A secure and interoperable blockchain-based information sharing system for healthcare providers in developing countries

A Dissertation Submitted in Partial Fulfilment of the Requirements for the Degree of Doctor of Philosophy in Information and Communication Sciences and Engineering of the Nelson Mandela African Institution of Science and TechnologySystems in the health sector are very crucial for human life and they should be efficient, reliable and secure. Unfortunately, electronic health record (EHR) systems do not work effectively when managing multi-institutional medical records. The EHR, which is a digital system in which patient health information is systematically stored. The information stored includes medical history, laboratory test results, demographics, and billing information, poses problems to patients related to interoperability, privacy, and data integrity. Most solutions to these threats focus on a centralized architecture that faces a single point of failure and internal threats, such as unreliable system administrators. The promising solution that many researchers are interested in is the use of blockchains. However, in developing countries, and particularly in sub-Saharan Africa, very little attention has been given to the issues of interoperability, privacy and data integrity for EHRs using blockchain technology. As such, this research has designed and developed self-sovereign identity management and secure information sharing system for health systems in developing countries, based on blockchain technology, which helps to solve the mentioned problems. The study used a Design Science Research (DSR) methodology to develop solutions to the research problem through three sub studies. The first and the second sub studies conducted under problem awareness and suggestion phases of DSR, and third sub study conducted under development and evaluation phases of DSR. The first sub study deal with the assessment of three most common blockchain based healthcare systems (MedicalChain, Patientory, and MediLedger). The second sub study studies the problem of existing EHR systems in Tanzania regarding privacy issues in identity management and secure sharing of medical data from one healthcare facility to the other. The third sub study deal with the development of two systems, one for identity management using blockchain (self-sovereign identity), and one for secure sharing of medical data from one healthcare facility to another through blockchain technology. The systems provide additional privacy protection tools to the existing infrastructures. They reduce development cost, transparency, data integrity, protection against single-point-offailure vulnerabilities, and prevention of internal threats such as untrusted system administrators. The systems will make the existing and future health information systems trustable to healthcare service providers and the end-users of the healthcare systems. Also, will help the stakeholders in the healthcare sector to properly manage the healthcare systems

An architecture for secure data management in medical research and aided diagnosis

Programa Oficial de Doutoramento en Tecnoloxías da Información e as Comunicacións. 5032V01[Resumo] O Regulamento Xeral de Proteccion de Datos (GDPR) implantouse o 25 de maio de 2018 e considerase o desenvolvemento mais importante na regulacion da privacidade de datos dos ultimos 20 anos. As multas fortes definense por violar esas regras e non e algo que os centros sanitarios poidan permitirse ignorar. O obxectivo principal desta tese e estudar e proponer unha capa segura/integracion para os curadores de datos sanitarios, onde: a conectividade entre sistemas illados (localizacions), a unificacion de rexistros nunha vision centrada no paciente e a comparticion de datos coa aprobacion do consentimento sexan as pedras angulares de a arquitectura controlar a sua identidade, os perfis de privacidade e as subvencions de acceso. Ten como obxectivo minimizar o medo a responsabilidade legal ao compartir os rexistros medicos mediante o uso da anonimizacion e facendo que os pacientes sexan responsables de protexer os seus propios rexistros medicos, pero preservando a calidade do tratamento do paciente. A nosa hipotese principal e: os conceptos Distributed Ledger e Self-Sovereign Identity son unha simbiose natural para resolver os retos do GDPR no contexto da saude? Requirense solucions para que os medicos e investigadores poidan manter os seus fluxos de traballo de colaboracion sen comprometer as regulacions. A arquitectura proposta logra eses obxectivos nun ambiente descentralizado adoptando perfis de privacidade de datos illados.[Resumen] El Reglamento General de Proteccion de Datos (GDPR) se implemento el 25 de mayo de 2018 y se considera el desarrollo mas importante en la regulacion de privacidad de datos en los ultimos 20 anos. Las fuertes multas estan definidas por violar esas reglas y no es algo que los centros de salud puedan darse el lujo de ignorar. El objetivo principal de esta tesis es estudiar y proponer una capa segura/de integración para curadores de datos de atencion medica, donde: la conectividad entre sistemas aislados (ubicaciones), la unificacion de registros en una vista centrada en el paciente y el intercambio de datos con la aprobacion del consentimiento son los pilares de la arquitectura propuesta. Esta propuesta otorga al titular de los datos un rol central, que le permite controlar su identidad, perfiles de privacidad y permisos de acceso. Su objetivo es minimizar el temor a la responsabilidad legal al compartir registros medicos utilizando el anonimato y haciendo que los pacientes sean responsables de proteger sus propios registros medicos, preservando al mismo tiempo la calidad del tratamiento del paciente. Nuestra hipotesis principal es: .son los conceptos de libro mayor distribuido e identidad autosuficiente una simbiosis natural para resolver los desafios del RGPD en el contexto de la atencion medica? Se requieren soluciones para que los medicos y los investigadores puedan mantener sus flujos de trabajo de colaboracion sin comprometer las regulaciones. La arquitectura propuesta logra esos objetivos en un entorno descentralizado mediante la adopcion de perfiles de privacidad de datos aislados.[Abstract] The General Data Protection Regulation (GDPR) was implemented on 25 May 2018 and is considered the most important development in data privacy regulation in the last 20 years. Heavy fines are defined for violating those rules and is not something that healthcare centers can afford to ignore. The main goal of this thesis is to study and propose a secure/integration layer for healthcare data curators, where: connectivity between isolated systems (locations), unification of records in a patientcentric view and data sharing with consent approval are the cornerstones of the proposed architecture. This proposal empowers the data subject with a central role, which allows to control their identity, privacy profiles and access grants. It aims to minimize the fear of legal liability when sharing medical records by using anonymisation and making patients responsible for securing their own medical records, yet preserving the patient’s quality of treatment. Our main hypothesis is: are the Distributed Ledger and Self-Sovereign Identity concepts a natural symbiosis to solve the GDPR challenges in the context of healthcare? Solutions are required so that clinicians and researchers can maintain their collaboration workflows without compromising regulations. The proposed architecture accomplishes those objectives in a decentralized environment by adopting isolated data privacy profiles

Revisión sistemática del uso de Blockchains en datos clínicos y su aplicación en Colombia

Trabajo de investigaciónEste documento presenta una revisión sistemática realizada en 3 fuentes de datos como IEEE, Scopus y Web of Science, buscando una síntesis de información para visualizar qué aplicaciones o desarrollos hay en el mundo acerca de blockchain, qué temas y soluciones abarca, qué se está tratando, qué implantaciones hay en curso y cuáles son los retos actuales y futuros para de esta manera divisar cuáles pueden ser los campos en los que esta tecnología se incorpore en la salud colombiana.INTRODUCCIÓN 1. GENERALIDADES 2. PLANIFICACIÓN DE LA REVISIÓN SISTEMÁTICA 3. RESULTADOS 4. DESARROLLO DE LA PROPUESTA CONCLUSIONES RECOMENDACIONES BIBLIOGRAFÍA ANEXOSPregradoIngeniero de Sistema