Healthcare information exchange using blockchain technology

Current trend in health-care industry is to shift its data on the cloud, to increase availability of Electronic Health Records (EHR) e.g. Patient’s medical history in real time, which will allow sharing of EHR with ease. However, this conventional cloud-based data sharing environment has data security and privacy issues. This paper proposes a distributed solution based on blockchain technology for trusted Health Information Exchange (HIE). In addition to exchange of EHR between patient and doctor, the proposed system is also used in other aspects of healthcare such as improving the insurance claim and making data available for research organizations. Medical data is very sensitive, in both social as well as legal aspects, so permissioned block-chain such as Hyperledger Fabric is used to retain the necessary privacy required in the proposed system. As, this is highly permissioned network where the owner of the network i.e. patient holds all the access rights, so in case of emergency situations the proposed system has a Backup Access System which will allow healthcare professionals to access partial EHR and this backup access is provided by using wearable IOT device

Double Secret Protection: Bridging Federal and State Law To Protect Privacy Rights for Telemental and Mobile Health Users

Mental health care in the United States is plagued by stigma, cost, and access issues that prevent many people from seeking and continuing treatment for mental health conditions. Emergent technology, however, may offer a solution. Through telemental health, patients can connect with providers remotely—avoiding stigmatizing situations that can arise from traditional healthcare delivery, receiving more affordable care, and reaching providers across geographic boundaries. And with mobile health technology, people can use smart phone applications both to self-monitor their mental health and to communicate with their doctors. But people do not want to take advantage of telemental and mobile health unless their privacy is protected. After evaluating the applicability of current health information privacy law to these new forms of treatment, this Note proposes changes to the federal regime to protect privacy rights for telemental and mobile health users

The European Institute for Innovation through Health Data

The European Institute for Innovation through Health Data (i~HD, www.i-hd.eu) has been formed as one of the key sustainable entities arising from the Electronic Health Records for Clinical Research (IMI-JU-115189) and SemanticHealthNet (FP7-288408) projects, in collaboration with several other European projects and initiatives supported by the European Commission. i~HD is a European not-for-profit body, registered in Belgium through Royal Assent. i~HD has been established to tackle areas of challenge in the successful scaling up of innovations that critically rely on high-quality and interoperable health data. It will specifically address obstacles and opportunities to using health data by collating, developing, and promoting best practices in information governance and in semantic interoperability. It will help to sustain and propagate the results of health information and communication technology (ICT) research that enables better use of health data, assessing and optimizing their novel value wherever possible. i~HD has been formed after wide consultation and engagement of many stakeholders to develop methods, solutions, and services that can help to maximize the value obtained by all stakeholders from health data. It will support innovations in health maintenance, health care delivery, and knowledge discovery while ensuring compliance with all legal prerequisites, especially regarding the insurance of patient's privacy protection. It is bringing multiple stakeholder groups together so as to ensure that future solutions serve their collective needs and can be readily adopted affordably and at scale

Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms