Dear Hanya Mohammed,

Look the link, please.

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4255288/

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4902857/

Regards, Shafagat

I think you should look at your threat models and what you are trying to protect. If you are trying to keep the patient's record private, you don't necessarily have to encrypt everything - using an anonymization technique like putting in a random token for the patient identifier may be enough to protect the record (given conditions that there is no easy to match the patient with the data).  There are ways to determine risk of reidentification.  Not using encryption or minimalizing it gives the benefit of faster processing and less computing resource use, as well as not having to worry about the problems of implementing ABE and its problems with being able to crisply control who as access to data.  I have put in links to two papers I worked on - one is an overview of anonymization techniques in the cloud and another on use of it, along with encryption, in an internal cloud like environment.

Article Enhancing Cloud Security Using Data Anonymization

Conference Paper Making Big Data, Privacy, and Anonymization Work Together in...