TRUSTED CLOUD COMPUTING FRAMEWORK FOR HEALTHCARE SECTOR

Cloud computing is rapidly evolving due to its effi cient characteristics such as cost-effectiveness, availability and elasticity. Healthcare organizatio ns and consumers lose control when they outsource t heir sensitive data and computing resources to a third p arty Cloud Service Provider (CSP), which may raise security and privacy concerns related to data loss and misuse appealing threats. Lack of consumers’ knowledge about their data storage location may lea d to violating rules and regulations of Health Insu rance Portability and Accountability Act (HIPAA) that can cost them huge penalty. Fear of data breach by int ernal or external hackers may decrease consumers’ trust i n adopting cloud computing and benefiting from its promising features. We designed a HealthcareTrusted Cloud Computing (HTCC) framework that maintains security, privacy and considers HIPAA regulations. HTCC framework deploys Trusted Computing Group (TCG) technologies such as Trusted Platform Module (TPM), Trusted Software Stack (TSS), virtual Trusted Platform Module (vTPM), Trusted Network Connect (TNC) and Self Encrypting Drives (SEDs). We emphasize on using strong multi-factor authentic ation access control mechanisms and strict security controls, as well as encryption for data at storage , in-transit and while process. We contributed in customizing a cloud Service Level Agreement (SLA) by considering healthcare requirements. HTCC was evaluated by comparing with previous researchers’ work and conducting survey from experts. Results wer e satisfactory and showed acceptance of the framework. We aim that our proposed framework will assist in optimizing trust on cloud computing to be adopted i n healthcare sector.