Patient health records(PHRs) are crucial and
sensitive as they contain essential information and are frequently
shared among healthcare entities. This information must remain
correct, up to date, private and accessible only to the authorized
entities. Moreover, access must also be assured during health
emergency crises such as the recent outbreak, which represents
the greatest test of the flexibility and the efficiency of PHR
sharing among healthcare providers, which ended up an
immense interruption to the healthcare industry. Moreover, the
right to privacy is the most fundamental right for a patient.
Hence, the patient health records in the healthcare sector have
faced issues with privacy breaches, insider outside attacks, and
unauthorized access to crucial patients’ records. As a result,
it pushes more patients to demand more control, security,
and a smoother experience when they want to access their
health records. Furthermore, the lack of interoperability among
the healthcare system and providers and the added weight of
cyber-attacks on an already overwhelmed system have called
for an immediate solution. In this work, we developed a secured
blockchain framework that safeguards patients’ full control over
their health data which can be stored in their private IPFS
and later shared with an authorized provider. Furthermore,
the system ensures privacy and security while handling patient
data, which can only be shared with the patients. The
proposed Security and privacy analysis show promising results
in providing time savings, enhanced confidentiality, and less
disruption in patient-provider interactions.
more »
« less
Blockchain Framework for Secured On-Demand Patient Health Records Sharing
The healthcare sector is constantly improving
patient health record systems. However, these systems face a
significant challenge when confronted with patient health record
(PHR) data due to its sensitivity. In addition, patient’s data is
stored and spread generally across various healthcare facilities
and among providers. This arrangement of distributed data
becomes problematic whenever patients want to access their
health records and then share them with their care provider,
which yields a lack of interoperability among various healthcare
systems. Moreover, most patient health record systems adopt a
centralized management structure and deploy PHRs to the cloud,
which raises privacy concerns when sharing patient information
over a network. Therefore, it is vital to design a framework
that considers patient privacy and data security when sharing
sensitive information with healthcare facilities and providers.
This paper proposes a blockchain framework for secured patient
health records sharing that allows patients to have full access and
control over their health records. With this novel approach, our
framework applies the Ethereum blockchain smart contracts,
the Inter-Planetary File System (IPFS) as an off-chain storage
system, and the NuCypher protocol, which functions as key
management and blockchain-based proxy re-encryption to create
a secured on-demand patient health records sharing system
effectively. Results show that the proposed framework is more
secure than other schemes, and the PHRs will not be accessible
to unauthorized providers or users. In addition, all encrypted
data will only be accessible to and readable by verified entities
set by the patient.
more »
« less
- NSF-PAR ID:
- 10303705
- Date Published:
- Journal Name:
- IEEE UEMCON2021
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Covid-19 outbreak represents an exceptional test of the flexibility and the efficiency of patient medical records transfer among healthcare providers which ended up in boundless interruption to the healthcare industry. This public crisis has pushed for an urgent innovation of the patient medical records transference (PMRT) system to meet the needs and provide appropriate patient care. Moreover, the drawback effects of Covid-19 changed the healthcare system forever, more patients are requesting more control, secure, and smoother experience when they want access to their health records. However, the problems stem from the lack of interoperability among the healthcare system and providers and the added burden of cyber-attacks on an already stressed system call for an immediate solution. In this work, we present a secured blockchain framework that ensures patients full ownership over their medical data which can be stored in their private IPFS and later can be shared with an authorized provider. The analysis of the proposed security and privacy aspects shows promising results in providing time savings and resulted in enhanced confidentiality and less disruption in patient-provider interactions.more » « less
-
This article presents a novel hardware-assisted distributed ledger-based solution for simultaneous device and data security in smart healthcare. This article presents a novel architecture that integrates PUF, blockchain, and Tangle for Security-by-Design (SbD) of healthcare cyber–physical systems (H-CPSs). Healthcare systems around the world have undergone massive technological transformation and have seen growing adoption with the advancement of Internet-of-Medical Things (IoMT). The technological transformation of healthcare systems to telemedicine, e-health, connected health, and remote health is being made possible with the sophisticated integration of IoMT with machine learning, big data, artificial intelligence (AI), and other technologies. As healthcare systems are becoming more accessible and advanced, security and privacy have become pivotal for the smooth integration and functioning of various systems in H-CPSs. In this work, we present a novel approach that integrates PUF with IOTA Tangle and blockchain and works by storing the PUF keys of a patient’s Body Area Network (BAN) inside blockchain to access, store, and share globally. Each patient has a network of smart wearables and a gateway to obtain the physiological sensor data securely. To facilitate communication among various stakeholders in healthcare systems, IOTA Tangle’s Masked Authentication Messaging (MAM) communication protocol has been used, which securely enables patients to communicate, share, and store data on Tangle. The MAM channel works in the restricted mode in the proposed architecture, which can be accessed using the patient’s gateway PUF key. Furthermore, the successful verification of PUF enables patients to securely send and share physiological sensor data from various wearable and implantable medical devices embedded with PUF. Finally, healthcare system entities like physicians, hospital admin networks, and remote monitoring systems can securely establish communication with patients using MAM and retrieve the patient’s BAN PUF keys from the blockchain securely. Our experimental analysis shows that the proposed approach successfully integrates three security primitives, PUF, blockchain, and Tangle, providing decentralized access control and security in H-CPS with minimal energy requirements, data storage, and response time.more » « less
-
Patients often have their healthcare data stored in centralized systems, leading to challenges when reconciling or consolidating their data across providers due to centralized databases that store patient identities. The challenges disrupt the flow of patient care where time is sensitive for both patients and providers. Decentralized technologies have enabled a new identity model–Self-Sovereign Identity (SSI)–that grants individuals the right to freely control, access, and share their own data. This work proposes a system that achieves SSI in a semi-permissioned blockchain network using an open protocol as the certificate of authority and several guidelines for securely handling transactions in the network. Open protocols like Keccak can grant access to a permission-based network such as Hyperledger Fabric. The network architecture ensures data security and privacy through mechanisms of multi-signature transactions and guidelines for storing transactions locally, making this architecture ideal for privacy-centered use cases, such as healthcare data-sharing applications. The ultimate goal is to give patients full control over their identity and other data derived from their identity within a semi-permissioned network.more » « less
-
null (Ed.)The increase in cyberattacks against the healthcare system, notably Electronic Health Records (EHRs) breaches, has cost the healthcare providers more in recent years. This situation is predicted to increase in the coming years as the healthcare systems are proposing a consortium EHRs repository. Due to this reason, it is crucial to deploy solutions that can ensure the security of shared health records. More specifically, maintaining the integrity and consistency of shared EHRs becomes pertinent. In this on-going research, we propose a blockchain-based solution that facilitates a scalable and secured inter-healthcare EHRs exchange. These healthcare systems maintain their records on individual private blockchain networks, and the blockchains interact to exchange patient health history based on request. The proposed solution verifies the integrity and consistency of requests and replies from other healthcare systems. It presents them in a standard format that can be easily understood by different healthcare nodes. The verification steps guard against malicious activities on both stored and in transit EHRs from insider and outsider threat actors. We evaluate the security analysis against frequently encounter outsider and insider threats within a healthcare system. The preliminary result shows that the architecture can detect and prevent threat actors from uploading compromising EHRs into the network and prevents unauthorized retrieval of patient's information.more » « less