Keywords

301.1 Introduction

In recent years, in order to promote the modernization of medical and health services, many countries have carried out the projects of regional medical information sharing. UK launched the national medical IT project and United States launched a national health information network project. Canada initiated HealthInfoway project of electronic health system. However, high information construction cost and lacking technical personnel lead to achieve a little progress of these projects. Cloud computing is changing the application mode of traditional computing resources. Information construction through purchasing the computing power from the service provider of cloud computing, medical and health institutions can focus on their own business and innovation. It will promote the developments of health information too. A series of surveys from TripleTree Institute and some investment banks show that cloud computing will eventually repair and improve a medical care system, and solve the inefficient and backward of the health care system over the past ten years in IT.

301.2 Architecture of Regional Health Information Service Platform

Regional health information platform ought to provide a secure medical and health information service including information collection, storage, access, processing, analysis, application, communication and sharing for all authorized users in a certain range with computer and network equipment supporting. Therefore, the goals of regional health information service platform should provide a new people-oriented environment of information service based on computation and communication. The important features of cloud computing are flexible scalability, with the Internet as the center, virtualization and user transparency. The architecture of regional health information service platform based on the cloud computing technology is shown in Fig. 301.1. Guided by the standards of regional health information application and the standards of security safeguards and accident emergency, it is a service-oriented hierarchical architecture and consist of the access gateway layer, application service layer, support layer, technology layer, tool based resource clouds.

Fig. 301.1
figure 1

Architecture of regional health information service platform

Full size image

301.3 Design of Platform Service Level

Service level agreement (SLA) is an agreement or a contract between service providers and customers on the quality, level, performance and other aspects of services. SLA can improve the development quality of platform, reduce the risk of project failure and strengthen relationships with customers. SLA can ensure the platform service functions meet the demands of all of users though regional health information platform providing a variety of complex application services to multi-class users. The methods of SLA construct are mainly based on services and on users. The key indicators of SLA include:

① security. Service providers must specify the access control policy, encryption algorithm, isolation mode of multi-tenant dada, data retention rules and deletion strategy in SLA.

② transparency. Providers must specify platform sharing architecture, system redundancy mode, the punishment of violation of the agreements and publish regular quality report to clients.

③ auditable. Platform service provider is responsible for lack of availability of any processing. Therefore, consumers should be able to audit systems and procedures of platform services providers. SLA should be clearly define how and when to audit. Consumers can also point third party organization as their proxy to detect performance of cloud service providing. At the same time, cloud service providers should produce evidences to prove their operations correctness.

④ automated on-demand service: SLA should clearly define what kinds of services can be on-demand, the standards of service charges and effective dates.

⑤ metrics definition: response speed, reliability, load balance, the possibility of data loss, flexibility, agility, automation request processing percentage and maximum system downtime must be defined objectively and clearly.

301.4 Design of Security Model

The security model of health information platform based on the cloud computing consists of three parts: cloud-edges, cloud terminal and the transport layer. It is shown in Fig. 301.2.

Fig. 301.2
figure 2

Security model of health information platform

Full size image

The services of regional health information platform providing are continuous, sustainable, migrating. In order to ensure high availability, high reliability and economy, service platform can adopt redundant storage and multi-tenant data isolation to guarantee the data availability and security. In addition, fault-tolerant management mechanism, fault rapid detection, advance fault solution strategies and task migration technology are important to improve platform reliability and security. Intrusion detection system (IDS) and intrusion prevention system (IPS) are two important technologies to solve the problems of network attacks. To the security of transmission layer, CA Authentication, SSL Security protocol and message encryption can prevent health information being abused and filched. In the aspect of cloud terminal, malicious attackers often obtain legal entrance to access system through controlling the cloud terminal and intercept and monitor information. Installing anti-virus software and active defence software can prevent cloud terminal being used by malicious attacker in a certain extent. The better scheme is to make terminal return to original state security using hardware reduction software. However, for the security of mobile devices, there is not a preferable management, so it is necessary to limit the mobile devices freely access to platform.

The focus of health information technologies are security, privacy preserving and data interoperability nowadays. Regional health information sharing model is based on individual independent permission as shown in Fig. 301.3.

Fig. 301.3
figure 3

Medical data sharing model based on individual permission

Full size image

Firstly, health authorities establish preliminary data access rules according to the health data using statute in order to regulate what kind of users or organizations how to access health data. Users must obtain CA identity from Certificate Authority and their query operations are record to the access logs to prevent abuse of medical data.

Secondly, patients make data access rules according to their medical data and privacy protection attitude. The rules can specify different access rights of row, column and field to restrict access of different users (Institutions).

Finally, the data manager can make some access rules from a professional view to protect patient privacy and data security.

When users establish a health information query through query editor, system automatic parses the query and compares with policy access rules, patients’ access rules and the data manager’s access rules, then convert the users’ query into a new query. For examples, a user wants to query all the information for all patients suffering from “hypertension”, and the query sentence as following: Select * from patients where diagnosis = ‘hypertension’. System automatic converts the users’ query as: Select age, sex, occupation, diagnosis from patients where diagnosis = ‘hypertension’. The query results which are prohibited to access will be deleted or instead of the null value in order to protect patient privacy and utilize health information availably and effectually.

301.5 Conclusion and Acknowledgments

Health informationization degree is lagged behind other fields, and cloud computing is contributed to promoting health information rapid development. The architecture and models based on cloud computing concept put forward in this article can expand the health information sharing and utilizing and enhance grass-roots unit health informationization level. The research is supported by the National Natural Science Foundation of China (No. 81271668), Nantong Science and Technology Bureau (No. BK2011065, No. BK2013024) and Nantong University One-hundred Talent Programme of Humanities and Social Sciences.