Blockchain Support for Flexible Queries with Granular Access Control to Electronic Medical Records (EMR)

In this paper, we propose an architecture for Blockchain-based Electronic Medical Records (EMRs) called GAA-FQ (Granular Access Authorisation supporting Flexible Queries) that comprises an access model and an access authorisation scheme. Unlike existing Blockchain schemes, our access model can authorise different levels of granularity of authorisation, whilst maintaining compatibility with the underlying Blockchain data structure. Furthermore, the authorisation, encryption, and decryption algorithms proposed in the GAA-FQ scheme dispense with the need to use a public key infrastructure (PKI) and hence improve the computation performance needed to support more granular and distributed, yet authorised, EMR data queries. We validated the computation performance and transmission efficiency for GAA-FQ using a simulation of GAA-FQ against an access control scheme for EMRs called ESPAC as our baseline that was not designed using a Blockchain. To the best of our knowledge, GAA- FQ is the first Blockchain-oriented access authorisation scheme with granular access control, supporting flexible data queries, that has been proposed for secure EMR information management

Enhanced Security and Privacy for Blockchain-enabled Electronic Medical Records in eHealth.

PhD Theses.Electronic medical records (EMRs) as part of an eHealth system are vital assets centrally managed by medical institutions and used to maintain up to date patients' medical histories. Such centralised management of EMRs may result in an increased risk of EMR damage or loss to medical institutions. In addition, it is di cult to monitor and control who can access their EMRs and for what reasons as eHealth may increasingly involve the use of IoT devices such as eHealth wearables and distributed networks. Blockchain is proposed as a promising method applied to support distributed data storage to maintain and share EMRs using its inherent immutability (forgery resistance). However, the original blockchain design cannot restrict unauthenticated or unauthorised data access for use as part of EMR management. Therefore, two novel authorisation schemes to enhance the security and privacy of blockchain use for EMRs are proposed in this work. The rst one can omit the agent layer (gateway) to authorise users' access to blockchain-enabled EMRs with block level gran- ularity, whilst maintaining compatibility with the underlying Blockchain data structure. Then, an improved scheme is proposed to implement multiple levels of granularity autho- risation, whilst supporting exible data queries. This scheme dispenses with the need to use a public key infrastructure (PKI) in authorisation and hence reduces the resource cost of computation and communication. Furthermore, to realise privacy preservation during authorisation, a challenge-response anonymous authorisation is proposed that avoids the disclosure of users' credentials when authorising data access requests. Compared with the baseline schemes, the proposed authorisation schemes can decrease the time consumption of computation and data transmission and reduce the transmitted data size so that they can be used in low-resource IoT devices applied to blockchain- enabled EMRs as demonstrated in performance experiments. In addition, theoretical i validations of correctness demonstrate that the proposed authorisation schemes work correctly

Healthcare information exchange using blockchain technology

Current trend in health-care industry is to shift its data on the cloud, to increase availability of Electronic Health Records (EHR) e.g. Patient’s medical history in real time, which will allow sharing of EHR with ease. However, this conventional cloud-based data sharing environment has data security and privacy issues. This paper proposes a distributed solution based on blockchain technology for trusted Health Information Exchange (HIE). In addition to exchange of EHR between patient and doctor, the proposed system is also used in other aspects of healthcare such as improving the insurance claim and making data available for research organizations. Medical data is very sensitive, in both social as well as legal aspects, so permissioned block-chain such as Hyperledger Fabric is used to retain the necessary privacy required in the proposed system. As, this is highly permissioned network where the owner of the network i.e. patient holds all the access rights, so in case of emergency situations the proposed system has a Backup Access System which will allow healthcare professionals to access partial EHR and this backup access is provided by using wearable IOT device

Data trust framework using blockchain and smart contracts

Lack of trust is the main barrier preventing more widespread data sharing. The lack of transparent and reliable infrastructure for data sharing prevents many data owners from sharing their data. Data trust is a paradigm that facilitates data sharing by forcing data controllers to be transparent about the process of sharing and reusing data. Blockchain technology has the potential to present the essential properties for creating a practical and secure data trust framework by transforming current auditing practices and automatic enforcement of smart contracts logic without relying on intermediaries to establish trust. Blockchain holds an enormous potential to remove the barriers of traditional centralized applications and propose a distributed and transparent administration by employing the involved parties to maintain consensus on the ledger. Furthermore, smart contracts are a programmable component that provides blockchain with more flexible and powerful capabilities. Recent advances in blockchain platforms toward smart contracts' development have revealed the possibility of implementing blockchain-based applications in various domains, such as health care, supply chain and digital identity. This dissertation investigates the blockchain's potential to present a framework for data trust. It starts with a comprehensive study of smart contracts as the main component of blockchain for developing decentralized data trust. Interrelated, three decentralized applications that address data sharing and access control problems in various fields, including healthcare data sharing, business process, and physical access control system, have been developed and examined. In addition, a general-purpose application based on an attribute-based access control model is proposed that can provide trusted auditability required for data sharing and access control systems and, ultimately, a data trust framework. Besides auditing, the system presents a transparency level that both access requesters (data users) and resource owners (data controllers) can benefit from. The proposed solutions have been validated through a use case of independent digital libraries. It also provides a detailed performance analysis of the system implementation. The performance results have been compared based on different consensus mechanisms and databases, indicating the system's high throughput and low latency. Finally, this dissertation presents an end-to-end data trust framework based on blockchain technology. The proposed framework promotes data trustworthiness by assessing input datasets, effectively managing access control, and presenting data provenance and activity monitoring. A trust assessment model that examines the trustworthiness of input data sets and calculates the trust value is presented. The number of transaction validators is defined adaptively with the trust value. This research provides solutions for both data owners and data users’ by ensuring the trustworthiness and quality of the data at origin and transparent and secure usage of the data at the end. A comprehensive experimental study indicates the presented system effectively handles a large number of transactions with low latency

Effects of EMR on Community Health Center Communication

Electronic medical record (EMR) systems impact healthcare communication in a significant number of ways. The physical presence of the EMR in the examination room can negatively impacts patient-provider communication. This research examined the impact of EMR on patient-provider communication within the microcosm of the community health center. The data for this research was collected via a quantitative survey using a random sample of 513 (10%) of the 5,101 patients of the Northwest Community Health Center (August 2021 to August 2022). These participants were at least 18 years of age and had seen their medical provider in the previous 12 months. Many themes arose from the research participants who were uncomfortable with the EMR or the use of technology in the exam room. Understanding the benefits or even the general functionality of the EMR allows the patient to feel more comfortable with its use and to become more tolerant of the presence and use of technology during the physician encounter. Furthermore, as the possession and use of current technologies diminishes amongst the study’s participants, so does their preference for their provider to use an EMR. To comprehend the impact EMR knowledge has on the patients’ perception of its utilization, a crosstabulation between staff and non-staff patients underlined the fundamental difference. When asked what type of chart they would prefer their medical provider to use, a quarter of non-staff patients preferred electronic medical records, whereas two-thirds of the staff, who are also patients of the community health center, preferred the same. These findings indicate a need to educate patients about the benefits of the EMR and the advantage of accessing the EMR in the exam room. Furthermore, enhancing the providers’ communication skills will help them comprehend the prevalent communication barriers created by accessing the EMR in the exam room. The quality of the interaction between the patient and provider is critical to the patient’s health outcomes. Improved communication leads to better emotional and physiological health, compliance with treatment recommendations, pain management, and symptom resolution

Securing, Standardizing, and Simplifying Electronic Health Record Audit Logs Through Permissioned Blockchain Technology

Audit logs perform critical functions in electronic health record (EHR) systems. They provide a chronological record of all operations performed in an EHR, allowing health care organizations to track EHR usage, hold system users accountable for their interactions with patient records, detect anomalous and potentially malicious behavior in the system, protect patient privacy, and develop insight into workflows and interactions among system users. However, several problems exist with the way that current state-of-the-art EHR technology handles audit data. Specifically, current systems complicate the collection and analysis of audit logs because they lack an interoperable audit log structure, spread audit log data from different EHR applications across multiple data repositories, and often fail to record all useful information about events in the EHR. Permissioned blockchain technology offers two opportunities to mitigate these issues. First, smart contracts running on the blockchain can impose an interoperable structure on audit log data, both within single health care organizations and across all organizations participating in the network. Second, the blockchain ledger constitutes a consolidated repository for all audit log data at each organization, simplifying the collection of data for analysis. AuditChain, the prototype system I present in this thesis, leverages Hyperleger Fabric\u27s permissioned blockchain technology to address these issues of audit log interoperability, content, structure, and consolidation. Specifically, AuditChain uses the blockchain ledger and smart contracts to standardize audit log content, simplify access to audit log data, and ensure that audit logs contain all necessary and useful information