**5. Discussion**

Although Cloud Computing is a consolidated technology in computational and storage resources, with the explicit goals of reducing operating costs and improving results in many scientific domains, Cloud Computing is slowly gathering steam in healthcare despite those premises. This impasse may be due to the critical challenges to face, such as encryption, user identification, storage, access, etc.

Patient clinical information is now collected in Electronic Medical Records (EMRs), even known as Electronic Health Records (EHRs). Using Cloud tools to analyze and share

EMRs data can improve the performance of healthy corporations. Cloud services lowered the cost of care, improved outcomes, and increased customer/patient loyalty and satisfaction while yielding growth and profitability. At the same time, EMRs data must be stored and handled according to well-defined privacy and security rules [40]. Cloud environments must face several challenges in data handling, notably the native heterogeneity of healthcare data and the need to harmonize data sets from different healthcare organizations. Cloud storage is the ideal solution for storing data from different healthcare organizations. It can spur multi center data analysis, data summarization, integration, and harmonization, contributing to new knowledge, improving clinical trials, and developing new drugs. The need for suitable integration and harmonization functions hamper the collaboration between healthcare institutions. Traditional harmonization and integration methods are ineffective with healthcare data. In [41], authors present HarmonicSS, a PaaS Cloud Computing model encouraging collaboration among multiple organizations, providing several data harmonization functions based on semantic data models to identify concepts automatically without a human supervisor. In addition, HarmonicSS provides trustworthy AI models based on the Cloud Federated environment, allowing secure, legal, and ethical uploads compliant with HL7 standards ideal for the healthcare domain. The ubiquity of EMRs in recent years through Cloud Computing could lead to the wide use of artificial intelligence (AI) [42] to analyze these vast amounts of data. AI tools are unhurriedly supplanting humans in many application domains, such as deciding who should ge<sup>t</sup> a loan, hiring new workers, and supporting doctors in clinical reporting, decisions, and treatments design. The use of AI in fields where data-driven algorithmic decision-making may affect human life, e.g., healthcare, raises concerns regarding their reliability [43]. Indeed, since AI is a data-driven decision-making tool, using unbalanced, poor, or misleading data sets can increase the probability that these tools could be biased. Improving AI reliability can increase its adoption in healthcare environments. Thus, the challenge is establishing an end-to-end Cloud Computing service able to increase the reliability of AI tools. A potential Cloud Computing service includes the following steps: data acquisition, preprocessing, and AI model training. A possible strategy for increasing end-to-end reliability consists of the following: data labeling, which allows one to figure out the quality of data for the application; results aggregation to simplify the quality assessment; and finally, detection of unbalanced groups, which enables one to obtain more accurate and expressive knowledge models. Hence, the combination of Cloud Computing and reliable AI tools provides Cloud services that can help to increase the adoption of Cloud Computing services in healthcare organizations.

EMR data storage in Cloud repositories throws security problems, such as protecting patients' personal information [44]. Cloud providers can protect EMR-sensitive information by employing noncryptographic techniques such as anonymization and splitting [45]. Data anonymization [46] is a privacy technique to protect a user's personal information, hiding sensitive information that could reveal the identity. Data anonymization can be accomplished by applying various methods, such as removing or hiding identifiers or attributes. The primary intent of data anonymization is to obscure the person's identity in any way. Data splitting divides sensitive data into smaller chunks, distributing those smaller units to distinct storage locations to protect it from unauthorized access. In this manner, data anonymization and splitting protect patients' sensitive information without compromising Cloud Computing performance since data retrieval is accomplished without further computations such as decryption. Noncryptographic techniques provide a basic security level for Cloud environments because intruders can obtain access to complete sensitive information in case of a breach.

Thus, using cryptography [47] can improve Cloud environment security. Cryptography is a fundamental and widely used approach for hiding and securing classified information. Cryptography transforms the raw data into ciphertext using encryption algorithms to protect data during network transfer and storage. Today, cryptography is employed to pursue different targets, such as data confidentiality and integrity. Due to the

increased data violations in the last few years, some Cloud service providers are moving toward cryptographic techniques to attain more safety. In [48], Hassan et al. discuss the relevance of synthesizing, classifying, and identifying different data protection methodologies. Although cryptography increases the security and trust of Cloud environments, it negatively affects Cloud environments' performance. Users want to retrieve their data stored in a Cloud database. Searching for encrypted data is a crucial element of cryptography because every user who stores sensitive data in a local or Cloud database wants to retrieve it. Data retrieving is completed by searching sensitive data through queries. Consequently, the procedure of retrieving data is complicated, since it is not possible to carry out computation on encrypted data without ever decrypting the content.

Cryptography approaches [49,50] are classified into Asymmetric and Symmetric. Asymmetric cryptography [51], also known as a public key, is a technique that uses a couple of keys to encryp<sup>t</sup> and decrypt information. A key in the pair is public that, as the name implies, can be distributed without affecting security. At the same time, the second key in the pair is private and known exclusively to the owner. In this approach, anyone can use the public key to encryp<sup>t</sup> messages, but only the paired private key can decrypt those encrypted messages. Public keys are usually stored in digital certificates, which allows them to be easily and securely shared. Private keys are not shared and must be held by users in suitable software systems or hardware, such as USB tokens. Symmetric cryptography [52], also known as a secret key, is a technique that uses a single key for encryption and decryption purposes. In symmetric cryptography, the secret key is private and a secure channel is required to distribute it. This requirement has proved challenging to maintain, representing the main weaknesses of this cryptographic schema. Hence, the key length can mitigate this weakness. In fact, the longer the key, the more secure the communication will be. For instance, to force a key of 128-bit with the computing power of current computers would take millions of years, a sufficient time to guarantee a secure outcome of communications. In asymmetric cryptography, on the other hand, public keys can be distributed on a (possibly) insecure channel, while private keys are generated locally without requiring to be transmitted. This public distribution allows for encrypted and authenticated communications between parties who have not previously met or exchanged information. To summarize, given their different nature, the two types of encryptions are used in purely different fields. Symmetric encryption is used to encryp<sup>t</sup> files and data when it is necessary to transfer large blocks of information, as well as during data transmission in HTTPS. In contrast, asymmetric cryptography is used in encryption and authentication procedures such as digital signatures. In this regard, healthcare corporations can use symmetric cryptography to achieve more security when sharing data through the network and choose asymmetric cryptography to provide secure authentication procedures to limit access to the stored sensitive information exclusively to the legitimate owner.

Blockchain technology is well known and used in cryptocurrency, safety, and trust management, making it suitable even for Cloud Computing services in healthcare. In [53], Rahmani et al. discussed the issues related to security breaches that occurred in Cloud platforms. Trust handling is critical for delivering secure and trustworthy service to users. The traditional trust-handling protocols in Cloud Computing are centralized, resulting in single-point failure. Hence, Rahmani et al. propose as a solution the use of Blockchain in Cloud domains, e.g., healthcare, that requires trust and trustworthiness in several aspects. An essential feature of Blockchain is the decentralization of the trust model that produces a trust Cloud environment. In [54], Ismail et al. present the limitations of a healthcare system based on either Cloud or Blockchain, highlighting the importance of implementing an integrated Blockchain-Cloud (BcC) system for further improve the Blockchain decentralization and, consequently, the Cloud environment trust.

The Internet of things (IoT) is a paradigm that allows different objects, e.g., intelligent entities and sensors, to communicate with each other on the Internet network. The IoT provides several benefits in many domains, from home to private and public corporations and governmen<sup>t</sup> institutions. The IoT provides endless opportunities to connect homes, wearable devices, smart cities, and how patients interact with healthcare corporations. Smart devices, sensors, and wearables, even called smart-objects, are changing how personal care is delivered. Sensors like wearable trackers, e.g., smartwatches and bands, enable automatic self-monitoring and controlling health conditions such as hypertension and blood pressure. Patients can monitor their health status and, if necessary, communicate with their medical doctors to receive expert care directions, improving the quality of their medical care. In [55], the authors provide a picture of how IoT device use changes health care delivery. Thus, despite the above benefits, many issues must be considered, especially data security and privacy, because sensitive patient and hospital information are exchanged over the Internet.

In [56], Kibiwott et al. argue that if the IoT data are far from the owner's physical domain, privacy and security cannot be ensured. In this regard, Kibiwott et al. propose adopting attribute-based signcryption (ABSC) to mitigate security issues and protect sensitive data. ABSC cryptographic properties include fine-grained access control, authentication, confidentiality, and data owner privacy.

To bypass exchanging sensitive information over the network and preventing in this way to face data security and privacy issues, it is possible to use Edge Computing. Edge Computing is a novel programming model aiming to keep the computing step as near to the data source as possible, enabled by the availability of novel devices such as NVIDIA Jetson [57,58]. Moreover, the computation close to the data source guarantees a faster response with low latency, one of the essential requirements in decision-making or missioncritical processes. In [59], the authors present E-ALPHA (Edge-based Assisted Living Platform for Home cAre), which supports both Edge and Cloud Computing paradigms to design innovative Ambient Assisted Living (AAL) services in scenarios of different scales. E-ALPHA flexibly combines Edge and Cloud, assisting users in the preliminary assessment. In particular, it helps to determine the desired performance of the service. Next, it assists users in configuring applications or platforms for real deployment. IoT devices are continuously increasing in many domains, such as scientific, corporate, and domestic, presenting new challenges in the real-time elaboration of these vast amounts of different types of data produced. For these reasons, many initiatives investigating the deployment of architecture-based Edge Computing services and their impact on performance and cost are arising [60]. Moreover, Edge Computing, Machine Learning and Data Mining can put forward the analysis of IoT data based on Edge Computing, Machine Learning, and Deep Learning [61]. In [57], the authors present an approach based on Machine Learning and Edge Computing to diagnose early-stage cancer, allowing efficient and fast analysis without compromising the privacy of sensitive information. In [62] authors proposed EdgeMiningSim, a methodology aimed at IoT domain experts, for creating descriptive or predictive models to take actions in the IoT field.

In [63], Bertuccio et al. describe ReportFlow as an application to transfer sensitive data over the Public Cloud, speeding and simplifying the medical report process of EEGs. ReportFlow exploits the Role-Based Access Control (RBAC) to limit system access only to authorized users. ReportFlow deals with all cryptographic activities, managing certificates and checking their validity using OpenSSL, an open-source general-purpose cryptography library. Public keys and other information are held in specific folders on the Cloud. ReportFlow encrypts the data through a Triple Data Encryption Symmetric Algorithm (Triple DES or 3DES). Finally, Mehrtak et al. in [64] investigated several manuscripts to highlight the importance of accurately determining security challenges and their proper solutions that are fundamental for both Cloud Computing providers and corporations using Cloud services.

To summarize, the slow adoption of Cloud solutions in healthcare organizations could be related to the types of data produced by healthcare organizations. Healthcare data contain sensitive and confidential information about patients, requiring special handling. Thus, it is mandatory to develop special protocols and methods able to protect healthcare data that will be transferred through unsecured channels, i.e., through the internet network, up to the storage, analysis, retrieving etc.

#### **6. Tips to Effectively Use Cloud Computing in Healthcare**

This section provides some tips to facilitate the choice of the ideal Cloud Computing provider and how an user can deal with Cloud Computing to meet all the law requirements for healthcare corporations. Customers should choose a Cloud service holding stringent HIPAA and HITECH Act security requirements. Meet HIPAA and HITECH Act security requirements allow to limitate the common vulnerabilities that lead to breaches in security, implementing natively security protocols such as data encryption, multi-factor authentication, intrusion detection, and prevention. In this scenario, Cloud services will be more secure against data breaches, tampering, loss, and damage than on-premise data centers. Consumers would put data in the Cloud storage to create a central point of sharing, intending to promote interoperability. Interoperability can be achieved only if the Cloud provider supplies access to all services to constrained authenticated and authorized entities. Restricted data access with authentication and qualification reduces inappropriate and forbidden data changes. In this manner, data remain intact, secure, and adequately protected. Further consideration should regard the data transfer from local to Cloud repositories. Before uploading sensitive data, users must protect data using cryptography approaches like the HL7 standard and a secure channel like the https. In this way, data remain safe and adequately protected even during the transfer. Before uploading, data summarization, aggregation, and harmonization, in conjunction with encryption, promote secure data analysis, even using advanced AI tools. In this manner, it is possible to prevent AI tools from misusing sensitive information that can harm privacy by introducing biases in the outcomes, contributing to increasing AI reliability. Finally, before choosing a Cloud Computing provider, one must identify the geographic position of Cloud facilities since the security principles depend on the laws of the State and the corresponding legal jurisdiction where it will be held. For programmers, Cloud platforms provide a much faster and more secure method of developing and deploying collaborative, customized, and analytical workflows for dealing with heterogeneous data. In addition, Cloud platforms provide all the software tools, libraries, and APIs to design and develop robust services concerning security threats because the Cloud infrastructure has already been certified. Moreover, the Cloud also reduces the costs associated with maintaining existing infrastructure. In this manner, the internal IT resources can be concentrated on specific tasks rather than handling or maintaining data center hardware.
