This is the second publication in the series ‘Blockchain in Healthcare’ by Leo Petersen-Khmelnitski, LinkedIn
Traditional health information systems are institution centric. They employ centralised architecture, which requires centralised trust. While direct agreements on data sharing are available between various data silos, the modern information based healthcare provision, the increased mobility of patients (beyond covid), require the need to establish frameworks for a permanent and seamless data exchange in the global healthcare sector.
The core difference between a traditional approach to data sharing and its blockchain based version lies in a shift from institution centric to user centric information system. Blockchain solutions to data sharing in the healthcare sector suggest to introduce the notion of self-sovereignty. It enables a shift from the traditional institution-driven interoperability which has historically been the focus of interoperability efforts to patient-driven interoperability where an individual patient’s electronic health records become available via standard (API) or blockchain protocols.
There are several challenges related to privacy, security, and interoperability. First, health data are highly privacy-sensitive, especially as more data is being stored in a public cloud, raising the risks of data exposure. The second challenge, security related issues, originates in the very nature of centralised trust. Third, the effective integration of health data and the interoperability between healthcare systems remain a challenging task. A related challenge is that users have little control over their personal health data.
Blockchain based system design
System design for a blockchain based solution to data sharing usually features:
- A permissioned blockchain as a point-to-point consent solution to establish trust between a consenting and a receiving party, that relies on pseudoanonymity (replacing names with identifiers) and public key infrastructure, to ensure users privacy.
- A double blockchain model is employed to secure public health information sharing, where two types of blockchains are used, i.e., private and consortium. The former is used to store the data, while the latter is used to keep records of indexes.
- Health related data and patients’ identities are stored using the public key cryptography, encrypted with keyword search mechanism.
- Smart contracts are introduced to adhere to regulatory statutes, governing when and how consent for data sharing is applied.
- Storage of meta-data in isolation from raw data to avoid the possibility of user data being stolen and to ensure information security in the process of data sharing.
- A data distribution model that ensures no association between unrelated entities, but provides a way for data owners to distribute fine-grained access control permissions based on specific scenarios.
With regards to health data, a blockchain network may be used for three purposes:
- for public health data collected from both wearable devices and healthcare providers, each of the hashed data entry is uploaded to the blockchain network for integrity protection.
- for personal health data access from healthcare provider and health insurance company, each of the data access request should be processed to get a permission from the data owner with a decentralized permission management protocol.
- access control policies should be stored in a distributed manner on the blockchain which ensures stability. Every access request and the related activity should be recorded on the blockchain for further auditing or investigation.
User experience
In this setup, the user is the owner of personal health data and is responsible for granting, denying and revoking data access from any other parties, such as healthcare providers and insurance companies. If the user seeks medical treatment, the user would share the health data with the desired doctors. When the treatment is finished, the data access is revoked to deny further access from the doctors. Same scenario applies to user-insurance company relations.
In a blockchain based solution, a healthcare provider (e.g. doctors) are appointed by a certain user to render the healthcare service (for example, to perform a medical test, give suggestions or provide medical treatment). The medical treatment data can be uploaded to the blockchain network for data sharing with other healthcare providers under the user’s permission. And the current healthcare provider can request access to previous health data and medical treatment from the user. Every data request and the corresponding data access is recorded on the blockchain. Health insurance companies request data access from users including user health data from wearable devices and medical treatment history. Usually, the history cannot be denied by users to prevent insurance fraud. Also, users cannot modify medical treatment history data since that data is permanently recorded on the blockchain network and the integrity and trustworthiness is ensured. Insurance claims can also be recorded on the blockchain.
Functioning of data sharing
When data sharing is detected in the system, there will be an event generated to record the data access request. The event record can be described using a tuple as {recordhash, owner, receiver, time, location, expirydate, signature}. This record is then submitted to the blockchain network followed by several steps to transform a list of records into a transaction. A list of transactions will be used to form a block, and the block will be validated by nodes in the blockchain network. In this way, the integrity of the record can be preserved, and future validation on the block and the transaction related to this record is available. Each time there is an operation on the personal health data, a record will be reflected to the blockchain. This ensures that every action on personal health data is accountable.