Balancing Security And Convenience: Sso And Oauth For Healthcare Data In Aws Govcloud
Main Article Content
Abstract
To provide better care, healthcare must find a balance between patient privacy and data access. Application-specific login password security is available, but it is not safe or efficient.
AWS GovCloud healthcare apps should use SSO and OAuth. Use SSO to log in to apps in the healthcare environment. OAuth is in charge of patient info. AWS GovCloud lets government and healthcare groups use cloud services that are HIPAA-compliant. The security design and compliance certifications of AWS GovCloud help healthcare businesses run apps safely and meet data protection standards.
Central IdPs are used in the planned healthcare network. Only this IdP checks the users of healthcare apps. After IdP authentication, SAML sends user credentials safely to the AWS GovCloud target application.
Next, OAuth is great. The healthcare app gives you tools while the central IdP gives the go-ahead. OAuth lets apps get to patient info safely. Users give apps permission to view their EHRs. The combined method makes things safer. Cut down on login information to stop brute-force attacks and password tiredness. Unified user management in the IdP limits access to patient data to only approved healthcare providers in a complex way.
OAuth only lets apps access employment info. Security risks go down when data traces are smaller. Lastly, healthcare data platforms are safe because AWS GovCloud security is built in. Problems with patient safety. Advanced permissions are managed by OAuth flows in suggested design. The patients pick who can see their information. In IdP fine-grained access control rules, entry is limited by the person who has the least privilege. The design meets the strict rules set by HIPAA for keeping data safe. It is legal to use granular consent and authorization boundaries, as well as centralized IdP authentication. AWS GovCloud apps make it easier to follow the rules for cloud design in healthcare.
SSO/OAuth makes it easier for healthcare workers to use. Clinicians and others can get to patient info without having to remember a lot of passwords. Less mental stress makes caring for patients easier. To put the plan into action, technical problems must be solved. Apps for health care may need SSO and OAuth APIs. To keep an eye on what users and data do, you need strong logging and tracking.The research is pointed. In the future, researchers may look into how MFA improves control over entry. Blockchain audit trails and history can be looked at.
Article Details
References
Amazon Web Services (AWS). (2021). Salesforce Government Cloud Plus (SFGCP) Enterprise Privacy Impact Assessment. U.S. Department of Veterans Affairs. https://department.va.gov/privacy/wp-content/uploads/sites/5/2023/05/FY22SalesforceGovernmentCloudPlusEPIA.pdf
AWS Security Team. (2022). AWS Single Sign-On HIPAA eligibility announcement. AWS News Blog. https://aws.amazon.com/about-aws/whats-new/2022/04/aws-single-sign-on-hipaa-eligible/
Microsoft & AWS Collaboration. (2020). Federating Azure AD with AWS GovCloud using SSO. AWS Public Sector Blog. https://aws.amazon.com/blogs/publicsector/using-aws-sso-microsoft-azure-ad-federate-aws-govcloud-us/
AWS GovCloud Team. (2020). Introduction to AWS GovCloud (US) security and compliance [Video]. YouTube. https://www.youtube.com/watch?v=koVXGP-95OE
National Institute of Standards and Technology (NIST). (2018). Guidelines for securing electronic healthcare records in cloud environments (SP 800-190). U.S. Department of Commerce.
MedStar Health & AWS. (2021). Case study: Enhancing patient portal security with AWS GovCloud. https://aws.amazon.com/solutions/case-studies/medstar-health/
AWS Compliance Team. (2022). AWS GovCloud (US) compliance programs: HIPAA, FedRAMP, and ITAR. https://aws.amazon.com/govcloud-us/
Huang, L., & Zhang, Y. (2020). OAuth 2.0 implementation challenges in healthcare cloud systems. Journal of Healthcare Informatics Research, 4(3), 212–230.
AWS Identity Team. (2021). IAM Identity Center for hybrid AWS GovCloud and commercial environments. https://aws.amazon.com/blogs/publicsector/iam-identity-center-aws-environments-spanning-govcloud-us-standard-regions/
Chen, X., & Kumar, S. (2019). Single Sign-On (SSO) architectures for federated healthcare systems. IEEE Transactions on Biomedical Engineering, 66(7), 1895–1904.
AWS & Microsoft Collaboration. (2021). Integrating Azure AD with AWS SSO for HIPAA-compliant healthcare applications. https://pages.awscloud.com/-How-to-Use-Azure-Active-Directory-with-AWS-SSO_2020_0219-SID_OD.html
U.S. Department of Health and Human Services (HHS). (2020). Technical safeguards for electronic protected health information (ePHI) in cloud environments. https://www.hhs.gov/hipaa
Singh, P. D., Kaur, R., Dhiman, G., & Bojja, G. R. (2023). BOSS: a new QoS aware blockchain assisted framework for secure and smart healthcare as a service. Expert Systems, 40(4), e12838.
AWS Whitepaper. (2021). Architecting for HIPAA compliance in AWS GovCloud. https://d0.awsstatic.com/whitepapers/compliance/AWS_DOD_CSM_Reference_Architecture.pdf
Ping Identity & AWS. (2020). Configuring SAML-based SSO for AWS GovCloud healthcare workloads [Video]. https://videos.pingidentity.com/detail/video/3541391683001/configuring-sso-to-a-saml-app:-connecting-to-aws
AWS Security. (2021). Multi-factor authentication (MFA) best practices for healthcare data in GovCloud. https://aws.amazon.com/blogs/security/how-us-federal-agencies-can-authenticate-to-aws-with-multi-factor-authentication/
VMware & AWS. (2022). Securing hybrid healthcare workloads in VMware Cloud on AWS GovCloud. https://www.vmware.com/solutions/cloud-partners/vmc-on-aws/govcloud
Shaik, M., & Bojja, G. R. (2022). Advanced Identity Access Management and Blockchain Integration: Techniques, Protocols, and Real-World Applications for Enhancing Security, Privacy, and Scalability in Modern Digital Infrastructures. Libertatem Media Private Limited.
AWS Documentation. (2022). Identity and access management (IAM) in AWS GovCloud (US). https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-iam.html
Cognizant & AWS. (2020). Case study: Migrating sensitive healthcare analytics to AWS GovCloud. https://www.cognizant.com/us/en/case-studies/secure-aws-workspace-healthcare