Recently, in healthcare sector, the data is steadily growing and becomes more vital. Most of this data is embedded in the medical record of the patient. In fact, Patient Health Records (PHRs) refer to those records that the patient can maintain, access and share among different specialists. Storing these PHRs to the cloud allow the patient to maintain and share them with different practitioners anywhere and anytime. However, he still suffers from some security and privacy issues. Hence, it is necessary to guarantee the security and privacy of this immense volume of patient's confidential data on the cloud. Anonymization and encryption are the two methods that can be adopted to ensure the security and privacy of PHRs on cloud. In this paper, a cloud-based framework for securing the storage and the retrieval of unstructured PHRs is proposed. This framework combines different encryption techniques to encrypt the different contents of the PHR, to compress medical images and to control the access to these records. In addition, the encrypted files are partitioned into a random number of files before being sent to the cloud storage server. These files are of variable number and variable size. When a user requests to access a PHR from the cloud, the proposed framework first controls access of this user before merging the partitioned files. The decryption of these files is performed on the client side not on the cloud using the secret key, which is owned by authorized user only. Finally, extensive analytical and experimental results are presented. It shows the security, scalability, and efficiency of the proposed framework. |