Towards Cloud-Based Electronic Health Records in Healthcare Systems: Security, Scalability, and Migration Strategies: A Systematic Literature Review

Authors

  • Musawenkosi Moyo Zimbabwe
  • Belinda Ndlovu Zimbabwe
Pages Icon

DOI:

https://doi.org/10.63158/journalisi.v8i1.1431

Keywords:

cloud-based EHR, migration readiness, healthcare cybersecurity, scalability, systematic literature review

Abstract

Cloud-based Electronic Health Records (EHRs) are being adopted rapidly worldwide, but implementation still encounters recurring obstacles in security assurance, elastic scalability, and migration readiness. Prior reviews often treat these issues separately, leaving limited practical guidance for organizations planning end-to-end deployment. This study synthesizes recent evidence on cloud EHR adoption by examining how security controls, scalability claims, and migration strategies interact in real implementation contexts. A systematic literature review following PRISMA guidelines was conducted across ACM Digital Library, PubMed, IEEE Xplore, and ScienceDirect, covering peer-reviewed studies published from 2021 to 2025. Results show that the literature is technically mature in proposing encryption, access control, auditing, and performance optimization, and frequently reports scalability advantages. In contrast, evidence on complete migration pathways—data mapping, interoperability, validation, cutover planning, and post-migration assurance—remains sparse, with many studies relying on simulations rather than longitudinal deployments. The review also identifies geographic concentration in high-income settings, limiting generalizability to resource-constrained health systems. By integrating security, scalability, and migration readiness within a socio-technical, implementation-oriented perspective, this review provides actionable directions for secure and scalable cloud EHR transitions.

Downloads

Download data is not yet available.

References

[1] C. S. Kruse, M. Mileski, A. Ganta, S. V. Viswanathan, U. Suskandla, and Y. Chidambaram, “Impact of Electronic Health Records on Long-Term Care Facilities : Systematic Review Corresponding Author :,” vol. 5, pp. 1–9, doi: 10.2196/medinform.7958.

[2] J. L. Fernández-Alemán, I. C. Señor, P. ángel O. Lozoya, and A. Toval, “Security and privacy in electronic health records: A systematic literature review,” J. Biomed. Inform., vol. 46, no. 3, pp. 541–562, 2013, doi: 10.1016/j.jbi.2012.12.003.

[3] E. Mehraeen, M. Ghazisaeedi, J. Farzi, and S. Mirshekari, “Security Challenges in Healthcare Cloud Computing: A Systematic Review,” Glob. J. Health Sci., vol. 9, no. 3, p. 157, 2016, doi: 10.5539/gjhs.v9n3p157.

[4] R. Nowrozy, K. Ahmed, A. S. M. Kayes, H. Wang, and T. R. McIntosh, “Privacy Preservation of Electronic Health Records in the Modern Era: A Systematic Survey,” ACM Comput. Surv., vol. 56, no. 8, Aug. 2024, doi: 10.1145/3653297;WGROUP:STRING:ACM.

[5] R. Sibanda, B. Ndlovu, S. Dube, and K. Maguraushe, “Towards Health 4 . 0 : Blockchain-Based Electronic Health Record for Care Coordination,” pp. 712–720, 2024, doi: 10.34190/ecie.19.1.2606.

[6] Y. Hu and G. Bai, “A Systematic Literature Review of Cloud Computing in Ehealth,” Heal. Informatics - An Int. J., vol. 3, no. 4, pp. 11–20, 2014, doi: 10.5121/hiij.2014.3402.

[7] A. Tahir et al., “A Systematic Review on Cloud Storage Mechanisms Concerning e-Healthcare Systems,” Sensors (Basel)., vol. 20, no. 18, pp. 1–32, Sep. 2020, doi: 10.3390/S20185392.

[8] B. Alouffi, M. Hasnain, A. Alharbi, W. Alosaimi, H. Alyami, and M. Ayaz, “A Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies,” IEEE Access, vol. 9, pp. 57792–57807, 2021, doi: 10.1109/ACCESS.2021.3073203.

[9] S. Drissi, M. Chergui, and Z. Khatar, “A Systematic Literature Review on Risk Assessment in Cloud Computing : Recent Research Advancements,” no. April, pp. 76289–76307, 2025.

[10] C. Butpheng and K. Yeh, “SS symmetry Security and Privacy in IoT-Cloud-Based e-Health Systems — A Comprehensive Review,” pp. 1–35, 2020.

[11] P. Shojaei, E. Vlahu-Gjorgievska, and Y. W. Chow, “Security and Privacy of Technologies in Health Information Systems: A Systematic Literature Review,” Computers, vol. 13, no. 2, 2024, doi: 10.3390/computers13020041.

[12] A. Alzu’Bi, A. Alomar, S. Alkhaza’Leh, A. Abuarqoub, and M. Hammoudeh, “A Review of Privacy and Security of Edge Computing in Smart Healthcare Systems: Issues, Challenges, and Research Directions,” Tsinghua Sci. Technol., vol. 29, no. 4, pp. 1152–1180, 2024, doi: 10.26599/TST.2023.9010080.

[13] N. Ettaloui, S. Arezki, and T. Gadi, “Blockchain-Based Electronic Health Record: Systematic Literature Review,” Hum. Behav. Emerg. Technol., vol. 2024, no. 1, 2024, doi: 10.1155/hbe2/4734288.

[14] A. L. A. Fonsêca et al., “Blockchain in Health Information Systems: A Systematic Review,” Int. J. Environ. Res. Public Health, vol. 21, no. 11, pp. 1–18, 2024, doi: 10.3390/ijerph21111512.

[15] V. A. Muderere, B. Ndlovu, and K. Maguraushe, “Framework for Enhancing Interoperability, Data Exchange, and Security in Healthcare through Blockchain Technology,” Indones. J. Comput. Sci., vol. 14, no. 4, 2025, doi: 10.33022/ijcs.v14i4.4950.

[16] Maniah, B. Soewito, F. Lumban Gaol, and E. Abdurachman, “A systematic literature Review: Risk analysis in cloud migration,” J. King Saud Univ. - Comput. Inf. Sci., vol. 34, no. 6, pp. 3111–3120, 2022, doi: 10.1016/j.jksuci.2021.01.008.

[17] L. Caci et al., “Organizational readiness for change: A systematic review of the healthcare literature,” Implement. Res. Pract., vol. 6, p. 26334895251334536, Jan. 2025, doi: 10.1177/26334895251334536.

[18] D. and L. Moher Alessandro and Tetzlaff, Jennifer and Altman, Douglas G., “Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement,” PLoS Med., vol. 6, no. 7, p. e1000097, 2009.

[19] A. Alzahrani, “Developing a Provable Secure and Cloud-Centric Authentication Protocol for the e-Healthcare System,” IEEE Access, vol. 12, no. November, pp. 183665–183687, 2024, doi: 10.1109/ACCESS.2024.3500216.

[20] M. Shabbir et al., “Enhancing Security of Health Information Using Modular Encryption Standard in Mobile Cloud Computing,” IEEE Access, vol. 9, pp. 8820–8834, 2021, doi: 10.1109/ACCESS.2021.3049564.

[21] S. Fugkeaw, R. Prasad Gupta, and K. Worapaluk, “Secure and Fine-Grained Access Control With Optimized Revocation for Outsourced IoT EHRs With Adaptive Load-Sharing in Fog-Assisted Cloud Environment,” IEEE Access, vol. 12, no. May, pp. 82753–82768, 2024, doi: 10.1109/ACCESS.2024.3412754.

[22] Y. Zhang, X. A. Wang, W. Jiang, M. Zhou, X. Xu, and H. Liu, “An Efficient and Secure Data Audit Scheme for Cloud-Based EHRs with Recoverable and Batch Auditing,” Comput. Mater. Contin., vol. 83, no. 1, pp. 1533–1553, 2025, doi: 10.32604/cmc.2025.062910.

[23] A. Delham Algarni, F. Algarni, S. Ullah Jan, and N. Innab, “LSP-eHS: A Lightweight and Secure Protocol for e-Healthcare System,” IEEE Access, vol. 12, no. November, pp. 156849–156866, 2024, doi: 10.1109/ACCESS.2024.3477922.

[24] U. Nauman, Y. Zhang, Z. Li, and T. Zhen, “Securing Mobile Cloud-Based Electronic Health Records: A Blockchain-Powered Cryptographic Solution with Enhanced Privacy and Efficiency,” J. Intell. Med. Healthc., vol. 2, no. 1, pp. 15–34, 2024, doi: 10.32604/jimh.2024.048784.

[25] I. Khan, A. Ghani, S. M. Saqlain, M. U. Ashraf, A. Alzahrani, and D. H. Kim, “Secure Medical Data Against Unauthorized Access Using Decoy Technology in Distributed Edge Computing Networks,” IEEE Access, vol. 11, no. November, pp. 144560–144573, 2023, doi: 10.1109/ACCESS.2023.3344168.

[26] J. Zaki, S. M. R. Islam, N. S. Alghamdi, M. Abdullah-Al-Wadud, and K. S. Kwak, “Introducing Cloud-Assisted Micro-Service-Based Software Development Framework for Healthcare Systems,” IEEE Access, vol. 10, pp. 33332–33348, 2022, doi: 10.1109/ACCESS.2022.3161455.

[27] D. C. Nguyen, P. N. Pathirana, M. Ding, and A. Seneviratne, “Blockchain for Secure EHRs Sharing of Mobile Cloud Based E-Health Systems,” IEEE Access, vol. 7, pp. 66792–66806, 2019, doi: 10.1109/ACCESS.2019.2917555.

[28] K. Zala, H. K. Thakkar, R. Jadeja, P. Singh, K. Kotecha, and M. Shukla, “PRMS: Design and Development of Patients’ E-Healthcare Records Management System for Privacy Preservation in Third Party Cloud Platforms,” IEEE Access, vol. 10, no. August, pp. 85777–85791, 2022, doi: 10.1109/ACCESS.2022.3198094.

[29] R. Walid, K. P. Joshi, and S. G. Choi, “Leveraging semantic context to establish access controls for secure cloud-based electronic health records,” Int. J. Inf. Manag. Data Insights, vol. 4, no. 1, p. 100211, 2024, doi: 10.1016/j.jjimei.2023.100211.

[30] S. K. B. Sangeetha, C. Selvarathi, S. K. Mathivanan, J. Cho, and S. V. Easwaramoorthy, “Secure Healthcare Access Control System (SHACS) for Anomaly Detection and Enhanced Security in Cloud-Based Healthcare Applications,” IEEE Access, vol. 12, no. November, pp. 164543–164559, 2024, doi: 10.1109/ACCESS.2024.3492024.

[31] N. Subhalakshmi and M. V Srinath, “e-Healthsec: A Cloud-Based Privacy-Preserving Electronic Health History Framework using NLP with Multi-Layer Encryption,” Indian J. Sci. Technol., vol. 18, no. 6, pp. 415–429, 2025, doi: 10.17485/ijst/v18i6.51.

[32] K. Cresswell, A. Domínguez Hernández, R. Williams, and A. Sheikh, “Key Challenges and Opportunities for Cloud Technology in Health Care: Semistructured Interview Study.,” JMIR Hum. factors, vol. 9, no. 1, p. e31246, Jan. 2022, doi: 10.2196/31246.

[33] A. Oliver, A. A. Tariq, J. Riley, and H. Salmasian, “Optimizing the migration of a data warehouse to the cloud using network analysis,” AMIA ... Annu. Symp. proceedings. AMIA Symp., vol. 2024, no. Figure 1, pp. 894–899, 2024.

[34] K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee, “A design science research methodology for information systems research,” J. Manag. Inf. Syst., vol. 24, no. 3, pp. 45–77, 2007, doi: 10.2753/MIS0742-1222240302.

[35] J. Kizza and F. Migga Kizza, “Intrusion Detection and Prevention Systems,” Secur. Inf. Infrastruct., pp. 239–258, 2011, doi: 10.4018/978-1-59904-379-1.ch012.

[36] P. Mell and T. Grance, “The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology,” doi: 10.6028/NIST.SP.800-145.

[37] T. Greenhalgh et al., “Beyond Adoption : A New Framework for Theorizing and Evaluating Nonadoption , Abandonment , and Challenges to the Scale-Up , Spread , and Sustainability of Health and Care Technologies Corresponding Author :,” vol. 19, doi: 10.2196/jmir.8775.

[38] M. Mrabet and M. Sliti, “Toward Secure , Trustworthy , and Sustainable Edge Computing for Smart Cities : Innovative Strategies and Future Prospects,” IEEE Access, vol. 13, no. August, pp. 174236–174253, 2025, doi: 10.1109/ACCESS.2025.3602390.

[39] V. C. Hu et al., “Guide to attribute based access control (abac) definition and considerations,” NIST Spec. Publ., vol. 800, p. 162, 2014.

[40] A. Khajeh-Hosseini, I. Sommerville, J. Bogaerts, and P. Teregowda, “Decision support tools for cloud migration in the enterprise,” Proc. - 2011 IEEE 4th Int. Conf. Cloud Comput. CLOUD 2011, pp. 541–548, 2011, doi: 10.1109/CLOUD.2011.59.

[41] B. H. Banimfreg, “Healthcare Analytics A comprehensive review and conceptual framework for cloud computing adoption in bioinformatics,” Healthc. Anal., vol. 3, no. December 2021, p. 100190, 2023, doi: 10.1016/j.health.2023.100190.

[42] H. Sulaiman, A. Magaireh, and R. Ramli, “Adoption of Cloud-based E-Health Record through the Technology , Organization and Environment Perspective,” vol. 7, pp. 609–616, 2018.

[43] D. Osamika, B. S. Adelusi, M. T. C. Kelvin-agwu, A. Y. Mustapha, A. Y. Forkuo, and N. Ikhalea, “A Systematic Review of Security , Privacy , and Compliance Challenges in Electronic Health Records : Current Practices and Future Directions,” vol. 203, no. February, pp. 1–39, 2025.

[44] U. Nicole, S. Sharief, N. Grace, E. Zepka, M. Mamauag, and L. Clark, “Informatics in Medicine Unlocked Access control solutions in electronic health record systems : A systematic review,” Informatics Med. Unlocked, vol. 49, no. July, p. 101552, 2024, doi: 10.1016/j.imu.2024.101552.

[45] V. A. Muderere, B. Ndlovu, and K. Maguraushe, “Blockchain Adoption in Healthcare : Enhancing Interoperability , Security and Data Exchange,” J. Inf. Syst. Informatics, vol. 7, no. 3, pp. 2939–2977, 2025, doi: 10.51519/journalisi.v7i3.1267.

[46] S. Setiatin, E. A. Jakaria, and N. R. Pratami, “Analysis of Patient Data Security and Privacy in Electronic Medical Record Systems in Hospital X,” vol. 3, no. 3, pp. 493–503, 2025.

[47] K. Kent and M. Souppaya, “Guide to Computer Security Log Management,” Nist Spec. Publ., 2006.

[48] P. A. Grassi, M. E. Garcia, and J. L. Fenton, NIST Special Publication 800-63 - Digital Identity Guidelines, vol. 800, no. 63. 2017.

[49] E. Barker, “NIST SP800-57 pt.1 Recommendation for Key Management: Part 1 – General,” NIST Spec. Publ. 800-57, pp. 1–142, 2020.

[50] Karen Scarfone, Murugiah Souppaya, Sanjay Rekhi, and Alex Nelson, NIST SP 800-61r3 - Incident Response Recommendations and Considerations for Cybersecurity Risk Management. 2025.

[51] A. Kerman, O. Borchert, S. Rose, E. Division, and A. Tan, “Implementing a Zero Trust Architecture,” NIST Comput. Secur. Resour. Cent., no. July, pp. 17–17, 2020.

[52] M. Armbrust et al., “A view of cloud computing,” Commun. ACM, vol. 53, no. 4, pp. 50–58, 2010, doi: 10.1145/1721654.1721672.

[53] M. Swanson, P. Bowen, A. W. Phillips, D. Gallup, and D. Lynes, “Contingency Planning Guide for Federal Information Systems.,” NIST Spec. Publ. 800-34 Rev. 1, no. May, p. 150, 2010.

[54] L. Badger, R. Patt-corner, and J. Voas, “Cloud Computing Synopsis and Recommendations Recommendations of the National Institute of Standards and Technology,” Nist Spec. Publ., vol. 800, no. 146, p. 81, 2012.

[55] N. R. Pradhan et al., “A Novel Blockchain-Based Healthcare System Design and Performance Benchmarking on a Multi-Hosted Testbed,” pp. 1–20, 2022.

[56] C. Zharima, F. Grif, and J. Goudge, “qualitative study from South Africa,” no. August, 2023, doi: 10.3389/fdgth.2023.1207602.

[57] A. Manuscript, “NIH Public Access,” vol. 19, no. Suppl 3, pp. 1–14, 2011, doi: 10.1136/qshc.2010.042085.A.

[58] D. B. Wesley et al., “A socio-technical systems approach to the use of health IT for patient reported outcomes : Patient and healthcare provider perspectives ☆,” J. Biomed. Inform., vol. 100, no. September, p. 100048, 2019, doi: 10.1016/j.yjbinx.2019.100048.

[59] A. Boonstra and M. Broekhuis, “Barriers to the acceptance of electronic medical records by physicians from systematic review to taxonomy and interventions,” 2010.

[60] A. J. Anzalone, C. R. Geary, R. Dai, S. Watanabe-Galloway, J. C. McClay, and J. R. Campbell, “Lower electronic health record adoption and interoperability in rural versus urban physician participants: a cross-sectional analysis from the CMS quality payment program,” BMC Health Serv. Res., vol. 25, no. 1, 2025, doi: 10.1186/s12913-024-12168-5.

[61] E. Li et al., “Physician experiences of electronic health record interoperability and its practical impact on care delivery in the English NHS: a cross-sectional survey study,” BMJ Open, vol. 15, no. 6, p. e096669, Jun. 2025, doi: 10.1136/BMJOPEN-2024-096669.

Downloads

Published

2026-03-01

Issue

Vol. 8 No. 1 (2026): February

Section

Articles

License

Copyright (c) 2026 Journal of Information Systems and Informatics

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors Declaration

  1. The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
  2. The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
  3. The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
  4. The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
  6. The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
  7. If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
  8. The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights

How to Cite

[1]
M. Moyo and B. Ndlovu, “Towards Cloud-Based Electronic Health Records in Healthcare Systems: Security, Scalability, and Migration Strategies: A Systematic Literature Review”, journalisi, vol. 8, no. 1, pp. 739–780, Mar. 2026, doi: 10.63158/journalisi.v8i1.1431.

Most read articles by the same author(s)