An increasing trend in healthcare organizations to outsource EHRs’ data to the cloud highlights new challenges regarding the privacy of given individuals. Healthcare organizations outsource their EHRs data in a hybrid cloud that elevates the problem of security and privacy in terms of EHRs’ access to an unlimited number of recipients in a hybrid cloud environment. In this paper, we investigated the need for a privacy-preserving access control model for the hybrid cloud. A comprehensive and exploratory analysis of privacy-preserving solutions with the help of taxonomy for cloud-based EHRs is described in this work. We have formally identified the existence of internal access control and external privacy disclosures in outsourcing system architecture for hybrid cloud. Then, we proposed a privacy-preserving XACML based access control model (PPX-AC) that supports fine-grained access control with the multipurpose utilization of EHRs alongside state-of-the-art privacy mechanism. Our proposed approach invalidates the identified security and privacy attacks. We have formally verified the proposed privacy-preserving XACML based access control model (PPX-AC) with the invalidation of identified privacy attacks using High-Level Petri Nets (HLPN). Moreover, property verification of the proposed model in SMT-lib and Z3 solver and implementation of the model proves its effectiveness in terms of privacy-aware EHRs access and multipurpose usage.

医疗保健组织将EHR的数据外包到云中的趋势越来越明显，这凸显了有关给定个人隐私的新挑战。医疗保健组织将其EHR数据外包到混合云中，这就EHR对混合云环境中的无限数量的收件人的访问而言，加剧了安全性和隐私性问题。在本文中，我们研究了对混合云的隐私保护访问控制模型的需求。本文对基于云的电子病历进行了分类学的帮助，对隐私保护解决方案进行了全面的探索性分析。我们已经正式确定了混合云外包系统架构中内部访问控制和外部隐私披露的存在。然后，我们提出了一种基于隐私保护的XACML的访问控制模型（PPX-AC），该模型支持EHR的多用途利用以及最先进的隐私机制来实现细粒度的访问控制。我们提出的方法会使识别出的安全和隐私攻击无效。我们已经使用高级陪替氏网（HLPN）使所识别的隐私攻击无效，从而正式验证了建议的基于隐私保护XACML的访问控制模型（PPX-AC）。此外，在SMT-lib和Z3求解器中对所提出模型的属性验证以及该模型的实现证明了其在感知隐私的EHR访问和多用途方面的有效性。我们提出的方法会使识别出的安全和隐私攻击无效。我们已经使用高级陪替氏网（HLPN）使所识别的隐私攻击无效，从而正式验证了建议的基于隐私保护XACML的访问控制模型（PPX-AC）。此外，在SMT-lib和Z3求解器中对所提出模型的属性验证以及该模型的实现证明了其在感知隐私的EHR访问和多用途方面的有效性。我们提出的方法会使识别出的安全和隐私攻击无效。我们已经使用高级陪替氏网（HLPN）使所识别的隐私攻击无效，从而正式验证了建议的基于隐私保护XACML的访问控制模型（PPX-AC）。此外，在SMT-lib和Z3求解器中对所提出模型的属性验证以及该模型的实现证明了其在感知隐私的EHR访问和多用途方面的有效性。