TY - GEN
T1 - Healthcare and data privacy requirements for e-health cloud: A qualitative analysis of clinician perspectives
AU - Chomutare, Taridzo
AU - Yigzaw, Kassaye Yitbarek
AU - Olabarriaga, Silvia Delgado
AU - Makhlysheva, Alexandra
AU - Oliveira, Marcela Tuler de
AU - Silsand, Line
AU - Krefting, Dagmar
AU - Penzel, Thomas
AU - Hillen, Christiaan
AU - Bellika, Johan Gustav
PY - 2021
Y1 - 2021
N2 - Cloud computing has many benefits relevant to the healthcare industry. Although the adoption of cloud services for healthcare systems is increasing, employment of cloud services raises many security and privacy concerns for patients and healthcare providers. We still lack a clear set of requirements consented by the different stakeholders; here in particular IT and healthcare professionals. In this study, we examine whether user perspectives on requirements for e-health on the cloud are consistent with best practice guidelines and regulatory requirements. This work contributes to the requirements engineering phase for a secure e-health cloud framework developed in a European project (ASCLEPIOS, https://www.asclepios-project.eu/). We used qualitative analysis, based on in-depth interviews, to describe and characterize clinicians' perspectives on the requirements of cloud services for healthcare data security and privacy. We examined whether these user perspectives were in harmony with the regulatory framework of the General Data Protection Regulation (GDPR), and best practice guidelines of a relevant standard, ISO 18308:2011. Ten clinicians were identified and interviewed at six healthcare organizations in Norway, the Netherlands and Germany. While user perspectives were largely consistent with both GDPR and ISO, some concerning differences in access control were noted between large and small healthcare institutions.
AB - Cloud computing has many benefits relevant to the healthcare industry. Although the adoption of cloud services for healthcare systems is increasing, employment of cloud services raises many security and privacy concerns for patients and healthcare providers. We still lack a clear set of requirements consented by the different stakeholders; here in particular IT and healthcare professionals. In this study, we examine whether user perspectives on requirements for e-health on the cloud are consistent with best practice guidelines and regulatory requirements. This work contributes to the requirements engineering phase for a secure e-health cloud framework developed in a European project (ASCLEPIOS, https://www.asclepios-project.eu/). We used qualitative analysis, based on in-depth interviews, to describe and characterize clinicians' perspectives on the requirements of cloud services for healthcare data security and privacy. We examined whether these user perspectives were in harmony with the regulatory framework of the General Data Protection Regulation (GDPR), and best practice guidelines of a relevant standard, ISO 18308:2011. Ten clinicians were identified and interviewed at six healthcare organizations in Norway, the Netherlands and Germany. While user perspectives were largely consistent with both GDPR and ISO, some concerning differences in access control were noted between large and small healthcare institutions.
UR - http://www.scopus.com/inward/record.url?scp=85104850881&partnerID=8YFLogxK
U2 - 10.1109/healthcom49281.2021.9399006
DO - 10.1109/healthcom49281.2021.9399006
M3 - Conference contribution
BT - 2020 IEEE International Conference on E-health Networking, Application amp$ Services (HEALTHCOM)
PB - URSI/IEEE
ER -