BLOCKCHAIN FRAMEWORK FOR ENHANCING SECURITY OF MEDICAL RECORDS

BLOCKCHAIN FRAMEWORK FOR ENHANCING SECURITY OF MEDICAL RECORDS ABSTRACT E-health is a developed infrastructure, in which usage becomes important to collect, secure and protect personal patients’ data, as well as to various medical resources. According to this aspect of view, trying to protect and secure data considering its reliable storage is more important than ever. The necessity of proving a stable and trust-base system is a big challenge in healthcare. Offering a way to consider saving, securing and protecting the data anonymously blockchain technology application in securing medical records, is the main purpose of this research. The proposed system is blockchain based medical record security system that will facilitate the process of securing patients medical records, it is very easy to us, and it provides information security and reduce manual work. The new system will overcome all the limitations of the existing system. The web based application will be implemented using ASP VB Script, HTML and Java Script; window based Graphical User Interface scripting languages, designed to run on the Windows platform for the front end. It also uses SQL Database Management System for the back end. Micromedia fireworks and Switmas will be used to design and create graphics and animations respectively. Keywords: Blockchain Technology, Electronic Record Management System; E-health, Data Sharing, and Communication. 2 CHAPTER ONE INTRODUCTION 1.1 Introduction and Background of the Study In traditional paper-based health records, information interchange and sharing are inconvenient. Health records contain personal information related to the health status of a person, which is considered sensitive data. This paper-based health records pose several cyber-attacks and are easy to be tampered with. Moreover, there are significant limitations of manual-record keeping which includes large storage space and difficulties in the recouping of records. To solve these issues a digitized version of a patient’s medical data known as an Electronic Health Record (EHR) was introduced. EHR consist of a patient’s history of treatments. It can reduce the incidents of medical error by improving accuracy. Besides, emedical records made communication between doctor and patient much easier. The data security is guaranteed by ensuring confidentiality, availability, and integrity; however, the health care systems continue to face many security threats. Nowadays, EHRs are independently stored in different hospitals in their independent database so the medical data of a patient is accessible only to the doctors within that hospital. Due to the lack of previous health records, the patient may need to undergo the same treatment once again, when they move from one hospital to another. This will lead to the wastage of already existing medical resources and increase patients’ financial burdens. “To mitigate the local computation and communication overhead, most e-medical record services are outsourced to a third-party such as public cloud” (Zhang et al, 2019). Thus, solves the storage-related problem. In cloud-based systems, electronic health records are outsourced to a third party to make medical data accessible from anywhere without any security; this may lead to a variety of privacy issues because of the risk of information leakage. EHR is more prone to data breaches. It occurs when an unauthorized user gains access to medical data. Breaches can also occur when medical data is transmitted over an unsecured connection. Later, blockchain-based HER was introduced. The introduction of blockchain technology in health care systems reduce the security threats of medical records. The features of blockchain protect the confidentiality of the medical records. But still, storage issues remain (Xiong et al, 2018). To solve the problems in the existing system, Blockchain Technology and Cloud Computing have been used with this proposed system to enhance security and improve storage issues over the patient’s EHR’s. Blockchain technology was first introduced in the application of 3 Bitcoin. A blockchain is termed as a chain of time-stamped blocks in which data is in an immutable form. This indicates that the implementation of blockchain in the electronic health record system makes medical data immutable. The data in the block is managed in a decentralized manner, which ignores the need for a central authority. This allows patients to control their medical records securely (Kyazze et al, 2015). Cloud computing services have many advantages such as pay as use, automatic load balancing, and provides services on demand. The cloud storage is used to maintain the medical data at different locations in common storage in encrypted form without any external attacks. Thus, the study system integrates the blockchain technology into healthcare as a solution to the existing problems to some extent. 1.2 Motivation The sensitive nature and the high level privacy needed by medical records couple with the constraints faced by health record officers with respect to the filling and retrieval of medical record in most hospitals as well as the information security challenges of medical records motivated the study and implementation of a blockchain framework for securing medical records as well as easy the lots of medical record officers and other health workers. 1.3 Statement of the Problem An electronic version of a patient’s medical data is known as Electronic Health Records (EHR). EHR’s are stored independently in each hospital, so the e-medical records are accessible only to the doctors within that hospital and there is no link between different hospitals, so the patient’s details cannot be shared. This leads to wastage of already existing medical resources and increases patients’ financial burdens. To make data accessible from anywhere, cloud storage services are utilized in this proposed system and e-medical reports are stored in an encrypted format in the cloud to prevent security threats from any third party. As medical data is considered sensitive information, it attracts the attention of cyberattackers. Wrong medication or treatment is caused as a result of the manipulation of medical data. The health care system provides very few security measures to secure medical data. The proposed systems also come up with a solution that makes use of Blockchain technology in health care so that any attack towards medical data can be tracked. 1.4 Aim and Objectives of the Study 4 The aim of this project is to design and implement a blockchain based system for securing medical data. The objectives of this project work include the following; i. To produce confidentiality to patient medical records through the use of blockchain technology. ii. To build essential bond and trust between the doctors and the patients by protecting the personal details of a patient, this is beyond a matter of ethical respect. 1.5 Significance of the Study Presently most hospital operates on a manual records system and a few others less secure electronic record system. The implementation of the blockchain based system for securing medical data will be of great significance in the following ways;  Ready access to a lot of all-inclusive, updated patient information, quick, reliable and secure information.  Streamlining of clinical data and powerful tools that take care, supporting multidisciplinary team operations.  Provision of adequate security for patient medical records.  Enhanced, improve and ease medical services.  Secured shared access to patience electronic health record to authorized health institutions via the blockchain technology.  Reduced patient information management, paper-work, duplication and other forms – less time spent finding unidentified notes, x-rays, admission or discharge information. 1.6 Scope of the Study This project is centered on the implementation of blockchain technology based system for securing medical data. 1.7 Limitation of the Study In carrying out any project work, one is faced with one form of constraints or the other. The constraints encountered in this project work include: i. Lack of finance to do an exhaustive and in-depth research 5 ii. Inability to get materials from the school library/cafe, because of the crowd waiting to make use of the facility. 1.8 Definition of Terms Blockchain: sometimes referred to as Distributed Ledger Technology (DLT), makes the history of any digital asset unalterable and transparent through the use of decentralization and cryptographic hashing. Clinical: dealing with how to practically manage patients, contrasting with Pre-health sciences Data: A representation of facts or ideas in a formalized manner capable of being communicated or manipulated by some process. Doctor: is a member of medical association, the one who is trained and licensed to heal and treat the sick person. Electronic Health Information Exchange (EHIE): allows doctors, nurses, pharmacists, other health care providers and patients to appropriately access and securely share a patient's vital medical information electronically—improving the speed, quality, safety and cost of patient care. Electronic Health Record (HER): An electronic health record is the systematized collection of patient and population electronically stored health information in a digital format. These records can be shared across different health care settings. Health Information Management: is the collection, analysis, storing, protecting and ensuring the quality of patient health information. Hospitals: A building designed to diagnosis and treats the sick, injured or dying. They usually have staff of doctors and nurses to aid in the treatment of patients Medical Records: are the document that explains all detail about the patient's history, clinical findings, diagnostic test results, pre and postoperative care, patient's progress and medication. 6 Patients: A person who receives treatments from a doctor or other medically educated person. 7 CHAPTER TWO LITERATURE REVIEW 2.1 Theoretical Review This work is based on providing security and privacy through cryptography based access control to store data in the cloud and encryption through attributes. The generic public key encryption (PKE) based techniques uses high key management mechanism, or require encrypting a file using different users keys of different sets for using fine-grained access control. To enhance the scalability during the encryption schemes like ABE can be used. ABE information is encrypted under a based on a set of properties that different users who have proper keys can use and decrypt it. Thus it makes encryption and management of key efficient com-pared to others (Omar et al, 2019). Interoperability in care has historically been targeted around knowledge between business entities, as an example, completely several hospital systems. However, there is a trend push towards patient-driven ability, during which health knowledge exchange is patient-driven. Patient centered approach introduces new challenges and necessities for technology, privacy, security, incentives, and governance that have got to be taken up in this sort of knowledge sharing to succeed at a large scale. Physicians have a different relationship with the Electronic Health Record (EHR). On the one hand, doctors apprehend they cannot offer the most effective attainable treatment while not them. And on the opposite, today's EHR systems are cumbersome, gawky and slow physicians down. Indeed, there is a lot of to like and far to hate concerning today's EHRs, aboard a spread of the way to handle the issues they produce. One resolution might belong block chain, the technology presently powering the crypto currency Bitcoin (Holotiuk et al, 2019). Block chain Technology is that the advance information technology in medical sector that require secure knowledge sharing among connected parties within the network. The work factors have impacts on electronic case history Blockchain technology adoption. Online form was improved by taking from literature with performance perspective, trust, and risk ideas. Electronic medical records (EMRs) are crucial however sensitive non-public data for designation and treatment in aid, that has to be usually distributed and pooled among peers like aid suppliers, insurance firms, pharmacies, researchers, patient’s families’ and others. This poses a serious challenge in maintaining a patient’s case history up-to-date. Storing and sharing knowledge between varied entities, maintaining a right to use management through varied consents solely obscures the method of a patient’s treatment. A patient, afflicted with a 8 significant medical condition like cancer, or HIV, must sustain an extended history of the treatment procedure and post-treatment rehabilitation and observance. Having access to a patients complete history is also essential for his treatment as an example, knowing the delivered radiation doses or laboratory results is critical for continued the treat is necessary for continuing the treat (Islam et al, 2019). 2.1.1 Blockchain The word "block" is made up of two words "block" and "chain" means a chain, which means ultimately a chain of blocks. Blockchain is a decentralized information and reporting system. In the blocks, any information can be entered and recorded. In the Blockchain, these blocks of information are linked together in a chain, forming a sequence of information. This technology is, in fact, a distributed database that anyone can check in on those transactions. In simpler terms, blockchain is a platform that enables the transfer of information from one location to another with high security. One of the interesting things about the Blockchain is that its open source technology. This technology has no owners and no one at the top of the network, which increases the trust of its members because no one can change the network and transactions in his or her benefit. In other words, to control and access to transactions by every member of Blockchain network can significantly increase the security and trust (Conti et al, 2016). Blockchain technology is not in itself a fundamental technology, but rather a set of hashing and encryption, mass distribution, and so on processes that have created the idea of a blockchain. Consider the Blockchain as the archive on which information is recorded. A Blockchain may not be much different from Wikipedia. Using a blockchain, many people can import different reports into one type of information archive, and users can control how the information is recorded and updated. In blockchain, each node logs an independent report on the network, and each independent record becomes a set of official reports with other records (He et al, 2015). 2.1.2 Types of Blockchain Blockchain has evolved a lot in the last decade. It started with bitcoin, which offered public blockchain — the first type of blockchain. We can also term bitcoin’s blockchain as the first generation of blockchain technology. Currently there are different types of blockchain technology – each one of them serves their purpose and solves a particular or a set of problems. 9 When the blockchain technology was introduced to the world, it was a public blockchain type with cryptocurrency use-case. It is really hard to understand the intent of its creator, but in general, it provided the concept of decentralized ledger technology (DLT). The DLT concept gives organizations the ability to work without depending on a centralized entity. Distributed technology solves the drawbacks of the centralization, but in itself brought a lot of other problems to solve when it comes to applying blockchain technology to different scenarios. For instance, bitcoin used an inefficient consensus algorithm, Proof-of-Work. It required the nodes to solve mathematical calculations using energy. Initially, it was not a problem, but as soon as the difficulty increased, the time and energy required to solve those mathematical equations also increased. This inefficiency makes it not suitable for any system that needs to stay efficient no matter what. For example, banks deal with a lot of transactions every day. So, this blockchain type is just not suitable for it (Safavi and Shukur, 2015). There were other problems associated with the first generation of blockchain, including scalability, no automation, and so on. At a glance, there are four major different types of blockchain types. They include the following.  Public  Private  Hybrid  Federated 2.1.2.1 Public Blockchain A public blockchain is the permission-less distributed ledger technology where anyone can join and do transactions. It is a non-restrictive version where each peer has a copy of the ledger. This also means that anyone can access public blockchain if they have an internet connection. One of the first public blockchains that were released to the public was the bitcoin public blockchain. It enabled anyone connected to the internet to do transactions in a decentralized manner (Huang et al, 2016). The verification of the transactions is done through consensus methods such as Proof-ofWork(PoW), Proof-of-Stake(PoS), and so on. At the cores, the participating nodes require to do the heavy-lifting, including validating transactions to make the public blockchain work. If a public blockchain doesn’t have the required peers participating in solving transactions, then it will become non-functional. 10 Advantages of Public Blockchain Public blockchains are good at what they do. Its advantages include the following.  Anyone can join the public blockchain.  It brings trust among the whole community of users  Everyone feels incentivized to work towards the betterment of the public network  Public blockchain requires no intermediaries to work.  Public blockchains are also secure depending on the number of participating nodes  It brings transparency to the whole network as the available data is available for verification purposes. Disadvantages of Public Blockchain Public blockchain does suffer from disadvantages. They are as follows:  They suffer from a lack of transaction speed. It can take a few minutes to hours before a transaction is completed. For instance, bitcoin can only manage seven transactions per second compared to 24,000 transactions per second done by VISA. This is because it takes time to solve the mathematical problems and then complete the transaction.  Another problem with public blockchain is scalability. They simply cannot scale due to how they work. The more nodes join, the more clumsy and slow the network becomes. There are steps taken to solve the problem. Bitcoin, for example, is working on lighting the network, which takes transactions off-chain to make the main bitcoin network faster and more scalable.  The last disadvantage of a public blockchain is the consensus method choice. Bitcoin, for example, uses Proof-of-Work(PoW), which consumes a lot of energy. However, this has been partially solved by using more efficient algorithms such as Proof-ofStake(PoS). Use-cases of Public Blockchain There are multiple use-cases of the public blockchain. To get a better idea, let’s list some of them below.  Voting → Governments can do voting through public blockchain employing transparency and trust.  Fundraising → Companies or initiatives can make use of the public blockchain for improving transparency and trust. 11 2.1.2.2 Private Blockchain A private blockchain can be best defined as the blockchain that works in a restrictive environment, i.e., closed network. It is also a permissioned blockchain that is under the control of an entity. Private blockchains are amazing for using at a privately-held company or organization that wants to use it for internal use-cases. By doing so, you can use the blockchain effectively and allow only selected participants to access the blockchain network. The organization can also set different parameters to the network, including accessibility, authorization, and so on (Hussein et al, 2018). A private blockchain is different from a public blockchain in the way it is accessed. Otherwise, it offers the same set of features as that of the public blockchain, providing transparency, trust, and security to the selected participants. Another major difference is that it’s kind of centralized as only one authority looks over the network. So, it doesn’t have a decentralized theoretical nature. Examples of Private blockchain: Multichain, Hyperledger Fabric, Hyperledger Sawtooth, Corda Advantages of Private Blockchain  Private blockchains are fast. This is because there are few participants compared to the public blockchain. In short, it takes less time for the network to reach consensus resulting in faster transactions.  Private blockchains are more scalable. The scalability is possible because, in a private blockchain, only a few nodes are authorized to validate transactions. This means it doesn’t matter if the network grows, the private blockchain will work at its previous speed and efficiency. The key here is the centralization aspect of decision making. Disadvantages of Private Blockchain  Private blockchains are not truly decentralized. This is one of the biggest disadvantages of private blockchain and goes against the core philosophy of distributed ledger technology or blockchain in general.  Achieving trust within private blockchain is tough because the centralized nodes make the last call.  Lastly, as there are only a few nodes here, the security isn’t all that good. It is important to understand that it is possible to lose security if a certain amount of nodes go rogue and compromise the consensus method utilized by the private network. 12 Use-cases of Private Blockchain There are multiple private blockchain’s use-cases. Some of them are listed below.  Supply chain management → Organizations can deploy a private blockchain to manage their supply chain.  Asset ownership → Assets can be tracked and verified using a private blockchain.  Internal Voting → Private blockchain is also effective at internal voting. 2.1.2.3 Consortium Blockchain A consortium blockchain(also known as Federated blockchains) is a creative approach to solving the needs of organizations where there is a need for both public and private blockchain features. In a consortium blockchain, some aspects of the organizations are made public, while others remain private (Kyazze et al, 2015). The consensus procedures in a consortium blockchain are controlled by the preset nodes. More so, even though it’s not open to mass people, it still holds the decentralized nature. A consortium blockchain is managed by more than one organization. So, there is no one single force of centralized outcome here. To ensure proper functionality, the consortium has a validator node that can do two functions, validate transactions, and also initiate or receive transactions. In comparison, the member node can receive or initiate transactions. In short, it offers all the features of a private blockchain, including transparency, privacy, and efficiency, without one party having a consolidating power. Examples of Consortium Blockchain: Marco Polo, Energy Web Foundation, IBM Food Trust. Advantages of Consortium Blockchain  It offers better customizability and control over resources.  Consortium blockchains are more secure and have better scalability.  It is also more efficient compared to public blockchain networks.  Works with well-defined governance structures.  It offers access controls. Disadvantages of Consortium Blockchain  Even though it is secure, the whole network can be compromised due to the member’s integrity. 13  It is less transparent.  Regulations and censorship can have a huge impact on network functionality.  It is also less anonymous compared to other types of blockchain. Use-Cases of Consortium Blockchain There are multiple use-cases of consortium blockchain. Some of them include the following  Banking and payments: A group of banks can work together and create a consortium. They can decide the nodes that will validate transactions.  Research: A consortium blockchain can be used to share research data and results.  Food tracking: It is also great for food tracking. 2.1.2.4 Hybrid Blockchain Hybrid blockchain is the last type of blockchain that we are going to discuss in this section. More so, hybrid blockchain might sound like a consortium blockchain, but it is not. However, there can be some similarities between them. Hybrid blockchain is best defined as a combination of a private and public blockchain. It does have use-cases in an organization that neither wants to deploy a private blockchain and nor public blockchain and simply wants to deploy the best of both worlds (Cheng et al, 2018). Advantages  Works in a closed ecosystem without the need to make everything public.  Rules can be changed according to the needs.  Hybrid networks are also immune to 51% attacks.  It offers privacy while still connected with a public network.  It offers good scalability compared to the public network. Disadvantages  Not completely transparent.  Upgrading to the hybrid blockchain can be a challenge.  There is no incentive for participating and contributing to the network. Use-Cases Some of the best use-cases of the Hybrid blockchain are as follows: 14  Real estate: You can use hybrid networks for real-estate purposes where real-estate companies can use it to run their systems and also use the public aspect for showing information to the public.  Retail: Retail can also use the hybrid network to streamline their processes.  Highly regulated markets: Hybrid blockchains are also ideal for highly regulated markets such as financial markets. 2.1.2.5 Blockchain Type more suitable for Securing Medical Records Each blockchain has something unique to offer. That’s why there is not a simple answer to what type of blockchain medical organization should choose for securing medical records. However, Consortium Blockchain technology is a blockchain network that is controlled by a set of organizations or nodes rather than a centralized node or a decentralized network. A consortium blockchain is good because it comes with pre-selected nodes. Therefore, the ideal type of Block chain technology for the solution that requires collaboration across the board such as securing medical record is the Consortium Blockchain Network (Cheng et al, 2015). 2.1.3 Blockchain Models As mentioned above, a blockchain is a distributed network open to anyone. This definition usually relates to a particular model known as permission-less or public. In the public model, any participant can join and leave at will because no rule restricts access and interaction. Therefore, the data stored in a public blockchain (i.e., Bitcoin or Ethereum) is accessible by anyone unless encryption and smart contract logic are employed. Besides the public model, blockchain can also be employed in a restricted network where the participants’ identities are known (Hakak et al, 2019). This restricted model is usually referred to as permissioned or consortium. The model of participation has a significant influence on how the consensus is reached by the network. 2.1.1.1 Permssionless Model In the permissionless model, identities are either anonymous or pseudonymous, and everybody is allowed to participate. Any user can generate a set of keys and an address that enables her to interact with other entities in the blockchain network. Therefore, everybody has the right to read data, create transactions and append information to the ledger. This model also allows to install a blockchain node and participate in the transaction validation process known as consensus. Examples of such networks are Bitcoin and Ethereum. In the 15 latter, the user can create and install code, known as smart contract, that is public and invokable by anyone. The smart contract is identified by an address and runs in an environment called Ethereum Virtual Machine (EVM). Public and permissionless blockchains need an incentive system to assure the correct functioning and existence of the network. The incentives are in the form of rewards and fees. Ethereum, for example, has a built-in currency, called ether, which serves both as liquidity to enable value exchange between various types of digital assets and to provide a mechanism for paying the transaction fees (Wang et al, 2019). In fact, users must pay ethers for invoking the logic of a smart contract and for validating their transactions. The miners collect the fees during the consensus process that consists in the agreement on global order and the new state of the system. 2.1.1.2 Permissioned and consortium model A permissioned blockchain is a closed system where the participants have identities and know one other. It is built to allow a consortium or a single organization to securely and efficiently exchange information. As proof of the fact that anonymity of participants is not always a desirable property, the permissioned model is gaining interest among enterprises because it allows secure interactions in a network of businesses with common goals but which do not fully trust each other. Examples of such a model are Corda, Tendermint, Postchain. One of the most prominent work is Hyperledger Fabric, an open source project hosted by the Linux Foundation. Fabric’s modular and extensible architecture is designed to fit different enterprise use cases (Xu, 2018). In the implementations mentioned above, privacy and confidentiality are managed by trusted parties, called membership services. In Fabric, this service is known as Membership Service Provider and has the role maintain all the identities in the system. It is responsible for issuing credentials used for authentication and authorization. In general, each organization has a local implementation of the service that is used to generate certificates and public keys for its members. The credentials are necessary to participate in the network activities as every message and transaction must be signed. This, in turn, increases the privacy and security of the network as well as its participants. Even though the identity management in such systems is somehow logically centralized, it enables a new set of consensus mechanisms based on Byzantine Fault Tolerant (BFT) state machine replication protocols like the Practical Byzantine Fault Tolerant (PBFT). The implementation of consensus is, therefore, more accurate and does not 16 depend on mining as PoW does. In addition, the concept of consensus itself is broader and entails the whole transaction flow, from the proposal to the commit. Theoretic and practical tests on BFT protocols proved that they can handle tens of thousands of transactions with acceptable network speed latencies (Willison et al, 2016). 2.1.4 Blockchains for E‐Healthcare Systems The E‐healthcare system is believed to be one of the fields where blockchain has great potential due to its inherent characteristics, especially for the management of electronic health records. Significant research efforts have been made in this direction in the last few years. Azaria et al, in 2016, proposed a decentralized records management system, termed MedRec, which was built on the Ethereum platform and utilized Ethereum's smart contracts to create an intelligent representation of existing medical records stored within individual nodes on the network (Azaria et al, 2016). Patients have control over their medical records across providers and treatments sites in this system. While medical stakeholders, such as researchers, public health authorities, etc, are incentivized to participate in the mining of the blockchain. The blockchain ledger keeps an auditable history of medical interactions of patients, providers, and regulators. This solution brings questions about to which levels that patients should own their medical information and to which degrees that the data can be shared. The related regulations have been discussed under various circumstances, and in most cases, are decided by health authorities. For this reason, the available variation of the system should also be taken into the consideration that patients have not full control over their medical records and data are shared at different levels among all medical stakeholders. In the same year, Yue et al (2016) proposed a blockchain‐based smartphone application architecture, termed Healthcare Data Gateway (HDG), to improve the privacy aspect of sharing private patient data. The proposed architecture consists of three layers: raw data are encrypted and stored in the private blockchain cloud at the storage layer; database management, including data access management is placed at the management layer; and usage layer is where health care data are utilized, eg, for the medical records system, data analytics, etc. In this architecture, a private blockchain is implemented. Unlike a public blockchain that anyone can join the network, the private blockchain is a permissioned blockchain with restrictions on who is allowed to participate and to which operations/actions. Another approach to improving privacy issues when sharing healthcare data between different stakeholders was proposed by Peterson et al (2016). The article discusses the challenges of choosing common interoperable data syntaxes 17 and security protocols and approaches to solving these challenges. A new consensus mechanism, termed “Proof of Interoperability,” along with an algorithm describing the process, is proposed. Data must conform to both structural and semantic constraints to be verified to reach the consensus. In this study, the EHR system utilizes Fast Healthcare Interoperability Resources (FHIR) standard data format, and the proposed consensus mechanism correspondingly uses the profile of the FHIR as the interoperability constraints. For different formats that other EHR systems are utilizing, a set of structural and semantic constraints need to be designated beforehand to implement this consensus mechanism. Subsequently, Kuo et al introduced blockchain to the biomedical/healthcare domains.12 The article detailed the benefits of applying blockchain in biomedicine/healthcare by comparing it with traditional distributed databases. It also discussed the potential challenges and proposed solutions for adopting blockchain technologies in these domains. This work gives a general introduction about blockchain technologies to the biomedical and health care informatics researchers (Kuo et al, 2017). Liang et al (2017) proposed a user‐centric health data sharing solution by utilizing a decentralized and permissioned blockchain. In this work, a mobile application was deployed to collect health data from personal wearable devices. The collected data were synchronized to the cloud and then shared with healthcare providers and health insurance companies. The blockchain network is deployed for data integrity protection, in addition to which, it also stores access control policies and all access activities of the personal health data. However, the mobile application collects personal health data from either the sensors of the wearable devices or manual input by users. Therefore, the approach has its limitation of implementation in EHR systems where data are primarily accessed by health professionals and recorded in standardized formats. Very recently, Kokoris et al (2018) presented a scalable distributed ledger, the OmniLedger, where they used a technique known as sharding, to create subsets of nodes for parallel state and transaction processing. By implementing this approach, the processing capacity increases as the network scales out and overcomes the capacity issue of the traditional ledger, where the processing capacity decreases as larger consensus groups likely generate more overheads. 2.2 Review of Related Works Medical data has precisely recorded people’s illnesses, and medical records and the secure storage and sharing of medical data and patient privacy protection have increasingly become a priority to build intelligent hospitals. Traditional data access control technology builds and 18 implements a safety access strategy with a completely reliable server, making it difficult to get adapted to the distributed network environment in modern times. Featured by decentralization and trustlessness, blockchain has given people a brand-new idea through distributed data storage, reliable point-to-point transmission, a consensus mechanism, and encryption algorithms (McGhin et al 2019). In the security demand under the cloud computing environment in recent years, ABE is an important technological means, and the ABE access control mechanism has been studied extensively in the computing environment. As an encryption mechanism that uses attribute as a public key, the mechanism, in essence, links users with ciphertexts through the attribute. Its flexibility of encryption and access control form has greatly ensured the security of cloud data storage (Omar et al, 2019). In the meanwhile, it has also achieved fine-grained access and become the key technique for secure cloud storage access control. However, the traditional ABE mechanism fails to completely guarantee data confidentiality, effectively prevent collision attack, or satisfy the forward and backward security of attribute revocation and the huge computing costs caused by revocation. It will be a significant core of research to apply blockchain into cloud computing and use the security mechanism of blockchain to enhance the secure storage and performance of cloud computing. The integration of blockchain and cloud computing plus proper security strategy can solve the contradiction between data sharing and privacy (Islam et al, 2019). This paper has brought forth a distributed medical data privacy protection scheme based on blockchain and cloud computing technology with an aim at the open-ended question brought by data sharing of intelligent hospitals and personal privacy protection of patients. Concretely, on the one hand, the scheme has introduced a cloud computing pattern and designed blockchain-based distributed data management architecture for intelligent hospitals, in which it uses a consortium chain in the blockchain and ensures the security of user information in order to guarantee the operating efficiency of blockchain and reduce the computing burden of the user side. Besides, to handle the highly complex computing caused by encryption, it has used proxy reencryption technology and ABE technology to offer specific access control mechanisms to users. The access of every user is based on condition and attribute, which provides a secure exchange of patient information for every doctor. The response side encrypts all medical data. The cloud nodes process the medical data transmitted to get and return the final ciphertext to the request side. On the other hand, it has designed the data sharing and replacement as well as privacy protection rules with the participation of the 19 cloud computing service side, and it can greatly solve the difficulties in secure storage and sharing of intelligent hospitals. The underlying communication of blockchain generally adopts P2P communication. P2P technology makes the communication on the network easy and direct and reduces the dependence on the intermediate server to the minimum. P2P technology has the characteristics of decentralization, scalability, robustness, high cost performance, and load balancing. Consensus mechanism is the core of blockchain, which maintains the normal operation of blockchain. Consensus mechanism is an algorithm to reach consensus on the order of things in a period of time. Common consensus mechanisms include proof of work (POW), proof of stake (POS), and practical Byzantine fault tolerance (PBFT). Consensus mechanism ensures that the uniqueness of information and data cannot be tampered with. Taking advantage of this, blockchain technology can be widely used in intelligent asset management, such as intellectual property protection and domain name management, to ensure that the contract is not tampered with. At present, relevant researchers all over the world have been studying medical data sharing and privacy protection. He et al. has proposed a medical data sharing model of cloud storage, which adopts the distributed sharing mechanism and which meets the interoperability requirements of CCR standard (He et al, 2015); however, there is still a huge gap with the data security and privacy protection as required by intelligent hospitals. Seyedmostafa et al. has built a portable medical system architecture, which supports data security and privacy protection through the CIA/HIPAA protocol, but which does not meet the requirement of interoperability (Safavi and Shukur, 2015). Liang et al. have used the CCR standard and designed a solution— HealthVault, which is a web medical and health record system and which adopts the clientserver pattern. All medical data are stored in a third-party server, so security and reliability cannot be guaranteed (Huang et al, 2016). The Healthticket model designed by Kyazze et al. enables doctors to access medical data of patients through the web app (Kyazze et al, 2015). This model ensures the private information of patients with CP-ABE mechanism, but the access requires multiple licenses. The security, privacy, and interoperability of all these models are difficult to meet the requirements of intelligent healthcare. However, blockchain technology completes permission validation through a third party, which has solved the above problems satisfactorily, balanced medical data sharing and privacy protection, eliminated central nodes, and improved access efficiency. Proxy reencryption is a key conversion mechanism between ciphertexts and it was proposed by Cheng et al. Wang et al. has given its normative formal definition in the 2005 Network & 20 Distributed System Security Symposium (NDSS) and the 2007 ACM Conference on Computer and Communications Security and constructed the one-way proxy reencryption algorithm (Cheng et al, 2018; Wang et al, 2019). Based on the above two studies, Xu has constructed the first valid two-way proxy reencryption algorithm (Xu, 2018). Afterward, Yang et al. have also constructed the secure one-way proxy reencryption scheme without bilinear pairing (Yang et al, 2019). Ateniese et al. had configured the privacy proxy reencryption algorithm in line with CPA security. As for ABE, Fan et al. had constructed the KP-ABE algorithm to support monotonous access for the first time, and the ciphertext uses the attribute for encryption (Fan et al, 2018). The key is tied to user access strategy and only when the access strategy of the key matches the attribute of the passphrase can the user correctly decrypt the passphrase. Willison et al. had raised a secure and unbounded ABE algorithm (Willison et al, 2016), the size of whose attribute set is not confirmed when initializing the public parameters. Moreover, the available attributes are infinite polynomial orders, and new attributes can be added in the specific implementation. Hakak et al. had improved the ABE algorithm, which had extended the decryption condition to the universal monotonous access control and adopted a fine-sorted access control key (Hakak et al, 2019). It has greatly expanded the coverage of the ABE algorithm (Cheng et al, 2015). Later, Hussein et al. had come up with an ABE algorithm approximate to actual access control, but loopholes still exist in the security (Hussein et al, 2018). Conti et al. had put forward an ABE algorithm for DBDH problems, but the access mode is merely a simple attribute operation without reaching universal access control (Conti et al, 2016). Integrating blockchain and cloud computing in the research of secure storage of healthcare data has found a new direction for the relevant theoretical research of information security and promoted extended applications of blockchain in the fields, which involve sensitive data such as intelligent healthcare. In this sense, it has certain practical value (Holotiuk et al, 2019). . 21 CHAPTER THREE METHODOLOGY AND SYSTEM ANALYSIS 3.1 Research Methodology The project work adopted the design methodology. The design of a blockchain based system for security medical data was implemented. The system was designed to enhanced the security of medical records. The designed system has the followings modules: eAdmin, eHospital, eStaff, eLab, ePatient, eDoctor, Emergency Case and Biometric Information that help to store the electronic records in the consortium blockchain system. 3.2 System Analysis System analysis deals with the investigation of a system so as to ascertain how it will work and what can be done to improve its working efficiency at a minimum cost. System analysis is a problem solving techniques that decompose a system into its components pieces for the purpose of studying how these comments part works and interact to accomplish their purpose. It is a series of activities carried out on a system to identify its strength and weaknesses so as to devise a better means of improving on the system performance. 3.2.1 Analysis of the Existing System In the existing system, there is no connection between different hospitals since they use an independent database so the patient’s details cannot be shared. Although some hospitals use cloud computing technology to store, their data but they are not secure. In the current system, in case of an emergency, the patient might be in an unconscious state so the hospital authorities may not know the details of the patient and it is time-consuming to find the medical details. Lack of relevant medical reports affects the further treatment of the patient. 3.2.1.1 Weaknesses of the existing system Major drawbacks of the existing system are as follows. Insecurity: EHR plays an important part in the transformation of health care that enables a patient to handle their medical data via the internet. EHR possesses medical details of the patients, which attracts cyber attackers. “Loss of electronic health record leads to a wrong medication or surgery. Health care systems provide fewer security measures to secure the health records”. Storage: EHR’s are maintained in independent databases of each hospital, so access to previous medical records is impossible when the hospital is changed. This leads to a waste of 22 medical information and they have to conduct the medical examinations once again. Without access to one’s previous medical files, a new doctor may not know about the patient’s medical history. It is because different states and organizations have different ways of storing medical data. 3.2.2 Analysis of the Proposed System The usage of blockchain technology for securing medical records is introduced in this proposed system. The main objective is to provide secure solutions for patient medical data using Blockchain Technology. In this proposed system, the medical information of people is stored in a centralized web. The details like lab reports, medicine details, treatment historyare stored under a single unique ID. Using this ID, a patient can view all their treatment details andshare their reports with the doctor. To overcome the security threat from the third-party serviceprovider inside the cloud, a secure encryption technique was implemented. Furthermore, blockchaintechnology is used to verify the data integrity for more security. Blockchain technology is expected to have a highly significant impact on the health care industry.The blocks are protected in an assured and unchangeable manner. Each block contains the data,timestamp, hash of that block, nonce, and hash of the previous block. Here data indicate the medicaldata of patients. Timestamp identifies when the block is generated. Just like a fingerprint, the blocksare uniquely identified by their hash values. Any changes done within the block causes a change in the hash value. When changes to intersections are to be detected, the hash is very useful. The block does not remain the same if any change is made in it. A nonce is a number added while hashing to meet the desired target value. Each block in the blockchain contains the medical reports of each patient, generated by the doctors who treated them. Thus, a chain of blocks that contain information is known as the blockchain, whose immutability is guaranteed and keeps important medical data safe and allows secure transfer of patient medical records. Blockchain does not need a central authority to control the overall system since it is decentralized. In the healthcare domain, blockchain has the potential to resolve the issues related to medical records by providing security, validation, and authentication. 3.2.2.1 Advantages of the Proposed System The following are some of the advantages of the proposed system  Blockchain technology would prevent any type of security attack that has exploited the single point of failure weakness of the traditional client-server model. 23  Since blockchain technology relies on a distributed network there is no one point of failure. This means that it is not possible for hackers to simply find a security flaw and then gain access to the data in this way.  Should a hacker target any one node on the blockchain network and attempt to make an unauthorized change then the other nodes will prevent it from happening.  As each participant on the network has a complete copy of the entire blockchain ledger, they are able to independently verify any new block being added and identify any attempt to alter any previous block.  Blockchains are designed to be unalterable once written unless the change has the support of 51% of the network. This makes them excellent for storing patient medical records as it means any data in the record cannot be tampered with.  As every new data block that is added would also contain details of the doctor who added it, blockchain EMRs would offer full accountability for the data that they contain.  In the case of incorrect diagnoses, for example, patients could be confident that there is no way that records could be altered should the doctor or healthcare provider wish to deny accountability. 3.2.2.2 High Level Model of the Proposed System Fig. 1: High Level Model of the Proposed System (Source: Huang et al, 2016) In membership management the health administrator registers users i.e. Patients and Healthcare-Providers to the membership service based on their roles. During registration, 24 health administration should make sure that only valid user should be register in membership service. For example, in case of Healthcare-Provider registration they should ensure that he/she is a qualified doctor and must be registered with the government health organization. The membership service also hosts a certification authority that generate key pair for signing and encryption key pair for every user. Patient is issued with a symmetric encryption key (Patient Key) which is used for encryption/decryption of medical records. When a patient wants to share medical records with a Healthcare-Provider, the patient can share his/her patient key using the public key of that Healthcare-Provider. Healthcare-Provider can also request this key from patient and when provided he/she can access patients’ medical records and can add new records. Our system provides a user interface for every user through which they can interact with the system. The frontend web application is written in HTML, CSS and JavaScript. All the users are provided with their own separate web user interface. Both patients and Healthcare-Providers will use their login credentials (provided by the admin) to login to the system. Consensus mechanism is the most important part of our blockchain application to verify transactions. All peers that takes part in the consensus mechanism runs a consensus algorithm (Hyperledger use PBFT consensus algorithm) to check whether a transaction is valid or not. If certain number of peers reaches a consensus the transaction will be successful and the transaction will be added to the blockchain. Here in our system we have set a network that will consists of four peer nodes that will act as endorsing peers and committing peers at the same time and one orderer node that will provide the ordering service. Out of these four peers three peers must reach a consensus for transaction to be successful and added to the blockchain. Every peer node will hold ledger and the chaincode (chaincodes are written in JavaScript) along with its World-State database. Transactions submitted by users are received by the nodes through role-based APIs. When a transaction is submitted by the user, the leader node organizes transaction in a block and initiate the consensus mechanism. All nodes execute the transaction according to implemented chaincode logic. After successful execution the endorsing peers send the endorsement responses to the client. The client now sends the transaction attached with endorsement response to the orderer node which host the ordering service. Ordering service receives the endorsed transactions and orders them into a block. Now it broadcast the generated block to all peers. Every peer verify that the transactions of the received block are signed by appropriate endorser and that enough endorsements are present 25 (in our system 3 out of 4 peers must reach the consensus). If, the verification check passes the peer commit/save the block to their ledger. The data is stored in the Hyperledger Fabric distributed ledger which stores data in two ways: the blockchain that contains the chain of blocks with each block holding transaction information in the form of key-value pair and World-State database that stores value (asset) of all the last committed transactions according to the specific key. Here a point to be noted is that it is not feasible to store all data in the blockchain as it largely degrades the performance of whole blockchain system. USAGE SCENARIOS A user reads his/her health record from a provider A user wants to read his/her record from a provider's database. He/she makes a query request to access the record. This query, together with a return value that is either the requested data or an access denied message, will be a log that is hashed and added to the Record Relationship Contract (RRC). A health provider reads records from another provider A provider B wants to read a user's record from provider A's database. B makes a query request to provider A. This query, together with a return value that is either the requested data or an access denied message, will be a log that is hashed and added to the RRC. A health provider edits records A provider wants to read or edit a user's record from its own database. The provider makes a query to the record. All actions and edited data will be a log that is hashed and added to the RRC. Figure below shows these three usage scenarios. Before a new block is mined, the status in each RRC indicates pending. If more than one hashed log has been added to an RRC within one blockchain update cycle, they will all be added to the RRC. After the new block has been appended to the blockchain, the status in each RRC changes to updated. 26 Fig. 3.2: Usage Scenarios (Source: Safavi and Shukur, 2015) 27 CHAPTER FOUR SYSTEM DESIGN AND IMPLEMENTATION 4.1 Objectives of the Design The objective of this research is to design and implement a blockchain based system for securing medical data. The system will be flexible and easily accessed from different locations using either mobile phones or personal computer connected to the internet. The authentication of users will be done to access very sensitive data while only personal key login details will be needed to grant access to users accessing non-sensitive information. The implementation of this system entails all the processes undertaken from the conversion of the old system to the new system, final documents compilation and users training. The overall system and software is user-friendly, inter-operational, portable and adaptable. It was designed in a way that any level of user can easily use it without having any problem. 4.2 Control Centre/Main Menu The following are the control centre for the system:  Blockchain  eAdmin  eHospital  eStaff  eLab  Patient  eDoctor  Emergency Case  Biometric Information 4.3 System Specifications Tools used in the development of the web application includes HTML language, Cascading Style Sheet (CSS), ASP.NET Framework and Microsoft Visual Studio 2010. MySQL database was the database server used to hold data and records accounts in the system. HTML language was used to design the user interface of the system. Cascading Style Sheet (CSS) assisted the HTML to make the interface friendly and responsive. ASP.NET Framework is the web-application framework used in designing the system. 28 Microsoft Visual Studio 2010 is the IDE (Integrated Development Environment) used in designing the system. 4.3.1 Database Development Tool The web application system design can store and retrieve information from a database. The database used for this design is MySQL database as the back end, this is used to create different tables. MySQL provides one of the most flexible database management system, and the flexibility does not come at a high price either. The database can be small, large, or gigantic. You can expand them, shrink them, infuse them with thousands of tables, copy them, move them, detach them, transform them, encrypt their objects, and so on. 4.3.2 Database Design and Structure The database design structure used in the web application for security medical records using block chain technology are given below. Login This table holds administrators login information such that any query made to this table list out all the administrators that have rights to the system. Field Type Size Null Default ID Bigint 20 No Username Varchar 20 Yes Null Password Varchar 20 Yes Null Extra auto_increment Patient Registration All patient data are save in the table below Field Type Size Null S/N bigint 20 No CardNo varchar 20 Yes Null Null Surname varchar 20 Yes Null Null Othernames varchar 20 Yes Null Null Sex varchar 20 Yes Null Null Age varchar 3 Yes Null Null Address varchar 200 Yes Null Null PhoneNo varchar 20 Yes Null Null 29 Default Extra auto_increment Next_of_Kin varchar 20 Yes Null Null Next_of_Kin_Address varchar 20 Yes Null Null Next_of_Kin_PhoneNo varchar 20 Yes Null Null Relationship varchar 20 Yes Null Null Date varchar 20 Yes Null Null Default Extra Consultation Information All Consultation data are save in the table below Field Type Size Null S/N bigint 20 No CardNo varchar 20 Yes Null Null Disease varchar 20 Yes Null Null Symptom1 varchar 20 Yes Null Null Symptom2 varchar 20 Yes Null Null Symptom3 varchar 3 Yes Null Null Symptom4 varchar 200 Yes Null Null Symptom5 varchar 20 Yes Null Null Drug1 varchar 20 Yes Null Null Drug2 varchar 20 Yes Null Null Drug3 varchar 20 Yes Null Null Drug4 varchar 20 Yes Null Null Drug5 varchar 20 Yes Null Null Date varchar 20 Yes Null Null Default Extra auto_increment Diagnosis Information All disease data are save in the table below Field Type Size Null S/N bigint 20 No CardNo varchar 20 Yes Null Null Disease varchar 20 Yes Null Null Symptom1 varchar 20 Yes Null Null Symptom2 varchar 20 Yes Null Null 30 auto_increment Symptom3 varchar 3 Yes Null Null Symptom4 varchar 200 Yes Null Null Symptom5 varchar 20 Yes Null Null Search This table revive drug search code as input. Field Type Size Null Default ID Number Varchar 20 Yes Null Drug Information All drug data are save in the table below Field Type Size Null Default Extra S/N bigint 20 No CardNo varchar 20 Yes Null Null Drug1 varchar 20 Yes Null Null Drug2 varchar 20 Yes Null Null Drug3 varchar 20 Yes Null Null Drug4 varchar 20 Yes Null Null Drug5 varchar 20 Yes Null Null auto_increment 4.3.3 Program Module Specification The various modules of the system are Admin, Hospital, Doctor, Patient, Staff, and Lab. The various functions associated with each module are as follows. Admin: Admin is the main authority who controls the overall system. The admin is the one who manages the hospital registration and lab registration with the system. It has the functionality to accept or reject the hospital’s registration and lab registration with the system. Another major function performed by the admin is to issue an Electronic card (eCard) for each patient. eCard contains the basic personal information about patients and a QR code for uniquely identifying each one of them at any hospital. Hospital: The hospital is another important module that keeps track of all the processes from a patient taking admission to the hospital until the patient is discharged or completes their 31 treatment. The hospital has the authority to add staff and doctors when new staff or doctors join. When the hospital is starting a new department, the hospital can add the new department also. Staff: In this module, staff schedules the necessary appointments for the patients using eCards and assigns doctors for each patient according to the specialization needed by the patients. The staff scans the QR code in the Electronic card (eCard) of each patient to get their information to make an appointment. Lab: In this module, the labs that have been approved by the admin do the laboratory test for the patients. The generated test results are shared with patients and shared with the doctor who recommended the test for the patient. Patient: The patient can take an appointment in any hospital with their unique QR code in the eCard. In this module, the patients can view and manage their medical reports. Apart from this, they can verify the integrity of the medical record by calculating the hash values of medical records at the time of decryption and by comparing it with previously calculated hash values, which are stored in the cloud. Any change in hash values is reflected in the reports and patients are notified of any case of attack towards medical data using blockchain technology, which makes the EHRs more secure. Patients can view their medical reports by decrypting it from the cloud, once data integrity is satisfied. If the doctor wants to view the patient’s previous medical reports or the patient wants to share the reports with another doctor for a second opinion, the patient can share the needed reports and an authorized doctor can decrypt it for further treatment. Doctor: In this module, the doctor accepts the patients’ appointments and treats them. The doctor then provides a report of the patients’ diagnosis and prescribes them the required treatment. The medical reports generated by the doctor are encrypted using an encryption algorithm and stored in the cloud. Simultaneously, the encrypted reports are hashed using a hashing algorithm, to transform medical reports into their corresponding file hash. Along with the file hash, some values from the e-medical reports undergo hashing and a hash value for the block is generated using blockchain technology. This hash value of the block is then stored in the cloud and is later used for verifying the data integrity of medical reports on decryption. Any change in medical 32 reports will be identified by calculating the hash values of reports on decryption and by comparing it with hash values previously stored in the cloud. Any change in hash values affects the overall value and this indicates that the data integrity is compromised. So any attacks against medical data are tracked and notified to the corresponding patient. In any case, if the doctor wants to have a look at the patient’s previous medical reports or else the patient meets a doctor for a second opinion, the patient can share the reports. Once access is granted, the doctor can view the shared medical reports by decrypting it from the cloud once the data integrity is satisfied. After having a look at the patient’s previous medical reports, the doctor decides the treatment to be prescribed and new medical reports are added to the existing reports. Emergency Case: In case of an emergency, most patients are in an unconscious state when they are admitted to the casualty section of a hospital. So the above communication between patient and doctor is failed in this situation. This leads to a problem in retrieving the medical details. To solve this issue in case of emergency the authorized doctors are given special permission to access the basic medical details, as well as the medical details related to the diagnosed issue of each patient. The patients get a notification so that any sort of unauthorized access to their medical records could be tracked. This may improve the patient’s further treatments. The following techniques are used by authorized doctors to retrieve the basic medical details of a patient. Biometric Information: Admin issues eCard for patients with their basic personal information along with the biometric information. So, if the patient is brought unconscious to a hospital, the authorized doctors in the emergency departments in the hospital can use the patients’ biometric information to get the patient’s basic details. 4.3.4 Input/Output Format The input design focuses on controlling the amount of input required, controlling the errors, avoiding delay, avoiding extra steps and keeping the process simple. The input is designed in such a way so that it provides security and ease of use with retaining the privacy. A quality output is one which meets the requirements of the end user and presents the information clearly. In output design it is determined how the information is to be displaced for immediate need and also the hard copy output. It is the most important and direct source 33 information to the user. Efficient and intelligent output design improves the system’s relationship to help user decision-making. 4.4 System Flowchart A flowchart is a general representation of the logic of a program or sets of instruction using specific symbols with predefined meaning. It is a visual picture that gives the steps of an algorithm and also the flow of control between the various steps. The system flowchart is shown below. START DIAGNOSE NEW PATIENT DIAGNOSE OLD PATIENT PATIENT RECORD MAINTENANCE REPORT STOP 34 REGISTRATION START INPUT CARD NO DOES IT EXIST? DISPLAY ERROR MESSAGE DISPLAY REGISTRATION FIELD INPUT PATIENT INFORMATION PROCESS INFORMATION ARE ALL FIELD FILLED? DISPLAY ERROR MESSAGE DISPLAY CONSULTANCY FORM CHECK SYMPTOMS PROCESS SYMPTOMS SAVE TO DATABASE STOP 35 CONSULTATION START INPUT CARD NO DOES IT EXIST? DISPLAY ERROR MESSAGE DISPLAY CONSULTANCY FORM CHECK SYMPTOM PROCESS SYMPTOMS SAVE TO DATABASE STOP 4.5 System Implementation System implementation translates the specific action established during the system analysis and design into a rally operational system. System implementation is the construction of a new system (that is, the development, installation and testing of the system) and the delivery of that system into production. System documentation is a written description of how the system works. It consists of information on how to install the system and other design issues that will help the user to understand it better. Each unit testing verifies that each module meet its specification. 36 4.5.1 Proposed System Requirements This program is hardware and software dependent. The proposed system requirement are highlighted in the hardware and software requirement section below. 4.5.1.1 Hardware Requirements The following hardware components are needed for the software to operate. 1. Pentium 3 processor and above 2. Minimum of 512 MB of RAM to install 3. Mouse 4. CD ROM /floppy Drive 5. Monitor resolution of 1024 by 786 pixels 6. Keyboard 4.5.1.2 Software Requirements Stated below are the software requirements for this application to function appropriately. 1. Installed Microsoft window XP/NT/Vista/Windows 7/Windows 10 2. Installed web browsers 4.5.2 System Testing During the programming stage, each modules of the program will be tested to pre-lay down rules by the designer. The complete programs are then passed to the designer for further testing. Testing will be performed by both desk checking, the original specification and by running the final programs using test data. Test data should normally be compiled and the result should be normally compared with the appropriate clerical figure or the current computer system. It is also important that the system correctly identifies errors. Common error test include the input of; i. Incorrect formats. ii. Out of range items iii. Invalid combination. 4.5.2.1 Limitations of the System The followings are the possible limitations of the system: (i) The system is network-dependent and once internet services cannot be accessed, the system cannot be accessed. 37 (ii) The system depends on electricity hence lack of adequate power supply to manage and access the hybridized system can limit the use of the system. (iii) Loss of total control of the hybrid system considering the fact that there is always a third party service provider whose responsibility is to manage and control the system service. (iv) Limited features since the service providers may not give you all the required services due to the nature of bargain or negotiating power based on cost maintenance. 4.5.3 System Security In order to implement data protection in the system, the blockchain technology implemented through the personal login and authentication. The personal login provided access to the system and to assess non-sensitive materials while the authentication is for assessing sensitive data. 4.5.3.1 Password Protection Password protection was used to ensure that the user’s information is protected in the system. 4.5.3.2 Authentication Authentication granted by admin is sent to the user through a third-party either by email or phone to assess the sensitive data. 38 CHAPTER FIVE SUMMARY, CONCLUSION AND RECOMMENDATION 5.1 Summary The E‐healthcare system is believed to be one of the fields where blockchain has great potential due to its inherent characteristics, especially for the management of electronic health records. Patients have control over their medical records across providers and treatments sites in this system. While medical stakeholders, such as researchers, public health authorities, etc, are incentivized to participate in the mining of the blockchain. The blockchain ledger keeps an auditable history of medical interactions of patients, providers, and regulators. This solution brings questions about to which levels that patients should own their medical information and to which degrees that the data can be shared. 5.2 Conclusion The healthcare domain experiences many complex problems due to inadequate security measures. An increase in the use of blockchain technology is its security features that solve security threats associated with medical records. The use of the blockchain technology to store encrypted reports resolve the security related issues with the existing cloud-based system. Thus, the proposed system obtains a systematic review of various algorithms that uses blockchain and cloud computing services into healthcare. 5.3 Recommendation Irrespective of the efficiency of a system, there is always the need for improvement for a better and advance outcome. Apart from Hospitals, other organizations can adopt this work in their record management. 5.3.1 Application Areas (i) Apart from Hospitals, this work can be used both in the state and federal Ministry of Health to improve their record management. (ii) This work can be used in the ministry of information and other related service providers. (iii) Other corporate businesses and organizations can adopt the methodology used in this research in their information management system. 39 5.3.2 Suggestion for Further Research The following suggestions are given to improve on the effectiveness and efficiency of the system in subsequent research work. (i) A module that can handle financial transactions should be incorporated into the system to reduce the stress of patient going to banks to make payment. 5.4 Contribution to Knowledge This research work has contributed to knowledge in the following ways: (i) The design and implementation of blockchain framework for enhancing security of medical records. (ii) A secured system with high throughput has been designed through the grouping of data into sensitive and non-sensitive data. (iii) The design of a flexible and cost-effective system that generates transcripts, allows the upload of patients’ and doctors’ information, accessing of electronic records within and outside the Hospital premises without the particular storage used has been implemented. 40 REFERENCE T. McGhin, K.-K. R. Choo, C. Z. Liu, and D. He, (2019) “Blockchain in healthcare applications: research challenges and opportunities,” Journal of Network and Computer Applications, vol. 135, pp. 62–75. A. Al Omar, M. Z. A. Bhuiyan, A. Basu, S. Kiyomoto, and M. S. Rahman (2019), “Privacyfriendly platform for healthcare data in cloud based on blockchain environment,” Future Generation Computer Systems, vol. 95, pp. 511–521. N. Islam, Y. Faheem, I. U. Din, M. Talha, M. Guizani, and M. Khalil (2019), “A blockchainbased fog computing framework for activity recognition as an application to ehealthcare services,” Future Generation Computer Systems, vol. 100, no. 11, pp. 569– 578. C. He, X. Fan, and Y. Li (2015), “Toward ubiquitous healthcare services with a novel efficient cloud platform,” IEEE Transactions on Biomedical Engineering, vol. 60, no. 1, pp. 230–234. S. Safavi and Z. Shukur (2015), “Conceptual privacy framework for health information on wearable device,” PLoS One, vol. 9 (2); 72-87. L. Huang, X. Chen, and X. Lai (2016), “Network security prediction method based on Kalman filtering fusion decision entropy theory,” International Journal of Security and its Applications, vol. 10, no. 12, pp. 347–358. M. Kyazze, J. Wesson, and K. Naude (2015), “The design and implementation of a ubiquitous personal health record system for South Africa,” Studies in Health Technology & Informatics, vol. 206, no. 206, pp. 29–41, 2014 H. Cheng, D. Feng, X. Shi, and C. Chen (2018), “Data quality analysis and cleaning strategy for wireless sensor networks,” EURASIP Journal on Wireless Communications and Networking, vol. 2018, no. 1, 1-11. S. Wang, X. Wang, F. Meng, R. Yang, and Y. Zhao (2019), “Investor behaviour monitoring based on deep learning,” Behaviour & Information Technology, pp. 1–12. C. Xu, (2018) “A novel recommendation method based on social network using matrix factorization technique,” Information Processing & Management, vol. 54, no. 3, pp. 463–474 R. Yang, L. Yu, Y. Zhao (2019), “Big data analytics for financial market volatility forecast based on support vector machine,” International Journal of Information Management, vol. 50, no. 1, pp. 452–462. K. Fan, Y. Ren, Y. Wang, H. Li, and Y. Yang (2018), “Blockchain-based efficient privacy preserving and data sharing scheme of content-centric network in 5G,” IET Communications, vol. 12, no. 5, pp. 527–532. 41 D. J. Willison, M. K. Kapral, P. Peladeau, J. A. Richards, J. Fang, and F. L. Silver (2016), “Variation in recruitment across sites in a consent-based clinical data registry: lessons from the Canadian Stroke Network,” BMC Medical Ethics, vol. 7, no. 1, p. 6 S. Hakak, W. Z. Khan, G. A. Gilkar, M. Imran, and N. Guizani (2019), “Securing smart cities through blockchain technology: architecture, requirements, and challenges,” IEEE Network, vol. 34, no. 1, pp. 8–14. H. Cheng, N. Xiong, A. V. Vasilakos, L. T. Yang, G. Chen, and X. Zhuang (2015), “Nodes organization for channel assignment with topology preservation in multi-radio wireless mesh networks,” Ad Hoc Networks, vol. 10, no. 5, pp. 760–773. A. F. Hussein, N. ArunKumar, G. Ramirez-Gonzalez, E. Abdulhay, J. M. R. S. Tavares, and V. H. C. de Albuquerque (2018), “A medical records managing and securing blockchain based system supported by a genetic algorithm and discrete wavelet transform,” Cognitive Systems Research, vol. 52, no. 12, pp. 1–11. A. Conti, P. Delbon, L. Laffranchi, C. Paganelli, and F. De Ferrari (2016), “HIV-positive status and preservation of privacy: a recent decision from the Italian Data Protection Authority on the procedure of gathering personal patient data in the dental office,” Journal of Medical Ethics, vol. 38, no. 6, pp. 386–388. F. Holotiuk, F. Pisani, and J. Moormann (2019), “Radicalness of blockchain: an assessment based on its impact on the payments industry,” Technology Analysis and Strategic Management, vol. 31, no. 8, pp. 915–928. Nakamoto S. Bitcoin: A Peer‐To‐Peer Electronic Cash System. Campinas, Brazil: Portal Unicamp; 2008. Tschorsch F, Scheuermann B. Bitcoin and beyond: A technical survey on decentralized digital currencies. IEEE Commun Surv Tutor. 2016; 18(3): 2084‐ 2123. Zheng Z, Xie S, Dai H, Chen X, Wang H. An overview of blockchain technology: architecture, consensus, and future trends. Paper presented at: IEEE International Congress on Big Data; 2017; Boston, MA. Nguyen GT, Kim K. A survey about consensus algorithms used in Blockchain. J Inf Process Syst. 2018; 14(1): 101‐ 128. Cachin C. Architecture of the hyperledger blockchain fabric. Paper presented at: Workshop on Distributed Cryptocurrencies and Consensus Ledgers; 2016; Chicago, IL. Azaria A, Ekblaw A, Vieira T, Lippman A. MedRec: using blockchain for medical data access and permission management. Paper presented at: IEEE International Conference on Open and Big Data (OBD); 2016; Washington, DC. Yue X, Wang H, Jin D, Li M, Jiang W. Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk control. J Med Syst. 2016; 40(10): 218. 42 Peterson K, Deeduvanu R, Kanjamala P, Boles K. A blockchain‐based approach to health information exchange networks. Paper presented at: NIST Workshop Blockchain Healthcare; 2016; Gaithersburg, MD. Kuo TT, Kim HE, Ohno‐Machado L. Blockchain distributed ledger technologies for biomedical and health care applications. J Am Med Inform Assoc. 2017; 24(6): 1211‐ 1220. Liang X, Zhao J, Shetty S, Liu J, Li D. Integrating blockchain for data sharing and collaboration in mobile healthcare applications. Paper presented at: IEEE International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC); 2017; Montreal, Canada. Kokoris‐Kogias E, Jovanovic P, Gasser L, Gailly N, Syta E, Ford B. OmniLedger: a secure, scale‐out, decentralized ledger via sharding. Paper presented at: IEEE Symposium on Security and Privacy (SP); 2018; San Francisco, CA. 43 APPENDIX A SYSTEM FLOWCHART START DIAGNOSE NEW PATIENT DIAGNOSE OLD PATIENT PATIENT RECORD MAINTENANCE REPORT STOP 44 REGISTRATION START INPUT CARD NO DOES IT EXIST? DISPLAY ERROR MESSAGE DISPLAY REGISTRATION FIELD INPUT PATIENT INFORMATION PROCESS INFORMATION ARE ALL FIELD FILLED? DISPLAY ERROR MESSAGE DISPLAY CONSULTANCY FORM CHECK SYMPTOMS PROCESS SYMPTOMS SAVE TO DATABASE STOP 45 CONSULTATION START INPUT CARD NO DOES IT EXIST? DISPLAY ERROR MESSAGE DISPLAY CONSULTANCY FORM CHECK SYMPTOM PROCESS SYMPTOMS SAVE TO DATABASE STOP 46 APPENDIX B SYSTEM SOURCE CODE Option Explicit Private Sub cmdClear_Click() If fraPatientReg.Visible Then fraPatientReg.Visible = False txtCardNo.SetFocus 'SendKeys "{home}+{end}" End Sub Private Sub cmdExit_Click() cn.Close Unload Me End Sub Private Sub cmdOK_Click() qry = "select*from PatientsReg where CardNo='" & txtCardNo & "'" Set rs = New Recordset 'cn.Open rs.Open qry, cn, adOpenKeyset, adLockOptimistic, adCmdTableDirect If txtCardNo = "" Then MsgBox "Field cannot be empty", vbApplicationModal + vbOKOnly + vbCritical, "Alart Message" txtCardNo.SetFocus ElseIf (rs.EOF And rs.BOF) Then fraPatientReg.Visible = True txtCardNo2 = txtCardNo txtCardNo2.Enabled = False txtDateReg = Date txtDateReg.Enabled = False txtSurname.SetFocus Else MsgBox "Card Number already Exist!!!, Register another Patient", vbApplicationModal + vbOKOnly + vbExclamation, "Alert Message" txtCardNo.SetFocus ' SendKeys "{home}+{end}" End If End Sub Private Sub cmdStore_Click() If txtCardNo2 <> "" And txtSurname <> "" And txtOthername <> "" _ And cboSex <> "" And txtAge <> "" And txtAddress <> "" _ And txtPhoneNo <> "" And txtName <> "" And txtAddress2 <> "" _ And txtPhoneNo2 <> "" And cboRelate <> "" And txtDateReg <> "" Then rs.AddNew rs("CardNo") = txtCardNo2 rs("SurName") = txtSurname rs("OtherName") = txtOthername rs("Sex") = cboSex rs("Age") = txtAge rs("Address") = txtAddress 47 rs("PhoneNo") = txtPhoneNo rs("NextOfKinName") = txtName rs("NOKAddress") = txtAddress2 rs("NOKPhoneNo") = txtPhoneNo2 rs("NOKAddress") = txtAddress2 rs("Relationship") = cboRelate rs("Date") = txtDateReg rs.Update rs.Close cn.Close fraPatientReg.Visible = False cmdClear_Click frmConsultance.Show CardNoglob = txtCardNo2 DateRed = txtDateReg 'rs.Close Else MsgBox "Ensure that some fields are not left blank", vbApplicationModal + vbOKOnly + vbExclamation, "Alert!" txtSurname.SetFocus SendKeys "{home}+{end}" End If End Sub Private Sub Form_Load() cn.Open "provider=Microsoft.jet.OLEDB.4.0; Data Source=" & App.Path & "\Medical Diagnosis System.mdb;" '''' End Sub Private Sub txtAge_KeyPress(KeyAscii As Integer) If (KeyAscii >= vbKey0 And KeyAscii <= vbKey9) Or (KeyAscii = vbKeyBack) Then End If End Sub Private Sub txtPhoneNo_KeyPress(KeyAscii As Integer) If (KeyAscii >= vbKey0 And KeyAscii <= vbKey9) Or (KeyAscii = vbKeyBack) Then Exit Sub Else KeyAscii = 0 Beep End If End Sub Private Sub txtPhoneNo2_KeyPress(KeyAscii As Integer) If (KeyAscii >= vbKey0 And KeyAscii <= vbKey9) Or (KeyAscii = vbKeyBack) Then Exit Sub Else KeyAscii = 0 Beep End If End Sub 48 APPENDIX C USER INTERFACE Home Login 49 Patient Registration form 50 Patients consultancy information Patients maintenance form 51 Patients Consultancy maintenance form Reports Treatment platform 52 53

BLOCKCHAIN FRAMEWORK FOR ENHANCING SECURITY OF MEDICAL RECORDS

Related documents

Products

Support

BLOCKCHAIN FRAMEWORK FOR ENHANCING SECURITY OF MEDICAL RECORDS

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib