Secure and Trustable Electronic Medical Records Sharing using Blockchain

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall costComment: AMIA 2017 Annual Symposium Proceeding

Dwarna : a blockchain solution for dynamic consent in biobanking

Dynamic consent aims to empower research partners and facilitate active participation in the research process. Used within the context of biobanking, it gives individuals access to information and control to determine how and where their biospecimens and data should be used. We present Dwarna—a web portal for ‘dynamic consent’ that acts as a hub connecting the different stakeholders of the Malta Biobank: biobank managers, researchers, research partners, and the general public. The portal stores research partners’ consent in a blockchain to create an immutable audit trail of research partners’ consent changes. Dwarna’s structure also presents a solution to the European Union’s General Data Protection Regulation’s right to erasure—a right that is seemingly incompatible with the blockchain model. Dwarna’s transparent structure increases trustworthiness in the biobanking process by giving research partners more control over which research studies they participate in, by facilitating the withdrawal of consent and by making it possible to request that the biospecimen and associated data are destroyed.peer-reviewe

Link Before You Share: Managing Privacy Policies through Blockchain

With the advent of numerous online content providers, utilities and applications, each with their own specific version of privacy policies and its associated overhead, it is becoming increasingly difficult for concerned users to manage and track the confidential information that they share with the providers. Users consent to providers to gather and share their Personally Identifiable Information (PII). We have developed a novel framework to automatically track details about how a users' PII data is stored, used and shared by the provider. We have integrated our Data Privacy ontology with the properties of blockchain, to develop an automated access control and audit mechanism that enforces users' data privacy policies when sharing their data across third parties. We have also validated this framework by implementing a working system LinkShare. In this paper, we describe our framework on detail along with the LinkShare system. Our approach can be adopted by Big Data users to automatically apply their privacy policy on data operations and track the flow of that data across various stakeholders.Comment: 10 pages, 6 figures, Published in: 4th International Workshop on Privacy and Security of Big Data (PSBD 2017) in conjunction with 2017 IEEE International Conference on Big Data (IEEE BigData 2017) December 14, 2017, Boston, MA, US

Multilateral Transparency for Security Markets Through DLT

For decades, changing technology and policy choices have worked to fragment securities markets, rendering them so dark that neither ownership nor real-time price of securities are generally visible to all parties multilaterally. The policies in the U.S. National Market System and the EU Market in Financial Instruments Directive— together with universal adoption of the indirect holding system— have pushed Western securities markets into a corner from which escape to full transparency has seemed either impossible or prohibitively expensive. Although the reader has a right to skepticism given the exaggerated promises surrounding blockchain in recent years, we demonstrate in this paper that distributed ledger technology (DLT) contains the potential to convert fragmented securities markets back to multilateral transparency. Leading markets generally lack transparency in two ways that derive from their basic structure: (1) multiple platforms on which trades in the same security are matched have separate bid/ask queues and are not consolidated in real time (fragmented pricing), and (2) highspeed transfers of securities are enabled by placing ownership of the securities in financial institutions, thus preventing transparent ownership (depository or street name ownership). The distributed nature of DLT allows multiple copies of the same pricing queue to be held simultaneously by a large number of order-matching platforms, curing the problem of fragmented pricing. This same distributed nature of DLT would allow the issuers of securities to be nodes in a DLT network, returning control over securities ownership and transfer to those issuers and thus, restoring transparent ownership through direct holding with the issuer. A serious objection to DLT is that its latency is very high—with each Bitcoin blockchain transaction taking up to ten minutes. To remedy this, we first propose a private network without cumbersome proof-of-work cryptography. Second, we introduce into our model the quickly evolving technology of “lightning networks,” which are advanced two-layer off-chain networks conducting high-speed transacting with only periodic memorialization in the permanent DLT network. Against the background of existing securities trading and settlement, this Article demonstrates that a DLT network could bring multilateral transparency and thus represent the next step in evolution for markets in their current configuration

The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information

Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft. Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism. This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers