2016 (RobertLord, 2017). Health care data breach not only cause loss of data and financial theft it also attacks the infrastructure and medical devices this is due to lag in the security of data and investment in protection of data.

Reason for Identity Theft of Medical record

Medical data contains enticing data about the average health record. They can get the family history, demographic data, information about insurance, medications etc. Most of the medical information is stolen to identify and commit financial fraud, insurance fraud, medication fraud and many other crimes based on the collected information.  Medical records are most private and unchangeable information if this information’s are sent to the wrong hands it will produce large devastation. For example if any patient who has behavioral health challenges is stolen with the data they may blackmail the patient for money.

Stolen photos of plastic surgery clinic in London

Hackers broke the security of data in a London-based celebrity plastic surgery clinic and stolen pictures and sensitive data about top celebrities and royal persons which include in-progress genitalia and breast enhancement. The group of hacker is known as Dark Overlord. They used the hacked information to blackmail peoples and medical centers. The hackers are also responsible for a breach at London Bridge Plastic Surgery (LBPS) attack. The hackers have stolen more Terabytes of data which include databases, names and everything about the patient. It claimed that they have acquired the pictures of the clinic’s patient which include surgery on male and female genitalia and other features of patients post operation and threatened that they will distribute the pictures of the patient and after some time they also targeted the patient (Fox, 2017).

Wannacry attack

It is one of the most harmful attacks to the UK’s National Health Service due to interconnectivity of the system and the failure in the maintenance of the large system which lowered the availability of the resource.

Phishing attacks

It is one of the most prolific effective cyber attacks used to exploit data breaches to steal personal data and legitimate emails. With the help of the email id and personal information they threaten people and claim money. Sometimes using the  email id they may claim a request for bank account details saying that it is for verification purpose and stole the details of the credit card details or username and password of the internet banking etc.

Reason for attacks on medical data

Healthcare records are 60 times costly than a stolen credit card information it is because it contains more information for cyber criminals. Health records are considered as full information about a victim since it contain name, date of birth, social security number, address and other medical information about the victim. A social security number cost $15 in the dark web market but the cost of medical record is $60 since it has additional information using which criminals can even file a fake tax return. Dark web are easy to use and it looks like some popular e-commerce site.  A data breach in health care industry had affected 6 billion US dollar (Clemens Scott Kruse, 2017).

Cyber attacks

There is a growing cyber attack and new security requirements which make healthcare entities to strengthen their cyber security practices. Health Insurance Portability and Accountability Act of 1996 (HIPAA) covers entities to safeguard PHI to ensure healthcare entities by employing new techniques that fight cyber threats. It explains the duties of cyber security for employees by properly upgrade software procedure using virtual LAN by using a deauthentication plan using a cloud based environment and train employees to be more conscious on cyber attacks. (Goedert, 2016). Most of the security breaches are caused due to the access of employees accessing malicious files and HIT the security system which is difficult to stop (Koppel.R, 2015).

Complexity in data security in hospital

Healthcare institutions have more confidential information about each patient. They fail to manage devices that are connected with other medical devices most of the IT infrastructure is purchased in ad hoc or provided by medical device companies. Most of the hospital industry in US includes cyber security risk management oversight and they are not performing annual incident response service exercises. Hospital management support is also a necessary for information security policies of IT security professionals.

Data breach Report

The data breach noticed should be informed to the higher authority. In the report it should provide information about the situational analysis, assessment of affected data, description of the impact, report on staff training and awareness, preventive measures and action and oversight of the attack. All the information should be provided within 72 hours of the attack. As per the GDPR (General Data Protection Regulation) information related to a personal details are considered as data breach. In situational analysis information about the breach and the initial damage and details about the cause should be provided. Need to find out the details of personal data that has been breached and no of records affected due to this breach. If this breach is due to human error then most provide information about the data training provided to the employees for the past two years and explain the staff awareness training programme conducted. Report should contain the security measure taken to prevent a data breach before it occur and also include details how to manage the damaged data. Finally the details of the Data Protection Officer should also be included in the report. (Irwin, 2020).

Action taken by me in the situation

If I am a network security of data protection officer at the time of attack I will first report about the breach to GDPR and the management authorities. Try to find out the data that are damaged or breached by the hackers and based on the situation and consulting with the management and other higher officials will inform to the patient about the breach and the information that are leaked about the patient and ask them to be careful. To avoid such kind of breaches and attack I will request the management to define some policies on the security and privacy of the electronic records of the patient and ask them to invest some money towards data security. Ask them to store the data in the cloud storage with private cloud plan since it is more secured compared to the public cloud and also implement a separate security algorithm and encrypt the data that are stored in the cloud without proper key unauthorized personals cannot read the data stored in the database even it is hacked or breached by the hackers. Will create awareness among the employees about the importance of the data security. Impacts of the stakeholder should be investigated. The behavior of successful cybercriminal activity depends on the variations of stakeholder alignment (low, medium and high). Among the three the high stakeholder alignment is the likelihood of the cyber criminals. Most of the reviews show that the attack was due to the hospital environment. Back up of all the medical records should be kept in another server or a mirroring technique should be used to protect the data from breaches and loss due to other reasons like failure of server or other electronic devices which takes some time to recover.


Data governance policies of healthcare system should be strong so that it could prevent data breaches and provide a secured storage of data. Since medical data is more important security to protect the data from the hacker and the data integrity should also be given more important for all the medical records of the patient. Medical record contains more personal and confidential information so possibility of risk is high for medical data since it is costly in the black market.


Clemens Scott Kruse, B. F. ,2017. Cybersecurity in healthcare: A systmatic review of modern threats and trends. Technol Health Care .

Fox, N. ,2017. Hackers stole photos from top plastic surgery clinic in London, threaten to distribute them. Fox News .

Goedert. ,2016. Security: the ransomeware nightmare. Health Data Manage .

Irwin, L. ,2020. 72 hours and counting: Reporting data protection breaches under the GDPR. IT governance .

Koppel.R, S. B. ,2015. Work around to computer access in healthcare organization: you want my password or a dead patient? Stud Health Technol Inform .

RobertLord. ,2017. The Real Threat of Identity Theft is in your Medical Records, Not Credit Cards. Forbes .


Section C: Network Security


Advent of technology has made the health care industry to the digital environment. Reliable network connectivity is required to interact with the digital information and medical devices that are connected through the network and interact with the patient. Most of the medical devices include Smartphone’s and tablets to access EHR and other administrative tools. Since most of the medical devices are connected through Internet of Things (IoT) and need a dynamic network connectivity to communicate. These devices are connected using different access points, routers and gateways.  The main asset of healthcare institution is their patients and staff.

Assets in Healthcare

Assets in information security are focused on subset of assets and are grouped as information, system, services, applications and people. Among these assets critical assets are assets that are related to information and would cause a high adverse impact on the organization if it is disclosed by unauthorized users, modified by unauthorized person, destroyed or interrupted while accessing the data. (C.K.M.Lee, 2015)

Critical Assets in hospital

PIDS (Patient Information Data System) is considered as one of the most critical assets since it is used to maintain the information about the patient and hospital. If it is disclosed by unauthorized users it will have more negative effects as discussed in part B of this analysis. The second asset is paper medical records which is the official document source of all the medical information of patients in the hospital. ECDS (Emergency Care Data System) is considered as a critical asset since it is used to maintain details about the patient in emergency and details about the billing to emergency are stored in this data base. Personal computers are also considered as an asset since it is used by the staff members in the hospital to access the information required to complete their daily tasks. Most of the hospital depends upon the third party organization to maintain the computing infrastructure of their hospital to maintain the PIDS and the network of the hospital it is also considered as an asset.

Security Requirements

While analyzing the critical asset outline the security requirement of the asset is most important which include availability, confidentiality and integrity. The data stored in the database should be accessible when ever required to enable the security of the patient. The stored data should be accurate and complete since based on the data only doctors will treat the patient. Confidentiality of the data is most important since the medical record of the patient contains more confidential and personal information of the patient so it should not be disclosed to unauthorized users.

Threats in healthcare management

Most common threats in healthcare management system if the data stored is hacked by unauthorized user using the data they may threaten the hospital and even the patient for money. Some time if the information stored in the data is modified by unauthorized user so that the doctor will give the wrong treatment and may lead to the death of the patient. So there are more threats in healthcare management when compared with other industries. The data stored in the by the healthcare industry contains full information about the patient which includes his personal data.

Risk analysis for healthcare management

The tremendous growth of digital patient records leads to many risk in securing those data. Before storing the data in the cloud an analysis should be done about the cloud providers and the security level provided by them since most of the cloud providers are budding providers in the cloud environment. Before selecting the model analysis must be done on different model of the cloud. Private cloud is designed to service the vendors for confidential networks (Hina Abrar, 2018). In this type of network the infrastructure is not shared with other users of the cloud which increase the security of the cloud. Public cloud model is available for less cost but the infrastructure used is shared by all the users of the cloud so data breach is easy and security threats are high in this kind of cloud model. Hybrid cloud is combination of public and private cloud. It provides effective information technology and resource of both public and private cloud utilization. After selecting the cloud deployment model we can also select an SaaS (Software as a Service) which is futher application of Security-SaaS and network-SaaS which is a low cost secured model that follows pay-as-you-go. It provides data security using XML encryption, SSL (Secure Socket Layer) and Web Services.


An operational Critical Asset vulnerability Evaluation (OCTAVE) should be used to identify the risk factors. (K.Hahizume, 2013).

Design of security control mitigating the risk


Healthcare Information System with cloud infrastructure

The above diagram show the healthcare information system and the logical structure is divided into 2 subnets MRAN (MAP Remittance Advice Notice) and other management and core services in one side. The information from different departments of the hospital are connected and stored separately. This helps to increase the security level of the stored data and access of information is also restricted by providing authentication rights. The data stored is encrypted before it is sent to the cloud for storage to provide security to the data while transit. Since medical data is more vulnerability attacks.


The different assets of the healthcare system and its vulnerability to attacks are analyzed and a new healthcare system with data storage in private cloud is designed such that data from different departments in the hospital are stored in different devices to protect the data from attackers and the stored data is encrypted even if the hackers disclosed the data it is difficult for them to retrieve the stored information.


C.K.M.Lee, C.-K. N. ,2015. IoT based Asset Management System for Healthcare-related Industries. International journal of Engineering Business Management .

Hina Abrar, J. C. ,2018. Risk Analysis of Cloud Sourcing in Healthcare and Public Health Industry. IEEE Access .

K.Hahizume, D. E.-M.,2013. An analysis of security issues for cloud computing. Journal of Internet Services and Applications .



Leave a Comment