Abstract
Cloud-based personal health records increase globally. The GPOC series introduces the concept of a Global Patient co-Owned Cloud (GPOC) of personal health records. Here, we present the GPOC series’ Prospective Register of Systematic Reviews (PROSPERO) registered and Preferred Reporting Items Systematic and Meta-Analyses (PRISMA)-guided systematic review and meta-analysis. It examines cloud-based personal health records and factors such as data security, efficiency, privacy and cost-based measures. It is a meta-analysis of twelve relevant axes encompassing performance, cryptography and parameters based on efficiency (runtimes, key generation times), security (access policies, encryption, decryption) and cost (gas). This aims to generate a basis for further research, a GPOC sandbox model, and a possible construction of a global platform. This area lacks standard and shows marked heterogeneity. A consensus within this field would be beneficial to the development of a GPOC. A GPOC could spark the development and global dissemination of artificial intelligence in healthcare.
Similar content being viewed by others
Introduction
The concept of a Global Patient co-Owned Cloud (GPOC) embodies a global and blockchain protected, worldwide distributed and patient co-owned platform of personal health records (PHR, ISO/TR 14292:2012). Until now, this concept of a co-ownership model on a global scale has not been presented.
Here, the GPOC series commences with a systematic review and meta-analysis of a dozen pivotal facets of a GPOC. It aims to cover the dozen facets most relevant to the technical construction of a GPOC model.
The GPOC series consists of four other self-contained publications1,2,3,4. The GPOC concept’s necessity is explored in the GPOC Survey, revealing a global consensus1. This received answers from all key opinion leaders of 193 + 3 United Nations’ member states and the 18 largest international health care organisations1. Thus, the technical and mathematical foundations were shaped, resulting in a GPOC sandbox environment2.
Cloud-based PHRs have become increasingly vital in healthcare, enhancing patient management. The quality of patient care hinges on maintaining data integrity, privacy, security, and efficient data retrieval for clinicians and healthcare providers5,6. Centralised PHRs have faced criticism for security vulnerabilities and clinician burnout7. For instance, the WannaCry ransomware attack, which began in 2017 and continues to pose a threat, targets less secure central systems. It affected over 150 countries and over 40% of the world’s national health care systems8. In the security evolution new cloud-based models, including blockchain-based systems, have been researched worldwide7. These offer enhanced privacy, security, and access control. Some even allow for the deletion of patient information when necessary, addressing privacy concerns5,6.
Another issue arises with travellers in a globalised world, as their healthcare records may not be accessible in host nations. This underscores the need for a secure cloud-based global PHR platform that can support both patient care during travel and migration.
Ensuring the security of these cloud-based PHRs involves advanced cryptographic techniques, necessitating continuous research and testing. However, emerging technologies also pose regulatory and ethical challenges, especially regarding data ownership and responsibility4.
Here, the systematic review and meta-analysis explore the impact of these technologies on the concept of co-ownership across borders. Hereby enabling a foundation to assess PHR management and design for a global patient co-owned cloud.
Results
Overview
The PRISMA flow diagram in Fig. 1 summarises the screening process. Search results retrieved 16,045 references with 6683 duplicates removed and 9362 references screened. Thirty-four were selected for final inclusion in the review and 12 were included in the meta-analysis. Figure 2 depicts the twelve GPOC core facets included in the systematic review and meta-analysis. Figure 3 shows the geographical distribution of the institutions included in the GPOC systematic review and meta-analysis. As an illustration of our analytical approach, Fig. 4 showcases a forest plot derived from the meta-analysis, while all forest plots are available in Supplementary File 2 (S2).
Efficiency-based parameters
Runtimes defines the amount of time it takes for a programme or piece of code to run (ms). In 117 sub studies on runtimes, a pooled effect size estimate of 12874 ms (CI: 12867–12881, I2 100%; p = 0.0005). A log transformed meta-analysis of the 117 sub studies on runtimes also showed an effect size estimate of 1.98 ms (CI: 1.97–1.98, I2 100%; p = 0.0005).
Key generation times was defined as the time required for the process of generating cryptographic keys (ms). In 46 sub studies on key generation time, a pooled effect size estimate of 143 ms (CI: 121–165, I2 98%; p = 0.0005). A log transformed meta-analysis of the 46 sub studies on key generation time also showed an effect size estimate of 4.5 ms (CI: 4.52–4.47, I2 99.9%; p = 0.0005). Figure 4 illustrates the forest plot for the key generation time meta-analysis.
Other time-based activities
In 26 sub studies on time analysis such as key management and increased keyword query search time for PHR server transfer, a pooled effect size estimate of 3951 ms (CI: 3949–3955 I2 100%; p = 0.0005). A log transformed meta-analysis of the 26 sub studies on usage policy also showed an effect size estimate of 2.56 ms (CI: 2.55–2.56, I2 100%; p = 0.0005).
Security-based parameters
Access policies define the protection of cloud data access and devices. These are set up to block access to all unauthorised uploads. In 34 sub studies on usage policy, a pooled effect size estimate of 30076 security-based policy of granularity of data access and response (CI: 30073–30079, I2 100%; p = 0.0005) was identified. A log transformed meta-analysis of the 34 sub studies on usage policy also showed an effect size estimate of 3.98 policies (CI: 3.97–3.98, I2 100%; p = 0.0005).
Encryption ensures the conversion of information secretly to hide its original contents and was defined as the total encrypted data (bytes) divided by the encryption time (ms). In 86 sub studies on encryption, a pooled effect size estimate of 80.76 ms (CI: 80.7–80.7, I2 100%; p = 0.0005). A log transformed meta-analysis of the 86 sub studies on encryption also showed an effect size estimate of 1.86 ms (CI: 1.86–1.86, I2 100%; p = 0.0005).
In 20 sub studies on ratio of means of encryption, a pooled effect size estimate of 0.16 ms (CI: 0.11–0.21, I2 100%; p = 0.0005). A log transformed meta-analysis of the 20 sub studies on ratio of means of encryption also exhibited an effect size estimate of 0.162 ms (CI: 0.110–0.214, I2 100%; p = 0.0005).
Decryption reverses the coded information to its original content and was defined as the total decrypted data (bytes) divided by the decryption time (ms). In 73 sub studies on decryption, a pooled effect size estimate of 59.50 ms (CI: 59.50–59.51, I2 100%; p = 0.0005). A log transformed meta-analysis of the 73 sub studies on decryption also showed an effect size estimate of 1.70 ms (CI: 1.70–1.70, I2 100%; p = 0.0005).
Cost-based parameters
Data transfer cost (gas cost) was defined as gas, which is the price per unit of computation that is performed on the Ethereum network. In 8 sub studies on gas analysis, a pooled effect size estimate of 70193 Ethereum (CI: 70113–70272, I2 100%; p = 0.0005). A log transformed meta-analysis of the 8 sub studies on gas analysis also showed an effect size estimate of 1.71 Ethereum (CI: 1.63–1.79, I2 99.9%; p = 0.0005).
Risk of Bias (ROB)
Figure 5 illustrates risk of bias of the 12 meta-analysed studies across seven bias domains, with 31% moderate and 69% of low risk. The studies presented moderate risks of bias: 8% due to confounding, 75% due to selection of participants, 25% in classification of interventions, 42% due to deviations from intended interventions, 25% due to missing data, 17% in measurement of outcomes, and 25% in selection of the reported result.
Data availability
The data generated in this study are provided in the Supplementary Information. Source data are provided with this paper. Source data and raw data generated in this study, have been deposited in the article repository on Figshare, https://doi.org/10.6084/m9.figshare.c.7066553. All data are available on the repository without restrictions. The timeframe for response to requests is immediate. All data are free to use.
References
Lidströmer, N. et al. Necessity of a Global Patient co-Owned Cloud (GPOC). Nat. Commun. https://doi.org/10.21203/rs.3.rs-3004727/v1
Davids, J. et al. Technical sandbox for a Global Patient co-Owned Cloud (GPOC). Nat. Commun. https://doi.org/10.21203/rs.3.rs-3004979/v1.
Lidströmer, N. et al. A summit on a Global Patient co-Owned Cloud (GPOC). https://doi.org/10.21203/rs.3.rs-3353036/v1.
Lidströmer, N. et al. Review of the ethics, policies and regulations of a Global Patient co-Owned Cloud (GPOC). https://doi.org/10.21203/rs.3.rs-3353005/v1.
Cao, S., Wang, J., Du, X., Zhang, X., Qin, X., editors. CEPS: a cross-blockchain based electronic health records privacy-preserving scheme. ICC 2020—2020 IEEE International Conference on Communications (ICC), pp. 1–6 https://doi.org/10.1016/j.dcan.2023.07.008 (2020).
Cao, S., Zhang, X. S. & Xu, R. X. Toward secure storage in cloud-based ehealth systems: a blockchain-assisted approach. IEEE Netw. 34, 64–70 (2020).
Johnson, K. B., Neuss, M. J. & Detmer, D. E. Electronic health records and clinician burnout: a story of three eras. J. Am. Med Inf. Assoc. 28, 967–973 (2021).
Jones, S., Neville, S., Chaffin, J. Hackers use tools stolen from NSA in worldwide cyber attack. Financial Times, 12th May. Retrieved 19th November 2022 from: https://www.ft.com/content/e96924f0-3722-11e7-99bd-13beb0903fa3 (2017).
Guddati, V. & Guddati, A. K. Ethical issues in patient data ownership. Interact J. Med. Res. 10 https://doi.org/10.2196/22269 (2021).
Karabekmez, M. E. Data ethics in digital health and genomics. N. Bioeth. 27, 320–333 (2021).
Akter, M. et al. Performance analysis of personal cloud storage services for mobile multimedia health record management. IEEE Access 6, 52625–52638 (2018).
Bhargavi, M., Bharath, Siva & Varma, P. Privacy protection for e-health records over mobile cloudlet. Int. J. Recent Technol. Eng. 8, 6014–6019 (2019).
Preetha, A. D. & Kumar, T. S. P. Securing IoT-based healthcare systems from counterfeit medicine penetration using Blockchain. Appl. Nanosci. 13, 1263–1275 (2023).
Preetha, A. D. & Kumar, T. S. P. MLPPT-MHS: multi-layered privacy preserving and traceable mobile health system. Procedia Comput. Sci. 165, 598–614 (2019).
Saravanan, N., Umamakeswari, A. Enhanced attribute based encryption technique for secured access in cloud storage for personal health records. Concur. Comput. Pract. Exp. 34, 11. Wiley https://doi.org/10.1002/cpe.6890 (2022).
Saravanan, N. & Umamakeswari, A. Hap-Cp-Abe based encryption technique with hashed access policy based authentication scheme for privacy preserving of Phr. Microprocess. Microsyst. 80, 103540 (2021).
Sukte, C., Emmanuel, M. & Deshmukh, R. R. Modified elliptic curve cryptography model for personal health record sharing in cloud with trust valuation. Int. J. Comput. Sci. Netw. Secur. 22, 593–601 (2022).
Al-Issa, Y., Ottom, M. A. & Tamrawi, A. eHealth cloud security challenges: a survey. J. Healthc. Eng. 2019, 7516035 (2019).
Burns, S., Collisson, E. A. Blockchain-authenticated sharing of cancer patient genomic and clinical outcomes data. J. Clin. Oncol. 38, e19358 (2020).
Abaid, Z., et al. Health access broker: secure, patient-controlled management of personal health records in the cloud. 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS). p. 111–121 https://doi.org/10.48550/ar**v.2005.07987 (2021).
Chen, Y. The role of patients in transiting personal health information: a field study. Stud. Health Technol. Inf. 160, 3–7 (2010).
Liu, J. H., Huang, X. Y. & Liu, J. K. Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption. Future Gener. Comput. Syst. Int. J. Esci. 52, 67–76 (2015).
Chennam, K. & Muddana, L. An efficient two stage encryption for securing personal health records in cloud computing. Int. J. Serv. Oper. Inform. 9, 277–296 (2018).
Florence, M. L. & Suresh, D. Enhanced secure sharing of PHR’s in cloud using user usage based attribute based encryption and signature with keyword search. Clust. Comput. J. Netw. Softw. Tools Appl. 22, 13119–13130 (2017).
Kocabas, O., Soyata, T. Towards privacy-preserving medical cloud computing using homomorphic encryption. 213–246 https://doi.org/10.4018/978-1-5225-9863-3.ch005 (2015).
Sangeetha, D. et al. Multi keyword searchable attribute based encryption for efficient retrieval of health Records in Cloud. Multimed. Tools Appl. 81, 22065–22085 (2022).
Qin, L., Xuhui, L., Baishuang, H. U. & Shaobo, Z. Fine-grained access control with user revocation in cloud-based personal health record system[J]. J. Electron. Inf. Technol. 39, 1206–1212 (2017).
Liu, X., Liu, Q., Peng, T., Wu, J. HCBE: Achieving fine-grained access control in cloud-based PHR systems. 562–576 https://doi.org/10.1007/978-3-319-27137-8_41 (2015).
Liu, X. H., Liu, Q., Peng, T. & Wu, J. Dynamic access policy in cloud-based personal health record (PHR) systems. Inf. Sci. 379, 62–81 (2017).
Meddah, N., Jebrane, A., Toumanari, A. Scalable lightweight ABAC scheme for secure sharing PHR in cloud computing. In: Ezziyyani, M., Bahaj, M., Khoukhi, F. (eds) Advanced Information Technology, Services and Systems. AIT2S 2017. Lecture Notes in Networks and Systems, vol 25. (Springer, 2018). https://doi.org/10.1007/978-3-319-69137-4_30.
Niu, S., Song, M., Fang, L. & Wang, C. Cloud storage data sharing based on attribute encryption in smart healthcare. Dianzi Yu **nxi Xuebao J. Electron. Inf. Technol. 44, 107–117 (2022).
Raisaro, J. L. et al. MedCo: enabling secure and privacy-preserving exploration of distributed clinical and genomic data. IEEE/ACM Trans. Comput. Biol. Bioinforma. 16, 1328–1341 (2019).
Al-Aswad, H., El-Medany, W. M., Balakrishna, C., Ababneh, N. & Curran, K. BZKP: blockchain-based zero-knowledge proof model for enhancing healthcare security in Bahrain IoT smart cities and COVID-19 risk mitigation. Arab. J. Basic Appl. Sci. 28, 154–171 (2021).
Alshammari, H., Abd El-Ghany, S. & Shehab, A. Big IoT healthcare data analytics framework based on fog and cloud computing. J. Inf. Process. Syst. 16, 1238–1249 (2020).
Powles, J. & Hodson, H. Google DeepMind and Healthcare in an age of algorithms. Health Technol. 7, 351–367 (2017).
Lee, H.-A. et al. Global infectious disease surveillance and case tracking system for COVID-19: development study. JMIR Med. Inform. 8, e20567 (2020).
Ramu, G. A secure cloud framework to share EHRs using modified CP-ABE and the attribute bloom filter. Educ. Inf. Technol. 23, 2213–2233 (2018).
Devi, T., Ramachandran, A., Deepa, N. A biometric approach for electronic healthcare database system using SAML—a touchfree technology. 2021 Second International Conference on Electronics and Sustainable Communication Systems (ICESC), p 174–178 https://doi.org/10.1109/ICESC51422.2021.9532874 (2021).
Kumar, S. et al. Novel method for safeguarding personal health record in cloud connection using deep learning models. Comput. Intell. Neurosci. 2022, 3564436 (2022).
Khansa, L., Forcade, J., Nambari, G., Parasuraman, S. & Cox, P. Proposing an intelligent cloud-based electronic health record system. Int. J. Bus. Data Commun. Netw. 8, 57–71 (2012).
Pussewalage, H. S. G., Oleshchuk, V. A., editors. A patient-centric attribute based access control scheme for secure sharing of personal health records using cloud computing. 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), p. 46–53. https://doi.org/10.1109/CIC.2016.020 (2016).
(MISSED)Topol E. The patient will see you now: the future of medicine is in your hands. 1st edn., ISBN 9780465054749 (Basic Books, 2016).
Rinesh, S. & Baskaran, K. A secure and efficient data sharing in cloud using multiple authority attribute based biometric encryption. Int. J. Appl. Eng. Res. 10, 19490–19504 (2015).
Chin, J. Y. J., Man, K., Zhou, W. International and global issues—differences in health systems, patient populations, and medical practice. p. 257–272. https://doi.org/10.1016/B978-0-12-817663-4.00030-1 (2021).
Turner, A. M. et al. Use of patient portals for personal health information management: the older adult perspective. AMIA Annu Symp. Proc. 2015, 1234–1241 (2015).
Almutiry, O., Wills, G., Alwabel, A., Crowder, R., Walters, R., editors. Toward a framework for data quality in cloud-based health information system. International Conference on Information Society pp. 153–157 (i-Society 2013).
Black, A. S., Sahama, T. Chronicling the patient journey: co-creating value with digital health ecosystems. In: Maeder, A. & Williams, T. (eds) Proceedings of the Australasian Computer Science Week Multiconference (Association for Computing Machinery, 2016) pp. 1–10. https://doi.org/10.1145/2843043.2843381.
Knapfel, S., Plattner, B., Santo, T. & Tyndall, S. Promotion of meaningful use of a personal health record in second life. Stud. Health Technol. Inform. 201, 413–417 (2014).
Koufi, V., Malamateniou, F., Tsohou, A. & Vassilacopoulos, G. A framework for privacy-preserving access to next-generation EHRs. Stud. health Technol. Inform. 205, 740–744 (2014).
Hecht, J. The future of electronic health records. Nature 573, S114–S116 (2019).
Uchimura, Y. & Fujita, H. Development of medical and health information system using mobile devices. IEEJ Trans. Sens. Micromach. 132, 381–386 (2012).
Ouzzani, Mourad, Hammady, Hossam, Fedorowicz, Zbys & Elmagarmid, Ahmed Rayyan—a web and mobile app for systematic reviews. Syst. Rev. 5, 210 (2016).
Acknowledgements
This study was supported by the Swedish Research Council (2019-01157) and the Swedish National Heart and Lung (20180505) and Freemasons Children’s House foundations grants to Prof Eric Herlenius and scholarship to Dr Niklas Lidströmer. We acknowledge the librarians at Karolinska Institutet Narcisa Hannerz and Anja Vikingson, Professor Sabine Koch at Karolinska Institutet, the librarians at Imperial College London, Michael Gainsford, Sarah Feehan and Jackie Kemp.
Funding
Open access funding provided by Karolinska Institute.
Author information
Authors and Affiliations
Contributions
Niklas Lidströmer (NL) conceived the background research, idea and concept. NL and Joseph Davids (JD) designed the study. NL conducted the literature review with support from JD. NL performed data collection. NL and JD performed data analysis. NL assembled and structured the source data for the meta-analysis. All authors (NL, JD, Mohamed ElSharkawy (ME), Hutan Ashrafian (HA), Eric Herlenius (EH)) contributed to the data interpretation. HA and EH provided critical intellectual input throughout the study. All authors conducted statistical analyses and contributed to the interpretation of results. NL wrote the manuscript with input from all co-authors. NL made all revisions of the manuscript with input from EH. All authors critically reviewed and approved the final version of the manuscript. NL created all figures and assembled all source data into a repository on Figshare.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Peer review
Peer review information
Nature Communications thanks Cristiano da Costa, and Tony Sahama for their contribution to the peer review of this work. A peer review file is available.
Additional information
Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Supplementary information
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Lidströmer, N., Davids, J., ElSharkawy, M. et al. Systematic review and meta-analysis for a Global Patient co-Owned Cloud (GPOC). Nat Commun 15, 2186 (2024). https://doi.org/10.1038/s41467-024-46503-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41467-024-46503-5
- Springer Nature Limited