Patient health records(PHRs) are crucial and
sensitive as they contain essential information and are frequently
shared among healthcare entities. This information must remain
correct, up to date, private and accessible only to the authorized
entities. Moreover, access must also be assured during health
emergency crises such as the recent outbreak, which represents
the greatest test of the flexibility and the efficiency of PHR
sharing among healthcare providers, which ended up an
immense interruption to the healthcare industry. Moreover, the
right to privacy is the most fundamental right for a patient.
Hence, the patient health records in the healthcare sector have
faced issues with privacy breaches, insider outside attacks, and
unauthorized access to crucial patients’ records. As a result,
it pushes more patients to demand more control, security,
and a smoother experience when they want to access their
health records. Furthermore, the lack of interoperability among
the healthcare system and providers and the added weight of
cyber-attacks on an already overwhelmed system have called
for an immediate solution. In this work, we developed a secured
blockchain framework that safeguards patients’ full control over
their health data which can be stored in their private IPFS
and later shared with an authorized provider. Furthermore,
the system ensures privacy and security while handling patient
data, which can only be shared with the patients. The
proposed Security and privacy analysis show promising results
in providing time savings, enhanced confidentiality, and less
disruption in patient-provider interactions.
more »
« less
Blockchain Framework for Secured On-Demand Patient Health Records Sharing
The healthcare sector is constantly improving
patient health record systems. However, these systems face a
significant challenge when confronted with patient health record
(PHR) data due to its sensitivity. In addition, patient’s data is
stored and spread generally across various healthcare facilities
and among providers. This arrangement of distributed data
becomes problematic whenever patients want to access their
health records and then share them with their care provider,
which yields a lack of interoperability among various healthcare
systems. Moreover, most patient health record systems adopt a
centralized management structure and deploy PHRs to the cloud,
which raises privacy concerns when sharing patient information
over a network. Therefore, it is vital to design a framework
that considers patient privacy and data security when sharing
sensitive information with healthcare facilities and providers.
This paper proposes a blockchain framework for secured patient
health records sharing that allows patients to have full access and
control over their health records. With this novel approach, our
framework applies the Ethereum blockchain smart contracts,
the Inter-Planetary File System (IPFS) as an off-chain storage
system, and the NuCypher protocol, which functions as key
management and blockchain-based proxy re-encryption to create
a secured on-demand patient health records sharing system
effectively. Results show that the proposed framework is more
secure than other schemes, and the PHRs will not be accessible
to unauthorized providers or users. In addition, all encrypted
data will only be accessible to and readable by verified entities
set by the patient.
more »
« less
- PAR ID:
- 10303705
- Date Published:
- Journal Name:
- IEEE UEMCON2021
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Covid-19 outbreak represents an exceptional test of the flexibility and the efficiency of patient medical records transfer among healthcare providers which ended up in boundless interruption to the healthcare industry. This public crisis has pushed for an urgent innovation of the patient medical records transference (PMRT) system to meet the needs and provide appropriate patient care. Moreover, the drawback effects of Covid-19 changed the healthcare system forever, more patients are requesting more control, secure, and smoother experience when they want access to their health records. However, the problems stem from the lack of interoperability among the healthcare system and providers and the added burden of cyber-attacks on an already stressed system call for an immediate solution. In this work, we present a secured blockchain framework that ensures patients full ownership over their medical data which can be stored in their private IPFS and later can be shared with an authorized provider. The analysis of the proposed security and privacy aspects shows promising results in providing time savings and resulted in enhanced confidentiality and less disruption in patient-provider interactions.more » « less
-
Patients often have their healthcare data stored in centralized systems, leading to challenges when reconciling or consolidating their data across providers due to centralized databases that store patient identities. The challenges disrupt the flow of patient care where time is sensitive for both patients and providers. Decentralized technologies have enabled a new identity model–Self-Sovereign Identity (SSI)–that grants individuals the right to freely control, access, and share their own data. This work proposes a system that achieves SSI in a semi-permissioned blockchain network using an open protocol as the certificate of authority and several guidelines for securely handling transactions in the network. Open protocols like Keccak can grant access to a permission-based network such as Hyperledger Fabric. The network architecture ensures data security and privacy through mechanisms of multi-signature transactions and guidelines for storing transactions locally, making this architecture ideal for privacy-centered use cases, such as healthcare data-sharing applications. The ultimate goal is to give patients full control over their identity and other data derived from their identity within a semi-permissioned network.more » « less
-
Electronic Health Records (EHRs) have become increasingly popular in recent years, providing a convenient way to store, manage and share relevant information among healthcare providers. However, as EHRs contain sensitive personal information, ensuring their security and privacy is most important. This paper reviews the key aspects of EHR security and privacy, including authentication, access control, data encryption, auditing, and risk management. Additionally, the paper dis- cusses the legal and ethical issues surrounding EHRs, such as patient consent, data ownership, and breaches of confidentiality. Effective implementation of security and privacy measures in EHR systems requires a multi-disciplinary approach involving healthcare providers, IT specialists, and regulatory bodies. Ultimately, the goal is to come upon a balance between protecting patient privacy and ensuring timely access to critical medical information for feature healthcare delivery.more » « less
-
Irfan Awan ; Muhammad Younas ; Jamal Bentahar ; Salima Benbernou (Ed.)Multi-site clinical trial systems face security challenges when streamlining information sharing while protecting patient privacy. In addition, patient enrollment, transparency, traceability, data integrity, and reporting in clinical trial systems are all critical aspects of maintaining data compliance. A Blockchain-based clinical trial framework has been proposed by lots of researchers and industrial companies recently, but its limitations of lack of data governance, limited confidentiality, and high communication overhead made data-sharing systems insecure and not efficient. We propose 𝖲𝗈𝗍𝖾𝗋𝗂𝖺, a privacy-preserving smart contracts framework, to manage, share and analyze clinical trial data on fabric private chaincode (FPC). Compared to public Blockchain, fabric has fewer participants with an efficient consensus protocol. 𝖲𝗈𝗍𝖾𝗋𝗂𝖺 consists of several modules: patient consent and clinical trial approval management chaincode, secure execution for confidential data sharing, API Gateway, and decentralized data governance with adaptive threshold signature (ATS). We implemented two versions of 𝖲𝗈𝗍𝖾𝗋𝗂𝖺 with non-SGX deploys on AWS blockchain and SGX-based on a local data center. We evaluated the response time for all of the access endpoints on AWS Managed Blockchain, and demonstrated the utilization of SGX-based smart contracts for data sharing and analysis.more » « less