A Prototype of an E-health as a Service Platform [624916]

1
A Prototype of an E-health as a Service Platform
Răzvan Daniel Albu(1), Cornelia Emilia Gordan(2), Octavia -Maria Bolojan(3)
(1),(2)University of Oradea, Faculty of Electrical Engineering and Information Technology , Department of
Electronics and Telecommuni cations , 410087 , Oradea, Romania
(3) University of Oradea, Faculty of Electrical Engineering and Information Technology, Department of
Computers and Information Technology, 410087 , Oradea, Romania
(1)[anonimizat], (2)[anonimizat] , (3)obolojan@uor adea.ro

Abstract: : Since the costs of healthcare services have registered a significant growth in the
last period and Cloud computing has brightly changed how business applications are
developed and executed, an e-Health system on a pay -as-you-use model seems to be the right
choice in the future. Despite their great potential, e -Health Cloud model s have not been
addressed extensively in the literature. For that reason, analyzing and comparing the
effectiveness of such models is imperative. In this paper w e discuss the concept of “e -Health
as a service ” underlining many of its con stituents and building an e -Health platform for
Romanian healthcare system, that contains several challenges.

1. Introduction

Nowadays, d istributing a new application is as fast as lunching your Internet browser. PaaS
(Platform as a Service ) is a Cloud model for running applications without the stress of an
infrastructure that must be maintained or constant upgrade pain s. PaaS software solutions that
always have the latest features are imported by companies of all sizes . PaaS is a class of
Cloud services that offers a computing platform and a solution stack as a service (see [3] ).
Beside SaaS (Software as a Service) and IaaS (Infrastructure as a S ervice), PaaS is an
innovative Cloud service model. In this model, the consumer creates the software using tools
and/or libraries offered by the provider, controls software deployment and configuration
settings while t he provider delivers the networks, servers, storage and other services ( P. M ell,
T. Grance , 2011 ). Moreover, t he Internet of the Future will include billions of equipments ,
people and services having the capability to flawlessly interact and exchange information. We
imagine Future Internet similarly to a place where people will u tilize these equipments to
produce and consume web -based services in a web -based service industry which is referred in
modern literature as the Internet of People, Things and Services ( IoPTS ). The International
Telecommunication Union ( ITU)1 envisaged the Internet of Things as a world where physical
and digital objects are seamlessly integrated into the Internet to become active participants in
business processes. According to Gartner2, the world's leading information technology
research and advisory compan y, the top ten strategic technology trends for 2013 include d:
 Personal Cloud
 Hybrid IT
 Cloud Computing

1 ITU: http://www.itu.int/osg/csd/
2 Gartner: http://www.gartner.com/technology/about.jsp

2
 Integrated Ecosystems

In Gartner's CIO Agenda Survey, published in January 2011, CIOs decide the Cloud as their
top technology priority for the year. In our opinion, t he Cloud is a technology that, within the
next 10 years, will noticeably change IT world . In other words , we believe the Cloud w ill
change IT like nothing else before . Consequently, CIOs can't afford to be caught ignorant by
it, no matter h ow or when they decide to integrate the Cloud into the enterprise. A fashion
obvious in nowadays is the pervasive adoption of “App” -based software development and
distribution models. This model combine s inexpensive or free Apps with an effortless way for
acquisition, installation and maintenance. One of the top ten critical tech trends for the next
five years is “Hybrid cloud services”. Gartner says combinations of private and public clouds
will be composed of services from multiple providers. Private clou ds probably will dominate
since they improve agility. Gartner anticipate s that we could end up with hybrid environments
with a lot of providers.

Figure 2. Typical PaaS Architecture

2. E-health Cloud

3

Figure 3. Generic architecture of e -Health Cloud
Figure 3 presents E -Health Cloud as a special -effort Cloud that offers IT services to improve
patient care and, in the same time growing operational efficiency (see [2] ). Characteristically ,
the Cloud consists of a vector of layered elements. Examples of such layers include :
 Physical layer of st orage and server infr astructure;
 Application layer;
 Communication layer.

The e -Health Cloud (see [9] ) consists of a Gateway and Service -Based Applications further to
the standard of three -layer architecture of the Clou d (Figure 1). The Gateway can be set to
execute the following tasks:
 handling access to the Cloud;
 verifying EHR (Electronic Health Record) offered by different health care providers in
terms of integrity, authenticity, confidentiality and compliance wit h medical data
exchange principles ;
 integrating EHR data into a new complex Cloud -based EHR;
 selecting EHR to share with the public Cloud for research, educ ational and industrial
purposes;

4

Figure 1. Cloud Computing Fundamental Models
Service Based Appl ications offer as services applications for: security, epidemiology,
insurance , research and education, patients and healthcare organizations . Even if the e -Health
Cloud could deliver appreciated benefits to the health care industry, it regrettably succeed s to
the major challenges of HIT (Health Information Technology) and CC (Cloud Computing)
together (see [5] ). According to this, t echnical challenges include:
 Availability: healthcare providers call for high availability of the e -Health Cloud
services since they cannot effectively operate unless their applications and patients’
data are available.
 Reliability: since the operation of an application like e-Health Cloud is vital, it
requires assurances of high reliability as well as error -free e-Health Cloud services and
data.
 Scalability: because an e-Health Cloud can manage hundreds of healthcare providers
with millions of patient records, the services provided must be scalable. The capability
to grow while keeping satisfactory performance is one of the most important aspects
of Cloud services.
 Flexibility: a n e-Health Cloud must be capable to serve multiple healthcare providers
with different needs in terms of Quality of Services (QoS) requirements.
 Interoperability: services for the e -Health Cloud can be delivered from multiple
suppliers . For example , one supplier will offer processing services for high resolution
medical images while another will make available services for storing patient
electronic records and data mining.
 Privacy: privacy is an imperativ e issue and one of the main worries in e-Health
systems. The concerns here comprise the ability to defend patient’s records . Patients
should not be able to access each other records and in the same time their records
should not be accessible by other healt hcare providers or the Cloud service providers.

5
 Maintainability: because an e-Health Cloud can be used for hundreds of healthcare
service providers , the complexity of system maintainability increases, compared to an
individual e -Health system.
 Organization al change: the advance towards e-Health Cloud will involve momentous
changes to clinical and business procedures and also to the organizational limitations
in the healthcare industry.
 Legislations and standards: in Romania there are still no clear and ampl e legislations
because of the lack of standards for medical informatics, policies, and transmission
methods in e -Health Cloud.
 Data ownership: for example, a patient’s record could be the sole property of the
patient, however can his doctor also claim owne rship?
 Usability: this challenge regards the degree and level of acceptance attained by the e –
Health Cloud users , covering : patients, healthcare professionals, administrative and
insurance staffs .

3. Proposed platform

The EHaaS platform delivers a collectio n of software components and services, which
address es the most common e -Health application necessities . EHaaS platform helps
developers since they don’t need any more to implement an e -Health application from scratch.
The main issues addressed by the EHaa S platform are:
 Authentication : Users will be authenticated using the Kerberos v5 protocol and the
services will be hosted on a Windows Server 2012 machine . The Kerberos
authentication client is realized as a SSP ( Security Support P rovider), which can be
accessed through the SSPI ( Secur ity Support Provider Interface ). The Kerberos Key
Distribution Center (KDC) uses the domain’s Active Directory Domain Services (AD
DS) as its security account database.
 Authorization : Access to resources will be granted usi ng individual and role -based
policies .
 Data Persistence , Integrity and Confidentiality : The platform will offer l ong-term
storage of medical attributes and will have functions that ensure data are accurate,
complete and consistent during any operations . Data Integrity will be ensured by
Authorization mechanism that guarantee data are accessible only to those authorized .
 Inventory Logger : is a software module that keeps track of a chronological series of
audit records related to internal and external actions .

6

Figure 4. Conceptual structure of the EHaas Platform
As we can observe from Figure 4, a t the lowest layer of EHaaS platform are SM ( Security
Mechanisms ), which are utilized to accomplish the authentication, data integrity and
confidentiality objective s. EHaaS platform supports in the first version just Kerberos v5 , but
we plan to add other user authentication protocols, from traditional R ADIUS , to recent
OpenID and U -Prov . In addition, EHaaS platform will implement secure SOAP services. The
Bing Maps S OAP Services are built using WCF (Windows Communication Foundation) and
are conform ed to WS -Basic Profile 1.1. The four services are : Geocode Service, Imagery
Service, Route Service, and Search Service. Bing Maps SOAP Services can be called using
the HTTPS Secure Sockets Layer (SSL) protocol , but it will add latency , at least five
milliseconds.
In the middle layer is the Single Point of Contact (SP C), introduced in ( see [6] ), which is used
to satisfy the authorization condition s. A SP C has two modules: the first one implements a
policy repository , while the second module is designated as a policy engine. The policy
repository deals with: domain ontology, descriptions of identities, tasks , services, objects and
access rights. Each SPC epitomizes a single dom ain, and multiple SP Cs form a network.
Information requests are transmitted over the network to the proper SPC. Next, the SPC
utilizes its policy engine to verify the requester’s identity and grants access rights according to
current instructions in the po licy repository. The information requests and rules are defined
using XML ( see [4] ).

On the top layer stand four system services:

1) The Data Container service supports the CRUD (Creation, Reading, Updating and
Deletion ) of attribute values. Each attribu te is kept in a single Data Container hosted by a
Cloud infrastructure. Any service is able to put/get data to/from a Data Container if it fulfils
two conditions. First of all , the service must know the eligible name of the target element .
Secondly, a rule needs to be defined in the SP C’s policy repository to permit the service to
perform CRUD operations over that element .

7
2) The Identity Translator service resolves user and object IDs into aliases , and vice versa. To
enhance the contextual privacy , the EHaaS platform utilizes aliases every time it is possible,
and exposes real IDs only to authorized services when it is totally necessary .
3) The Access Manager Service allows patients to CER ( Create, Edit and Remove )
information sharing policies about their own attributes. EHaaS platform considers a patient
the real owner of his/her medical data. Therefore , the access rights to their data should be
defined by the patients themselves. The Access Manager Service offers a GUI (Graphical
User Interface) , to facil itate authenticated users the set up policies process, directing what
personal information is accessible to whom and what medical services they would like to
subscribe to.
4) The Inventory Logger Service collects logs from application services and stores them in
text files. Inspecting the logs , we can see who the active user was and what actions the user
has made during a given period of time. The first benefit of an appropriately detailed
Inventory Logger is the possibility to reconstruct medical events a nd scenarios. Furthermore ,
it keeps track of c hanges made to a system and helps to roll them back when needed . Thirdly,
it offers evidence for digital forensics techno logies, like the Digital -DNA , to identify security
anomalies and perform counter measures automatically. Last, but not least , it simplifies the
monitoring and analysis of the usage of resources .

The EHaaS platform stores attributes in an atomic format to improve their reusability and
manageability. The principal objective of the EHaaS platfo rm is to permit a reliable usage of
captured medical data in numerous ways, while keeping strict access rights. This is realized
by information sharing policy. The policy syntax is designed as below :

[Requester] [Permission] [Operations] [Attributes] of [Object] with [ Priority ] from [ Owner]
in [TimePeriod ]

 [Requester] is the source of a request . It can be an individual or the membership of a
particular role.
 [Permission ] defines whether a request meeting the rule criteria will be permitted or
denied .
 [Operations] refer to CRUD ( Create , Read, Update and Delete ) operations .
 [Attributes] is a unit of information describing an Object.
 [Object] refers to any entity that is managed by the system, such as a patient, a medical
equipment or a software service.
 [Priority ] defines the priority assigned to a specific request.
 [Owner] describes a role with necessary privileges to modify all aspects of an
attribute , and to permit or deny access to it, as required by legislation and well-defined
responsibilities.
 [TimeP eriod ] expresses the period of validity of a rule.

4. Related Works ??? la inceput

The literature presents some efforts to propose new Cloud platforms that are precisely
designed for e -Health services. For example, in [1] is described a way to improve Korean
Service Delivery System in Health Care , while in [5] is offered a shrewd discussion about
advantages and disadvantages of using commercial Cloud platforms by healthcare
administrations for their e -Health applications. Moreover, the author contended that the

8
benefits of low cost implementations are a compromise with the security dangers and outage
problems of the Cloud providers. In [6] is described the Data Capture an d Auto Identification
Reference (DACAR) system . The authors intend to develop, implemen t and disseminate an
innovative Cloud -based platform for storing and consuming data inside a healthcare domain.
They introduce the concept of Single Point of Contact , with which DACAR platform will
offer solutions for the challenges of e -Health Cloud servi ces. In [7], researchers
technologically advanced a method for a Cloud platform named CyberHealth for
Aggregation, Research and Evaluation (CARE) . This platform was primarily planned to allow
data integration, filtering, and p rocessing for data mining in e -Health. They acknowledged a
necessity for an infrastructure intended for data integration and tools to analyze medical
information in order to determine new medical patterns. Efforts were also put in the e -Health
Cloud implementation models. One example i s a real-world e-Health Cloud implementation
model to support the building of HIS (Hospital Information Systems) for small healthcare
providers who cannot afford to have their own HIS systems ([8]). This solution enforces
uniform standards of data sharing between existing HIS.

Conclusions ??? Nu ar trebui la Proposed platform
Presently , a prototype of the EHaaS platform is being developed using Microsoft .NET 4. 5
framework. The SPC will be realized as a self -hosting WCF service running in Windows
Server 2012. Users will be authenticated using the Kerberos protocol . Data Container , Access
Manager , Identity Translator and Inventory Logger services are all implemented as WCF
services. All WFC services are hosted by IIS 8 web server. The back -end of the Data
Container will be supported by SQL Server 2012 and the front -end of the Access Manager
Service will be built using WPF XAML . The policy engine will be written in Java .
Information requests and rules will be written in XML.

Acknowledgements
This work was partially supported by the strategic grant POSDRU/CPP107/DMI1.5/S/80272, Project ID80272
(2010), co -financed by the European Social Fund -Investing in People, within the Sectorial Operational Program
Human Resources Development 2007 -2013.
References

[1] H. J. Cheong, N. Y. Shin, Y. B. Joeng, Improving Korean Service Delivery System in Health Care:
Focusing on National E -health System , in Proc. of eTELEMED ’09 . IEEE, 2009, 263 –268.
[2] C. Rolim, F. Koch, C. Westphall, J. Werner, A. Fracalossi, G. Salvador, A Cloud Computing Solution
for Patient Data Collection in Health Care Institutions , Proc. of ETELEMED . IEEE, 2010, 95 –99.
[3] C. Gong, J. Liu, Q. Zhang, H. Chen, Z. Gong, The Characteristics of Cloud Computing , in Proc of SCC
’10. IEEE, 2010, 275 –279.
[4] H. Jumaa, P. Ru bel, J. Fayn, An XML -based Framework for Automating Data Exchange in Healthcare ,
in Proc. of Healthcom ’10 . IEEE, 2010, 264 –269.
[5] J. White, Cloud Computing in Healthcare: Is there a Silver Lining? , Available online:
http://www.aspenadvisors.net/results/whit epaper/cloud -computing -healthcare -there -silver -lining
(accessed on 28 March 2013).
[6] L. Fan, W. Buchanan, C. Thummler, O. Lo, A. Khedim, O. Uthmani, A. Lawson, D. Bell, DACAR
Platform for eHealth Services Cloud , Proceedings of the 4th International Conferenc e on Cloud
Computing, Miami, FL, USA, July 2011, 219 –226.

9
[7] C. Baru, N. Botts, T. Horan, K. Patrick, S.S. Fedman, A Seeded Cloud Approach to Health
Cyberinfrastructure: Preliminary Architecture Design and Case Applications , Proceedings of the 45th
Hawaii Int ernational Conference on System Sciences, Maui, HI, USA, 4 –7 January 2012, 2727 –2734.
[8] C. He, X. Jin, Z. Zhao, T. Xiang, A Cloud Computing Solution for Hospital Information System ,
Proceedings of the Intelligent Computing and Intelligent Systems (ICIS), Xia men, China, 29 –31
October 2010, 517 –520.
[9] E. AbuKhousa, N. Mohamed, J. Al -Jaroodi, e-Health Cloud: Opportunities and Challenges , Future
Internet 2012, ISSN 1999 -5903, vol. 4, 621 -645.

BIBLIOGRAFIA IN ORDINE ALFABETICA???