Title | Health Block A secure blockchain-based healthcare data management system |
---|---|
Author | NURNABILAH MOHD ZUBIR |
Course | Management of Record Repository |
Institution | Universiti Teknologi MARA |
Pages | 16 |
File Size | 957.4 KB |
File Type | |
Total Downloads | 97 |
Total Views | 596 |
Computer Networks 200 (2021) 108500Available online 25 September 2021 1389-1286/© 2021 Elsevier B. All rights reserved.ContentslistsavailableatScienceDirectComputerNetworksjournal homepage:elsevier/locate/comnetHealthBlock:Asecureblockchain-basedhealthcaredatamanagementsystemBessemZaabara,b,c,∗,Omar...
Computer Networks 200 (2021) 108500
Contents lists available at ScienceDirect
Computer Networks journal homepage: www.elsevier.com/locate/comnet
HealthBlock: A secure blockchain-based healthcare data management system Bessem Zaabar a,b,c ,∗, Omar Cheikhrouhou a,b , Faisal Jamil d, Meryem Ammi e , Mohamed Abid a a
Computer Embedded System laboratory CES-ENIS, University of Sfax, Tunisia Higher Institute of Computer Science of Mahdia, University of Monastir, Tunisia c National Center of Nuclear Sciences and Technologies, Tunisia d Department of Computer Engineering, Jeju National University, Republic of Korea e Naif Arab University for security sciences, Saudi Arabia b
A RTICLE
INFO
Keywords: Blockchain Data security Data privacy Electronic Health Records (EHRs) Internet of Medical Things (IoMT) Healthcare data security Hyperledger fabric RPM
ABSTRACT The security and privacy of electronic healthcare records (EHRs) remain a critical issue for both healthcare services consumers and providers. Breaching a healthcare system causes the disclosure of sensitive health data. This data is usually saved into centralized databases, which creates vulnerabilities and gives rise to cyber attacks. This research focuses on enhancing the security and privacy of EHRs by using blockchain technology. This paper proposes a new architecture that takes advantage of decentralized databases to avoid centralized storage issues. The decentralized used database for storing patient electronic health records is the OrbitDB with Interplanetary File System (IPFS). Besides, we have deployed a blockchain network built on Hyperledger fabric by using Hyperledger composer to save hashes of stored data and control access when retrieving it. The proposed Blockchain-based architecture is designed to contribute to the healthcare management systems’ robustness and to avoid recorded security limitations in commonly used systems for smart healthcare. Performance evaluation results issued from Hyperledger Caliper and comparative analysis have proved the robustness and superiority of the proposed system in terms of security and privacy requirements, key features of blockchain-based healthcare systems, and performance metrics including various throughput and latency.
1. Introduction
event of any abnormal behavior. Moreover, Electronic Health Record (EHR) is a digital record that includes certain health information such
The healthcare industry sector is focusing its efforts on benefiting from emerging technologies to make healthcare systems smart and efficient. In 2020, the global healthcare IoT market revenues totaled 72.5 billion dollars and this number is supposed to grow to over 188.2 billion dollars by 2025 [1,2]. Thanks to the integration of these smart objects (IoT devices) that collect, report, and analyze the patient’s data in real-time [3], remotely managing healthcare services has become a reality [2]. Thus, the way of diseases’ diagnosis and treatment has been profoundly changed. Remote Patient Monitoring (RPM) makes interactions between patients and doctors much easier and more efficient by cutting down the unnecessary visits to physicians, hospital stays, and re-admissions [4]. Accordingly, doctors can make effective decisions and efficiently manage the drugs dosage, treatment plans and the equipment. In e-healthcare platforms, IoT devices are generally attached to the patient body to collect some vital signs such as respiration rate, body temperature, pulse rate, blood pressure, and more [5]. These wearable smart devices monitor the overall health status of the user, keep track of the health of the patients, and generate alarms in the
as personal information, patient medical history, diagnoses, allergies, vital signs, lab data results, and more. This data helps the medical caregivers to follow up on the health state of the patient and prepare suitable care plans. Despite the colossal benefits of these new generation e-health services, some challenges need to be addressed before deployment, including security, privacy, and interoperability. The security of patient healthcare data is one of the topmost concerns of different healthcare organizations. Indeed, the reported cyber-attacks against patient healthcare data in recent years have pushed the industry and researchers to develop new solutions that can mitigate these attacks and keep patient healthcare data private and secure [6]. Health data integration is usually extensive and heterogeneous; therefore, interoperability is a critical issue to be addressed.
∗ Corresponding author. E-mail addresses: [email protected] (B. Zaabar), [email protected] (O. Cheikhrouhou), [email protected] (F. Jamil), [email protected] (M. Ammi), [email protected] (M. Abid).
https://doi.org/10.1016/j.comnet.2021.108500 Received 11 June 2021; Received in revised form 20 August 2021; Accepted 16 September 2021 Available online 25 September 2021 1389-1286/© 2021 Elsevier B.V. All rights reserved.
Computer Networks 200 (2021) 108500
B. Zaabar et al.
1.1. Motivation
1.2. Contributions
The healthcare sector is upgrading its landscape and extending its use to embed new technologies such as Internet of Things IoTs [2]. Remote Patient Monitoring (RPM) is one of the healthcare applications used to collect vital signs of patients outside of physical clinic location, and record them. RPM includes different types of sensors that can be worn or implanted. These sensors send information through wireless communication to a local base station, which in turn sends the information to a central monitoring station which will alarm the physicians to interfere effectively with the patient’s case [5]. All this data is stored in what is known as EHR. Accordingly, EHR is an electronic format system of a patient’s health data generated and preserved during the patient’s life. It is usually collected and circulated through various hospitals, healthcare clinics, and care providers. The authors in [7] pointed out that integrated health records are more effective and have more benefits such as lowering costs, improving health care quality, promoting evidencebased medicine usage, helping in record-keeping and ensuring the records’ mobility. Those providers usually maintain primary access to the information, thereby preventing patients from easily accessing their data. Accordingly, EHRs provide important and extremely confidential personal information for healthcare assessment and monitoring. Thus, sharing healthcare information should be carefully managed to preserve the data security [7] and strengthen healthcare service quality. The problem faced by EHR and RPM when adopted by healthcare systems is using local databases to store and manage access records of their patients’ medical data. However, the use of local databases raises many concerns about data and information security; including data privacy, integrity, and interoperability. To overcome these security issues, Blockchain (BC) technology in this context will provide information validation and truthfulness and will also help to disseminate data within the system and among the various medical facilities. The features brought by BC affect the cost, quality of data and importance of providing healthcare within a transparent, decentralized network eliminating the need for a middleman or any centralized authority. Other advantages added by BC are the reliable authentication measures and the efficient access to information for the authenticated authorized parts of that system of BC. The BC ecosystem can also smooth over problems of patient permission for information sharing, which is one of the main barriers to create a framework for exchanging health information. Present health information exchange (HIE) initiatives are based on a deal with the fallin or take the easy way-out model, but they usually need to incorporate a variety of conditions for disclosing highly sensitive details related to the patients’ medical history, including all vital administrative clinical data that are in line with the care given to an individual by a particular provider such as: demographics, progress reports problems, medications, important signs, medical history, immunization reports, laboratory data, and radiology reports. Moreover, BC technology has the potential of using time stamping to validate changes to a database, which is perfect for handling EHR data, particularly when more than one user has the authorization to edit a record. Besides, Blockchain offers a potential future platform for data sharing in support of a collaboration and trust system that would enable shared clinical healthcare decision-making in precision medicine and telehealth.
The Blockchain as a trusted, secure and transparent Distributed Ledger Technology (DLT) has a great potential in resolving the previously mentioned challenges and therefore can be used for the management of patient’ EHR and the security of the RPM system. This paper proposes a system: HealthBlock based on an architecture that leverages both BC and IoT technologies to ensure a secure healthcare management system including RPM and EHR sharing. HealthBlock allows patients to manage their healthcare data on their own securely. The key contributions are summarized as follows: • The use of the blockchain technology to ensure EHR management, access control, data integrity, audit, and interoperability. • The use of decentralized databases to mitigate centralized storage vulnerabilities and to ensure system scalability. • The proposed architecture was developed using Hyperledger Fabric [8] and Hyperledger Composer [9] to ensure security requirements and to increase its performance. • The performance of the proposed architecture is evaluated using Hyperledger Caliper [10]. 1.3. Paper roadmap The remainder of this paper is as follows. Section 2 outlines the existing literature related to the use of blockchain in the healthcare field. Section 3 presents in detail the proposed architecture. Section 4 illustrates the development environment and the case study implemented. Section 5 offers a performance evaluation of the designed solution and highlights the designed platform through a benchmark analysis using Hyperledger Caliper. Section 6 discusses the security and privacy requirements, the features, and the performances satisfied by the proposed system in comparison with the existing blockchain-based similar systems. Section 7 concludes the paper and discusses future works. 2. Related work This section will discuss the main researches in the field of healthcare sector where the BC technology has been used to improve the security of the EHR and RPM. Table 1 summarizes all the related work in this paper by stating their main contribution, the type of BC used in the proposed approaches and within which framework, the type of consensus and the type of data (whether it is EHR, or Internet of Medical Things (IoMT), the type of the storage, the validation tools and the proposed work limits found). Blockchain is a distributed ledger that holds an ordered list of records linked together through a chain of blocks [11]. This technology has been originally proposed in 2008 by Satoshi Nakamoto [12] and managed by a peer to peer network to serve as the public transaction ledger of the cryptocurrency bitcoin. This technology has been evolved and used in many fields as a mechanism of enhancing security and ensuring data integrity. In recent years, several research studies have been conducted in the Healthcare domain in a way to get benefit from blockchain technology. In [13], the researchers created and tested a smartphone application for cognitive behavioral therapy for insomnia. The data collected with the application was sent to a private Hyperledger Fabric blockchain network. Due to blockchain properties as an immutable distributed ledger, the Electronic Medical Records (EMR) in the network were secure and resistant to tampering after testing. They concluded that Blockchain serves as a distributed tamper-proof database. In the proposed solution, data integrity is evaluated but collected medical data is stored directly in the Blockchain which issued a major problem of scalability as the ledger has a limited capacity of storage. The authors of [14] used a private Ethereum blockchain. In the designed system, sensors interact with a smart device (smartphone
Finally, patient health data could be either collected from wearable sensors or manually introduced by users. Storing this data in a central database can create a cause behind data synchronization due to the diversity of healthcare providers. Henceforth, using a decentralized database for saving healthcare information allows the availability of a synchronized data. 2
Computer Networks 200 (2021) 108500
B. Zaabar et al. Table 1 Summary of related works. Ref and Year
Contribution/Purpose
BC Type
Framework
Consensus
Validation tools
Limits
Ichikawa et al. [13] (2017)
Combining mobile health with blockchain for healthcare treatment
Private
Hyperledger fabric
Practical Byzantine Fault Tolerance (PBFT)
Electronic Health Records (EHR)
Blockchain database
JavaScript Object Notation (JSON) + Chaincode
The capacity limitation of direct storage in blockchain database
Griggs et al. [14] (2018)
Sharing healthcare data for clinical and research purposes.
Private/ Consortium
Ethereum
PBFT
Internet of Medical Things (IoMT)
Designed EHR storage database
Solidity + Smart contracts
Sensors data are sent regularly to the patient phone, which will consume its energy and make solution not practical and dependent on the user phone
Fan et al. [15] (2018)
Sharing healthcare data for clinical and research purposes.
Public
Not available (N/A)
An endorser is elected by more than half of the nodes. Then, the endorser validate transactions.
EHR
Local Database
Security analysis. Latency of service provider requests
The endorser is a central entity which minimizes the advantages of the distributed nature of blockchain. No implementation is done
Shen et al. [16] (2019)
Healthcare Data Sharing
Consortium blockchain
Java
BFT-SMaRt [17]
EHR + IoMT
Local Database
Implementing using Java
The frequent intervention of healthcare providers is needed.
Han et al. [18] (2019)
Healthcare Data Sharing
Consortium blockchain
IBM’s HyperLedger or Ethereum, Chain Core or Openchain
Proof of Work (PoW) and Proof of Stake (PoS)
EHR
BigData Storage (HDFS) + Relational Database Management System (RDBMS)
Signature forgery attack
Saving Medical data in providers nodes presents a major limitation
Wu et al. [19] (2019)
Healthcare Data Sharing
public
Bitcoin
Delegated Proof of Stake (DPOS)
EHR
Interplanetary File System (IPFS) and Blockchain
Data masking, hash and improved consensus algorithm
Absence of automated access control
Košt’ál et al. [20] (2019)
Secure IoT devices configuration using blockchain
private
Hyperledger Composer
N/A
IoT ecosystem
Blockchain ledger
Cisco routers, TCL scripts, TFTP Servers and REST API
The scalability of the proposed system is a major limitation
Attia et al. [21] (2019)
Remote Patient Monitoring
Private
Hyperledger Fabric
PBFT
IoMT
Blockchain database
Go language + Application SDK
The capacity limitation of direct storage in blockchain
Dwivedi et al. [22] (2019)
Remote Patient Monitoring
Private
Ethereum
Digital Ring Signature, Overlay network
The proposed solution was not implemented in a testable system
N/A
Data type
IoMT
Storage
Cloud storage
(continued on next page )
3
Computer Networks 200 (2021) 108500
B. Zaabar et al. Table 1 (continued). Ref and Year
Contribution/Purpose
BC Type
Framework
Consensus
Data type
Jabbar et al. [23] (2020)
Healthcare data sharing with a decentralized Trusted Third Party Auditor (TTPA)
Private
Ethereum platform
Two Ethereum nodes deployed in Amazon servers responsible for mining
EHR+ IoMT
Khatoon et al. [24] (2020)
Design and implementation of different medical workflows
Private
Ethereum
Validation tools
Limits
Cloud database
Testnet of Ethereum+ Solidity language
Using of cloud servers might generate security issues
Back-end distributed file system (DFS)
solidity language+ Remix and Kovan test network
Only partial system is developed
Jamil et al. [25] (2020)
Vital signs real time remote monitoring
Private
Hyperledger Fabric
PBFT
IoMT
Distributed ledger technology (DLT)
Hyperledger composer + Caliper
The storage of patients data in blockchain network is a heavy.
Wang et al. [26] (2020)
Patient Health Data monitoring and sharing
Consortium
Ethereum blockchain
N/A
IoMT
Cloud storage
JavaScript, HTML, REST API
Patient data privacy is not justified.
Mukherjee et al. [27] (2021)
Patient Vital Signs Monitoring
Private
Distributed Ledger Technology (DLT)
N/A
IoMT
Blockchain database
N/A
The capacity limitation of direct storage in blockchain database. Implementation was not proved
PoW (Ethash)
or tablet) that communicates directly to smart contracts. The latter analyzes the provided data and triggers alerts to patients and healthcare providers. Note that collected data is not kept into blockchain but only transactions of occurred events are kept in the ledger. Thus, a secure RPM system is proposed thanks to blockchain features. However, the time of data transmission from the smart device to blockchain nodes presents a major limitation to the proposed system. Moreover, security requirements consisting of integrity, confidentiality, availability, data privacy, and traceability are addressed. But scalability is not justified by the proposed approach. MedBlock [15] and MedChain [16] are blockchain-based information management systems that allow efficient and secure EMRs access. Medical data were retrieved from distributed blockchain ledger. The authors in [15] proposed MedBlock: a system to share healthcare data for diagnostic and research aims. MedBlock provides access control to the EHRs of patients. But, data privacy is not totally satisfied as the adopted approach refers to local hospitals databases. Besides, MedBlock focuses only on hospital medical records of patients collected from medical examination and cannot store the physiological states of patients. To overcome this limit, the authors in [16] proposed MedChain: a session-based healt...