Health Block A secure blockchain-based healthcare data management system PDF

Preview

Summary

Computer Networks 200 (2021) 108500Available online 25 September 2021 1389-1286/© 2021 Elsevier B. All rights reserved.ContentslistsavailableatScienceDirectComputerNetworksjournal homepage:elsevier/locate/comnetHealthBlock:Asecureblockchain-basedhealthcaredatamanagementsystemBessemZaabara,b,c,∗,Omar...

Description

Computer Networks 200 (2021) 108500

Contents lists available at ScienceDirect

Computer Networks journal homepage: www.elsevier.com/locate/comnet

HealthBlock: A secure blockchain-based healthcare data management system Bessem Zaabar a,b,c ,∗, Omar Cheikhrouhou a,b , Faisal Jamil d, Meryem Ammi e , Mohamed Abid a a

Computer Embedded System laboratory CES-ENIS, University of Sfax, Tunisia Higher Institute of Computer Science of Mahdia, University of Monastir, Tunisia c National Center of Nuclear Sciences and Technologies, Tunisia d Department of Computer Engineering, Jeju National University, Republic of Korea e Naif Arab University for security sciences, Saudi Arabia b

A RTICLE

INFO

Keywords: Blockchain Data security Data privacy Electronic Health Records (EHRs) Internet of Medical Things (IoMT) Healthcare data security Hyperledger fabric RPM

ABSTRACT The security and privacy of electronic healthcare records (EHRs) remain a critical issue for both healthcare services consumers and providers. Breaching a healthcare system causes the disclosure of sensitive health data. This data is usually saved into centralized databases, which creates vulnerabilities and gives rise to cyber attacks. This research focuses on enhancing the security and privacy of EHRs by using blockchain technology. This paper proposes a new architecture that takes advantage of decentralized databases to avoid centralized storage issues. The decentralized used database for storing patient electronic health records is the OrbitDB with Interplanetary File System (IPFS). Besides, we have deployed a blockchain network built on Hyperledger fabric by using Hyperledger composer to save hashes of stored data and control access when retrieving it. The proposed Blockchain-based architecture is designed to contribute to the healthcare management systems’ robustness and to avoid recorded security limitations in commonly used systems for smart healthcare. Performance evaluation results issued from Hyperledger Caliper and comparative analysis have proved the robustness and superiority of the proposed system in terms of security and privacy requirements, key features of blockchain-based healthcare systems, and performance metrics including various throughput and latency.

1. Introduction

event of any abnormal behavior. Moreover, Electronic Health Record (EHR) is a digital record that includes certain health information such

The healthcare industry sector is focusing its efforts on benefiting from emerging technologies to make healthcare systems smart and efficient. In 2020, the global healthcare IoT market revenues totaled 72.5 billion dollars and this number is supposed to grow to over 188.2 billion dollars by 2025 [1,2]. Thanks to the integration of these smart objects (IoT devices) that collect, report, and analyze the patient’s data in real-time [3], remotely managing healthcare services has become a reality [2]. Thus, the way of diseases’ diagnosis and treatment has been profoundly changed. Remote Patient Monitoring (RPM) makes interactions between patients and doctors much easier and more efficient by cutting down the unnecessary visits to physicians, hospital stays, and re-admissions [4]. Accordingly, doctors can make effective decisions and efficiently manage the drugs dosage, treatment plans and the equipment. In e-healthcare platforms, IoT devices are generally attached to the patient body to collect some vital signs such as respiration rate, body temperature, pulse rate, blood pressure, and more [5]. These wearable smart devices monitor the overall health status of the user, keep track of the health of the patients, and generate alarms in the

as personal information, patient medical history, diagnoses, allergies, vital signs, lab data results, and more. This data helps the medical caregivers to follow up on the health state of the patient and prepare suitable care plans. Despite the colossal benefits of these new generation e-health services, some challenges need to be addressed before deployment, including security, privacy, and interoperability. The security of patient healthcare data is one of the topmost concerns of different healthcare organizations. Indeed, the reported cyber-attacks against patient healthcare data in recent years have pushed the industry and researchers to develop new solutions that can mitigate these attacks and keep patient healthcare data private and secure [6]. Health data integration is usually extensive and heterogeneous; therefore, interoperability is a critical issue to be addressed.

∗ Corresponding author. E-mail addresses: [email protected] (B. Zaabar), [email protected] (O. Cheikhrouhou), [email protected] (F. Jamil), [email protected] (M. Ammi), [email protected] (M. Abid).

https://doi.org/10.1016/j.comnet.2021.108500 Received 11 June 2021; Received in revised form 20 August 2021; Accepted 16 September 2021 Available online 25 September 2021 1389-1286/© 2021 Elsevier B.V. All rights reserved.

Computer Networks 200 (2021) 108500

B. Zaabar et al.

1.1. Motivation

1.2. Contributions

The healthcare sector is upgrading its landscape and extending its use to embed new technologies such as Internet of Things IoTs [2]. Remote Patient Monitoring (RPM) is one of the healthcare applications used to collect vital signs of patients outside of physical clinic location, and record them. RPM includes different types of sensors that can be worn or implanted. These sensors send information through wireless communication to a local base station, which in turn sends the information to a central monitoring station which will alarm the physicians to interfere effectively with the patient’s case [5]. All this data is stored in what is known as EHR. Accordingly, EHR is an electronic format system of a patient’s health data generated and preserved during the patient’s life. It is usually collected and circulated through various hospitals, healthcare clinics, and care providers. The authors in [7] pointed out that integrated health records are more effective and have more benefits such as lowering costs, improving health care quality, promoting evidencebased medicine usage, helping in record-keeping and ensuring the records’ mobility. Those providers usually maintain primary access to the information, thereby preventing patients from easily accessing their data. Accordingly, EHRs provide important and extremely confidential personal information for healthcare assessment and monitoring. Thus, sharing healthcare information should be carefully managed to preserve the data security [7] and strengthen healthcare service quality. The problem faced by EHR and RPM when adopted by healthcare systems is using local databases to store and manage access records of their patients’ medical data. However, the use of local databases raises many concerns about data and information security; including data privacy, integrity, and interoperability. To overcome these security issues, Blockchain (BC) technology in this context will provide information validation and truthfulness and will also help to disseminate data within the system and among the various medical facilities. The features brought by BC affect the cost, quality of data and importance of providing healthcare within a transparent, decentralized network eliminating the need for a middleman or any centralized authority. Other advantages added by BC are the reliable authentication measures and the efficient access to information for the authenticated authorized parts of that system of BC. The BC ecosystem can also smooth over problems of patient permission for information sharing, which is one of the main barriers to create a framework for exchanging health information. Present health information exchange (HIE) initiatives are based on a deal with the fallin or take the easy way-out model, but they usually need to incorporate a variety of conditions for disclosing highly sensitive details related to the patients’ medical history, including all vital administrative clinical data that are in line with the care given to an individual by a particular provider such as: demographics, progress reports problems, medications, important signs, medical history, immunization reports, laboratory data, and radiology reports. Moreover, BC technology has the potential of using time stamping to validate changes to a database, which is perfect for handling EHR data, particularly when more than one user has the authorization to edit a record. Besides, Blockchain offers a potential future platform for data sharing in support of a collaboration and trust system that would enable shared clinical healthcare decision-making in precision medicine and telehealth.

The Blockchain as a trusted, secure and transparent Distributed Ledger Technology (DLT) has a great potential in resolving the previously mentioned challenges and therefore can be used for the management of patient’ EHR and the security of the RPM system. This paper proposes a system: HealthBlock based on an architecture that leverages both BC and IoT technologies to ensure a secure healthcare management system including RPM and EHR sharing. HealthBlock allows patients to manage their healthcare data on their own securely. The key contributions are summarized as follows: • The use of the blockchain technology to ensure EHR management, access control, data integrity, audit, and interoperability. • The use of decentralized databases to mitigate centralized storage vulnerabilities and to ensure system scalability. • The proposed architecture was developed using Hyperledger Fabric [8] and Hyperledger Composer [9] to ensure security requirements and to increase its performance. • The performance of the proposed architecture is evaluated using Hyperledger Caliper [10]. 1.3. Paper roadmap The remainder of this paper is as follows. Section 2 outlines the existing literature related to the use of blockchain in the healthcare field. Section 3 presents in detail the proposed architecture. Section 4 illustrates the development environment and the case study implemented. Section 5 offers a performance evaluation of the designed solution and highlights the designed platform through a benchmark analysis using Hyperledger Caliper. Section 6 discusses the security and privacy requirements, the features, and the performances satisfied by the proposed system in comparison with the existing blockchain-based similar systems. Section 7 concludes the paper and discusses future works. 2. Related work This section will discuss the main researches in the field of healthcare sector where the BC technology has been used to improve the security of the EHR and RPM. Table 1 summarizes all the related work in this paper by stating their main contribution, the type of BC used in the proposed approaches and within which framework, the type of consensus and the type of data (whether it is EHR, or Internet of Medical Things (IoMT), the type of the storage, the validation tools and the proposed work limits found). Blockchain is a distributed ledger that holds an ordered list of records linked together through a chain of blocks [11]. This technology has been originally proposed in 2008 by Satoshi Nakamoto [12] and managed by a peer to peer network to serve as the public transaction ledger of the cryptocurrency bitcoin. This technology has been evolved and used in many fields as a mechanism of enhancing security and ensuring data integrity. In recent years, several research studies have been conducted in the Healthcare domain in a way to get benefit from blockchain technology. In [13], the researchers created and tested a smartphone application for cognitive behavioral therapy for insomnia. The data collected with the application was sent to a private Hyperledger Fabric blockchain network. Due to blockchain properties as an immutable distributed ledger, the Electronic Medical Records (EMR) in the network were secure and resistant to tampering after testing. They concluded that Blockchain serves as a distributed tamper-proof database. In the proposed solution, data integrity is evaluated but collected medical data is stored directly in the Blockchain which issued a major problem of scalability as the ledger has a limited capacity of storage. The authors of [14] used a private Ethereum blockchain. In the designed system, sensors interact with a smart device (smartphone

Finally, patient health data could be either collected from wearable sensors or manually introduced by users. Storing this data in a central database can create a cause behind data synchronization due to the diversity of healthcare providers. Henceforth, using a decentralized database for saving healthcare information allows the availability of a synchronized data. 2

Computer Networks 200 (2021) 108500

B. Zaabar et al. Table 1 Summary of related works. Ref and Year

Contribution/Purpose

BC Type

Framework

Consensus

Validation tools

Limits

Ichikawa et al. [13] (2017)

Combining mobile health with blockchain for healthcare treatment

Private

Hyperledger fabric

Practical Byzantine Fault Tolerance (PBFT)

Electronic Health Records (EHR)

Blockchain database

JavaScript Object Notation (JSON) + Chaincode

The capacity limitation of direct storage in blockchain database

Griggs et al. [14] (2018)

Sharing healthcare data for clinical and research purposes.

Private/ Consortium

Ethereum

PBFT

Internet of Medical Things (IoMT)

Designed EHR storage database

Solidity + Smart contracts

Sensors data are sent regularly to the patient phone, which will consume its energy and make solution not practical and dependent on the user phone

Fan et al. [15] (2018)

Sharing healthcare data for clinical and research purposes.

Public

Not available (N/A)

An endorser is elected by more than half of the nodes. Then, the endorser validate transactions.

EHR

Local Database

Security analysis. Latency of service provider requests

The endorser is a central entity which minimizes the advantages of the distributed nature of blockchain. No implementation is done

Shen et al. [16] (2019)

Healthcare Data Sharing

Consortium blockchain

Java

BFT-SMaRt [17]

EHR + IoMT

Local Database

Implementing using Java

The frequent intervention of healthcare providers is needed.

Han et al. [18] (2019)

Healthcare Data Sharing

Consortium blockchain

IBM’s HyperLedger or Ethereum, Chain Core or Openchain

Proof of Work (PoW) and Proof of Stake (PoS)

EHR

BigData Storage (HDFS) + Relational Database Management System (RDBMS)

Signature forgery attack

Saving Medical data in providers nodes presents a major limitation

Wu et al. [19] (2019)

Healthcare Data Sharing

public

Bitcoin

Delegated Proof of Stake (DPOS)

EHR

Interplanetary File System (IPFS) and Blockchain

Data masking, hash and improved consensus algorithm

Absence of automated access control

Košt’ál et al. [20] (2019)

Secure IoT devices configuration using blockchain

private

Hyperledger Composer

N/A

IoT ecosystem

Blockchain ledger

Cisco routers, TCL scripts, TFTP Servers and REST API

The scalability of the proposed system is a major limitation

Attia et al. [21] (2019)

Remote Patient Monitoring

Private

Hyperledger Fabric

PBFT

IoMT

Blockchain database

Go language + Application SDK

The capacity limitation of direct storage in blockchain

Dwivedi et al. [22] (2019)

Remote Patient Monitoring

Private

Ethereum

Digital Ring Signature, Overlay network

The proposed solution was not implemented in a testable system

N/A

Data type

IoMT

Storage

Cloud storage

(continued on next page )

3

Computer Networks 200 (2021) 108500

B. Zaabar et al. Table 1 (continued). Ref and Year

Contribution/Purpose

BC Type

Framework

Consensus

Data type

Jabbar et al. [23] (2020)

Healthcare data sharing with a decentralized Trusted Third Party Auditor (TTPA)

Private

Ethereum platform

Two Ethereum nodes deployed in Amazon servers responsible for mining

EHR+ IoMT

Khatoon et al. [24] (2020)

Design and implementation of different medical workflows

Private

Ethereum

Validation tools

Limits

Cloud database

Testnet of Ethereum+ Solidity language

Using of cloud servers might generate security issues

Back-end distributed file system (DFS)

solidity language+ Remix and Kovan test network

Only partial system is developed

Jamil et al. [25] (2020)

Vital signs real time remote monitoring

Private

Hyperledger Fabric

PBFT

IoMT

Distributed ledger technology (DLT)

Hyperledger composer + Caliper

The storage of patients data in blockchain network is a heavy.

Wang et al. [26] (2020)

Patient Health Data monitoring and sharing

Consortium

Ethereum blockchain

N/A

IoMT

Cloud storage

JavaScript, HTML, REST API

Patient data privacy is not justified.

Mukherjee et al. [27] (2021)

Patient Vital Signs Monitoring

Private

Distributed Ledger Technology (DLT)

N/A

IoMT

Blockchain database

N/A

The capacity limitation of direct storage in blockchain database. Implementation was not proved

PoW (Ethash)

or tablet) that communicates directly to smart contracts. The latter analyzes the provided data and triggers alerts to patients and healthcare providers. Note that collected data is not kept into blockchain but only transactions of occurred events are kept in the ledger. Thus, a secure RPM system is proposed thanks to blockchain features. However, the time of data transmission from the smart device to blockchain nodes presents a major limitation to the proposed system. Moreover, security requirements consisting of integrity, confidentiality, availability, data privacy, and traceability are addressed. But scalability is not justified by the proposed approach. MedBlock [15] and MedChain [16] are blockchain-based information management systems that allow efficient and secure EMRs access. Medical data were retrieved from distributed blockchain ledger. The authors in [15] proposed MedBlock: a system to share healthcare data for diagnostic and research aims. MedBlock provides access control to the EHRs of patients. But, data privacy is not totally satisfied as the adopted approach refers to local hospitals databases. Besides, MedBlock focuses only on hospital medical records of patients collected from medical examination and cannot store the physiological states of patients. To overcome this limit, the authors in [16] proposed MedChain: a session-based healt...