Factors Affecting Users’ Sense of Security and Trust in Integrating EHR to Cloud

 Factors Affecting Users’ Sense of Security and Trust in Integrating EHR to Cloud

The concept of electronic health record (EHR) entails storing the medical details of patients in a digital format. The medical details include a patient’s medical history, details of physical examination, evaluations and treatment. EHRs are increasingly being implemented by hospitals and physicians due to the many advantages they have over paper records. For instance, EHRs have led to increased access to health care, reduced costs and improved quality of care. There are, however, some ethical and security issues with regard to the implementation of EHRs. Sharing or linking patients’ health data without the knowledge and consent of patients jeopardize autonomy. Since patients may lack confidence in the system’s security, they may decide not to disclose vital information about themselves, which may compromise their treatment. Health information about patients can be leaked by accident or through theft. Because of the security concerns, many health organizations have resorted to integrating EHR applications to the Cloud. The proposed research will examine some of the factors affecting users’ sense of security and trust in the integration and identify some of the mitigation measures that can be put in place.

Cloud computing is a fast evolving technology that recently emerged. It is currently applied in all sectors of the economy. Through the internet, cloud computing functions by scaling some important applications that can be useful to the medical sector by helping in the integration of electronic health records. Cloud connectivity enhances connectivity, adaptability, cost reduction, scalability, resilience and performance, which have the capacity to boost the efficacy and quality of EHR. However, if certain factors that affect users’ sense of security and trust when EHR is integrated to cloud are not identified and addressed, many adverse effects may be encountered (Jin, Ahn, Hu, Covington and Zhang, 2009).

The proposed research will analyse patients’ reaction with regard to security and trust. The research will be more concerned with how patients would react if they learn that their medical information is managed by a third party company. A critical analysis of the possible responses of patients regarding the level of their sense of security and trust for the integration of EHR to cloud can help in determining some of the issues of concern. Such issues can be used in instituting certain mitigation measures that can help in ensuring that cloud computing safely helps in managing electronic health records. The proposed research is very relevant to the healthcare subject area. It also applies to the subject area of nursing and healthcare technology. The findings of the research can be useful in improving knowledge in the healthcare fields.

Research Question

            What factors affect the users’ sense of security and trust when the EHR systems are integrated into cloud? The proposed study is designed with the aim of investigating what affect the users’ sense of security and trust when the EHR systems are integrated into cloud. The integration into cloud implies that the patients’ data will not be managed by the health providers but by third parties. That fact has raised security concerns among patients. The researcher will seek to determine what patients think about integrating EHR to cloud? if they think there are any security concerns and what factors lead to such concerns?. The researcher will also validate the architectural integration of cloud base application and how it is efficient in managing EHR. The researcher will also review the opinions of several scholars with regard to the integration of cloud and EHR. Special attention will be paid to patients’ security glitches, pros and cons, and patient data control. The researcher will examine security policies, cryptographic tools and subsequent digital management and technologies for element based encryption.

Literature Review

Quick and easy access to medical data of patients can help save lives in emergency situations. As such, EHRs have been adopted in the current healthcare domain (Jin, Ahn, Hu, Covington and Zhang, 2009). It has helped in ensuring that healthcare providers, patients and insurance companies can get health information of patients at any given location and at any time. It is most crucial when the patient data is obtained at the point of care because it helps in ensuring that the time-sensitive data about patients is obtained while it is still fresh (Zhang and Liu, 2010). There are still, however, some healthcare providers who develop and maintain their own EHRs, which is very expensive (Wu, Ahn and Hu, 2012). Besides, such information may not be easily accessed by other healthcare providers or insurance companies in case there is any need. There is therefore the need to have a common infrastructure platform that is open (Takabi, Joshi and Ahn, 2010).

Cloud computing has been introduced as a computing paradigm with a potential. In this new platform, the computing infrastructure has been shifted from the providers to third-party services providers. The third party providers are now the ones who manage the software as well as hardware resources. Research has shown that cloud computing can help in enhancing the agility, scale, cost efficiency and availability of health records and improve collaboration between health providers (Jin, Ahn, Hu, Covington and Zhang, 2009). Therefore, instead of building and maintaining data centres, health providers are integrating their EHR systems into cloud (Wu, Ahn and Hu, 2012).

Previous research have shown that cloud computing can help in boosting the efficiency of EHR systems (Jin, Ahn, Hu, Covington and Zhang, 2009). It can also help in solving the issues with control of access and cyber thefts which threaten the security of patients’ data. There is limited research into the application of cloud computing in electronic health records, especially in South Africa. The technology has been applied in many other developed countries, especially the United States and Europe. However, it is only just arriving in South Africa. Advanced studies are therefore necessary before the technology can completely be integrated in managing EHR in the country’s healthcare sector. Otherwise, a lot of security issues may be encountered including data thefts. The proposed research aims to carry out an analysis of several use cases and make comparisons of patients’ responses in urban and rural areas in Cape Town, South Africa. The research will also closely examine the patients’ level of trust for the use of cloud in managing and storing medical data.


            Since the proposed research will be concerned with the opinions of patients, the preferred data collection method will be surveys. Survey is chosen because it makes patients anonymous as they answer the research questions. It also avoids infringing or affecting the ethical concerns of patients. Considering the ethical concerns of patients, the researcher will make use of a third party survey provider in collecting data from anonymous patients aged between 21 and 45 years within South Africa. The research questions will be developed by the researcher and verified by the researcher’s supervisor, after which the questions will be submitted to the third party company to carry out the survey. The researcher will also carry out a review of literature to identify any security implications during the software engineering lifecycle process, giving special attention to privacy challenges. Personalized questionnaires will be administered to patients in 10 different healthcare centres in Cape Town. The participants will be selected through random sampling. A sample of 300 patients will be selected. Correlation and regression analyses will then be carried out on the data acquired from the survey to come up with valid conclusions.

            Considering the complexity of the research, a qualitative approach will be applied in carrying out the study. This is because the research is decisive in its purpose since it quantifies the problem and provides methods of preventing any instance of the problem. This is done through carrying out searches for projectable results from a large population.

Foreseen Limitations

            The researcher foresaw that carrying out the research individually could have been very challenging. Sampling and gaining contact with 300 patients could have been a big challenge. Acquiring their consent and administering the questionnaires to them could also have been next to impossible. Delegating this duty to a third party survey provider company is expected to remove these limitations. However, the credibility of the results will be jeopardized. It will be difficult to ascertain whether all 300 patients shall have actually been reached. There is limited research into the integration of EHR into cloud and the acquisition of such materials may be very costly. Understanding the software engineering concepts with regard to the development and implementation of EHR and cloud platforms will also be very challenging. The researcher will need to consult software engineering technicians in order to understand at least the basics and identify the security issues that may affect patients’ privacy and trust of the system.

Research Schedule

            The proposed study is expected to cost a total of $400 and will be conducted within 14 business days. The researcher expects that no unpredicted limitations will be met and there will be no new conditions that will arise at the time of the research. If anything happens contrary to the projections, the researcher expects to spend more money and more time for the research. For that reason, the researcher has allowed a month for the research and intends to acquire $500 and dedicate it solely for the research activities.

            The development of research questions will take two days and will cost about $15 for research, typing and printing costs. After the survey questions are developed, the researcher will present them typed to the supervisor for approval. Any improvements will then be made. The researcher will then go ahead to carry out a research to identify the most credible and trustworthy third party survey company in South Africa. After that, the company will be contacted, and the researcher will visit them in person. The whole process is expected to take up 35 dollars. The researcher will then enter a 200 dollar contract with the chosen company.

            As the company continues with the survey, the researcher will also carry out reviews of literature on the research topic. The activity will be carried out in public libraries, and where necessary, in private ones. Since access to the relevant materials will be a challenge, the researcher expects to spend about $50 and another fifty dollars in consulting a software engineering specialist well versed in the cloud software development lifecycle. After the survey data has been received and the researcher has finished carrying out literature reviews, the data will be analysed using statistical technology, which is expected to cost about twenty-five dollars. The researcher will then spend another $25 in compiling the final report and submit to the supervisor for approval. The researcher expects that the results of the proposed study will be monumental in improving patient care, management of patient information and knowledge in the healthcare IT fields.

Table 1: Research Schedule

Activity	Cost	Duration
Developing research questions	$15	2 days
Approval of research questions by supervisor	Nil	1 day
Identifying and contacting a third party survey provider to conduct the survey	$35	1 day
Submitting the survey questions to the survey provider	$200	1 day
Carrying out a review of literature at a public library	$50	3 days
Contacting and working with a software engineering specialist well conversant with the development life cycle of cloud systems	$50	2 days
Analysis of acquired data	$25	2 days
Compiling the final report	$25	2 days

Even though cloud computing has more positive impacts when integrated with electronic health records, there are still certain factors that lead to the loss of trust and degradation of the sense of security among users. The proposed study aims to identify some of these factors and propose the necessary mitigation measures. The research will be carried out through surveys and review of literature. The research results will help in enhancing knowledge in the healthcare information technology sector and in improving the access to and management of electronic health records.


Jin, Ahn, Hu, Covington and Zhang., 2009. Patient-centric authorization framework for sharing electronic health records. Proceedings of the 14th ACM symposium on Access control models and technologies. p.125-134.

Takabi, H., Joshi, J. & Ahn, G., 2010. Security and privacy challenges in cloud computing environments. Security & Privacy, IEEE, 8(6): p.24-31.

Wu, R., Ahn, G., and Hu, H., 2012. Secure Sharing of Electronic Health Records in Clouds.

Zhang, R. and Liu, L., 2010. Security models and requirements for healthcare application clouds. Proceedings of 3rd IEEE International Conference on Cloud Computing, p.268-275. IEEE.

Share this: 

Enjoy big discounts

Get 20% discount on your first order