A Prototype of an E-health as a Service Platform [624915]

1
A Prototype of an E-health as a Service Platform
Răzvan Daniel Albu(1), Cornelia Emilia Gordan(2), Octavia -Maria Bolojan(3)
(1),(2)University of Oradea, Faculty of Electrical Engineering and Information Technology , Department of
Electronics and Telecommuni cations , 410087 , Oradea, Romania
(3) University of Oradea, Faculty of Electrical Engineering and Information Technology, Department of
Computers and Information Technology, 410087 , Oradea, Romania
(1)[anonimizat], (2)[anonimizat] , (3)obolojan@uor adea.ro

Abstract: As the costs of healthcare services rise and Cloud computing has brightly changed
how business applications are developed and executed, an e-health system on a pay -as-you-
use model seems to be the future. Despite their great potential, e -Health Cloud model s have
not been addressed extensively in the literature. For that reason , analyzing and comparing the
effectiveness of such models is imperative . In this paper we discuss the concept of “e -Health
as a service ” underlining many of its con stituents and building an e -health platform for
Romanian healthcare system, that address several challenges.
1. Introduction

Nowadays, d istributing a new application is as fast as lunching your Internet browser. PaaS
(Platform as a Service ) is a Cloud model for running applications without the stress of an
infrastructure that must be maintained or constant upgrade pain s. PaaS software solutions that
always have the latest features are adopted by companies of all sizes . PaaS is a class of Cloud
services that offers a computing platform and a solution stack as a service (C. Gong , et al.,
2010) . Beside SaaS (Software as a Service) and IaaS (infrastructure as a service), PaaS is an
innovative Cloud service model. In this model, the consumer creates the software us ing tools
and/or libraries offered by the provider, controls software deployment and configuration
settings while t he provider delivers the networks, servers, storage and other services (Peter M.
& Timothy G., 2011). The Internet of the Future will include billions of equipments , people
and services having the capability to flawlessly interact and exchange information. I imagine
Future Internet a place where people will utilize these equipments to produce and consume
web-based services in a web -based servic e industry which is referred in modern literature as
the Internet of People, Things and Services ( IoPTS ). The ITU1 envisaged the Internet of
Things as a world where physical and digital objects are seamlessly integrated into the
Internet to become active p articipants in business processes (ITU, 2009) . According to
Gartner2, the world's leading information technology research and advisory company, the top
ten strategic technology trends for 2013 include :
 Personal Cloud
 Hybrid IT
 Cloud Computing
 Integrated E cosystems

1 ITU: http://www.itu.int/osg/csd/
2 Gartner: http://www.gartner.com/technology/about.jsp

2

Figure 1. Cloud Computing Fundamental Models
In Gartner's CIO Agenda Survey, published in January 2011, CIOs decide the Cloud as their
top technology priority for the year. In my opinion, t he Cloud is a technology that, within the
next 10 year s, will noticeably change IT world . In other words , I believe the Cloud will
change IT as nothing before it has. Consequently, CIOs can't afford to be caught ignorant by
it, no matter how or when they decide to integrate the Cloud into the enterprise. A fashion
obvious in nowadays is the pervasive adoption of “App” -based software development and
distribution models. This model combine s inexpensive or free Apps with an effortless way for
acquisition, installation and maintenance. One of the top ten critical tech trends for the next
five years is “Hybrid cloud services”. Gartner says combinations of private and public clouds
will be composed of services from multiple providers. Private clouds probably will dominate
since they improve agility. Gartner anticipat es that we could end up with hybrid environments
with a lot of providers.

3

Figure 2. Typical PaaS Architecture

2. E-health Cloud

Figure 3. Generic architecture of e -Health Cloud
Figure 3 presents E -Health Cloud as a special -effort Cloud that offers IT services to improve
patient care and, in the same time growing operational efficiency (C. Rolim et al., 2010 ).
Characteristically , the Cloud consists of a vector of layered elements. Examples of such layers
include :
 Physical layer of st orage and server infr astructure,
 Application layer,

4
 Communication layer.

The e -Health Cloud (Eman AbuKhousa et al., 2012) consists of a Gateway and Service -Based
Applications further to the standard three -layer architecture of the Cloud (fig. 1). The
Gateway can be set to execute the following tasks:
 handling access to the Cloud;
 verifying EHR (Electronic Health Record) offered by different health care providers in
terms of integrity, authenticity, confidentiality and compliance with medical data
exchange principles ;
 integrating EHR data into a new complex Cloud -based EHR;
 selecting EHR to share with the public Cloud for research, educ ational and industrial
purposes;

Service Based Applications offer as services applications for: security, epidemiology,
insurance , researc h and education, patients and healthcare organizations . Even if the e -Health
Cloud could deliver appreciated benefits to the health care industry, it regrettably succeeds to
the major challenges of HIT (Health Information Technology) and CC (Cloud Computin g)
together (White, J , 2013) . Technical challenges include:
 Availability: healthcare providers call for high availability of the e -Health Cloud
services since they cannot effectively operate unless their applications and patients’
data are available.
 Reliability: since the operation of an application like e-Health Cloud is vital, it
requires assurances of high reliability as well as error -free e-Health Cloud services and
data.
 Scalability: because an e-Health Cloud can manage hundreds of healthcare provide rs
with millions of patient records, the services provided must be scalable. The capability
to grow while keeping satisfactory performance is one of the most important aspects
of Cloud services.
 Flexibility: a n e-Health Cloud must be capable to serve multi ple healthcare providers
with different needs in terms of Quality of Services (QoS) requirements.
 Interoperability: services for the e -Health Cloud can be delivered from multiple
suppliers . Let's say , one supplier will offer processing services for high re solution
medical images while another will make available services for storing patient
electronic records and data mining.
 Privacy: privacy is an imperative issue and one of the main worries in e-Health
systems. The concerns here comprise the ability to defend patient’s records . Patients
should not be able to access each other records and in the same time their records
should not be accessible by other healthcare providers or the Cloud service providers.
 Maintainability: because an e-Health Cloud can be use d for hundreds of healthcare
service providers the complexity of system maintainability increases, compared to an
individual e -health system.
 Organizational change: the advance towards e-Health Cloud will involve momentous
changes to clinical and business procedures and also to the organizational limitations
in the healthcare industry.

5
 Legislations and standards: in Romania there are still no clear and ample legislations
because of the lack of standards for medical informatics, policies, and transmission
methods in e -Health Cloud.
 Data ownership: for example, a patient’s record could be the sole property of the
patient, however can his doctor also claim ownership?
 Usability: this challenge regards the degree and level of acceptance attained by the e –
Health C loud users , covering : patients, healthcare professionals, administrative and
insurance staffs .

3. Proposed platform

The EHaaS platform delivers a collection of software components and services, which
address es the most common e -Health application necessitie s. EHaaS platform helps
developers since they don’t need any more to implement an e -Health application from scratch.
The main issues addressed by the EHaaS platform are:
 Authentication : Users will be authenticated using the Kerberos v5 protocol and the
services will be hosted on a Windows Server 2012 machine . The Kerberos
authentication client is realized as a SSP ( security support provider), which can be
accessed through the SSPI ( Secur ity Support Provider Interface ). The Kerberos Key
Distribution Center (KDC) uses the domain’s Active Directory Domain Services (AD
DS) as its security account database.
 Authorization : Access to resources will be granted using individual and role -based
policies .
 Data Persistence , Integrity and Confidentiality : The platform w ill offer l ong-term
storage of medical attributes and will have functions that ensure data are accurate,
complete and consistent during any operations . Data Integrity will be ensured by
Authorization mechanism that guarantee data are accessible only to tho se authorized .
 Inventory Logger : is a software module that keeps track of a chronological series of
audit records related to internal and external actions.

6

Figure 4. Conceptual structure of the EHaas Platform
At the lowest layer of EHaaS platform are SM (Security Mechanisms ), which are utilized to
accomplish the authentication, data integrity and confidentiality objectives . EHaaS platform
supports in the first version just Kerberos v5 , but we plan to add other user authentication
protocols, from traditio nal R ADIUS , to recent OpenID and U -Prov . In addition, EHaaS
platform will implement secure SOAP services. The Bing Maps SOAP Services are built
using WCF (Windows Communication Foundation) and conform to WS -Basic Profile 1.1.
The four services are : Geocode Service, Imagery Service, Route Service, and Search Service.
Bing Maps SOAP Services can be called using the HTTPS Secure Sockets Layer (SSL)
protocol , but it will add latency , at least five milliseconds.
In the middle layer is the Single Point of Contac t (SP C), introduced in (Fan L., et al., 2011),
which is used to satisfy the authorization condition s. A SP C has two modules. The first one
implements a policy repository , while the second module is designated as a policy engine.
The policy repository deals with: domain ontology, descriptions of identities, tasks , services,
objects and access rights. Each SPC epitomizes a single domain, and multiple SP Cs form a
network. Information requests are transmitted over the network to the proper SPC. Next, the
SPC ut ilizes its policy engine to verify the requester’s identity and grants access rights
according to current instructions in the policy repository. The information requests and rules
are defined using XML ( H. Jumaa , et al., 2010).

On the top layer stand four system services:
1) The Data Container service supports the CRUD (Creation, Reading, Updating and
Deletion ) of attribute values. Each attribute is kept in a single Data Container hosted by a
Cloud infrastructure. Any service is able to put/get data to/fro m a Data Container if it fulfils
two conditions. First of all , the service must know the eligible name of the target element .
Secondly, a rule needs to be defined in the SP C’s policy repository to permit the service to
perform CRUD operations over that element .

7
2) The Identity Translator service resolves user and object IDs into aliases , and vice versa. To
enhance the contextual privacy , the EHaaS platform utilizes aliases every time it is possible,
and exposes real IDs only to authorized services when it is totally necessary .
3) The Access Manager Service allows patients to CER ( Create, Edit and Remove )
information sharing policies about their own attributes. EHaaS platform considers a patient
the real owner of his/her medical data. Therefore , the access rights to their data should be
defined by the patients themselves. The Access Manager Service offers a GUI (Graphical
User Interface) , to facilitate authenticated users the set up policies process, directing what
personal information is accessible to whom a nd what medical services they would like to
subscribe to.
4) The Inventory Logger Service collects logs from application services and stores them in
text files. Inspecting the logs , we can see who the active user was and what actions the user
has made during a given period of time. The first benefit of an appropriately detailed
Inventory Logger is the possibility to reconstruct medical events and scenarios. Furthermore ,
it keeps track of c hanges made to a system and helps to roll them back when needed . Thi rdly,
it offers evidence for digital forensics techno logies, like the Digital -DNA , to identify security
anomalies and perform counter measures automatically. Last, but not least , it simplifies the
monitoring and analysis of the usage of resources .

The EHaaS platform stores attributes in an atomic format to improve their reusability and
manageability. The principal objective of the EHaaS platform is to permit a reliable usage of
captured medical data in numerous ways, while keeping strict access rights. Th is is realized
by information sharing policy. The policy syntax is designed as below :

[Requester] [Permission] [Operations] [Attributes] of [Object] with [ Priority ] from [ Owner]
in [TimePeriod ]

 [Requester] is the source of a request . It can be an indiv idual or the membership of a
particular role.
 [Permission ] defines whether a request meeting the rule criteria will be permitted or
denied .
 [Operations] refer to CRUD ( create , read, update and delete ).
 [Attributes] is a unit of information describing an Ob ject.
 [Object] refers to any entity that is managed by the system, such as a patient, a medical
equipment, and a software service.
 [Priority ] defines the priority assigned to a specific request.
 [Owner] describes a role with necessary privileges to modify all aspects of an
attribute , and to permit or deny access to it, as required by legislation and well-defined
responsibilities.
 [TimePeriod ] expresses the period of validity of a rule.

4. Related Works

The literature presents some efforts to propose new Cl oud platforms that are precisely
designed for e -Health services. For example, in (H. J. Cheong , et al., 2009) is described a way
to improve Korean Service Delivery System in Health Care , while (White, J., 2013) offered a
shrewd discussion about advantages and disadvantages of using commercial Cloud platforms
by healthcare administrations for their e -Health applications. White contended that the

8
benefits of low cost implementations are a compromise with the security dangers and outage
problems of the Cloud p roviders. In [Fan et al. , 2011 ] is described the Data Capture and Auto
Identification Reference (DACAR). The authors intend to develop, implement and
disseminate an innovative Cloud -based platform for storing and consuming data inside a
healthcare domain. They introduce the concept of Single Point of Contact , with which
DACAR platform will offer solutions for the challenges of e -Health Cloud services . In [Baru ,
C., et al., 2012 ], researchers technologically advanced a method for a Cloud platform named
Cyber Health for Aggregation, Research, and Evaluation (CARE) . This platform was primarily
planned to allow data integration, filtering, and processing for data mining in e -health. They
acknowledged a necessity for an infrastructure intended for data integration and tools to
analyze medical information in order to determine new medical patterns. Efforts were also put
in the e -Health Cloud implementation models. One example is a real-world e-Health Cloud
implementation model to support the building of HIS (Hospita l Information Systems) for
small healthcare providers who cannot afford to have their own HIS systems (He, C., et al.,
2010) . This solution enforces uniform standards of data sharing between existing HIS.
Conclusions
Presently , a prototype of the EHaaS platform is developing using Microsoft .NET 4. 5
framework. The SPC will be realized as a self -hosting WCF service running in Windows
Server 2012 . Users will be authenticated using the Kerberos protocol . Data Container , Access
Manager , Identity Translator and Inventory Logger services are all implemented as WCF
services. All WFC services are hosted by IIS 8 web server. The back end of the Data
Container will be supported by SQL Server 2012 and the front end of the Access Manager
Service will be built using WPF XAML . The policy engine will be written in Java .
Information requests and rules will be written in XML.

Acknowledgements
This work was partially supported by the strategic grant POSDRU/CPP107/DMI1.5/S/80272, Project ID80272
(2010), co -financed by the European Social Fund -Investing in People, within the Sectorial Operational Program
Human Resources Development 2007 -2013.
References

1) H. J. Cheong, N. Y. Shin, and Y. B. Joeng, “Improving Korean Service Delivery System in Health Care: Focusing on National E-
health System,” in Proc. of eTELEMED ’09 . IEEE, 2009, pp. 263 –268.
2) C. Rolim, F. Koch, C. Westphall, J. Werner, A. Fracalossi, G. Salvador,“A Cloud Computing Solution for Patient Data Collectio n
in Health Care Institutions,” in Proc. of ETELEMED . IEEE, 2 010, pp. 95 –99.
3) C. Gong, J. Liu, Q. Zhang, H. Chen, and Z. Gong, “The Characteristics of Cloud Computing,” in Proc of SCC ’10 . IEEE, 2010,
pp. 275 –279.
4) H. Jumaa, P. Rubel, and J. Fayn, “An XML -based Framework for Automating Data Exchange in Healthcare,” in Proc. of
Healthcom ’10 . IEEE, 2010, pp. 264 –269.
5) White, J. Cloud Computing in Healthcare: Is there a Silver Lining? Available online:
http://www.aspenadvisors.net/results/whitepaper/cloud -computing -healthcare -there -silver -lining (accessed on 28 March 2013 ).
6) Fan, L.; Buchanan, W.; Thummler, C.; Lo, O.; Khedim, A.; Uthmani, O.; Lawson, A.; Bell, D. DACAR Platform for eHealth
Services Cloud. In Proceedings of the 4th International Conference on Cloud Computing, Miami, FL, USA, July 2011; pp. 219 –
226.
7) Baru, C. ; Botts, N.; Horan, T.; Patrick, K.; Fedman, S.S. A Seeded Cloud Approach to Health Cyberinfrastructure: Preliminary
Architecture Design and Case Applications. In Proceedings of the 45th Hawaii International Conference on System Sciences,
Maui, HI, USA, 4 –7 January 2012; pp. 2727 –2734 .
8) He, C.; Jin, X.; Zhao, Z.; Xiang, T. A Cloud Computing Solution for Hospital Information System. In Proceedings of the
Intelligent Computing and Intelligent Systems (ICIS), Xiamen, China, 29 –31 October 2010; pp. 517 –520.
9) Eman AbuKhousa, Nader Mohamed * and Jameela Al -Jaroodi, e -Health Cloud: Opportunities and Challenges, Future Internet
2012, ISSN 1999 -5903, vol. 4, pp. 621 -645,