The rise of cloud computing has been driven by the benefits, the cheapest purveyor of application hosting, storage, infrastructure, huge cost savings with low initial investment, elasticity and scalability, ease of adoption, operational efficiency, on-demand resources. With all the security and Privacy Laws in the Health Care field today anyone that works with confidential information should know how to protect that information. The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare data. Governance, compliance and auditing are becoming as important pedagogical subjects as long established financial auditing and financial control. Designing sound IT governance, compliance, and auditing is a challenging task. This Thesis elaborates the concept of HIPAA compliance in cloud computing by taking a look at the history and dynamics and how Cloud computing changes the astir of certain parts of HIPAA Security requirements. We briefly describe the cyber warfare as a premise to enforce the reasons for complying with government regulations for information systems. The purpose of this Thesis is to explain the importance of HIPAA and research what it takes for Healthcare data to be HIPAA Compliant. Also, explaining what is expected of Healthcare industries if there is an audit and how does HIPAA Auditing play a big part in HIPAA compliance. The Cloud is a platform where all users not only store their data but also used the services and software provided by Cloud Service Provider (CSP). As we know the service provided by the cloud is very economical due to which the user pay only for what he used. This is a platform where data owner remotely store their data in the cloud to enjoy the high quality services and applications. The user can access the data, store the data and use the data. In a Corporate world there are large number of client who accessing their data and modifying a data. To manage this data we use third party auditor (TPA), that will check the reliability of data but it increases the data integrity risk of data owner. Since TPA not only read the data but also he can modify the data, therefore a novel approach should be provided who solved this problem. We first examine the problem and new potential security scheme used to solve this problem. Our algorithm encrypt the content of file at user level which ensure the data owner and client that there data are intact.
3. The Health Insurance Portability and Accountability Act (HIPAA)
Act supports the concepts of Electronic Health Record (EHR) and
Health Information Exchange (HIE). Even though HIPAA has been
around since 1996 it wasn’t taken seriously until HITECH was put
into place in 2010. HITECH extended the HIPAA that was put into
place in 1996 which contained two parts: Title I and Title II.
•Title I to protect people in case they lost their job or switched jobs
so that they could still have healthcare coverage.
•Title II called Administrative Simplification was about data
protection. From an IT Departments aspect HIPAA/HITECH is to
control who can see what data depending on their job position,
tracking data, and monitoring data. Also protecting stored data and
data while it is being transferred through encryption. Access
controls and processes also need to be set up.
4. What is cloud Computing?
• cloud computing has been driven by the benefits, the cheapest
purveyor of application hosting, storage, infrastructure, huge
cost savings with low initial investment, elasticity and scalability,
ease of adoption, operational efficiency, on-demand resources.
• the cloud of computers extend beyond a single company or
entity. the application and data served by cloud are available to
broader group of users, cross enterprise, and cross platform.
• access is via internet. any authorized user can access these
documents, application from any computer over the internet.
• access pay-as-you-go manner .
8. Compliance and Audit in cloud
• Compliance is a Conformance with an established standard,
specification, regulation, or law. Various types of privacy
regulations and laws exist within different countries at the
local and global levels, making compliance a potentially
complicated issue for cloud computing.
• HIPAA in the US is just compliance issues affecting cloud
computing, based on the type of data and application for
which the cloud is being used. Maintaining and proving
compliance when using cloud computing.
• Audit is well positioned through its role as an assurance
function to help management and the board identifies and
considers the key risks of leveraging cloud computing
technology.
11. • The traditional cryptographic technologies for data integrity and availability, based
on Hash functions and signature schemes.
1. Firstly, traditional cryptographic cannot work on the outsourced data. it is not a
practical solution for data validation by downloading them due to the expensive
communications, especially for large size files.
2. Secondly, Cloud Computing is not just a third party data warehouse. The data stored in
the cloud may be frequently updated by the users, including insertion, deletion,
modification, appending, reordering, etc.
12. In a Corporate world there are large number of client who accessing their data and
modifying a data. To manage this data we use third party auditor (TPA), that will check
the reliability of data but it increases the data integrity risk of data owner. Since TPA
not only read the data but also he can modify the data, therefore a novel approach
should be provided who solved this problem. In this thesis we first examine the
problem and new potential security scheme used to solve this problem. Our algorithm
encrypt the content of file at user level which ensure the data owner and client that
there data are intact.
1.Protect the data from unauthorized access.
2.Ensure that our data are intact.
3.Solve the problem of integrity, unauthorized access, privacy and consistency.
13.
14. modules
1. Client Module:
In this module, the client sends the query to the server. Based on the
query the server sends the corresponding file to the client.
2. System Module:
• User:
Users, who have data to be stored in the cloud and rely on the cloud for
data computation, consist of both individual consumers and
organizations.
• Cloud Service Provider (CSP):
A CSP, who has significant resources and expertise in building and
managing distributed cloud storage servers, owns and operates live Cloud
Computing systems,.
• Third Party Auditor (TPA):
An optional TPA, who has expertise and capabilities that users may not
have, is Trusted to assess and expose risk of cloud storage services on
behalf of the users upon request.
24. Conclusion
• Creating a cost-effective and secure system design when the
adversary owns the data is extremely challenging.
•
To protect the data from unauthorized access and ensure
that our data are intact.
• Solve the problem of integrity, unauthorized access, privacy
and consistency.