Abstract

Electronic Health Records (EHR) has emerged as a significant alternative to paper-based health records. Today, EHR is a model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. Nevertheles, there are high security and privacy concerns as data available on cloud-based EHR could be exposed by these third party cloud repositories and accessed by unauthorized parties. Many schemes and models that were based on biometrics, blockchain, watermarking, steganography, Transport Layer Security/Secure Sockets Layer (TLS/SSL), Role Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Cipher text policy Attribute Based Encryption (CP-ABE) and other encryption models have been proposed to secure and ensure privacy of patients ‘data on cloud-based EHR. Each of these security and privacy protection schemes/models has their significant advantages and attendant shortcomings. In this paper, a methodological review of literature on various schemes and models proposed for proffering solutions to security and privacy of patients ‘data on cloud-based EHR was carried out. A total of ninety-five research articles were reviewed with the models or schemes employed for securing and guaranteeing privacy of electronic health data highlighted. Also, their strong points and drawbacks were elucidated. The reviewed articles were trimmed down to the forty-two presented in this paper based on similarities identified in the models or schemes implemented by some authors and/or relevancy of article’s title. Remarks and recommendations were made regarding the review and future directions on security and privacy of cloud-based EHR were also suggested.