Blockchain for Healthcare: Securing Patient Data and Enabling Trusted Artificial Intelligence

Advances in information technology are digitizing the healthcare domain with the aim of improved medical services, diagnostics, continuous monitoring using wearables, etc., at reduced costs. This digitization improves the ease of computation, storage and access of medical records which enables better treatment experiences for patients. However, it comes with a risk of cyber attacks and security and privacy concerns on this digital data. In this work, we propose a Blockchain based solution for healthcare records to address the security and privacy concerns which are currently not present in existing e-Health systems. This work also explores the potential of building trusted Artificial Intelligence models over Blockchain in e-Health, where a transparent platform for consent-based data sharing is designed. Provenance of the consent of individuals and traceability of data sources used for building and training the AI model is captured in an immutable distributed data store. The audit trail of the data access captured using Blockchain provides the data owner to understand the exposure of the data. It also helps the user to understand the revenue models that could be built on top of this framework for commercial data sharing to build trusted AI models

A Systematic Literature Review of the Tension between the GDPR and Public Blockchain Systems

The blockchain technology has been rapidly growing since Bitcoin was invented in 2008. The most common type of blockchain systems, public (permisionless) blockchain systems have some unique features that lead to a tension with European Union's General Data Protection Regulation (GDPR) and other similar data protection laws. In this paper, we report the results of a systematic literature review (SLR) on 114 research papers discussing and/or addressing such a tension. To be the best of our know, our SLR is the most comprehensive review of this topic, leading a more in-depth and broader analysis of related research work on this important topic. Our results revealed that three main types of issues: (i) difficulties in exercising data subjects' rights such as the `right to be forgotten' (RTBF) due to the immutable nature of public blockchains; (ii) difficulties in identifying roles and responsibilities in the public blockchain data processing ecosystem (particularly on the identification of data controllers and data processors); (iii) ambiguities regarding the application of the relevant law(s) due to the distributed nature of blockchains. Our work also led to a better understanding of solutions for improving the GDPR compliance of public blockchain systems. Our work can help inform not only blockchain researchers and developers, but also policy makers and law markers to consider how to reconcile the tension between public blockchain systems and data protection laws (the GDPR and beyond)

A Decentralized Personal Data Store based on Ethereum: Towards GDPR Compliance

Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users\u27 awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The certification assures compliance to the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services. Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real

Blockchain and smart contracts in health-related MyData scenario

Abstract. The MyData is concept framework that refers to human-centric ways of personal data management. Personal data gained significant attention recently. As the developing of Ubicomp technology, more and more particularly personal data are generating and collecting. Personal data own increasingly important economic, social, and practical value. However, individuals have little or no power to control when and how their data being created or processed by companies, organizations or governments. The MyData aim to provide individuals with practical methods to obtain, access, and utilize their personal datasets and to encourage organizations to give users control over their personal data. In this way, access and trade personal data can expect to build an open data market. Two challenges to achieve this goal is how to gain the individuals trust and permission and how to provide a more human-centric way to support personal data management and utilization. To explore a novel and reliable way to address the challenges in MyData, this thesis utilizes blockchain technology to support MyData framework. Blockchain is a decentralized transparent ledger with the transaction information that shared among all peer-to-peer network nodes. It has the potential to gain users trust and provide a solution to gain users permission in data trade. This thesis work focuses on studying blockchain and smart contract performance in MyData architecture. An Ethereum blockchain based MyData system that combined AWARE platform designed and implemented. The system deploys smart contract that provides users’ account management, personal data access, trade services, and information inquiry services in the Ethereum blockchain. Based on this system, two experiments designed to evaluate the performance of the integrated MyData system. The experiments results demonstrate how blockchain can facilitate MyData concept and how gas price influences the system performance. The thesis work shows that the blockchain and smart contract have the potential to provide the necessary technology support to solve the challenge in gain users’ trust and permission and support new business models and open data market to benefit both the data consumer and data producer. Additionally, blockchain and the smart contract can provide a more fine-grained and transparent way to help individuals to manage and utilize their personal data

ID-based user-centric data usage auditing scheme for distributed environments

Recent years have witnessed the trend of increasingly relying on remote and distributed infrastructures, mainly owned and managed by third parties. This increased the number of reported incidents of security breaches compromising users' personal data, where involved entities may massively collect and process massive amounts of such data. Toward these challenges, this paper combines hierarchical Identity Based Cryptographic (IBC) mechanisms with emerging blockchain technologies and introduces a blockchain-based data usage auditing architecture ensuring availability and accountability in a personal data-preserving fashion. The proposed approach relies on smart auditable contracts deployed in blockchain infrastructures. Thus, it offers transparent and controlled data access, sharing and processing, so that unauthorized entities cannot process data without data subjects' consent. Moreover, thanks to the usage of hierarchical ID-based encryption and signature schemes, the proposed solution protects and ensures the confidentiality of users' personal data shared with multiple data controllers and processors. It also provides auditing capacities with tamper-proof evidences for data usage compliance, supported by the intrinsic properties of the blockchain technology

DECENTRALIZING THE INTERNET OF MEDICAL THINGS: THE INTERPLANETARY HEALTH LAYER

Medical mobile applications have the potential to revolutionize the healthcare industry by providing patients with easy access to their personal health information, enabling them to communicate with healthcare providers remotely and consequently improving patient outcomes by providing personalized health information. However, these applications are usually limited by privacy and security issues. A possible solution is to exploit decentralization distributing privacy concerns directly to users. Solutions enabling this vision are closely linked to Distributed Ledger Technologies that have the potential to revolutionize the healthcare industry by creating a secure and transparent system for managing patient data without a central authority. The decentralized nature of the technology allows for the creation of an international data layer that is accessible to authorized parties while preserving patient privacy. This thesis envisions the InterPlanetary Health Layer along with its implementation attempt called Halo Network and an Internet of Medical Things application called Balance as a use case. Throughout the thesis, we explore the benefits and limitations of using the technology, analyze potential use cases, and look out for future directions.Medical mobile applications have the potential to revolutionize the healthcare industry by providing patients with easy access to their personal health information, enabling them to communicate with healthcare providers remotely and consequently improving patient outcomes by providing personalized health information. However, these applications are usually limited by privacy and security issues. A possible solution is to exploit decentralization distributing privacy concerns directly to users. Solutions enabling this vision are closely linked to Distributed Ledger Technologies that have the potential to revolutionize the healthcare industry by creating a secure and transparent system for managing patient data without a central authority. The decentralized nature of the technology allows for the creation of an international data layer that is accessible to authorized parties while preserving patient privacy. This thesis envisions the InterPlanetary Health Layer along with its implementation attempt called Halo Network and an Internet of Medical Things application called Balance as a use case. Throughout the thesis, we explore the benefits and limitations of using the technology, analyze potential use cases, and look out for future directions

Blockchain-based Security Framework for Critical Industry 4.0 Cyber-physical System

There has been an intense concern for security alternatives because of the recent rise of cyber attacks, mainly targeting critical systems such as industry, medical, or energy ecosystem. Though the latest industry infrastructures largely depend on AI-driven maintenance, the prediction based on corrupted data undoubtedly results in loss of life and capital. Admittedly, an inadequate data-protection mechanism can readily challenge the security and reliability of the network. The shortcomings of the conventional cloud or trusted certificate-driven techniques have motivated us to exhibit a unique Blockchain-based framework for a secure and efficient industry 4.0 system. The demonstrated framework obviates the long-established certificate authority after enhancing the consortium Blockchain that reduces the data processing delay, and increases cost-effective throughput. Nonetheless, the distributed industry 4.0 security model entails cooperative trust than depending on a single party, which in essence indulges the costs and threat of the single point of failure. Therefore, multi-signature technique of the proposed framework accomplishes the multi-party authentication, which confirms its applicability for the real-time and collaborative cyber-physical system.Comment: 07 Pages, 4 Figures, IEEE Communication Magazin