Abstract
Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.
Highlights
In the 21th century, since the adoption of the current data protection rules, people have altered their ways of communicating by using new channels to share their personal information, such as cloud computing
This study proposes possible security policy rules, pertaining to the protection of sensitive personal data, that are appropriate to the risk-based approach presented and that could be adopted by cloud providers, hospitals, other healthcare organizations, and clinical researchers for achieving compliance with the General Data Protection Regulation (GDPR)
Based on the previous table, the GDPR implications that are not covered in our cloud security policy, are explicitly presented below with new security policy rules
Summary
In the 21th century, since the adoption of the current data protection rules, people have altered their ways of communicating by using new channels to share their personal information, such as cloud computing. The General Data Protection Regulation (GDPR) of the European Union (EU) addresses the protection of data subjects with regard to the processing and of their personal data. It introduces a set of rules across EU countries and citizens in order to secure their personal data. As a regulation and not a directive, it immediately becomes an enforceable law for all EU member states
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
