SlideShare a Scribd company logo

Hipaa auditing in cloud computing enviroment

Parshant Tyagi, profile picture
Parshant Tyagi

The document discusses the Health Insurance Portability and Accountability Act (HIPAA) and its extension, HITECH, emphasizing their roles in electronic health records and data protection. It explores the implications of cloud computing for compliance and audit processes, highlighting challenges in maintaining data integrity and privacy. A proposed solution involves a novel algorithm for encrypting data at the user level to safeguard against unauthorized access and ensure data integrity.

TechnologyBusiness
Related topics:
Regulatory ComplianceCloud Computing Insights
1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Hipaa auditing in cloud computing enviroment
Hipaa auditing in cloud computing enviroment
The Health Insurance Portability and Accountability Act (HIPAA) Act supports the concepts of Electronic Health Record (EHR) and Health Information Exchange (HIE). Even though HIPAA has been around since 1996 it wasn’t taken seriously until HITECH was put into place in 2010. HITECH extended the HIPAA that was put into place in 1996 which contained two parts: Title I and Title II. •Title I to protect people in case they lost their job or switched jobs so that they could still have healthcare coverage. •Title II called Administrative Simplification was about data protection. From an IT Departments aspect HIPAA/HITECH is to control who can see what data depending on their job position, tracking data, and monitoring data. Also protecting stored data and data while it is being transferred through encryption. Access controls and processes also need to be set up.
What is cloud Computing? • cloud computing has been driven by the benefits, the cheapest purveyor of application hosting, storage, infrastructure, huge cost savings with low initial investment, elasticity and scalability, ease of adoption, operational efficiency, on-demand resources. • the cloud of computers extend beyond a single company or entity. the application and data served by cloud are available to broader group of users, cross enterprise, and cross platform. • access is via internet. any authorized user can access these documents, application from any computer over the internet. • access pay-as-you-go manner .
Hipaa auditing in cloud computing enviroment
Hipaa auditing in cloud computing enviroment
GENERATION OF HPC
Compliance and Audit in cloud • Compliance is a Conformance with an established standard, specification, regulation, or law. Various types of privacy regulations and laws exist within different countries at the local and global levels, making compliance a potentially complicated issue for cloud computing. • HIPAA in the US is just compliance issues affecting cloud computing, based on the type of data and application for which the cloud is being used. Maintaining and proving compliance when using cloud computing. • Audit is well positioned through its role as an assurance function to help management and the board identifies and considers the key risks of leveraging cloud computing technology.
HIPAA RULES
COMPLIANCE SECURITY
• The traditional cryptographic technologies for data integrity and availability, based on Hash functions and signature schemes. 1. Firstly, traditional cryptographic cannot work on the outsourced data. it is not a practical solution for data validation by downloading them due to the expensive communications, especially for large size files. 2. Secondly, Cloud Computing is not just a third party data warehouse. The data stored in the cloud may be frequently updated by the users, including insertion, deletion, modification, appending, reordering, etc.
In a Corporate world there are large number of client who accessing their data and modifying a data. To manage this data we use third party auditor (TPA), that will check the reliability of data but it increases the data integrity risk of data owner. Since TPA not only read the data but also he can modify the data, therefore a novel approach should be provided who solved this problem. In this thesis we first examine the problem and new potential security scheme used to solve this problem. Our algorithm encrypt the content of file at user level which ensure the data owner and client that there data are intact. 1.Protect the data from unauthorized access. 2.Ensure that our data are intact. 3.Solve the problem of integrity, unauthorized access, privacy and consistency.
Hipaa auditing in cloud computing enviroment
modules 1. Client Module: In this module, the client sends the query to the server. Based on the query the server sends the corresponding file to the client. 2. System Module: • User: Users, who have data to be stored in the cloud and rely on the cloud for data computation, consist of both individual consumers and organizations. • Cloud Service Provider (CSP): A CSP, who has significant resources and expertise in building and managing distributed cloud storage servers, owns and operates live Cloud Computing systems,. • Third Party Auditor (TPA): An optional TPA, who has expertise and capabilities that users may not have, is Trusted to assess and expose risk of cloud storage services on behalf of the users upon request.
ALGORITHM
screen shots Eucalyptus Private Cloud Setup
Admin Console
E-mail Confirmation
User Console
Audit Logs
Client request to csp
Cloud Server Login
Verify password if correct send a file that he wants to access
Conclusion • Creating a cost-effective and secure system design when the adversary owns the data is extremely challenging. • To protect the data from unauthorized access and ensure that our data are intact. • Solve the problem of integrity, unauthorized access, privacy and consistency.
Hipaa auditing in cloud computing enviroment

More Related Content

DOCX
Data Security
ankita_kashyap
 
PPTX
Eight principles of consumer data privacy
Solix Technologies, Inc
 
PPTX
Data security in Hybrid Cloud Computing
Anushkae0001
 
PPT
Ahearn Cloud Presentation
johnjamesahearn
 
PDF
Uganda Cloud Computing Panel
Commonwealth Telecommunications Organisation
 
PPTX
Cloud Compliance Auditing - Closer 2011
Jonathan Sinclair
 
PPT
Security Problem With Cloud Computing
Martin Bioh
 
PPTX
In data security
adithdev
 
Data Security
ankita_kashyap
 
Eight principles of consumer data privacy
Solix Technologies, Inc
 
Data security in Hybrid Cloud Computing
Anushkae0001
 
Ahearn Cloud Presentation
johnjamesahearn
 
Uganda Cloud Computing Panel
Commonwealth Telecommunications Organisation
 
Cloud Compliance Auditing - Closer 2011
Jonathan Sinclair
 
Security Problem With Cloud Computing
Martin Bioh
 
In data security
adithdev
 

What's hot (19)

DOCX
Running head technology vulnerabilities in the cloud
AKHIL969626
 
PDF
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
eFax Corporate®
 
DOCX
Running head hardware and software security14 hardware an
AKHIL969626
 
PPS
CloudSecurity
Utkarsh Kumar
 
PDF
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
ijsptm
 
DOCX
Ss
DukeLss
 
PDF
Enhancing Availability of Data in Mixed Homomorphic Encryption in Cloud
ijtsrd
 
PDF
eHealth ….. How to trust a cloud?
Mario Drobics
 
PPTX
Compliant Email Solutions for HIPAA & SOX regulations
SherWeb
 
PPTX
IoT_Implemented
Brandon Walston
 
PPT
Lkm 2011
Anandavasagan
 
PDF
Secure Islands Case Study - Financial Firm Implements Enhanced DLP
Secure Islands - Data Security Policy
 
PPTX
Access control policy
Bsmah Fahad
 
PPTX
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
PDF
Brochure Imperva Vormetric
Michelle Guerrero Montalvo
 
PPT
What is IRM? bright talk
ritupande
 
PDF
Secure cloud storage privacy preserving public auditing for data storage secu...
rajender147
 
PDF
HIPAA
Druce MacFarlane
 
PPTX
Security in electronic health records
samuelerie
 
Running head technology vulnerabilities in the cloud
AKHIL969626
 
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
eFax Corporate®
 
Running head hardware and software security14 hardware an
AKHIL969626
 
CloudSecurity
Utkarsh Kumar
 
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
ijsptm
 
Ss
DukeLss
 
Enhancing Availability of Data in Mixed Homomorphic Encryption in Cloud
ijtsrd
 
eHealth ….. How to trust a cloud?
Mario Drobics
 
Compliant Email Solutions for HIPAA & SOX regulations
SherWeb
 
IoT_Implemented
Brandon Walston
 
Lkm 2011
Anandavasagan
 
Secure Islands Case Study - Financial Firm Implements Enhanced DLP
Secure Islands - Data Security Policy
 
Access control policy
Bsmah Fahad
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Brochure Imperva Vormetric
Michelle Guerrero Montalvo
 
What is IRM? bright talk
ritupande
 
Secure cloud storage privacy preserving public auditing for data storage secu...
rajender147
 
HIPAA
Druce MacFarlane
 
Security in electronic health records
samuelerie
 
Ad

Similar to Hipaa auditing in cloud computing enviroment (20)

PDF
Achieving Secure, sclable and finegrained Cloud computing report
Kiran Girase
 
PDF
iaetsd Shared authority based privacy preserving protocol
Iaetsd Iaetsd
 
PDF
Cloud computing security issues and challenges
Kresimir Popovic
 
PDF
Data Stream Controller for Enterprise Cloud Application
IJSRD
 
PDF
Cloud Information Accountability Frameworks for Data Sharing in Cloud
IOSR Journals
 
PDF
Accountability in Distributed Environment For Data Sharing in the Cloud
Editor IJCATR
 
PDF
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
PDF
Paper id 212014106
IJRAT
 
PDF
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
IRJET Journal
 
PDF
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Editor IJMTER
 
PDF
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
ASAITHAMBIRAJAA
 
PDF
Ieeepro techno solutions 2011 ieee java project -secure role based data
hemanthbbc
 
PDF
1784 1788
Editor IJARCET
 
PDF
1784 1788
Editor IJARCET
 
PDF
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Editor IJMTER
 
PDF
Cloud Security
Pyingkodi Maran
 
PPTX
Blockchain-Based Data Preservation System for Medical Data
Swarup Saha
 
PDF
Cloud Computing
sahil lalwani
 
DOCX
Enablingdatadynamicandindirectmutualtrustforcloudcomputingstoragesystems 1310...
Karyavardhi Sandra
 
DOC
Security threats in cloud computing
Puneet Arora
 
Achieving Secure, sclable and finegrained Cloud computing report
Kiran Girase
 
iaetsd Shared authority based privacy preserving protocol
Iaetsd Iaetsd
 
Cloud computing security issues and challenges
Kresimir Popovic
 
Data Stream Controller for Enterprise Cloud Application
IJSRD
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
IOSR Journals
 
Accountability in Distributed Environment For Data Sharing in the Cloud
Editor IJCATR
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
Paper id 212014106
IJRAT
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
IRJET Journal
 
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Editor IJMTER
 
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
ASAITHAMBIRAJAA
 
Ieeepro techno solutions 2011 ieee java project -secure role based data
hemanthbbc
 
1784 1788
Editor IJARCET
 
1784 1788
Editor IJARCET
 
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Editor IJMTER
 
Cloud Security
Pyingkodi Maran
 
Blockchain-Based Data Preservation System for Medical Data
Swarup Saha
 
Cloud Computing
sahil lalwani
 
Enablingdatadynamicandindirectmutualtrustforcloudcomputingstoragesystems 1310...
Karyavardhi Sandra
 
Security threats in cloud computing
Puneet Arora
 
Ad

Recently uploaded (20)

PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
A Presentation on Artificial Intelligence
memembruh336
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 

Hipaa auditing in cloud computing enviroment

  • 3. The Health Insurance Portability and Accountability Act (HIPAA) Act supports the concepts of Electronic Health Record (EHR) and Health Information Exchange (HIE). Even though HIPAA has been around since 1996 it wasn’t taken seriously until HITECH was put into place in 2010. HITECH extended the HIPAA that was put into place in 1996 which contained two parts: Title I and Title II. •Title I to protect people in case they lost their job or switched jobs so that they could still have healthcare coverage. •Title II called Administrative Simplification was about data protection. From an IT Departments aspect HIPAA/HITECH is to control who can see what data depending on their job position, tracking data, and monitoring data. Also protecting stored data and data while it is being transferred through encryption. Access controls and processes also need to be set up.
  • 4. What is cloud Computing? • cloud computing has been driven by the benefits, the cheapest purveyor of application hosting, storage, infrastructure, huge cost savings with low initial investment, elasticity and scalability, ease of adoption, operational efficiency, on-demand resources. • the cloud of computers extend beyond a single company or entity. the application and data served by cloud are available to broader group of users, cross enterprise, and cross platform. • access is via internet. any authorized user can access these documents, application from any computer over the internet. • access pay-as-you-go manner .
  • 8. Compliance and Audit in cloud • Compliance is a Conformance with an established standard, specification, regulation, or law. Various types of privacy regulations and laws exist within different countries at the local and global levels, making compliance a potentially complicated issue for cloud computing. • HIPAA in the US is just compliance issues affecting cloud computing, based on the type of data and application for which the cloud is being used. Maintaining and proving compliance when using cloud computing. • Audit is well positioned through its role as an assurance function to help management and the board identifies and considers the key risks of leveraging cloud computing technology.
  • 11. • The traditional cryptographic technologies for data integrity and availability, based on Hash functions and signature schemes. 1. Firstly, traditional cryptographic cannot work on the outsourced data. it is not a practical solution for data validation by downloading them due to the expensive communications, especially for large size files. 2. Secondly, Cloud Computing is not just a third party data warehouse. The data stored in the cloud may be frequently updated by the users, including insertion, deletion, modification, appending, reordering, etc.
  • 12. In a Corporate world there are large number of client who accessing their data and modifying a data. To manage this data we use third party auditor (TPA), that will check the reliability of data but it increases the data integrity risk of data owner. Since TPA not only read the data but also he can modify the data, therefore a novel approach should be provided who solved this problem. In this thesis we first examine the problem and new potential security scheme used to solve this problem. Our algorithm encrypt the content of file at user level which ensure the data owner and client that there data are intact. 1.Protect the data from unauthorized access. 2.Ensure that our data are intact. 3.Solve the problem of integrity, unauthorized access, privacy and consistency.
  • 14. modules 1. Client Module: In this module, the client sends the query to the server. Based on the query the server sends the corresponding file to the client. 2. System Module: • User: Users, who have data to be stored in the cloud and rely on the cloud for data computation, consist of both individual consumers and organizations. • Cloud Service Provider (CSP): A CSP, who has significant resources and expertise in building and managing distributed cloud storage servers, owns and operates live Cloud Computing systems,. • Third Party Auditor (TPA): An optional TPA, who has expertise and capabilities that users may not have, is Trusted to assess and expose risk of cloud storage services on behalf of the users upon request.
  • 23. Verify password if correct send a file that he wants to access
  • 24. Conclusion • Creating a cost-effective and secure system design when the adversary owns the data is extremely challenging. • To protect the data from unauthorized access and ensure that our data are intact. • Solve the problem of integrity, unauthorized access, privacy and consistency.