Applying blockchain technology to aspects of electronic health records in South Africa: lessons learnt

The purpose of this study was to explore the applicability of blockchain technology as a viable alternative for the secure storage and distribution of electronic health records in a South African context. The adoption of electronic health records (EHRs) has grown over recent years. Electronic health records (EHRs) can be seen as electronic versions of patients’ medical history. EHRs promise benefits such as improving the quality of care, reducing medical errors, reducing costs, saving time, and enhancing the availability and sharing of medical records. Blockchain, in simple terms, could be seen as a distributed database controlled by a group of individuals. Blockchain technology differs from other distributed ledger technology by bundling unrelated data into blocks that are chained together in a linked-list manner, hence the name blockchain. Blockchain technology strives to provide desirable features, such as decentralization, immutability, audibility, and transparency. EHRs are traditionally constructed with a cloud-based infrastructure to promote the storing and distribution of medical records. These medical records are commonly stored in a centralized architecture, such as a relational database. The centralized architecture employed by EHRs may present a single point of failure. These kinds of failures may lead to data-breaches. The cloud-based infrastructure is effective and efficient from an availability standpoint. The increased availability of electronic health records has brought forth challenges related to the security and privacy of the patient’s medical records. The sensitive nature of EHRs attracts the attention of cyber-criminals. There has been a rise in the number of data breaches related to electronic health records. The traditional infrastructure used by electronic health records can no longer ensure the privacy and security of patient’s medical records. To determine whether blockchain is a viable alternative to these approaches, the main objective of this study was to compile a technical report on the applicability of aspects of blockchain technology to the secure storage and distribution of electronic health records. The study first conducted a literature review to gather background on the current state of electronic health records and blockchain technology. The results of the literature review were used to compile an initial report. Experiments were conducted with various aspects of blockchain technology to build a technical baseline and to ultimately validate the initial report. The insights gained from the experiments served to refine the initial report into a final technical report. The final deliverable of this study was to devise a technical report. The technical report serves as a generalized overview of the applicability of blockchain technology as a secure storage and distribution mechanism for electronic health records. The main topics covered by the technical report to outline the applicability of blockchain technology to EHRs are as follows: authentication, authorization, audit log, storage and transactions. The insights gained from the study illustrate that permissioned blockchain technology can enhance the traditional AAA security scheme employed by traditional EHRs. The AAA security scheme entails the use of certificate-based authentication and attributebased access control for authorization. Audit logs can be stored in a semi-decentralized architecture that can enhance the security and privacy of audit logs. Using blockchain technology for storing electronic health records might not be a viable alternative to traditional EHRs architecture. Blockchain technology violates certain privacy regulations as information is stored in a permanent manner. Furthermore, blockchain technology is not optimized for dealing with large volumes of data. However, blockchain technology could be used to store a cryptographic hash of electronic health records to ensure the integrity of records. Permissioned blockchain technology can enhance the EHRs transaction process by transacting health records in a peer-to-peer infrastructure. In doing so, the above-mentioned AAA security scheme can enhance the security, confidentiality, and integrity of electronic health records shared across organizational bounds

Security for networked smart healthcare systems: A systematic review

Background and Objectives Smart healthcare systems use technologies such as wearable devices, Internet of Medical Things and mobile internet technologies to dynamically access health information, connect patients to health professionals and health institutions, and to actively manage and respond intelligently to the medical ecosystem's needs. However, smart healthcare systems are affected by many challenges in their implementation and maintenance. Key among these are ensuring the security and privacy of patient health information. To address this challenge, several mitigation measures have been proposed and some have been implemented. Techniques that have been used include data encryption and biometric access. In addition, blockchain is an emerging security technology that is expected to address the security issues due to its distributed and decentralized architecture which is similar to that of smart healthcare systems. This study reviewed articles that identified security requirements and risks, proposed potential solutions, and explained the effectiveness of these solutions in addressing security problems in smart healthcare systems. Methods This review adhered to the Preferred Reporting Items for Systematic Reviews and Meta-analysis (PRISMA) guidelines and was framed using the Problem, Intervention, Comparator, and Outcome (PICO) approach to investigate and analyse the concepts of interest. However, the comparator is not applicable because this review focuses on the security measures available and in this case no comparable solutions were considered since the concept of smart healthcare systems is an emerging one and there are therefore, no existing security solutions that have been used before. The search strategy involved the identification of studies from several databases including the Cumulative Index of Nursing and Allied Health Literature (CINAL), Scopus, PubMed, Web of Science, Medline, Excerpta Medical database (EMBASE), Ebscohost and the Cochrane Library for articles that focused on the security for smart healthcare systems. The selection process involved removing duplicate studies, and excluding studies after reading the titles, abstracts, and full texts. Studies whose records could not be retrieved using a predefined selection criterion for inclusion and exclusion were excluded. The remaining articles were then screened for eligibility. A data extraction form was used to capture details of the screened studies after reading the full text. Of the searched databases, only three yielded results when the search strategy was applied, i.e., Scopus, Web of science and Medline, giving a total of 1742 articles. 436 duplicate studies were removed. Of the remaining articles, 801 were excluded after reading the title, after which 342 after were excluded after reading the abstract, leaving 163, of which 4 studies could not be retrieved. 159 articles were therefore screened for eligibility after reading the full text. Of these, 14 studies were included for detailed review using the formulated research questions and the PICO framework. Each of the 14 included articles presented a description of a smart healthcare system and identified the security requirements, risks and solutions to mitigate the risks. Each article also summarized the effectiveness of the proposed security solution. Results The key security requirements reported were data confidentiality, integrity and availability of data within the system, with authorisation and authentication used to support these key security requirements. The identified security risks include loss of data confidentiality due to eavesdropping in wireless communication mediums, authentication vulnerabilities in user devices and storage servers, data fabrication and message modification attacks during transmission as well as while the data is at rest in databases and other storage devices. The proposed mitigation measures included the use of biometric accessing devices; data encryption for protecting the confidentiality and integrity of data; blockchain technology to address confidentiality, integrity, and availability of data; network slicing techniques to provide isolation of patient health data in 5G mobile systems; and multi-factor authentication when accessing IoT devices, servers, and other components of the smart healthcare systems. The effectiveness of the proposed solutions was demonstrated through their ability to provide a high level of data security in smart healthcare systems. For example, proposed encryption algorithms demonstrated better energy efficiency, and improved operational speed; reduced computational overhead, better scalability, efficiency in data processing, and better ease of deployment. Conclusion This systematic review has shown that the use of blockchain technology, biometrics (fingerprints), data encryption techniques, multifactor authentication and network slicing in the case of 5G smart healthcare systems has the potential to alleviate possible security risks in smart healthcare systems. The benefits of these solutions include a high level of security and privacy for Electronic Health Records (EHRs) systems; improved speed of data transaction without the need for a decentralized third party, enabled by the use of blockchain. However, the proposed solutions do not address data protection in cases where an intruder has already accessed the system. This may be potential avenues for further research and inquiry

Data interoperability and privacy schemes in healthcare data using Blockchain technology

Abstract. Electronic Health/Medical Records (EHR/EMR) lay the foundation for securely maintaining medical records. The traditional EHR systems are not effectively managed data manipulation, delayed communication, trustless data storage, data cooperation, and distribution. Blockchain technology can play a major role in healthcare cases. This is because it uses decentralized distributed ledgers to securely manage all parties within the network. It also handles individual data through smart contracts, which can be pre-programmed by the patient for access and maintenance of healthcare data. This thesis focuses on exploring the blockchain in digital healthcare services such as Electronic Health/Medical Records (EHR/EMR). Blockchain-based implementations of Ethereum allow patients to store their medical data with smart contracts that can perform activities such as Registration, Data Append, and Data Retrieve. The challenges faced during the implementation of blockchain protocols are discussed and analyzed in the scope of finding sustainable solutions to develop secure and reliable operation