A Privacy-Preserving Framework Using Hyperledger Fabric for EHR Sharing Applications

Electronic Health Records, or EHRs, include private and sensitive information of a patient. The privacy of personal healthcare data can be protected through Hyperledger Fabric, a permissioned blockchain framework. A few Hyperledger Fabric- integrated EHR solutions have emerged in recent years. However, none of them implements the privacy-preserving techniques of Hyperledger Fabric to make transactions anonymous or preserve the transaction data privacy during the consensus. Our proposed architecture is built on Hyperledger Fabric and its privacy-preserving mechanisms, such as Identity Mixer, Private Data Collections, Channels and Transient Fields to securely store and transfer patient-sensitive data while providing anonymity and unlinkability of transactions

Ensuring Data Security and Individual Privacy in Health Care Systems

Ph.DDOCTOR OF PHILOSOPH

Emergency Department Nurses: Post Code Pause

Background: The consistent witnessing of death and critical incidents takes an emotional toll on the emergency department (ED) nurses. In addressing critical incident events, research has shown us that debriefing nurses after a traumatic event helped reduce stress and, in turn, decreased staff turnover in the ED at an acute care facility (Hirschinger, Scott, & Hahn-Cover, 2015). Purpose: The purpose of this DNP project was to implement a Post Code Pause (PCP) debriefing tool in conjunction with the hospital’s Unit Practice Council (UPC) members and the ED direct patient care nurses for use after adult and pediatric cardiopulmonary resuscitation (CPR), evaluate the evidence-based (EB) surveys results, and present the findings to administration stakeholders for consideration as a debriefing tool. Theoretical Framework: The theoretical framework selected for the Post Code Pause capstone project was the Crisis Intervention Stress Debriefing model by Mitchell (1997). Methods: The quasi-experimental project statistically analyzed the data from two EB pre- and post-surveys for the PCP and linked the data for a paired t-test using SPSS version 15. Results: The 27 pre- and post-surveys completed used a five-point Likert scale. Of the 27 pre- and post- surveys, five were linkable, which showed that 100% of the registered nurses involved in a PCP felt that it was a positive tool and 83% agreed it was a positive experience for the nurses. The nurses had a 4% increase in leadership support after the CPR event. Conclusion: The PCP debriefing provided a new stress management tool for the ED nurses. Thus, possibly providing the tools for stress relief and teamwork lowered staff turnover, retained experienced staff, and decreased sick calls

Harmonising electronic health records for reproducible research: challenges, solutions and recommendations from a UK-wide COVID-19 research collaboration

BackgroundThe CVD-COVID-UK consortium was formed to understand the relationship between COVID-19 and cardiovascular diseases through analyses of harmonised electronic health records (EHRs) across the four UK nations. Beyond COVID-19, data harmonisation and common approaches enable analysis within and across independent Trusted Research Environments. Here we describe the reproducible harmonisation method developed using large-scale EHRs in Wales to accommodate the fast and efficient implementation of cross-nation analysis in England and Wales as part of the CVD-COVID-UK programme. We characterise current challenges and share lessons learnt.MethodsServing the scope and scalability of multiple study protocols, we used linked, anonymised individual-level EHR, demographic and administrative data held within the SAIL Databank for the population of Wales. The harmonisation method was implemented as a four-layer reproducible process, starting from raw data in the first layer. Then each of the layers two to four is framed by, but not limited to, the characterised challenges and lessons learnt. We achieved curated data as part of our second layer, followed by extracting phenotyped data in the third layer. We captured any project-specific requirements in the fourth layer.ResultsUsing the implemented four-layer harmonisation method, we retrieved approximately 100 health-related variables for the 3.2 million individuals in Wales, which are harmonised with corresponding variables for > 56 million individuals in England. We processed 13 data sources into the first layer of our harmonisation method: five of these are updated daily or weekly, and the rest at various frequencies providing sufficient data flow updates for frequent capturing of up-to-date demographic, administrative and clinical information.ConclusionsWe implemented an efficient, transparent, scalable, and reproducible harmonisation method that enables multi-nation collaborative research. With a current focus on COVID-19 and its relationship with cardiovascular outcomes, the harmonised data has supported a wide range of research activities across the UK

Semantic privacy-preserving framework for electronic health record linkage

The combination of digitized health information and web-based technologies offers many possibilities for data analysis and business intelligence. In the healthcare and biomedical research domain, applications depending on electronic health records (EHRs) identify privacy preservation as a major concern. Existing solutions cannot always satisfy the evolving research demands such as linking patient records across organizational boundaries due to the potential for patient re-identification. In this work, we show how semantic methods can be applied to support the formulation and enforcement of access control policy whilst ensuring that privacy leakage can be detected and prevented. The work is illustrated through a case study associated with the Australasian Diabetes Data Network (ADDN – www.addn.org.au), the national paediatric type-1 diabetes data registry, and the Australian Urban Research Infrastructure Network (AURIN – www.aurin.org.au) platform that supports Australia-wide access to urban and built environment data sets. We demonstrate that through extending the eXtensible Access Control Markup Language (XACML) with semantic capabilities, finer-grained access control encompassing data risk disclosure mechanisms can be supported. We discuss the contributions that can be made using this approach to socio-economic development and political management within business systems, and especially those situations where secure data access and data linkage is required

Increasing Hospice Nurses’ Knowledge and Improving Attitudes on Pain Assessment in Dementia Patients

Background: Patients with dementia have difficulty articulating pain due to cognitive deficits incommunication, sensation, and overall physical decline due to the aging and disease process. Patients who have dementia are considered at-risk for uncontrolled pain due to under-assessment, under-treatment, or untreated pain. Current research notes gaps exist in pain assessment among nurses’ due to knowledgedeficits and attitudes on pain assessment for dementia patients. Barriers regarding the utilization of evidence-based behavioral pain assessment tools are related to nurses’ knowledge deficit and skills competency. Purpose: The purpose of this evidence-based practice (EBP) project was to increase hospice nurses’ knowledge and improve attitudes on pain assessment in dementia patients by implementing an EBP training program on utilizing the Pain Assessment in Advanced Dementia Scale (PAINAD). Theoretical Framework: Knowledge to Action Model Methods: A before and after project design with pre-test/post-test measurements was used to determine whether providing an EBP training on utilizing the PAINAD Scale for pain assessment increased hospicenurses’ knowledge and improved attitudes on pain assessment in dementia patients. Results: Comparison of pre-test/post-training measures demonstrated a small increase in hospice nurses’ knowledge and a significant increase in attitudes on assessing pain in dementia patients. Conclusion: EBP training programs utilizing the PAINAD Scale improves hospice nurses’ attitudes onpain assessment in dementia patients. Positive changes in attitude should enhance hospice nurses’ ability and willingness to assess and manage pain in patients with dementia

Privacy-Preserving and Regulation-Enabled Mechanisms for Blockchain-based Financial Services

With the success of cryptocurrencies such as Bitcoin, blockchain technology has attracted extensive attention from both academia and industry. As a distributed ledger technology, blockchain provides decentralization and immutability, and can build trust among multiple parties. Owning to these unique characteristics, blockchain has become an innovative approach to secure and reliable record-keeping and transaction execution, and has the potential to revolutionize the financial industry and drive economic change on a global scale. For example, it can streamline banking and lending services, enable decentralized trading, and facilitate cross-border payment transactions. Although blockchain is expected to create a new paradigm for the financial industry, transactions stored on the blockchain are shared among the nodes in the blockchain network, which may contain sensitive information of users, such as the identities of senders and receivers, and the contents of transactions. Thus, privacy preservation should be achieved when applying blockchain to different financial services. Many privacy-preserving mechanisms have been proposed to guarantee identity privacy and data confidentiality for blockchain-based transactions. However, the strong degree of privacy may create new regulatory concerns. First, in privacy-preserving mortgage lending, there exists double-mortgage fraud, by which a borrower can use the same asset as collateral to obtain multiple loans from different financial institutions. Second, in decentralized data trading, data buyers may refuse to pay funds to data sellers after obtaining data, and data sellers may send fake data to data buyers. Verifying data availability and retrievability without viewing data before payment for fair trading is a challenging issue. Moreover, the identity privacy of data sellers should be preserved during the trading. Third, in privacy-preserving blockchain-based payment systems, the identities of the payer, payee, and transferred amount are protected. Nevertheless, the anonymity of transactions can be exploited for illegal activities, such as money laundering. Thus, considering the strict regulatory requirements of the financial industry, such as limiting the amount of cryptocurrency transferred over a period of time, privacy preservation and regulation should be balanced in blockchain-based financial services. In this thesis, we focus on three major blockchain-based financial services to concentrate on how to solve the dilemma between privacy protection and strict regulatory requirements at various phases in the fund flow, which are lending, trading, and payment. Firstly, the thesis investigates the borrower privacy and double-mortgage regulation issues in mortgage lending, and proposes a blockchain-based privacy-preserving and accountable mortgage data management scheme. In the scheme, the mortgage data of borrowers can be shared on the blockchain to detect the double-mortgage fraud without revealing the identity of borrowers. But financial institutions can still uncover the identity of a dishonest borrower if he/she pledges the same asset for multiple mortgages, which is achieved by integrating cryptographic tools such as verifiable secret sharing, zero-knowledge proof, and ElGamal encryption. A mortgage request contains a share of identity information of the borrower and the ownership certificate of an asset. By utilizing ElGamal encryption and verifiable secret sharing, the borrower can prove that its identity information is indeed included in the mortgage request and can be used to reconstruct its identity when double-mortgage behavior is detected. Secondly, the thesis investigates the identity privacy and trading-misbehavior regulation in blockchain-based data trading. Blockchain can build trust between data buyers and data sellers. To resolve the fairness issue of demonstrating data availability and retrievability without leaking data while preserving identity privacy of data sellers, we propose a blockchain-based fair data trading protocol with privacy preservation, where a data buyer can declare data requirements and acceptable issuers of data, and a data seller can conduct privacy-preserving and fine-grained data selling. We first define the fairness and privacy demands for both parties. By incorporating anonymous attribute-based credentials, structure-preserving signatures, and zero-knowledge proofs, data can be traded in part while data authenticity is guaranteed and data issuers are hidden. A smart contract is utilized to realize atomic transactions. Security proof is provided to demonstrate that the scheme can achieve privacy preservation and fairness for the participants. Thirdly, the thesis investigates the transaction privacy and anti-money laundering regulation issues in distributed anonymous payment (DAP) systems. To solve the conflict between privacy and regulation, we propose a novel DAP scheme that supports regulatory compliance and enforcement. We first introduce regulators into the system, who define regulatory policies, including limiting the total amount of cryptocurrency one can transfer and the frequency of transactions one can conduct in a time period. The policies are enforced through commitments and non-interactive zero-knowledge proofs for compostable statements. By this, users can prove that transactions are valid and comply with regulations. We use both Zero-knowledge Succinct Non-Interactive Arguments of Knowledge (Zk-SNARKs) and sigma protocols to generate the zero-knowledge proofs for regulation compliance. A tracing mechanism is designed in the scheme to allow regulators to recover the real identities of users when suspicious transactions are detected. In summary, this thesis proposes effective privacy-preserving and regulation-enabled solutions for blockchain-based lending, data trading, and anonymous payment. The results from the thesis should shed light for future study on blockchain-based systems where privacy preservation and regulation are required