skip to main content

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, December 13 until 2:00 AM ET on Saturday, December 14 due to maintenance. We apologize for the inconvenience.


Title: Blockchain Framework for Secured On-Demand Patient Health Records Sharing
The healthcare sector is constantly improving patient health record systems. However, these systems face a significant challenge when confronted with patient health record (PHR) data due to its sensitivity. In addition, patient’s data is stored and spread generally across various healthcare facilities and among providers. This arrangement of distributed data becomes problematic whenever patients want to access their health records and then share them with their care provider, which yields a lack of interoperability among various healthcare systems. Moreover, most patient health record systems adopt a centralized management structure and deploy PHRs to the cloud, which raises privacy concerns when sharing patient information over a network. Therefore, it is vital to design a framework that considers patient privacy and data security when sharing sensitive information with healthcare facilities and providers. This paper proposes a blockchain framework for secured patient health records sharing that allows patients to have full access and control over their health records. With this novel approach, our framework applies the Ethereum blockchain smart contracts, the Inter-Planetary File System (IPFS) as an off-chain storage system, and the NuCypher protocol, which functions as key management and blockchain-based proxy re-encryption to create a secured on-demand patient health records sharing system effectively. Results show that the proposed framework is more secure than other schemes, and the PHRs will not be accessible to unauthorized providers or users. In addition, all encrypted data will only be accessible to and readable by verified entities set by the patient.  more » « less
Award ID(s):
2029295 1818884
PAR ID:
10303705
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
IEEE UEMCON2021
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Patient health records(PHRs) are crucial and sensitive as they contain essential information and are frequently shared among healthcare entities. This information must remain correct, up to date, private and accessible only to the authorized entities. Moreover, access must also be assured during health emergency crises such as the recent outbreak, which represents the greatest test of the flexibility and the efficiency of PHR sharing among healthcare providers, which ended up an immense interruption to the healthcare industry. Moreover, the right to privacy is the most fundamental right for a patient. Hence, the patient health records in the healthcare sector have faced issues with privacy breaches, insider outside attacks, and unauthorized access to crucial patients’ records. As a result, it pushes more patients to demand more control, security, and a smoother experience when they want to access their health records. Furthermore, the lack of interoperability among the healthcare system and providers and the added weight of cyber-attacks on an already overwhelmed system have called for an immediate solution. In this work, we developed a secured blockchain framework that safeguards patients’ full control over their health data which can be stored in their private IPFS and later shared with an authorized provider. Furthermore, the system ensures privacy and security while handling patient data, which can only be shared with the patients. The proposed Security and privacy analysis show promising results in providing time savings, enhanced confidentiality, and less disruption in patient-provider interactions. 
    more » « less
  2. Covid-19 outbreak represents an exceptional test of the flexibility and the efficiency of patient medical records transfer among healthcare providers which ended up in boundless interruption to the healthcare industry. This public crisis has pushed for an urgent innovation of the patient medical records transference (PMRT) system to meet the needs and provide appropriate patient care. Moreover, the drawback effects of Covid-19 changed the healthcare system forever, more patients are requesting more control, secure, and smoother experience when they want access to their health records. However, the problems stem from the lack of interoperability among the healthcare system and providers and the added burden of cyber-attacks on an already stressed system call for an immediate solution. In this work, we present a secured blockchain framework that ensures patients full ownership over their medical data which can be stored in their private IPFS and later can be shared with an authorized provider. The analysis of the proposed security and privacy aspects shows promising results in providing time savings and resulted in enhanced confidentiality and less disruption in patient-provider interactions. 
    more » « less
  3. Patients often have their healthcare data stored in centralized systems, leading to challenges when reconciling or consolidating their data across providers due to centralized databases that store patient identities. The challenges disrupt the flow of patient care where time is sensitive for both patients and providers. Decentralized technologies have enabled a new identity model–Self-Sovereign Identity (SSI)–that grants individuals the right to freely control, access, and share their own data. This work proposes a system that achieves SSI in a semi-permissioned blockchain network using an open protocol as the certificate of authority and several guidelines for securely handling transactions in the network. Open protocols like Keccak can grant access to a permission-based network such as Hyperledger Fabric. The network architecture ensures data security and privacy through mechanisms of multi-signature transactions and guidelines for storing transactions locally, making this architecture ideal for privacy-centered use cases, such as healthcare data-sharing applications. The ultimate goal is to give patients full control over their identity and other data derived from their identity within a semi-permissioned network. 
    more » « less
  4. Electronic Health Records (EHRs) have become increasingly popular in recent years, providing a convenient way to store, manage and share relevant information among healthcare providers. However, as EHRs contain sensitive personal information, ensuring their security and privacy is most important. This paper reviews the key aspects of EHR security and privacy, including authentication, access control, data encryption, auditing, and risk management. Additionally, the paper dis- cusses the legal and ethical issues surrounding EHRs, such as patient consent, data ownership, and breaches of confidentiality. Effective implementation of security and privacy measures in EHR systems requires a multi-disciplinary approach involving healthcare providers, IT specialists, and regulatory bodies. Ultimately, the goal is to come upon a balance between protecting patient privacy and ensuring timely access to critical medical information for feature healthcare delivery. 
    more » « less
  5. Irfan Awan ; Muhammad Younas ; Jamal Bentahar ; Salima Benbernou (Ed.)
    Multi-site clinical trial systems face security challenges when streamlining information sharing while protecting patient privacy. In addition, patient enrollment, transparency, traceability, data integrity, and reporting in clinical trial systems are all critical aspects of maintaining data compliance. A Blockchain-based clinical trial framework has been proposed by lots of researchers and industrial companies recently, but its limitations of lack of data governance, limited confidentiality, and high communication overhead made data-sharing systems insecure and not efficient. We propose 𝖲𝗈𝗍𝖾𝗋𝗂𝖺, a privacy-preserving smart contracts framework, to manage, share and analyze clinical trial data on fabric private chaincode (FPC). Compared to public Blockchain, fabric has fewer participants with an efficient consensus protocol. 𝖲𝗈𝗍𝖾𝗋𝗂𝖺 consists of several modules: patient consent and clinical trial approval management chaincode, secure execution for confidential data sharing, API Gateway, and decentralized data governance with adaptive threshold signature (ATS). We implemented two versions of 𝖲𝗈𝗍𝖾𝗋𝗂𝖺 with non-SGX deploys on AWS blockchain and SGX-based on a local data center. We evaluated the response time for all of the access endpoints on AWS Managed Blockchain, and demonstrated the utilization of SGX-based smart contracts for data sharing and analysis. 
    more » « less