Available online at www.sciencedirect.

com

ScienceDirect
Available online at www.sciencedirect.com
Procedia Computer Science 00 (2019) 000–000
www.elsevier.com/locate/procedia
ScienceDirect
Procedia Computer Science 173 (2020) 171–180

International Conference on Smart Sustainable Intelligent Computing and Applications under

ICITETM2020

Preserving the Privacy of Electronic Health Records using Blockchain

Yogesh Sharmaa, Prof. B. Balamuruganb
a
Research Scholar, School of Computer Science and Engineering, Galgotias University
Research
Plot No. 2, Yamuna Expressway, Opposite, Buddha International Circuit, Sector 17A, Greater Noida, Uttar Pradesh
b
Supervisor,
Supervisor, School of Computer Science and Engineering, Galgotias University
Plot No. 2, Yamuna Expressway, Opposite, Buddha International Circuit, Sector 17A, Greater Noida, Uttar Pradesh

Abstract

Electronic health records (EHRs) are health information of patients that are saved digitally in a network. Various
opportunities to enhance patient care, performance measures in clinical practice and contribute to clinical research in
the future are provided by EHRs. The schemes used to store EHRs have been very insecure in the present era of smart
cities and homes. The data can be easily breached by hackers and unauthorized external parties. Also, the data is not
accessible to patients and care providers. These schemes are unable to create a balance between data security and data
accessibility. But blockchain can resolve these issues. Blockchain creates a ledger system that is immutable and allows
the transactions to take place in a decentralized manner. The three main features of blockchain technology - Security,
Decentralization, and Transparency make any application built using it secure and not accessible by unauthorized
parties. The manipulation of data is almost impossible to do in a blockchain network.
In this project, we propose a system to implement EHRs using blockchain technology and make EHRs more secure and private.
The blockchain technology will keep control over access to information using its cryptographic techniques and decentralization. It
will also maintain the balance between data privacy and data accessibility. Our main objective of this project is the framing of data
privacy and security issues in electronic healthcare
© 2020 Yogesh Sharma, B. Balamurugan. Published by Elsevier B.V.
© 2020
This The
is an Authors.
open accessPublished by Elsevier
article under B.V.
the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the scientific committee of the International Conference on Smart Sustainable Intelligent
Peer-review under responsibility of the scientific committee of the International.
Computing and Applications under ICITETM2020
Keywords Electronic Health Records (EHRs); privacy; security; Blockchain; Cryptography; Decentralization.

1. Introduction
The advancement in technology in the past few decades has affected several parts of human life. It benefitted us in
many sectors of living especially healthcare. There has been significant progress in the healthcare industry in recent

1877-0509 © 2020 Yogesh Sharma, B. Balamurugan. Published by Elsevier B.V.

This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the scientific committee of the International Conference on Smart Sustainable Intelligent Computing and
Applications under ICITETM2020

1877-0509 © 2020 The Authors. Published by Elsevier B.V.

This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the scientific committee of the International.
10.1016/j.procs.2020.06.021
172 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180
2 Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000

years. We can now store our medical records electronically. Clinicians could perform better diagnoses of patients, the
communication between doctors and patients became easy and doctors became instantly available to the patients
during the time of emergency [1]. Through the electronic records, the patients could contact their doctors even from
remote places. But along with the pros of modern technology, the drawbacks of this advancement also existed. The
increased progress in information technology helped hackers by providing them better hacking tools for accessing the
records

and altering them. Thus, increasing the threat to the security of medical records and privacy of patients these days. In
this paper, we propose a system to secure these medical records (EHRs) and protect the privacy of the patient from
such threats.

1.1 Electronic Health Records

Electronic Health Records (EHRs) are the digital records which are the collection of patient’s medical record. The
electronic medical records are stored electronically in a digital format which is maintained by hospital or a clinician
over time.[2] The electronic medical records comprise all of the important clinical data which is crucial to that patient’s
care stored with a specific care provider, including MRI reports, past medical examination, immunizations, laboratory
reports, and any form of allergies of the patient .[3] these records are real-time records, patient specific records that
readily available for a patient or a doctor and are available for the authorized users only. They can be shared with
other care providers across more than one health care organization for better research or study in the healthcare field.
It advances the conventional methods of storing patient’s medical records on paper which were vulnerable to many
threats like natural disasters, theft, war, unauthorized manipulation, etc. With EHRs the information can be access
automatically which can potentially optimize the clinician’s workflow. It can also support other care-related activities
directly or indirectly through various interfaces.
EHRs are very helpful in the continued progress of healthcare. They have improved the accuracy and clarity of health
information by reducing the occurrence of errors in records. EHRs can also be beneficial in accessing the health
information anytime and anywhere, thus reduces the possibility of repetition of tests, dipping delays in treatment, and
making patients well aware to make better decisions.[4] EHRs have made the instant interaction between doctors and
patients possible, whenever needed so it has strengthened the relationship between them. They have increased the
participation of patients and made care coordination better. Since the data is easily available, so it also enabled the
care providers to make better and fast decisions and provide better care to the patient as soon as possible.
But with the advancement of information technology, these electronic records have become more vulnerable to attacks
by unauthorized users. These malicious users gain access to the personal information of patients, using modern
software or hacking tools, and manipulate their records to harm patients or use the information for their own benefit.
So, there has been an urgent need to securely store private information and health records of patients and prevent them
from being breached by attackers.[5] The cloud-based approach of storing EHRs, nowadays, is not so secure and can
be breached by professional hackers. The EHRs are stored on the cloud and secured using passwords which can be
easily compromised using various hacking techniques or social engineering.[6] Therefore, in the last few decades, there
has been an urgent need to safely secure the records and protect the privacy of patients from unauthorized users. An
efficient way of storing the records securely over a network is by following a blockchain-based approach for EHRs.
 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180 173
Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000 3

Figure 1 A sample view of an electronic health record (source: An electronic medical record example. 2014)[21]

1.2 Blockchain
It is a distributed ledger system that can record transactions between two parties efficiently.[7] Each transaction is
stored on a record, then these records, called blocks, are connected through cryptography to form a list or a
blockchain.[8] It is a decentralized transaction which can also help in managing the data. Each block in a blockchain
network contains transaction data, cryptographic hash, the hash of the prior block and a timestamp. The design of the
blockchain is such that it makes the blockchain resistant to modification.[9] Blockchain is used for conducting secure
transactions over the network. The interest in blockchain technology and where it can be applied has been growing
since the idea of the technology came into existence in 2008. The reason behind the growing interest in Blockchain
technology is its free from centralized authority that provide security, transparency and data integrity without any
interference from the third-party organization governing the transactions, and therefore it creates motivating
opportunities for conducting research in various areas.[10]
Because of the use of a decentralized, distributed ledger system in the blockchain which can store the transactions
across many computers therefore any data cannot be modified afterward, without the modification of all succeeding
blocks. This permits the members of the blockchain to authenticate the transactions independently and fairly
economical. A blockchain database is accomplished independently using a peer-to-peer network . They are
authenticated by consensus of the majority of the network. Such a design of the blockchain could enables strong
workflow. The use of a blockchain also eliminates the problem of double-spending.
Blockchain technology can be combined into multiple areas. The primary use of blockchains earlier was a distributed
ledger for cryptocurrencies but now the technology has moved many folds and moved into many other sectors.[11]
Most cryptocurrencies primarily uses blockchain technology to record transactions, most notably bitcoin. Also,
blockchain-based smart contracts can be built which can be partially or fully executed or enforced without human
interaction. Smart contracts [12] for a particular network are created by the developers who developed that blockchain
network. These are the programs that are automatically executed when prearranged terms and conditions are met
together. They are useful in business collaborations, where they are used to impose some type of contract between the
participants so that participants in the network are confident of the outcome without the participation of any
intermediary. Also, blockchain is being used in the financial industry where distributed ledgers are used in banking.
Supply chain materials and supply chain management also uses the blockchain technology.[13]
Blockchain technology is features characteristics like security, decentralization, and transparency. This is what makes
it an innovative technology to execute transaction processes safely and easily.

Consensus Algorithm
Each block that is added in the blockchain goes through a process of getting agreement from all other nodes already
registered on the network that the node being added is an authorized node. This process is accomplished using a
consensus algorithm.[14] They help in achieving trust between the participants and reliability in the network.
Commonly used consensus algorithms are PoW,[15] PBFT, PoS

Data Privacy in Blockchain

Blockchain provides security to the network through the use of cryptography.[16] Every individual block in a
174 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180
4 Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000

blockchain is connected to a block before and after it. This makes it hard for a hacker to alter with any record as the
hacker would also need to change the records or blocks linked to the record that he desires to manipulate or access,
which is practically impossible to do in a huge network where there are a large number of blocks in a blockchain.

Figure 2 Structure of a blockchain

Any blockchain starts with the genesis block which acts as the foundation on which other blocks are sequentially
added. Each block on a blockchain comprises of the hash of the prior block, timestamp, nonce and transaction data.
These are used to generate the hash for that particular block using cryptographic algorithms. Hashes are unique
identifiers of the block in the blockchain. These Hash pointers are also responsible for linking each block to its
predecessor, by holding a hash of the preceding block. Because each block in the blockchain is connected to the
previous block, the blockchain becomes immutable.
The blocks on a blockchain are secured using cryptography. Participants in the network have their own private keys
that are assigned to the transactions they make. These private keys act as a personal digital signature. The creator of
the block or the one who executes the transaction enters their private key against the transaction, this encrypts the data
of the transaction. The other person getting affected by the transaction or the person who wants to access the data of
the transaction can decrypt it using the public key of the sender. If there is any alteration in the record, the signature
will become illegal and the peer network will get to know that some manipulation has occurred. Getting notified earlier
is crucial to prevent further damage thus making the system considerably secure. The system becomes fairer than
traditional ones as there is no single authority in the blockchain network. Blockchain becomes more efficient and
secure with the concept of decentralization.

Decentralization in blockchain
Blockchains are decentralized network, which means that single person or group cannot holds the authority of the
whole network. There is no centralized system to control the administration of the blockchain network.[18] Each node
in the network has a duplicate copy of ledger with them but no single node has the power to make modifications in
the ledger on their own. To execute any transaction and make any changes in the records there is a need for consensus
from all other nodes on the network. This feature allows having more secure networks.
Blockchain uses a peer-to-peer model [18] (represented in Fig 3) to enable interaction between two parties in the
network without the involvement of the third party or a middle man. It uses a P2P protocol that means the participants
of the network have identical copy of transactions, that enables the sanction through a consensus mechanism. No
interruptions or extra charges are deducted in the process. There is a need for agreement from all the registered nodes
in the network to conduct any activity in the network. In a centralized network if the central ledger or database gets
attacked by hackers the overall system gets corrupted. But a decentralized network resolves such an issue as there is
no single point of storage, therefore no vulnerability to attack by unauthorized users.
 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180 175
Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000 5

Figure 3. Representation of a peer-to-peer model

Transparency in blockchain
Although the individual information on the blockchain is kept private for a user, the technology itself is almost an
open source technology, which allows the users on the blockchain network to alter the code as they wanted to, until
they have a consensus of the majority of the participants in the network. Since hundreds and thousands of users are
connected on the blockchain network hence it is unlikely that anyone could make modifications without being noticed.

Blockchain for implementation of EHRs

Now a days many hospitals and clinics uses blockchain in order to securely store their patients’ medical records. When
a medical record of a patient is generated and tested, it can be added on to the blockchain network, which offers
patients with the perfect and assurance that the record cannot be altered. These personalized health records could be
encrypted and kept on the blockchain network with a private key, which allows only verified users to access the health
records in crucial time, thereby ensuring the privacy of the patient.[19]

2. System Design and Architecture

The blockchain network is divided into three main components: Participants, Assets, and Transactions. In this
implementation of an EHR system using blockchain, EHR consists of three main participants:
i. Patients
ii. Clinicians/Doctors
iii. Labs
iv. Admin
Patients play an important role as a participant in the EHR system. They own their health records that are being created
and added to the blockchain. They can change their personal information. Therefore, they have the authority to
regulator who all can access their records. Any unauthorized care provider or third-party is blocked by the patients
from accessing their records.
Clinicians are the care providers who will collect medical data of patients through diagnoses. They are responsible for
updating the health-related information in the records of the only those patients who have verified them as authorized
clinicians and have given them permission to write into their records. They can change their personal information or
profile.
Labs are responsible for conducting tests then generating test results and updating this information in the records of
those patients who have verified them as authorized labs and have given them permission to write into their records.
They can change their profile information.
Admin is the one who deploys the blockchain network, implements various contracts in the network, generates the
key and handles the encryption-decryption of the transaction data.
In this system, medical records are the asset of the network. Each medical record is owned by some patient who is
registered on the network. Whenever a transaction has executed the value of the asset changes. Changes are like
176 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180
6 Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000

updates in the records if the patient is diagnosed with some new disease, modifications in medications, test results,
etc.

Figure 4 Architecture of the system

The transactions are actions performed mostly on the asset in the network like adding a participant in the network,
creating a medical record, retrieving specific information from the network, updates in the participant’s information,
giving access to clinician or lab and revoking access from them. For the execution of some of these transactions, there
is a need to have a relationship between the two participating nodes. For example, to give access to a patient’s medical
information to a clinician the patent’s ID must be in the list of that clinician’s patients. In simple words, the person
whose medical records are to be accessed must be a patient of the clinician who wants to get access to the medical
record of that patient. The permission rules are also defined in this system. These rules control which participant is
granted what kind of access and to what resources. This helps in restricting access to all the resources of the system.
Only authorized users get to manipulate or read specific records only.
Following transactions are executed in the system -
1. CreateMedicalRecord - This transaction would create records in the network. It contains fields like recordID, owner,
a list of authorized patients and labs. It contains fields that store medical information of the patients like medical
history, last consultation with which doctor, the date of consultation, allergies, any harmful habits, etc. The ID
generated for the record is unique to the record and is used to identify that specific record in the collection.
2. GrantAccess - To manipulate the records the clinician/doctor would need to have access to the record, only the
authorized doctor would have the right to access and read or write the medical record. This access is granted using
this transaction.
3. GrantAccessToLab - The labs also need to have access to that certain record if they want to manipulate it.
4. RevokeAccess - Once the need to access a certain record is fulfilled, the access to that record from the clinician.
The clinician no longer remains authorized to read or alter that record.
5. RevokeAccessFromLab - Similarly the access from the labs is also revoked once the work is finished.
6. AddParticipant - Whenever a new node will be added to the system this transaction will get executed.
7. UpdateParticipant - It occurs when a modification is made in the data inside the participant’s node.
8. UpdateAsset - It occurs when we alter the details of the medical records.

3. System Implementation
To implement this system, we used a blockchain-based framework Hyperledger Fabric and Composer tool to
implement the project.

3.1 Hyperledger Fabric

It is a blockchain framework implementation founded by Linux foundation and one of the Hyperledger projects. We
are using this framework as it allows components, such as consensus and membership services, to be plug-and-play.
It helps container technology to host smart contracts, called “chaincode”, that comprise the logic of the system.[20]
 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180 177
Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000 7

3.2 Hypeledger Composer

It is an open source tools for building a blockchain business network. The tool helps business owners and developers
to create multiple smart contracts and blockchain applications in solving various business problems.
To implement this blockchain-based EHR network we followed these steps:
1. Collection of data: Patient’s personal information and medical data like vital signs, allergies, harmful habits, medical
history, test results, medications and data generated through clinical diagnosis by the doctor.
2. Wallet allocation: It is a space allocated to deploy your blockchain network. It is the place where all the transactions
are recorded.
3. Deploying a blockchain network using Hyperledger Fabric and Composer: On composer playground, after wallet
allocation, we deploy our business network and start our blockchain network
4. Creation of different nodes in the system: We create a model of our system that had the template design of different
participants/nodes (like Patients, Clinicians, and Labs) in our blockchain network.
5. Creation of medical records: We also create a template for storing medical records owned by patients.
6. Creation of transactions: We create the transactions that have to be executed as per the need, for example, to grant
or revoke access from clinicians or labs and listing out the authorized clinicians or labs for a medical record.
7. Addition of node to the system: Creation of an instance of the Patient node, Clinician node, Lab node and medical
record node owned by some patient was done using sample data collected. The nodes are then validated by other
registered nodes in the network and a public identifier is generated before adding them to the network.

Figure 5 Patient nodes created and added to the network

8. Specification of various permissions granted to the user: Here we specify what system resources (medical records)
can be accessed by which participants. Only the participant with certain permission (like Read-only, Write, All,
Transfer, etc) is allowed to access certain medical records data only.
9. Execution of transactions: Various transactions are executed according to the need of the user and records can also
be retrieved from the stored collection, if needed. After the execution, an updated medical record is generated.
178 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180
8 Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000

Figure 6 A record of all transactions that executed in the network

Figure 7. Flowchart of the whole process

 YogeshB.Sharma
Yogesh Sharma, et al. / Procedia
Balamurugan Computer
/ Procedia Science
Computer 17300
Science (2020) 171–180
(2019) 000–000 1799

4. Conclusion and Future Scope

We were able to deploy a blockchain-based EHR network and implement basic functionalities in the network. We
successfully achieved the main objective of this research of securing the EHRs and protecting the privacy of the
patients using the primary features of blockchain that is cryptography/hashing and decentralization. We conclude that
blockchain technology is an innovative technology for implementing EHRs and also it has the potential to help in the
research and progress of healthcare in the near future.
Future Scope
The idea and implementation can be further extended in the future by implementing various smart contracts to handle
the advanced functionality of the EHR system. Various sectors like billing, transportation, etc can be added to the
network to implement a full-fledged healthcare management system. To make it interactive it can be integrated with
a web application. EHRs can be made helpful for pharmacists in monitoring medical sales by adding them to the
system as another participant.

References

[1] R. Klitzman, "“Patient-time”, “doctor-time”, and “institution-time”: Perceptions and definitions of time among
doctors who become patients", Patient Education and Counseling, vol. 66, no. 2, pp. 147-155, 2007. Available:
10.1016/j.pec.2006.10.005.

[2] T. Gunter and N. Terry, "The Emergence of National Electronic Health Record Architectures in the United States
and Australia: Models, Costs, and Questions", Journal of Medical Internet Research, vol. 7, no. 1, p. e3, 2005.
Available: 10.2196/jmir.7.1.e3.

[3] S. Hufnagel, "National Electronic Health Record Interoperability Chronology", Military Medicine, vol. 174, no.
5, pp. 35-42, 2009. Available: 10.7205/milmed-d-03-9708.

[4] R. Evans, "Electronic Health Records: Then, Now, and in the Future", Yearbook of Medical Informatics, vol. 25,
no. 01, pp. S48-S61, 2016. Available: 10.15265/iys-2016-s006.

[5] E. Bertino, R. Deng, X. Huang and J. Zhou, "Security and privacy of electronic health information systems",
International Journal of Information Security, vol. 14, no. 6, pp. 485-486, 2015. Available: 10.1007/s10207-015-
0303-z.

[6] J. Fernández-Alemán, I. Señor, P. Lozoya and A. Toval, "Security and privacy in electronic health records: A
systematic literature review", Journal of Biomedical Informatics, vol. 46, no. 3, pp. 541-562, 2013. Available:
10.1016/j.jbi.2012.12.003.

[7] "The great chain of being sure about things", The Economist, 2019. [Online]. Available:
https://www.economist.com/briefing/2015/10/31/the-great-chain-of-being-sure-about-things. [Accessed: 30- Nov-
2019].

[8] M. Crosby, P. Pattanayak, S. Verma and V. Kalyanaram, Blockchain Technology. 2019.

[9] G. Karame and S. Capkun, "Blockchain Security and Privacy", IEEE Security & Privacy, vol. 16, no. 4, pp. 11-
12, 2018. Available: 10.1109/msp.2018.3111241.

[10] J. Yli-Huumo, D. Ko, S. Choi, S. Park and K. Smolander, "Where Is Current Research on Blockchain
Technology?—A Systematic Review", PLOS ONE, vol. 11, no. 10, p. e0163477, 2016. Available:
10.1371/journal.pone.0163477.

[11] J. Aoyagi and D. Adachi, "Fundamental Values of Cryptocurrencies and Blockchain Technology", SSRN
Electronic Journal, 2018. Available: 10.2139/ssrn.3132235.
10 Yogesh Sharma, B. Balamurugan / Procedia Computer Science 00 (2019) 000–000
180 Yogesh Sharma et al. / Procedia Computer Science 173 (2020) 171–180

[12] "Smart contract", En.wikipedia.org, 2019. [Online]. Available: https://en.wikipedia.org/wiki/Smart_contract.

[Accessed: 30- Nov- 2019].

[13] Y. Tribis, A. El Bouchti and H. Bouayad, "Supply Chain Management based on Blockchain: A Systematic
Mapping Study", MATEC Web of Conferences, vol. 200, p. 00020, 2018. Available:
10.1051/matecconf/201820000020.
[14] W. Wang et al., "A Survey on Consensus Mechanisms and Mining Strategy Management in Blockchain
Networks", IEEE Access, vol. 7, pp. 22328-22370, 2019. Available: 10.1109/access.2019.2896108.

[15] "Proof of work", En.wikipedia.org, 2019. [Online]. Available: https://en.wikipedia.org/wiki/Proof_of_work.

[Accessed: 30- Nov- 2019].

[16] T. Salman, M. Zolanvari, A. Erbad, R. Jain and M. Samaka, "Security Services Using Blockchains: A State of
the Art Survey", IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 858-880, 2019. Available:
10.1109/comst.2018.2863956.

[17] M. Atzori, "Blockchain Technology and Decentralized Governance: Is the State Still Necessary?", SSRN
Electronic Journal, 2015. Available: 10.2139/ssrn.2709713.

[18] "Peer-to-Peer Insurance: How Blockchain is challenging the traditional insurance model", Medium, 2019.
[Online]. Available: https://medium.com/@fidentiaX/peer-to-peer-insurance-how-blockchain-is-challenging-the-
traditional-insurance-model-fd63f6130c4. [Accessed: 30- Nov- 2019].

[19] J. Vora et al., "BHEEM: A Blockchain-Based Framework for Securing Electronic Health Records", in 2018 IEEE
Globecom Workshops (GC Wkshps), 2019.

[20] V. V., K. Sabarivelan, J. Tamizhselvan, B. Ranjith and V. B., "Utlization of Blockchain in Medical Healthcare
Record using Hyperledger