Professional Documents
Culture Documents
com
ScienceDirect
Available online at www.sciencedirect.com
Procedia Computer Science 00 (2019) 000–000
www.elsevier.com/locate/procedia
ScienceDirect
Procedia Computer Science 173 (2020) 171–180
Abstract
Electronic health records (EHRs) are health information of patients that are saved digitally in a network. Various
opportunities to enhance patient care, performance measures in clinical practice and contribute to clinical research in
the future are provided by EHRs. The schemes used to store EHRs have been very insecure in the present era of smart
cities and homes. The data can be easily breached by hackers and unauthorized external parties. Also, the data is not
accessible to patients and care providers. These schemes are unable to create a balance between data security and data
accessibility. But blockchain can resolve these issues. Blockchain creates a ledger system that is immutable and allows
the transactions to take place in a decentralized manner. The three main features of blockchain technology - Security,
Decentralization, and Transparency make any application built using it secure and not accessible by unauthorized
parties. The manipulation of data is almost impossible to do in a blockchain network.
In this project, we propose a system to implement EHRs using blockchain technology and make EHRs more secure and private.
The blockchain technology will keep control over access to information using its cryptographic techniques and decentralization. It
will also maintain the balance between data privacy and data accessibility. Our main objective of this project is the framing of data
privacy and security issues in electronic healthcare
© 2020 Yogesh Sharma, B. Balamurugan. Published by Elsevier B.V.
© 2020
This The
is an Authors.
open accessPublished by Elsevier
article under B.V.
the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the scientific committee of the International Conference on Smart Sustainable Intelligent
Peer-review under responsibility of the scientific committee of the International.
Computing and Applications under ICITETM2020
Keywords Electronic Health Records (EHRs); privacy; security; Blockchain; Cryptography; Decentralization.
1. Introduction
The advancement in technology in the past few decades has affected several parts of human life. It benefitted us in
many sectors of living especially healthcare. There has been significant progress in the healthcare industry in recent
years. We can now store our medical records electronically. Clinicians could perform better diagnoses of patients, the
communication between doctors and patients became easy and doctors became instantly available to the patients
during the time of emergency [1]. Through the electronic records, the patients could contact their doctors even from
remote places. But along with the pros of modern technology, the drawbacks of this advancement also existed. The
increased progress in information technology helped hackers by providing them better hacking tools for accessing the
records
and altering them. Thus, increasing the threat to the security of medical records and privacy of patients these days. In
this paper, we propose a system to secure these medical records (EHRs) and protect the privacy of the patient from
such threats.
Figure 1 A sample view of an electronic health record (source: An electronic medical record example. 2014)[21]
1.2 Blockchain
It is a distributed ledger system that can record transactions between two parties efficiently.[7] Each transaction is
stored on a record, then these records, called blocks, are connected through cryptography to form a list or a
blockchain.[8] It is a decentralized transaction which can also help in managing the data. Each block in a blockchain
network contains transaction data, cryptographic hash, the hash of the prior block and a timestamp. The design of the
blockchain is such that it makes the blockchain resistant to modification.[9] Blockchain is used for conducting secure
transactions over the network. The interest in blockchain technology and where it can be applied has been growing
since the idea of the technology came into existence in 2008. The reason behind the growing interest in Blockchain
technology is its free from centralized authority that provide security, transparency and data integrity without any
interference from the third-party organization governing the transactions, and therefore it creates motivating
opportunities for conducting research in various areas.[10]
Because of the use of a decentralized, distributed ledger system in the blockchain which can store the transactions
across many computers therefore any data cannot be modified afterward, without the modification of all succeeding
blocks. This permits the members of the blockchain to authenticate the transactions independently and fairly
economical. A blockchain database is accomplished independently using a peer-to-peer network . They are
authenticated by consensus of the majority of the network. Such a design of the blockchain could enables strong
workflow. The use of a blockchain also eliminates the problem of double-spending.
Blockchain technology can be combined into multiple areas. The primary use of blockchains earlier was a distributed
ledger for cryptocurrencies but now the technology has moved many folds and moved into many other sectors.[11]
Most cryptocurrencies primarily uses blockchain technology to record transactions, most notably bitcoin. Also,
blockchain-based smart contracts can be built which can be partially or fully executed or enforced without human
interaction. Smart contracts [12] for a particular network are created by the developers who developed that blockchain
network. These are the programs that are automatically executed when prearranged terms and conditions are met
together. They are useful in business collaborations, where they are used to impose some type of contract between the
participants so that participants in the network are confident of the outcome without the participation of any
intermediary. Also, blockchain is being used in the financial industry where distributed ledgers are used in banking.
Supply chain materials and supply chain management also uses the blockchain technology.[13]
Blockchain technology is features characteristics like security, decentralization, and transparency. This is what makes
it an innovative technology to execute transaction processes safely and easily.
Consensus Algorithm
Each block that is added in the blockchain goes through a process of getting agreement from all other nodes already
registered on the network that the node being added is an authorized node. This process is accomplished using a
consensus algorithm.[14] They help in achieving trust between the participants and reliability in the network.
Commonly used consensus algorithms are PoW,[15] PBFT, PoS
blockchain is connected to a block before and after it. This makes it hard for a hacker to alter with any record as the
hacker would also need to change the records or blocks linked to the record that he desires to manipulate or access,
which is practically impossible to do in a huge network where there are a large number of blocks in a blockchain.
Any blockchain starts with the genesis block which acts as the foundation on which other blocks are sequentially
added. Each block on a blockchain comprises of the hash of the prior block, timestamp, nonce and transaction data.
These are used to generate the hash for that particular block using cryptographic algorithms. Hashes are unique
identifiers of the block in the blockchain. These Hash pointers are also responsible for linking each block to its
predecessor, by holding a hash of the preceding block. Because each block in the blockchain is connected to the
previous block, the blockchain becomes immutable.
The blocks on a blockchain are secured using cryptography. Participants in the network have their own private keys
that are assigned to the transactions they make. These private keys act as a personal digital signature. The creator of
the block or the one who executes the transaction enters their private key against the transaction, this encrypts the data
of the transaction. The other person getting affected by the transaction or the person who wants to access the data of
the transaction can decrypt it using the public key of the sender. If there is any alteration in the record, the signature
will become illegal and the peer network will get to know that some manipulation has occurred. Getting notified earlier
is crucial to prevent further damage thus making the system considerably secure. The system becomes fairer than
traditional ones as there is no single authority in the blockchain network. Blockchain becomes more efficient and
secure with the concept of decentralization.
Decentralization in blockchain
Blockchains are decentralized network, which means that single person or group cannot holds the authority of the
whole network. There is no centralized system to control the administration of the blockchain network.[18] Each node
in the network has a duplicate copy of ledger with them but no single node has the power to make modifications in
the ledger on their own. To execute any transaction and make any changes in the records there is a need for consensus
from all other nodes on the network. This feature allows having more secure networks.
Blockchain uses a peer-to-peer model [18] (represented in Fig 3) to enable interaction between two parties in the
network without the involvement of the third party or a middle man. It uses a P2P protocol that means the participants
of the network have identical copy of transactions, that enables the sanction through a consensus mechanism. No
interruptions or extra charges are deducted in the process. There is a need for agreement from all the registered nodes
in the network to conduct any activity in the network. In a centralized network if the central ledger or database gets
attacked by hackers the overall system gets corrupted. But a decentralized network resolves such an issue as there is
no single point of storage, therefore no vulnerability to attack by unauthorized users.
Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180 175
Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000 5
Transparency in blockchain
Although the individual information on the blockchain is kept private for a user, the technology itself is almost an
open source technology, which allows the users on the blockchain network to alter the code as they wanted to, until
they have a consensus of the majority of the participants in the network. Since hundreds and thousands of users are
connected on the blockchain network hence it is unlikely that anyone could make modifications without being noticed.
updates in the records if the patient is diagnosed with some new disease, modifications in medications, test results,
etc.
The transactions are actions performed mostly on the asset in the network like adding a participant in the network,
creating a medical record, retrieving specific information from the network, updates in the participant’s information,
giving access to clinician or lab and revoking access from them. For the execution of some of these transactions, there
is a need to have a relationship between the two participating nodes. For example, to give access to a patient’s medical
information to a clinician the patent’s ID must be in the list of that clinician’s patients. In simple words, the person
whose medical records are to be accessed must be a patient of the clinician who wants to get access to the medical
record of that patient. The permission rules are also defined in this system. These rules control which participant is
granted what kind of access and to what resources. This helps in restricting access to all the resources of the system.
Only authorized users get to manipulate or read specific records only.
Following transactions are executed in the system -
1. CreateMedicalRecord - This transaction would create records in the network. It contains fields like recordID, owner,
a list of authorized patients and labs. It contains fields that store medical information of the patients like medical
history, last consultation with which doctor, the date of consultation, allergies, any harmful habits, etc. The ID
generated for the record is unique to the record and is used to identify that specific record in the collection.
2. GrantAccess - To manipulate the records the clinician/doctor would need to have access to the record, only the
authorized doctor would have the right to access and read or write the medical record. This access is granted using
this transaction.
3. GrantAccessToLab - The labs also need to have access to that certain record if they want to manipulate it.
4. RevokeAccess - Once the need to access a certain record is fulfilled, the access to that record from the clinician.
The clinician no longer remains authorized to read or alter that record.
5. RevokeAccessFromLab - Similarly the access from the labs is also revoked once the work is finished.
6. AddParticipant - Whenever a new node will be added to the system this transaction will get executed.
7. UpdateParticipant - It occurs when a modification is made in the data inside the participant’s node.
8. UpdateAsset - It occurs when we alter the details of the medical records.
3. System Implementation
To implement this system, we used a blockchain-based framework Hyperledger Fabric and Composer tool to
implement the project.
8. Specification of various permissions granted to the user: Here we specify what system resources (medical records)
can be accessed by which participants. Only the participant with certain permission (like Read-only, Write, All,
Transfer, etc) is allowed to access certain medical records data only.
9. Execution of transactions: Various transactions are executed according to the need of the user and records can also
be retrieved from the stored collection, if needed. After the execution, an updated medical record is generated.
178 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180
8 Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000
References
[1] R. Klitzman, "“Patient-time”, “doctor-time”, and “institution-time”: Perceptions and definitions of time among
doctors who become patients", Patient Education and Counseling, vol. 66, no. 2, pp. 147-155, 2007. Available:
10.1016/j.pec.2006.10.005.
[2] T. Gunter and N. Terry, "The Emergence of National Electronic Health Record Architectures in the United States
and Australia: Models, Costs, and Questions", Journal of Medical Internet Research, vol. 7, no. 1, p. e3, 2005.
Available: 10.2196/jmir.7.1.e3.
[3] S. Hufnagel, "National Electronic Health Record Interoperability Chronology", Military Medicine, vol. 174, no.
5, pp. 35-42, 2009. Available: 10.7205/milmed-d-03-9708.
[4] R. Evans, "Electronic Health Records: Then, Now, and in the Future", Yearbook of Medical Informatics, vol. 25,
no. 01, pp. S48-S61, 2016. Available: 10.15265/iys-2016-s006.
[5] E. Bertino, R. Deng, X. Huang and J. Zhou, "Security and privacy of electronic health information systems",
International Journal of Information Security, vol. 14, no. 6, pp. 485-486, 2015. Available: 10.1007/s10207-015-
0303-z.
[6] J. Fernández-Alemán, I. Señor, P. Lozoya and A. Toval, "Security and privacy in electronic health records: A
systematic literature review", Journal of Biomedical Informatics, vol. 46, no. 3, pp. 541-562, 2013. Available:
10.1016/j.jbi.2012.12.003.
[7] "The great chain of being sure about things", The Economist, 2019. [Online]. Available:
https://www.economist.com/briefing/2015/10/31/the-great-chain-of-being-sure-about-things. [Accessed: 30- Nov-
2019].
[9] G. Karame and S. Capkun, "Blockchain Security and Privacy", IEEE Security & Privacy, vol. 16, no. 4, pp. 11-
12, 2018. Available: 10.1109/msp.2018.3111241.
[10] J. Yli-Huumo, D. Ko, S. Choi, S. Park and K. Smolander, "Where Is Current Research on Blockchain
Technology?—A Systematic Review", PLOS ONE, vol. 11, no. 10, p. e0163477, 2016. Available:
10.1371/journal.pone.0163477.
[11] J. Aoyagi and D. Adachi, "Fundamental Values of Cryptocurrencies and Blockchain Technology", SSRN
Electronic Journal, 2018. Available: 10.2139/ssrn.3132235.
10 Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000
180 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180
[13] Y. Tribis, A. El Bouchti and H. Bouayad, "Supply Chain Management based on Blockchain: A Systematic
Mapping Study", MATEC Web of Conferences, vol. 200, p. 00020, 2018. Available:
10.1051/matecconf/201820000020.
[14] W. Wang et al., "A Survey on Consensus Mechanisms and Mining Strategy Management in Blockchain
Networks", IEEE Access, vol. 7, pp. 22328-22370, 2019. Available: 10.1109/access.2019.2896108.
[16] T. Salman, M. Zolanvari, A. Erbad, R. Jain and M. Samaka, "Security Services Using Blockchains: A State of
the Art Survey", IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 858-880, 2019. Available:
10.1109/comst.2018.2863956.
[17] M. Atzori, "Blockchain Technology and Decentralized Governance: Is the State Still Necessary?", SSRN
Electronic Journal, 2015. Available: 10.2139/ssrn.2709713.
[18] "Peer-to-Peer Insurance: How Blockchain is challenging the traditional insurance model", Medium, 2019.
[Online]. Available: https://medium.com/@fidentiaX/peer-to-peer-insurance-how-blockchain-is-challenging-the-
traditional-insurance-model-fd63f6130c4. [Accessed: 30- Nov- 2019].
[19] J. Vora et al., "BHEEM: A Blockchain-Based Framework for Securing Electronic Health Records", in 2018 IEEE
Globecom Workshops (GC Wkshps), 2019.
[20] V. V., K. Sabarivelan, J. Tamizhselvan, B. Ranjith and V. B., "Utlization of Blockchain in Medical Healthcare
Record using Hyperledger