Management of security across eHealth cloud services is a major organizational challenge that healthcare organizations seek to resolve in order to aid their trusts in cloud and increase the adoption of cloud services in healthcare. The organizational challenges regarding implementations of technical security solutions are the major limiting factors for the adoption of the eHealth cloud. As such, the aim of this research will focus on developing a security maturity model, which will help healthcare organizations to provide a description of the application of their cloud security services, and an assessment and improvement of their cloud security services over time, as well as to guide and educate relevant stakeholders concerning the optimization of their security practices. The identified gaps in the review are in the aspect of adoption – the maturity models are either too complicated to implement, or they require the healthcare organization’s processes to be refined to suit the maturity model’s implementation. The Maturity Model for Healthcare Cloud Security (M2HCS) was developed using the Design Science Research Methodology (DSRM). It was validated using a formulated case study, web-based survey and interviews with practitioners, DSRM framework, and feedback from scientific community. The novel contribution of this research is the proposal of the model. M2HCS is a high level, holistic model that can be used to support and promote healthcare organization’s usable security practices against cyber and cloud security attacks.

Document Type


Publication Date




Creative Commons License

Creative Commons Attribution-NonCommercial 4.0 International License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License