Uploaded by vwede4all

BLOCKCHAIN FRAMEWORK FOR ENHANCING SECURITY OF MEDICAL RECORDS

advertisement
BLOCKCHAIN FRAMEWORK FOR ENHANCING
SECURITY OF MEDICAL RECORDS
ABSTRACT
E-health is a developed infrastructure, in which usage becomes important to collect, secure
and protect personal patients’ data, as well as to various medical resources. According to this
aspect of view, trying to protect and secure data considering its reliable storage is more
important than ever. The necessity of proving a stable and trust-base system is a big challenge
in healthcare. Offering a way to consider saving, securing and protecting the data
anonymously blockchain technology application in securing medical records, is the main
purpose of this research. The proposed system is blockchain based medical record security
system that will facilitate the process of securing patients medical records, it is very easy to
us, and it provides information security and reduce manual work. The new system will
overcome all the limitations of the existing system. The web based application will be
implemented using ASP VB Script, HTML and Java Script; window based Graphical User
Interface scripting languages, designed to run on the Windows platform for the front end. It
also uses SQL Database Management System for the back end. Micromedia fireworks and
Switmas will be used to design and create graphics and animations respectively.
Keywords: Blockchain Technology, Electronic Record Management System; E-health, Data
Sharing, and Communication.
2
CHAPTER ONE
INTRODUCTION
1.1
Introduction and Background of the Study
In traditional paper-based health records, information interchange and sharing are
inconvenient. Health records contain personal information related to the health status of a
person, which is considered sensitive data. This paper-based health records pose several
cyber-attacks and are easy to be tampered with. Moreover, there are significant limitations of
manual-record keeping which includes large storage space and difficulties in the recouping of
records. To solve these issues a digitized version of a patient’s medical data known as an
Electronic Health Record (EHR) was introduced. EHR consist of a patient’s history of
treatments. It can reduce the incidents of medical error by improving accuracy. Besides, emedical records made communication between doctor and patient much easier.
The data security is guaranteed by ensuring confidentiality, availability, and integrity;
however, the health care systems continue to face many security threats. Nowadays, EHRs
are independently stored in different hospitals in their independent database so the medical
data of a patient is accessible only to the doctors within that hospital. Due to the lack of
previous health records, the patient may need to undergo the same treatment once again,
when they move from one hospital to another. This will lead to the wastage of already
existing medical resources and increase patients’ financial burdens. “To mitigate the local
computation and communication overhead, most e-medical record services are outsourced to
a third-party such as public cloud” (Zhang et al, 2019).
Thus, solves the storage-related problem. In cloud-based systems, electronic health records
are outsourced to a third party to make medical data accessible from anywhere without any
security; this may lead to a variety of privacy issues because of the risk of information
leakage. EHR is more prone to data breaches. It occurs when an unauthorized user gains
access to medical data. Breaches can also occur when medical data is transmitted over an
unsecured connection. Later, blockchain-based HER was introduced. The introduction of
blockchain technology in health care systems reduce the security threats of medical records.
The features of blockchain protect the confidentiality of the medical records. But still, storage
issues remain (Xiong et al, 2018).
To solve the problems in the existing system, Blockchain Technology and Cloud Computing
have been used with this proposed system to enhance security and improve storage issues
over the patient’s EHR’s. Blockchain technology was first introduced in the application of
3
Bitcoin. A blockchain is termed as a chain of time-stamped blocks in which data is in an
immutable form. This indicates that the implementation of blockchain in the electronic health
record system makes medical data immutable. The data in the block is managed in a
decentralized manner, which ignores the need for a central authority. This allows patients to
control their medical records securely (Kyazze et al, 2015). Cloud computing services have
many advantages such as pay as use, automatic load balancing, and provides services on
demand. The cloud storage is used to maintain the medical data at different locations in
common storage in encrypted form without any external attacks. Thus, the study system
integrates the blockchain technology into healthcare as a solution to the existing problems to
some extent.
1.2
Motivation
The sensitive nature and the high level privacy needed by medical records couple with the
constraints faced by health record officers with respect to the filling and retrieval of medical
record in most hospitals as well as the information security challenges of medical records
motivated the study and implementation of a blockchain framework for securing medical
records as well as easy the lots of medical record officers and other health workers.
1.3
Statement of the Problem
An electronic version of a patient’s medical data is known as Electronic Health Records
(EHR). EHR’s are stored independently in each hospital, so the e-medical records are
accessible only to the doctors within that hospital and there is no link between different
hospitals, so the patient’s details cannot be shared. This leads to wastage of already existing
medical resources and increases patients’ financial burdens. To make data accessible from
anywhere, cloud storage services are utilized in this proposed system and e-medical reports
are stored in an encrypted format in the cloud to prevent security threats from any third party.
As medical data is considered sensitive information, it attracts the attention of cyberattackers. Wrong medication or treatment is caused as a result of the manipulation of medical
data. The health care system provides very few security measures to secure medical data. The
proposed systems also come up with a solution that makes use of Blockchain technology in
health care so that any attack towards medical data can be tracked.
1.4
Aim and Objectives of the Study
4
The aim of this project is to design and implement a blockchain based system for securing
medical data.
The objectives of this project work include the following;
i.
To produce confidentiality to patient medical records through the use of blockchain
technology.
ii.
To build essential bond and trust between the doctors and the patients by protecting
the personal details of a patient, this is beyond a matter of ethical respect.
1.5
Significance of the Study
Presently most hospital operates on a manual records system and a few others less secure
electronic record system. The implementation of the blockchain based system for securing
medical data will be of great significance in the following ways;

Ready access to a lot of all-inclusive, updated patient information, quick, reliable and
secure information.

Streamlining of clinical data and powerful tools that take care, supporting
multidisciplinary team operations.

Provision of adequate security for patient medical records.

Enhanced, improve and ease medical services.

Secured shared access to patience electronic health record to authorized health
institutions via the blockchain technology.

Reduced patient information management, paper-work, duplication and other forms –
less time spent finding unidentified notes, x-rays, admission or discharge information.
1.6
Scope of the Study
This project is centered on the implementation of blockchain technology based system for
securing medical data.
1.7
Limitation of the Study
In carrying out any project work, one is faced with one form of constraints or the other. The
constraints encountered in this project work include:
i.
Lack of finance to do an exhaustive and in-depth research
5
ii.
Inability to get materials from the school library/cafe, because of the crowd waiting
to make use of the facility.
1.8
Definition of Terms
Blockchain: sometimes referred to as Distributed Ledger Technology (DLT), makes the
history of any digital asset unalterable and transparent through the use of decentralization and
cryptographic hashing.
Clinical: dealing with how to practically manage patients, contrasting with Pre-health
sciences
Data: A representation of facts or ideas in a formalized manner capable of being
communicated or manipulated by some process.
Doctor: is a member of medical association, the one who is trained and licensed to heal and
treat the sick person.
Electronic Health Information Exchange (EHIE): allows doctors, nurses, pharmacists,
other health care providers and patients to appropriately access and securely share a patient's
vital medical information electronically—improving the speed, quality, safety and cost of
patient care.
Electronic Health Record (HER): An electronic health record is the systematized collection
of patient and population electronically stored health information in a digital format. These
records can be shared across different health care settings.
Health Information Management: is the collection, analysis, storing, protecting and
ensuring the quality of patient health information.
Hospitals: A building designed to diagnosis and treats the sick, injured or dying. They
usually have staff of doctors and nurses to aid in the treatment of patients
Medical Records: are the document that explains all detail about the patient's history,
clinical findings, diagnostic test results, pre and postoperative care, patient's progress and
medication.
6
Patients: A person who receives treatments from a doctor or other medically educated
person.
7
CHAPTER TWO
LITERATURE REVIEW
2.1
Theoretical Review
This work is based on providing security and privacy through cryptography based access
control to store data in the cloud and encryption through attributes. The generic public key
encryption (PKE) based techniques uses high key management mechanism, or require
encrypting a file using different users keys of different sets for using fine-grained access
control. To enhance the scalability during the encryption schemes like ABE can be used.
ABE information is encrypted under a based on a set of properties that different users who
have proper keys can use and decrypt it. Thus it makes encryption and management of key
efficient com-pared to others (Omar et al, 2019).
Interoperability in care has historically been targeted around knowledge between business
entities, as an example, completely several hospital systems. However, there is a trend push
towards patient-driven ability, during which health knowledge exchange is patient-driven.
Patient centered approach introduces new challenges and necessities for technology, privacy,
security, incentives, and governance that have got to be taken up in this sort of knowledge
sharing to succeed at a large scale.
Physicians have a different relationship with the Electronic Health Record (EHR). On the one
hand, doctors apprehend they cannot offer the most effective attainable treatment while not
them. And on the opposite, today's EHR systems are cumbersome, gawky and slow
physicians down. Indeed, there is a lot of to like and far to hate concerning today's EHRs,
aboard a spread of the way to handle the issues they produce. One resolution might belong
block chain, the technology presently powering the crypto currency Bitcoin (Holotiuk et al,
2019).
Block chain Technology is that the advance information technology in medical sector that
require secure knowledge sharing among connected parties within the network. The work
factors have impacts on electronic case history Blockchain technology adoption. Online form
was improved by taking from literature with performance perspective, trust, and risk ideas.
Electronic medical records (EMRs) are crucial however sensitive non-public data for
designation and treatment in aid, that has to be usually distributed and pooled among peers
like aid suppliers, insurance firms, pharmacies, researchers, patient’s families’ and others.
This poses a serious challenge in maintaining a patient’s case history up-to-date. Storing and
sharing knowledge between varied entities, maintaining a right to use management through
varied consents solely obscures the method of a patient’s treatment. A patient, afflicted with a
8
significant medical condition like cancer, or HIV, must sustain an extended history of the
treatment procedure and post-treatment rehabilitation and observance. Having access to a
patients complete history is also essential for his treatment as an example, knowing the
delivered radiation doses or laboratory results is critical for continued the treat is necessary
for continuing the treat (Islam et al, 2019).
2.1.1
Blockchain
The word "block" is made up of two words "block" and "chain" means a chain, which means
ultimately a chain of blocks. Blockchain is a decentralized information and reporting system.
In the blocks, any information can be entered and recorded. In the Blockchain, these blocks
of information are linked together in a chain, forming a sequence of information. This
technology is, in fact, a distributed database that anyone can check in on those transactions.
In simpler terms, blockchain is a platform that enables the transfer of information from one
location to another with high security. One of the interesting things about the Blockchain is
that its open source technology. This technology has no owners and no one at the top of the
network, which increases the trust of its members because no one can change the network and
transactions in his or her benefit. In other words, to control and access to transactions by
every member of Blockchain network can significantly increase the security and trust (Conti
et al, 2016).
Blockchain technology is not in itself a fundamental technology, but rather a set of hashing
and encryption, mass distribution, and so on processes that have created the idea of a
blockchain. Consider the Blockchain as the archive on which information is recorded. A
Blockchain may not be much different from Wikipedia. Using a blockchain, many people can
import different reports into one type of information archive, and users can control how the
information is recorded and updated. In blockchain, each node logs an independent report on
the network, and each independent record becomes a set of official reports with other records
(He et al, 2015).
2.1.2
Types of Blockchain
Blockchain has evolved a lot in the last decade. It started with bitcoin, which offered public
blockchain — the first type of blockchain. We can also term bitcoin’s blockchain as the first
generation of blockchain technology. Currently there are different types of blockchain
technology – each one of them serves their purpose and solves a particular or a set of
problems.
9
When the blockchain technology was introduced to the world, it was a public blockchain type
with cryptocurrency use-case. It is really hard to understand the intent of its creator, but in
general, it provided the concept of decentralized ledger technology (DLT). The DLT concept
gives organizations the ability to work without depending on a centralized entity. Distributed
technology solves the drawbacks of the centralization, but in itself brought a lot of other
problems to solve when it comes to applying blockchain technology to different scenarios.
For instance, bitcoin used an inefficient consensus algorithm, Proof-of-Work. It required the
nodes to solve mathematical calculations using energy. Initially, it was not a problem, but as
soon as the difficulty increased, the time and energy required to solve those mathematical
equations also increased. This inefficiency makes it not suitable for any system that needs to
stay efficient no matter what. For example, banks deal with a lot of transactions every day.
So, this blockchain type is just not suitable for it (Safavi and Shukur, 2015). There were
other problems associated with the first generation of blockchain, including scalability, no
automation, and so on.
At a glance, there are four major different types of blockchain types. They include the
following.

Public

Private

Hybrid

Federated
2.1.2.1
Public Blockchain
A public blockchain is the permission-less distributed ledger technology where anyone can
join and do transactions. It is a non-restrictive version where each peer has a copy of the
ledger. This also means that anyone can access public blockchain if they have an internet
connection. One of the first public blockchains that were released to the public was the
bitcoin public blockchain. It enabled anyone connected to the internet to do transactions in a
decentralized manner (Huang et al, 2016).
The verification of the transactions is done through consensus methods such as Proof-ofWork(PoW), Proof-of-Stake(PoS), and so on. At the cores, the participating nodes require to
do the heavy-lifting, including validating transactions to make the public blockchain work. If
a public blockchain doesn’t have the required peers participating in solving transactions, then
it will become non-functional.
10
Advantages of Public Blockchain
Public blockchains are good at what they do. Its advantages include the following.

Anyone can join the public blockchain.

It brings trust among the whole community of users

Everyone feels incentivized to work towards the betterment of the public network

Public blockchain requires no intermediaries to work.

Public blockchains are also secure depending on the number of participating nodes

It brings transparency to the whole network as the available data is available for
verification purposes.
Disadvantages of Public Blockchain
Public blockchain does suffer from disadvantages. They are as follows:

They suffer from a lack of transaction speed. It can take a few minutes to hours before
a transaction is completed. For instance, bitcoin can only manage seven transactions
per second compared to 24,000 transactions per second done by VISA. This is
because it takes time to solve the mathematical problems and then complete the
transaction.

Another problem with public blockchain is scalability. They simply cannot scale due to
how they work. The more nodes join, the more clumsy and slow the network
becomes. There are steps taken to solve the problem. Bitcoin, for example, is working
on lighting the network, which takes transactions off-chain to make the main bitcoin
network faster and more scalable.

The last disadvantage of a public blockchain is the consensus method choice. Bitcoin,
for example, uses Proof-of-Work(PoW), which consumes a lot of energy. However,
this has been partially solved by using more efficient algorithms such as Proof-ofStake(PoS).
Use-cases of Public Blockchain
There are multiple use-cases of the public blockchain. To get a better idea, let’s list some of
them below.

Voting → Governments can do voting through public blockchain employing
transparency and trust.

Fundraising → Companies or initiatives can make use of the public blockchain for
improving transparency and trust.
11
2.1.2.2
Private Blockchain
A private blockchain can be best defined as the blockchain that works in a restrictive
environment, i.e., closed network. It is also a permissioned blockchain that is under the
control of an entity. Private blockchains are amazing for using at a privately-held company or
organization that wants to use it for internal use-cases. By doing so, you can use the
blockchain effectively and allow only selected participants to access the blockchain network.
The organization can also set different parameters to the network, including accessibility,
authorization, and so on (Hussein et al, 2018).
A private blockchain is different from a public blockchain in the way it is accessed.
Otherwise, it offers the same set of features as that of the public blockchain, providing
transparency, trust, and security to the selected participants. Another major difference is that
it’s kind of centralized as only one authority looks over the network. So, it doesn’t have a
decentralized theoretical nature. Examples of Private blockchain: Multichain, Hyperledger
Fabric, Hyperledger Sawtooth, Corda
Advantages of Private Blockchain

Private blockchains are fast. This is because there are few participants compared to the
public blockchain. In short, it takes less time for the network to reach consensus
resulting in faster transactions.

Private blockchains are more scalable. The scalability is possible because, in a private
blockchain, only a few nodes are authorized to validate transactions. This means it
doesn’t matter if the network grows, the private blockchain will work at its previous
speed and efficiency. The key here is the centralization aspect of decision making.
Disadvantages of Private Blockchain

Private blockchains are not truly decentralized. This is one of the biggest
disadvantages of private blockchain and goes against the core philosophy of
distributed ledger technology or blockchain in general.

Achieving trust within private blockchain is tough because the centralized nodes
make the last call.

Lastly, as there are only a few nodes here, the security isn’t all that good. It is
important to understand that it is possible to lose security if a certain amount of nodes
go rogue and compromise the consensus method utilized by the private network.
12
Use-cases of Private Blockchain
There are multiple private blockchain’s use-cases. Some of them are listed below.

Supply chain management → Organizations can deploy a private blockchain to
manage their supply chain.

Asset ownership → Assets can be tracked and verified using a private blockchain.

Internal Voting → Private blockchain is also effective at internal voting.
2.1.2.3
Consortium Blockchain
A consortium blockchain(also known as Federated blockchains) is a creative approach to
solving the needs of organizations where there is a need for both public and private
blockchain features. In a consortium blockchain, some aspects of the organizations are made
public, while others remain private (Kyazze et al, 2015).
The consensus procedures in a consortium blockchain are controlled by the preset nodes.
More so, even though it’s not open to mass people, it still holds the decentralized nature. A
consortium blockchain is managed by more than one organization. So, there is no one single
force of centralized outcome here. To ensure proper functionality, the consortium has a
validator node that can do two functions, validate transactions, and also initiate or receive
transactions. In comparison, the member node can receive or initiate transactions. In short, it
offers all the features of a private blockchain, including transparency, privacy, and efficiency,
without one party having a consolidating power. Examples of Consortium Blockchain: Marco
Polo, Energy Web Foundation, IBM Food Trust.
Advantages of Consortium Blockchain

It offers better customizability and control over resources.

Consortium blockchains are more secure and have better scalability.

It is also more efficient compared to public blockchain networks.

Works with well-defined governance structures.

It offers access controls.
Disadvantages of Consortium Blockchain

Even though it is secure, the whole network can be compromised due to the member’s
integrity.
13

It is less transparent.

Regulations and censorship can have a huge impact on network functionality.

It is also less anonymous compared to other types of blockchain.
Use-Cases of Consortium Blockchain
There are multiple use-cases of consortium blockchain. Some of them include the following

Banking and payments: A group of banks can work together and create a
consortium. They can decide the nodes that will validate transactions.

Research: A consortium blockchain can be used to share research data and results.

Food tracking: It is also great for food tracking.
2.1.2.4
Hybrid Blockchain
Hybrid blockchain is the last type of blockchain that we are going to discuss in this section.
More so, hybrid blockchain might sound like a consortium blockchain, but it is not. However,
there can be some similarities between them. Hybrid blockchain is best defined as a
combination of a private and public blockchain. It does have use-cases in an organization that
neither wants to deploy a private blockchain and nor public blockchain and simply wants to
deploy the best of both worlds (Cheng et al, 2018).
Advantages

Works in a closed ecosystem without the need to make everything public.

Rules can be changed according to the needs.

Hybrid networks are also immune to 51% attacks.

It offers privacy while still connected with a public network.

It offers good scalability compared to the public network.
Disadvantages

Not completely transparent.

Upgrading to the hybrid blockchain can be a challenge.

There is no incentive for participating and contributing to the network.
Use-Cases
Some of the best use-cases of the Hybrid blockchain are as follows:
14

Real estate: You can use hybrid networks for real-estate purposes where real-estate
companies can use it to run their systems and also use the public aspect for showing
information to the public.

Retail: Retail can also use the hybrid network to streamline their processes.

Highly regulated markets: Hybrid blockchains are also ideal for highly regulated
markets such as financial markets.
2.1.2.5
Blockchain Type more suitable for Securing Medical Records
Each blockchain has something unique to offer. That’s why there is not a simple answer to
what type of blockchain medical organization should choose for securing medical records.
However, Consortium Blockchain technology is a blockchain network that is controlled by a
set of organizations or nodes rather than a centralized node or a decentralized network. A
consortium blockchain is good because it comes with pre-selected nodes. Therefore, the ideal
type of Block chain technology for the solution that requires collaboration across the board
such as securing medical record is the Consortium Blockchain Network (Cheng et al, 2015).
2.1.3
Blockchain Models
As mentioned above, a blockchain is a distributed network open to anyone. This definition
usually relates to a particular model known as permission-less or public. In the public model,
any participant can join and leave at will because no rule restricts access and interaction.
Therefore, the data stored in a public blockchain (i.e., Bitcoin or Ethereum) is accessible by
anyone unless encryption and smart contract logic are employed. Besides the public model,
blockchain can also be employed in a restricted network where the participants’ identities are
known (Hakak et al, 2019). This restricted model is usually referred to as permissioned or
consortium. The model of participation has a significant influence on how the consensus is
reached by the network.
2.1.1.1 Permssionless Model
In the permissionless model, identities are either anonymous or pseudonymous, and
everybody is allowed to participate. Any user can generate a set of keys and an address that
enables her to interact with other entities in the blockchain network. Therefore, everybody
has the right to read data, create transactions and append information to the ledger. This
model also allows to install a blockchain node and participate in the transaction validation
process known as consensus. Examples of such networks are Bitcoin and Ethereum. In the
15
latter, the user can create and install code, known as smart contract, that is public and
invokable by anyone. The smart contract is identified by an address and runs in an
environment called Ethereum Virtual Machine (EVM).
Public and permissionless blockchains need an incentive system to assure the correct
functioning and existence of the network. The incentives are in the form of rewards and fees.
Ethereum, for example, has a built-in currency, called ether, which serves both as liquidity to
enable value exchange between various types of digital assets and to provide a mechanism for
paying the transaction fees (Wang et al, 2019).
In fact, users must pay ethers for invoking the logic of a smart contract and for validating
their transactions. The miners collect the fees during the consensus process that consists in
the agreement on global order and the new state of the system.
2.1.1.2 Permissioned and consortium model
A permissioned blockchain is a closed system where the participants have identities and
know one other. It is built to allow a consortium or a single organization to securely and
efficiently exchange information. As proof of the fact that anonymity of participants is not
always a desirable property, the permissioned model is gaining interest among enterprises
because it allows secure interactions in a network of businesses with common goals but
which do not fully trust each other. Examples of such a model are Corda, Tendermint,
Postchain. One of the most prominent work is Hyperledger Fabric, an open source project
hosted by the Linux Foundation. Fabric’s modular and extensible architecture is designed to
fit different enterprise use cases (Xu, 2018).
In the implementations mentioned above, privacy and confidentiality are managed by trusted
parties, called membership services. In Fabric, this service is known as Membership Service
Provider and has the role maintain all the identities in the system. It is responsible for issuing
credentials used for authentication and authorization. In general, each organization has a local
implementation of the service that is used to generate certificates and public keys for its
members. The credentials are necessary to participate in the network activities as every
message and transaction must be signed. This, in turn, increases the privacy and security of
the network as well as its participants. Even though the identity management in such systems
is somehow logically centralized, it enables a new set of consensus mechanisms based on
Byzantine
Fault Tolerant (BFT) state machine replication protocols like the Practical Byzantine Fault
Tolerant (PBFT). The implementation of consensus is, therefore, more accurate and does not
16
depend on mining as PoW does. In addition, the concept of consensus itself is broader and
entails the whole transaction flow, from the proposal to the commit. Theoretic and practical
tests on BFT protocols proved that they can handle tens of thousands of transactions with
acceptable network speed latencies (Willison et al, 2016).
2.1.4
Blockchains for E‐Healthcare Systems
The E‐healthcare system is believed to be one of the fields where blockchain has great
potential due to its inherent characteristics, especially for the management of electronic
health records. Significant research efforts have been made in this direction in the last few
years. Azaria et al, in 2016, proposed a decentralized records management system, termed
MedRec, which was built on the Ethereum platform and utilized Ethereum's smart contracts
to create an intelligent representation of existing medical records stored within individual
nodes on the network (Azaria et al, 2016).
Patients have control over their medical records across providers and treatments sites in this
system. While medical stakeholders, such as researchers, public health authorities, etc, are
incentivized to participate in the mining of the blockchain. The blockchain ledger keeps an
auditable history of medical interactions of patients, providers, and regulators. This solution
brings questions about to which levels that patients should own their medical information and
to which degrees that the data can be shared. The related regulations have been discussed
under various circumstances, and in most cases, are decided by health authorities. For this
reason, the available variation of the system should also be taken into the consideration that
patients have not full control over their medical records and data are shared at different levels
among all medical stakeholders. In the same year, Yue et al (2016) proposed a
blockchain‐based smartphone application architecture, termed Healthcare Data Gateway
(HDG), to improve the privacy aspect of sharing private patient data. The proposed
architecture consists of three layers: raw data are encrypted and stored in the private
blockchain cloud at the storage layer; database management, including data access
management is placed at the management layer; and usage layer is where health care data are
utilized, eg, for the medical records system, data analytics, etc. In this architecture, a private
blockchain is implemented. Unlike a public blockchain that anyone can join the network, the
private blockchain is a permissioned blockchain with restrictions on who is allowed to
participate and to which operations/actions. Another approach to improving privacy issues
when sharing healthcare data between different stakeholders was proposed by Peterson et al
(2016). The article discusses the challenges of choosing common interoperable data syntaxes
17
and security protocols and approaches to solving these challenges. A new consensus
mechanism, termed “Proof of Interoperability,” along with an algorithm describing the
process, is proposed. Data must conform to both structural and semantic constraints to be
verified to reach the consensus. In this study, the EHR system utilizes Fast Healthcare
Interoperability Resources (FHIR) standard data format, and the proposed consensus
mechanism correspondingly uses the profile of the FHIR as the interoperability constraints.
For different formats that other EHR systems are utilizing, a set of structural and semantic
constraints need to be designated beforehand to implement this consensus mechanism.
Subsequently, Kuo et al introduced blockchain to the biomedical/healthcare domains.12 The
article detailed the benefits of applying blockchain in biomedicine/healthcare by comparing it
with traditional distributed databases. It also discussed the potential challenges and proposed
solutions for adopting blockchain technologies in these domains. This work gives a general
introduction about blockchain technologies to the biomedical and health care informatics
researchers (Kuo et al, 2017).
Liang et al (2017) proposed a user‐centric health data sharing solution by utilizing a
decentralized and permissioned blockchain. In this work, a mobile application was deployed
to collect health data from personal wearable devices. The collected data were synchronized
to the cloud and then shared with healthcare providers and health insurance companies. The
blockchain network is deployed for data integrity protection, in addition to which, it also
stores access control policies and all access activities of the personal health data. However,
the mobile application collects personal health data from either the sensors of the wearable
devices or manual input by users. Therefore, the approach has its limitation of
implementation in EHR systems where data are primarily accessed by health professionals
and recorded in standardized formats.
Very recently, Kokoris et al (2018) presented a scalable distributed ledger, the OmniLedger,
where they used a technique known as sharding, to create subsets of nodes for parallel state
and transaction processing. By implementing this approach, the processing capacity increases
as the network scales out and overcomes the capacity issue of the traditional ledger, where
the processing capacity decreases as larger consensus groups likely generate more overheads.
2.2
Review of Related Works
Medical data has precisely recorded people’s illnesses, and medical records and the secure
storage and sharing of medical data and patient privacy protection have increasingly become
a priority to build intelligent hospitals. Traditional data access control technology builds and
18
implements a safety access strategy with a completely reliable server, making it difficult to
get adapted to the distributed network environment in modern times. Featured by
decentralization and trustlessness, blockchain has given people a brand-new idea through
distributed data storage, reliable point-to-point transmission, a consensus mechanism, and
encryption algorithms (McGhin et al 2019). In the security demand under the cloud
computing environment in recent years, ABE is an important technological means, and the
ABE access control mechanism has been studied extensively in the computing environment.
As an encryption mechanism that uses attribute as a public key, the mechanism, in essence,
links users with ciphertexts through the attribute. Its flexibility of encryption and access
control form has greatly ensured the security of cloud data storage (Omar et al, 2019).
In the meanwhile, it has also achieved fine-grained access and become the key technique for
secure cloud storage access control. However, the traditional ABE mechanism fails to
completely guarantee data confidentiality, effectively prevent collision attack, or satisfy the
forward and backward security of attribute revocation and the huge computing costs caused
by revocation. It will be a significant core of research to apply blockchain into cloud
computing and use the security mechanism of blockchain to enhance the secure storage and
performance of cloud computing. The integration of blockchain and cloud computing plus
proper security strategy can solve the contradiction between data sharing and privacy (Islam
et al, 2019).
This paper has brought forth a distributed medical data privacy protection scheme based on
blockchain and cloud computing technology with an aim at the open-ended question brought
by data sharing of intelligent hospitals and personal privacy protection of patients.
Concretely, on the one hand, the scheme has introduced a cloud computing pattern and
designed blockchain-based distributed data management architecture for intelligent hospitals,
in which it uses a consortium chain in the blockchain and ensures the security of user
information in order to guarantee the operating efficiency of blockchain and reduce the
computing burden of the user side. Besides, to handle the highly complex computing caused
by encryption, it has used proxy reencryption technology and ABE technology to offer
specific access control mechanisms to users. The access of every user is based on condition
and attribute, which provides a secure exchange of patient information for every doctor. The
response side encrypts all medical data. The cloud nodes process the medical data transmitted
to get and return the final ciphertext to the request side. On the other hand, it has designed the
data sharing and replacement as well as privacy protection rules with the participation of the
19
cloud computing service side, and it can greatly solve the difficulties in secure storage and
sharing of intelligent hospitals.
The underlying communication of blockchain generally adopts P2P communication. P2P
technology makes the communication on the network easy and direct and reduces the
dependence on the intermediate server to the minimum. P2P technology has the
characteristics of decentralization, scalability, robustness, high cost performance, and load
balancing. Consensus mechanism is the core of blockchain, which maintains the normal
operation of blockchain. Consensus mechanism is an algorithm to reach consensus on the
order of things in a period of time. Common consensus mechanisms include proof of work
(POW), proof of stake (POS), and practical Byzantine fault tolerance (PBFT). Consensus
mechanism ensures that the uniqueness of information and data cannot be tampered with.
Taking advantage of this, blockchain technology can be widely used in intelligent asset
management, such as intellectual property protection and domain name management, to
ensure that the contract is not tampered with. At present, relevant researchers all over the
world have been studying medical data sharing and privacy protection.
He et al. has proposed a medical data sharing model of cloud storage, which adopts the
distributed sharing mechanism and which meets the interoperability requirements of CCR
standard (He et al, 2015); however, there is still a huge gap with the data security and privacy
protection as required by intelligent hospitals. Seyedmostafa et al. has built a portable
medical system architecture, which supports data security and privacy protection through the
CIA/HIPAA protocol, but which does not meet the requirement of interoperability (Safavi
and Shukur, 2015). Liang et al. have used the CCR standard and designed a solution—
HealthVault, which is a web medical and health record system and which adopts the clientserver pattern. All medical data are stored in a third-party server, so security and reliability
cannot be guaranteed (Huang et al, 2016). The Healthticket model designed by Kyazze et al.
enables doctors to access medical data of patients through the web app (Kyazze et al, 2015).
This model ensures the private information of patients with CP-ABE mechanism, but the
access requires multiple licenses. The security, privacy, and interoperability of all these
models are difficult to meet the requirements of intelligent healthcare. However, blockchain
technology completes permission validation through a third party, which has solved the
above problems satisfactorily, balanced medical data sharing and privacy protection,
eliminated central nodes, and improved access efficiency.
Proxy reencryption is a key conversion mechanism between ciphertexts and it was proposed
by Cheng et al. Wang et al. has given its normative formal definition in the 2005 Network &
20
Distributed System Security Symposium (NDSS) and the 2007 ACM Conference on
Computer and Communications Security and constructed the one-way proxy reencryption
algorithm (Cheng et al, 2018; Wang et al, 2019). Based on the above two studies, Xu has
constructed the first valid two-way proxy reencryption algorithm (Xu, 2018). Afterward,
Yang et al. have also constructed the secure one-way proxy reencryption scheme without
bilinear pairing (Yang et al, 2019).
Ateniese et al. had configured the privacy proxy reencryption algorithm in line with CPA
security. As for ABE, Fan et al. had constructed the KP-ABE algorithm to support
monotonous access for the first time, and the ciphertext uses the attribute for encryption (Fan
et al, 2018). The key is tied to user access strategy and only when the access strategy of the
key matches the attribute of the passphrase can the user correctly decrypt the passphrase.
Willison et al. had raised a secure and unbounded ABE algorithm (Willison et al, 2016), the
size of whose attribute set is not confirmed when initializing the public parameters.
Moreover, the available attributes are infinite polynomial orders, and new attributes can be
added in the specific implementation. Hakak et al. had improved the ABE algorithm, which
had extended the decryption condition to the universal monotonous access control and
adopted a fine-sorted access control key (Hakak et al, 2019). It has greatly expanded the
coverage of the ABE algorithm (Cheng et al, 2015). Later, Hussein et al. had come up with
an ABE algorithm approximate to actual access control, but loopholes still exist in the
security (Hussein et al, 2018). Conti et al. had put forward an ABE algorithm for DBDH
problems, but the access mode is merely a simple attribute operation without reaching
universal access control (Conti et al, 2016). Integrating blockchain and cloud computing in
the research of secure storage of healthcare data has found a new direction for the relevant
theoretical research of information security and promoted extended applications of
blockchain in the fields, which involve sensitive data such as intelligent healthcare. In this
sense, it has certain practical value (Holotiuk et al, 2019).
.
21
CHAPTER THREE
METHODOLOGY AND SYSTEM ANALYSIS
3.1
Research Methodology
The project work adopted the design methodology. The design of a blockchain based system
for security medical data was implemented. The system was designed to enhanced the
security of medical records. The designed system has the followings modules: eAdmin,
eHospital, eStaff, eLab, ePatient, eDoctor, Emergency Case and Biometric Information that
help to store the electronic records in the consortium blockchain system.
3.2
System Analysis
System analysis deals with the investigation of a system so as to ascertain how it will work
and what can be done to improve its working efficiency at a minimum cost. System analysis
is a problem solving techniques that decompose a system into its components pieces for the
purpose of studying how these comments part works and interact to accomplish their purpose.
It is a series of activities carried out on a system to identify its strength and weaknesses so as
to devise a better means of improving on the system performance.
3.2.1 Analysis of the Existing System
In the existing system, there is no connection between different hospitals since they use an
independent database so the patient’s details cannot be shared. Although some hospitals use
cloud computing technology to store, their data but they are not secure. In the current system,
in case of an emergency, the patient might be in an unconscious state so the hospital
authorities may not know the details of the patient and it is time-consuming to find the
medical details. Lack of relevant medical reports affects the further treatment of the patient.
3.2.1.1
Weaknesses of the existing system
Major drawbacks of the existing system are as follows.
Insecurity: EHR plays an important part in the transformation of health care that enables a
patient to handle their medical data via the internet. EHR possesses medical details of the
patients, which attracts cyber attackers. “Loss of electronic health record leads to a wrong
medication or surgery. Health care systems provide fewer security measures to secure the
health records”.
Storage: EHR’s are maintained in independent databases of each hospital, so access to
previous medical records is impossible when the hospital is changed. This leads to a waste of
22
medical information and they have to conduct the medical examinations once again. Without
access to one’s previous medical files, a new doctor may not know about the patient’s
medical history. It is because different states and organizations have different ways of storing
medical data.
3.2.2 Analysis of the Proposed System
The usage of blockchain technology for securing medical records is introduced in this
proposed system. The main objective is to provide secure solutions for patient medical data
using Blockchain Technology. In this proposed system, the medical information of people is
stored in a centralized web. The details like lab reports, medicine details, treatment historyare
stored under a single unique ID. Using this ID, a patient can view all their treatment details
andshare their reports with the doctor. To overcome the security threat from the third-party
serviceprovider inside the cloud, a secure encryption technique was implemented.
Furthermore, blockchaintechnology is used to verify the data integrity for more security.
Blockchain technology is expected to have a highly significant impact on the health care
industry.The blocks are protected in an assured and unchangeable manner. Each block
contains the data,timestamp, hash of that block, nonce, and hash of the previous block. Here
data indicate the medicaldata of patients. Timestamp identifies when the block is generated.
Just like a fingerprint, the blocksare uniquely identified by their hash values. Any changes
done within the block causes a change in the hash value. When changes to intersections are to
be detected, the hash is very useful. The block does not remain the same if any change is
made in it. A nonce is a number added while hashing to meet the desired target value. Each
block in the blockchain contains the medical reports of each patient, generated by the doctors
who treated them. Thus, a chain of blocks that contain information is known as the
blockchain, whose immutability is guaranteed and keeps important medical data safe and
allows secure transfer of patient medical records. Blockchain does not need a central
authority to control the overall system since it is decentralized. In the healthcare domain,
blockchain has the potential to resolve the issues related to medical records by providing
security, validation, and authentication.
3.2.2.1
Advantages of the Proposed System
The following are some of the advantages of the proposed system
 Blockchain technology would prevent any type of security attack that has exploited the
single point of failure weakness of the traditional client-server model.
23
 Since blockchain technology relies on a distributed network there is no one point of
failure. This means that it is not possible for hackers to simply find a security flaw and
then gain access to the data in this way.
 Should a hacker target any one node on the blockchain network and attempt to make an
unauthorized change then the other nodes will prevent it from happening.
 As each participant on the network has a complete copy of the entire blockchain ledger,
they are able to independently verify any new block being added and identify any
attempt to alter any previous block.
 Blockchains are designed to be unalterable once written unless the change has the
support of 51% of the network. This makes them excellent for storing patient medical
records as it means any data in the record cannot be tampered with.
 As every new data block that is added would also contain details of the doctor who added
it, blockchain EMRs would offer full accountability for the data that they contain.
 In the case of incorrect diagnoses, for example, patients could be confident that there is
no way that records could be altered should the doctor or healthcare provider wish to
deny accountability.
3.2.2.2
High Level Model of the Proposed System
Fig. 1: High Level Model of the Proposed System (Source: Huang et al, 2016)
In membership management the health administrator registers users i.e. Patients and
Healthcare-Providers to the membership service based on their roles. During registration,
24
health administration should make sure that only valid user should be register in membership
service. For example, in case of Healthcare-Provider registration they should ensure that
he/she is a qualified doctor and must be registered with the government health organization.
The membership service also hosts a certification authority that generate key pair for signing
and encryption key pair for every user. Patient is issued with a symmetric encryption key
(Patient Key) which is used for encryption/decryption of medical records. When a patient
wants to share medical records with a Healthcare-Provider, the patient can share his/her
patient key using the public key of that Healthcare-Provider. Healthcare-Provider can also
request this key from patient and when provided he/she can access patients’ medical records
and can add new records. Our system provides a user interface for every user through which
they can interact with the system. The frontend web application is written in HTML, CSS and
JavaScript. All the users are provided with their own separate web user interface. Both
patients and Healthcare-Providers will use their login credentials (provided by the admin) to
login to the system.
Consensus mechanism is the most important part of our blockchain application to verify
transactions. All peers that takes part in the consensus mechanism runs a consensus algorithm
(Hyperledger use PBFT consensus algorithm) to check whether a transaction is valid or not.
If certain number of peers reaches a consensus the transaction will be successful and the
transaction will be added to the blockchain. Here in our system we have set a network that
will consists of four peer nodes that will act as endorsing peers and committing peers at the
same time and one orderer node that will provide the ordering service. Out of these four peers
three peers must reach a consensus for transaction to be successful and added to the
blockchain. Every peer node will hold ledger and the chaincode (chaincodes are written in
JavaScript) along with its World-State database. Transactions submitted by users are received
by the nodes through role-based APIs. When a transaction is submitted by the user, the leader
node organizes transaction in a block and initiate the consensus mechanism. All nodes
execute the transaction according to implemented chaincode logic. After successful execution
the endorsing peers send the endorsement responses to the client. The client now sends the
transaction attached with endorsement response to the orderer node which host the ordering
service.
Ordering service receives the endorsed transactions and orders them into a block. Now it
broadcast the generated block to all peers. Every peer verify that the transactions of the
received block are signed by appropriate endorser and that enough endorsements are present
25
(in our system 3 out of 4 peers must reach the consensus). If, the verification check passes the
peer commit/save the block to their ledger. The data is stored in the Hyperledger Fabric
distributed ledger which stores data in two ways: the blockchain that contains the chain of
blocks with each block holding transaction information in the form of key-value pair and
World-State database that stores value (asset) of all the last committed transactions according
to the specific key. Here a point to be noted is that it is not feasible to store all data in the
blockchain as it largely degrades the performance of whole blockchain system.
USAGE SCENARIOS
A user reads his/her health record from a provider
A user wants to read his/her record from a provider's database. He/she makes a query request
to access the record. This query, together with a return value that is either the requested data
or an access denied message, will be a log that is hashed and added to the Record
Relationship Contract (RRC).
A health provider reads records from another provider
A provider B wants to read a user's record from provider A's database. B makes a query
request to provider A. This query, together with a return value that is either the requested data
or an access denied message, will be a log that is hashed and added to the RRC.
A health provider edits records
A provider wants to read or edit a user's record from its own database. The provider makes a
query to the record. All actions and edited data will be a log that is hashed and added to the
RRC.
Figure below shows these three usage scenarios. Before a new block is mined, the status in
each RRC indicates pending. If more than one hashed log has been added to an RRC within
one blockchain update cycle, they will all be added to the RRC. After the new block has been
appended to the blockchain, the status in each RRC changes to updated.
26
Fig. 3.2: Usage Scenarios (Source: Safavi and Shukur, 2015)
27
CHAPTER FOUR
SYSTEM DESIGN AND IMPLEMENTATION
4.1
Objectives of the Design
The objective of this research is to design and implement a blockchain based system for
securing medical data. The system will be flexible and easily accessed from different
locations using either mobile phones or personal computer connected to the internet. The
authentication of users will be done to access very sensitive data while only personal key
login details will be needed to grant access to users accessing non-sensitive information. The
implementation of this system entails all the processes undertaken from the conversion of the
old system to the new system, final documents compilation and users training. The overall
system and software is user-friendly, inter-operational, portable and adaptable. It was
designed in a way that any level of user can easily use it without having any problem.
4.2
Control Centre/Main Menu
The following are the control centre for the system:

Blockchain

eAdmin

eHospital

eStaff

eLab

Patient

eDoctor

Emergency Case

Biometric Information
4.3 System Specifications
Tools used in the development of the web application includes HTML language, Cascading
Style Sheet (CSS), ASP.NET Framework and Microsoft Visual Studio 2010.
MySQL
database was the database server used to hold data and records accounts in the system.
HTML language was used to design the user interface of the system. Cascading Style Sheet
(CSS) assisted the HTML to make the interface friendly and responsive. ASP.NET
Framework is the web-application framework used in designing the system.
28
Microsoft
Visual Studio 2010 is the IDE (Integrated Development Environment) used in designing the
system.
4.3.1 Database Development Tool
The web application system design can store and retrieve information from a database. The
database used for this design is MySQL database as the back end, this is used to create
different tables. MySQL provides one of the most flexible database management system, and
the flexibility does not come at a high price either. The database can be small, large, or
gigantic. You can expand them, shrink them, infuse them with thousands of tables, copy
them, move them, detach them, transform them, encrypt their objects, and so on.
4.3.2 Database Design and Structure
The database design structure used in the web application for security medical records using
block chain technology are given below.
Login
This table holds administrators login information such that any query made to this table list
out all the administrators that have rights to the system.
Field
Type
Size
Null
Default
ID
Bigint
20
No
Username
Varchar
20
Yes
Null
Password
Varchar
20
Yes
Null
Extra
auto_increment
Patient Registration
All patient data are save in the table below
Field
Type
Size
Null
S/N
bigint
20
No
CardNo
varchar
20
Yes
Null
Null
Surname
varchar
20
Yes
Null
Null
Othernames
varchar
20
Yes
Null
Null
Sex
varchar
20
Yes
Null
Null
Age
varchar
3
Yes
Null
Null
Address
varchar
200
Yes
Null
Null
PhoneNo
varchar
20
Yes
Null
Null
29
Default
Extra
auto_increment
Next_of_Kin
varchar
20
Yes
Null
Null
Next_of_Kin_Address
varchar
20
Yes
Null
Null
Next_of_Kin_PhoneNo
varchar
20
Yes
Null
Null
Relationship
varchar
20
Yes
Null
Null
Date
varchar
20
Yes
Null
Null
Default
Extra
Consultation Information
All Consultation data are save in the table below
Field
Type
Size
Null
S/N
bigint
20
No
CardNo
varchar
20
Yes
Null
Null
Disease
varchar
20
Yes
Null
Null
Symptom1
varchar
20
Yes
Null
Null
Symptom2
varchar
20
Yes
Null
Null
Symptom3
varchar
3
Yes
Null
Null
Symptom4
varchar
200
Yes
Null
Null
Symptom5
varchar
20
Yes
Null
Null
Drug1
varchar
20
Yes
Null
Null
Drug2
varchar
20
Yes
Null
Null
Drug3
varchar
20
Yes
Null
Null
Drug4
varchar
20
Yes
Null
Null
Drug5
varchar
20
Yes
Null
Null
Date
varchar
20
Yes
Null
Null
Default
Extra
auto_increment
Diagnosis Information
All disease data are save in the table below
Field
Type
Size
Null
S/N
bigint
20
No
CardNo
varchar
20
Yes
Null
Null
Disease
varchar
20
Yes
Null
Null
Symptom1
varchar
20
Yes
Null
Null
Symptom2
varchar
20
Yes
Null
Null
30
auto_increment
Symptom3
varchar
3
Yes
Null
Null
Symptom4
varchar
200
Yes
Null
Null
Symptom5
varchar
20
Yes
Null
Null
Search
This table revive drug search code as input.
Field
Type
Size
Null
Default
ID Number
Varchar
20
Yes
Null
Drug Information
All drug data are save in the table below
Field
Type
Size
Null
Default
Extra
S/N
bigint
20
No
CardNo
varchar
20
Yes
Null
Null
Drug1
varchar
20
Yes
Null
Null
Drug2
varchar
20
Yes
Null
Null
Drug3
varchar
20
Yes
Null
Null
Drug4
varchar
20
Yes
Null
Null
Drug5
varchar
20
Yes
Null
Null
auto_increment
4.3.3 Program Module Specification
The various modules of the system are Admin, Hospital, Doctor, Patient, Staff, and Lab. The
various functions associated with each module are as follows.
Admin: Admin is the main authority who controls the overall system. The admin is the one
who manages the hospital registration and lab registration with the system. It has the
functionality to accept or reject the hospital’s registration and lab registration with the
system. Another major function performed by the admin is to issue an Electronic card
(eCard) for each patient. eCard contains the basic personal information about patients and a
QR code for uniquely identifying each one of them at any hospital.
Hospital: The hospital is another important module that keeps track of all the processes from
a patient taking admission to the hospital until the patient is discharged or completes their
31
treatment. The hospital has the authority to add staff and doctors when new staff or doctors
join. When the hospital is starting a new department, the hospital can add the new department
also.
Staff: In this module, staff schedules the necessary appointments for the patients using
eCards and assigns doctors for each patient according to the specialization needed by the
patients. The staff scans the QR code in the Electronic card (eCard) of each patient to get
their information to make an appointment.
Lab: In this module, the labs that have been approved by the admin do the laboratory test for
the patients. The generated test results are shared with patients and shared with the doctor
who recommended the test for the patient.
Patient: The patient can take an appointment in any hospital with their unique QR code in
the eCard. In this module, the patients can view and manage their medical reports. Apart from
this, they can verify the integrity of the medical record by calculating the hash values of
medical records at the time of decryption and by comparing it with previously calculated hash
values, which are stored in the cloud. Any change in hash values is reflected in the reports
and patients are notified of any case of attack towards medical data using blockchain
technology, which makes the EHRs more secure. Patients can view their medical reports by
decrypting it from the cloud, once data integrity is satisfied. If the doctor wants to view the
patient’s previous medical reports or the patient wants to share the reports with another
doctor for a second opinion, the patient can share the needed reports and an authorized doctor
can decrypt it for further treatment.
Doctor: In this module, the doctor accepts the patients’ appointments and treats them. The
doctor then provides a report of the patients’ diagnosis and prescribes them the required
treatment. The medical reports generated by the doctor are encrypted using an encryption
algorithm and stored in the cloud.
Simultaneously, the encrypted reports are hashed using a hashing algorithm, to transform
medical reports into their corresponding file hash. Along with the file hash, some values from
the e-medical reports undergo hashing and a hash value for the block is generated using
blockchain technology. This hash value of the block is then stored in the cloud and is later
used for verifying the data integrity of medical reports on decryption. Any change in medical
32
reports will be identified by calculating the hash values of reports on decryption and by
comparing it with hash values previously stored in the cloud. Any change in hash values
affects the overall value and this indicates that the data integrity is compromised. So any
attacks against medical data are tracked and notified to the corresponding patient. In any case,
if the doctor wants to have a look at the patient’s previous medical reports or else the patient
meets a doctor for a second opinion, the patient can share the reports. Once access is granted,
the doctor can view the shared medical reports by decrypting it from the cloud once the data
integrity is satisfied. After having a look at the patient’s previous medical reports, the doctor
decides the treatment to be prescribed and new medical reports are added to the existing
reports.
Emergency Case: In case of an emergency, most patients are in an unconscious state when
they are admitted to the casualty section of a hospital. So the above communication between
patient and doctor is failed in this situation. This leads to a problem in retrieving the medical
details. To solve this issue in case of emergency the authorized doctors are given special
permission to access the basic medical details, as well as the medical details related to the
diagnosed issue of each patient. The patients get a notification so that any sort of
unauthorized access to their medical records could be tracked. This may improve the patient’s
further treatments. The following techniques are used by authorized doctors to retrieve the
basic medical details of a patient.
Biometric Information: Admin issues eCard for patients with their basic personal
information along with the biometric information. So, if the patient is brought unconscious to
a hospital, the authorized doctors in the emergency departments in the hospital can use the
patients’ biometric information to get the patient’s basic details.
4.3.4 Input/Output Format
The input design focuses on controlling the amount of input required, controlling the errors,
avoiding delay, avoiding extra steps and keeping the process simple. The input is designed in
such a way so that it provides security and ease of use with retaining the privacy.
A quality output is one which meets the requirements of the end user and presents the
information clearly. In output design it is determined how the information is to be displaced
for immediate need and also the hard copy output. It is the most important and direct source
33
information to the user. Efficient and intelligent output design improves the system’s
relationship to help user decision-making.
4.4 System Flowchart
A flowchart is a general representation of the logic of a program or sets of instruction using
specific symbols with predefined meaning. It is a visual picture that gives the steps of an
algorithm and also the flow of control between the various steps. The system flowchart is
shown below.
START
DIAGNOSE NEW
PATIENT
DIAGNOSE OLD
PATIENT
PATIENT RECORD
MAINTENANCE
REPORT
STOP
34
REGISTRATION
START
INPUT CARD NO
DOES
IT EXIST?
DISPLAY ERROR
MESSAGE
DISPLAY REGISTRATION FIELD
INPUT PATIENT INFORMATION
PROCESS INFORMATION
ARE ALL FIELD
FILLED?
DISPLAY ERROR
MESSAGE
DISPLAY CONSULTANCY FORM
CHECK SYMPTOMS
PROCESS SYMPTOMS
SAVE TO DATABASE
STOP
35
CONSULTATION
START
INPUT CARD NO
DOES
IT EXIST?
DISPLAY ERROR
MESSAGE
DISPLAY CONSULTANCY FORM
CHECK SYMPTOM
PROCESS SYMPTOMS
SAVE TO DATABASE
STOP
4.5 System Implementation
System implementation translates the specific action established during the system analysis
and design into a rally operational system. System implementation is the construction of a
new system (that is, the development, installation and testing of the system) and the delivery
of that system into production. System documentation is a written description of how the
system works. It consists of information on how to install the system and other design issues
that will help the user to understand it better. Each unit testing verifies that each module meet
its specification.
36
4.5.1 Proposed System Requirements
This program is hardware and software dependent. The proposed system requirement are
highlighted in the hardware and software requirement section below.
4.5.1.1 Hardware Requirements
The following hardware components are needed for the software to operate.
1. Pentium 3 processor and above
2. Minimum of 512 MB of RAM to install
3. Mouse
4. CD ROM /floppy Drive
5. Monitor resolution of 1024 by 786 pixels
6. Keyboard
4.5.1.2 Software Requirements
Stated below are the software requirements for this application to function appropriately.
1. Installed Microsoft window XP/NT/Vista/Windows 7/Windows 10
2. Installed web browsers
4.5.2
System Testing
During the programming stage, each modules of the program will be tested to pre-lay down
rules by the designer. The complete programs are then passed to the designer for further
testing. Testing will be performed by both desk checking, the original specification and by
running the final programs using test data.
Test data should normally be compiled and the result should be normally compared with the
appropriate clerical figure or the current computer system. It is also important that the system
correctly identifies errors. Common error test include the input of;
i.
Incorrect formats.
ii.
Out of range items
iii.
Invalid combination.
4.5.2.1
Limitations of the System
The followings are the possible limitations of the system:
(i) The system is network-dependent and once internet services cannot be accessed, the
system cannot be accessed.
37
(ii) The system depends on electricity hence lack of adequate power supply to manage and
access the hybridized system can limit the use of the system.
(iii) Loss of total control of the hybrid system considering the fact that there is always a third
party service provider whose responsibility is to manage and control the system service.
(iv) Limited features since the service providers may not give you all the required services
due to the nature of bargain or negotiating power based on cost maintenance.
4.5.3 System Security
In order to implement data protection in the system, the blockchain technology implemented
through the personal login and authentication. The personal login provided access to the
system and to assess non-sensitive materials while the authentication is for assessing sensitive
data.
4.5.3.1 Password Protection
Password protection was used to ensure that the user’s information is protected in the system.
4.5.3.2 Authentication
Authentication granted by admin is sent to the user through a third-party either by email or
phone to assess the sensitive data.
38
CHAPTER FIVE
SUMMARY, CONCLUSION AND RECOMMENDATION
5.1 Summary
The E‐healthcare system is believed to be one of the fields where blockchain has great
potential due to its inherent characteristics, especially for the management of electronic
health records. Patients have control over their medical records across providers and
treatments sites in this system. While medical stakeholders, such as researchers, public health
authorities, etc, are incentivized to participate in the mining of the blockchain. The
blockchain ledger keeps an auditable history of medical interactions of patients, providers,
and regulators. This solution brings questions about to which levels that patients should own
their medical information and to which degrees that the data can be shared.
5.2 Conclusion
The healthcare domain experiences many complex problems due to inadequate security
measures. An increase in the use of blockchain technology is its security features that solve
security threats associated with medical records. The use of the blockchain technology to
store encrypted reports resolve the security related issues with the existing cloud-based
system. Thus, the proposed system obtains a systematic review of various algorithms that
uses blockchain and cloud computing services into healthcare.
5.3 Recommendation
Irrespective of the efficiency of a system, there is always the need for improvement for a
better and advance outcome. Apart from Hospitals, other organizations can adopt this work in
their record management.
5.3.1 Application Areas
(i) Apart from Hospitals, this work can be used both in the state and federal Ministry of
Health to improve their record management.
(ii) This work can be used in the ministry of information and other related service
providers.
(iii) Other corporate businesses and organizations can adopt the methodology used in this
research in their information management system.
39
5.3.2 Suggestion for Further Research
The following suggestions are given to improve on the effectiveness and efficiency of the
system in subsequent research work.
(i)
A module that can handle financial transactions should be incorporated into
the system to reduce the stress of patient going to banks to make payment.
5.4 Contribution to Knowledge
This research work has contributed to knowledge in the following ways:
(i) The design and implementation of blockchain framework for enhancing security of
medical records.
(ii) A secured system with high throughput has been designed through the grouping of
data into sensitive and non-sensitive data.
(iii) The design of a flexible and cost-effective system that generates transcripts, allows
the upload of patients’ and doctors’ information, accessing of electronic records
within and outside the Hospital premises without the particular storage used has been
implemented.
40
REFERENCE
T. McGhin, K.-K. R. Choo, C. Z. Liu, and D. He, (2019) “Blockchain in healthcare
applications: research challenges and opportunities,” Journal of Network and
Computer Applications, vol. 135, pp. 62–75.
A. Al Omar, M. Z. A. Bhuiyan, A. Basu, S. Kiyomoto, and M. S. Rahman (2019), “Privacyfriendly platform for healthcare data in cloud based on blockchain
environment,” Future Generation Computer Systems, vol. 95, pp. 511–521.
N. Islam, Y. Faheem, I. U. Din, M. Talha, M. Guizani, and M. Khalil (2019), “A blockchainbased fog computing framework for activity recognition as an application to ehealthcare services,” Future Generation Computer Systems, vol. 100, no. 11, pp. 569–
578.
C. He, X. Fan, and Y. Li (2015), “Toward ubiquitous healthcare services with a novel
efficient cloud platform,” IEEE Transactions on Biomedical Engineering, vol. 60, no.
1, pp. 230–234.
S. Safavi and Z. Shukur (2015), “Conceptual privacy framework for health information on
wearable device,” PLoS One, vol. 9 (2); 72-87.
L. Huang, X. Chen, and X. Lai (2016), “Network security prediction method based on
Kalman filtering fusion decision entropy theory,” International Journal of Security
and its Applications, vol. 10, no. 12, pp. 347–358.
M. Kyazze, J. Wesson, and K. Naude (2015), “The design and implementation of a
ubiquitous personal health record system for South Africa,” Studies in Health
Technology & Informatics, vol. 206, no. 206, pp. 29–41, 2014
H. Cheng, D. Feng, X. Shi, and C. Chen (2018), “Data quality analysis and cleaning strategy
for wireless sensor networks,” EURASIP Journal on Wireless Communications and
Networking, vol. 2018, no. 1, 1-11.
S. Wang, X. Wang, F. Meng, R. Yang, and Y. Zhao (2019), “Investor behaviour monitoring
based on deep learning,” Behaviour & Information Technology, pp. 1–12.
C. Xu, (2018) “A novel recommendation method based on social network using matrix
factorization technique,” Information Processing & Management, vol. 54, no. 3, pp.
463–474
R. Yang, L. Yu, Y. Zhao (2019), “Big data analytics for financial market volatility forecast
based on support vector machine,” International Journal of Information Management,
vol. 50, no. 1, pp. 452–462.
K. Fan, Y. Ren, Y. Wang, H. Li, and Y. Yang (2018), “Blockchain-based efficient privacy
preserving and data sharing scheme of content-centric network in 5G,” IET
Communications, vol. 12, no. 5, pp. 527–532.
41
D. J. Willison, M. K. Kapral, P. Peladeau, J. A. Richards, J. Fang, and F. L. Silver (2016),
“Variation in recruitment across sites in a consent-based clinical data registry: lessons
from the Canadian Stroke Network,” BMC Medical Ethics, vol. 7, no. 1, p. 6
S. Hakak, W. Z. Khan, G. A. Gilkar, M. Imran, and N. Guizani (2019), “Securing smart cities
through blockchain technology: architecture, requirements, and challenges,” IEEE
Network, vol. 34, no. 1, pp. 8–14.
H. Cheng, N. Xiong, A. V. Vasilakos, L. T. Yang, G. Chen, and X. Zhuang (2015), “Nodes
organization for channel assignment with topology preservation in multi-radio
wireless mesh networks,” Ad Hoc Networks, vol. 10, no. 5, pp. 760–773.
A. F. Hussein, N. ArunKumar, G. Ramirez-Gonzalez, E. Abdulhay, J. M. R. S. Tavares, and
V. H. C. de Albuquerque (2018), “A medical records managing and securing
blockchain based system supported by a genetic algorithm and discrete wavelet
transform,” Cognitive Systems Research, vol. 52, no. 12, pp. 1–11.
A. Conti, P. Delbon, L. Laffranchi, C. Paganelli, and F. De Ferrari (2016), “HIV-positive
status and preservation of privacy: a recent decision from the Italian Data Protection
Authority on the procedure of gathering personal patient data in the dental
office,” Journal of Medical Ethics, vol. 38, no. 6, pp. 386–388.
F. Holotiuk, F. Pisani, and J. Moormann (2019), “Radicalness of blockchain: an assessment
based on its impact on the payments industry,” Technology Analysis and Strategic
Management, vol. 31, no. 8, pp. 915–928.
Nakamoto S. Bitcoin: A Peer‐To‐Peer Electronic Cash System. Campinas, Brazil: Portal
Unicamp; 2008.
Tschorsch F, Scheuermann B. Bitcoin and beyond: A technical survey on decentralized
digital currencies. IEEE Commun Surv Tutor. 2016; 18(3): 2084‐ 2123.
Zheng Z, Xie S, Dai H, Chen X, Wang H. An overview of blockchain technology:
architecture, consensus, and future trends. Paper presented at: IEEE International
Congress on Big Data; 2017; Boston, MA.
Nguyen GT, Kim K. A survey about consensus algorithms used in Blockchain. J Inf Process
Syst. 2018; 14(1): 101‐ 128.
Cachin C. Architecture of the hyperledger blockchain fabric. Paper presented at: Workshop
on Distributed Cryptocurrencies and Consensus Ledgers; 2016; Chicago, IL.
Azaria A, Ekblaw A, Vieira T, Lippman A. MedRec: using blockchain for medical data
access and permission management. Paper presented at: IEEE International
Conference on Open and Big Data (OBD); 2016; Washington, DC.
Yue X, Wang H, Jin D, Li M, Jiang W. Healthcare data gateways: found healthcare
intelligence on blockchain with novel privacy risk control. J Med
Syst. 2016; 40(10): 218.
42
Peterson K, Deeduvanu R, Kanjamala P, Boles K. A blockchain‐based approach to health
information exchange networks. Paper presented at: NIST Workshop Blockchain
Healthcare; 2016; Gaithersburg, MD.
Kuo TT, Kim HE, Ohno‐Machado L. Blockchain distributed ledger technologies for
biomedical
and
health
care
applications. J
Am
Med
Inform
Assoc. 2017; 24(6): 1211‐ 1220.
Liang X, Zhao J, Shetty S, Liu J, Li D. Integrating blockchain for data sharing and
collaboration in mobile healthcare applications. Paper presented at: IEEE
International Symposium on Personal, Indoor, and Mobile Radio Communications
(PIMRC); 2017; Montreal, Canada.
Kokoris‐Kogias E, Jovanovic P, Gasser L, Gailly N, Syta E, Ford B. OmniLedger: a secure,
scale‐out, decentralized ledger via sharding. Paper presented at: IEEE Symposium on
Security and Privacy (SP); 2018; San Francisco, CA.
43
APPENDIX A
SYSTEM FLOWCHART
START
DIAGNOSE NEW
PATIENT
DIAGNOSE OLD
PATIENT
PATIENT RECORD
MAINTENANCE
REPORT
STOP
44
REGISTRATION
START
INPUT CARD NO
DOES
IT EXIST?
DISPLAY ERROR
MESSAGE
DISPLAY REGISTRATION FIELD
INPUT PATIENT INFORMATION
PROCESS INFORMATION
ARE ALL FIELD
FILLED?
DISPLAY ERROR
MESSAGE
DISPLAY CONSULTANCY FORM
CHECK SYMPTOMS
PROCESS SYMPTOMS
SAVE TO DATABASE
STOP
45
CONSULTATION
START
INPUT CARD NO
DOES
IT EXIST?
DISPLAY ERROR
MESSAGE
DISPLAY CONSULTANCY FORM
CHECK SYMPTOM
PROCESS SYMPTOMS
SAVE TO DATABASE
STOP
46
APPENDIX B
SYSTEM SOURCE CODE
Option Explicit
Private Sub cmdClear_Click()
If fraPatientReg.Visible Then fraPatientReg.Visible = False
txtCardNo.SetFocus
'SendKeys "{home}+{end}"
End Sub
Private Sub cmdExit_Click()
cn.Close
Unload Me
End Sub
Private Sub cmdOK_Click()
qry = "select*from PatientsReg where CardNo='" & txtCardNo & "'"
Set rs = New Recordset
'cn.Open
rs.Open qry, cn, adOpenKeyset, adLockOptimistic, adCmdTableDirect
If txtCardNo = "" Then
MsgBox "Field cannot be empty", vbApplicationModal + vbOKOnly + vbCritical,
"Alart Message"
txtCardNo.SetFocus
ElseIf (rs.EOF And rs.BOF) Then
fraPatientReg.Visible = True
txtCardNo2 = txtCardNo
txtCardNo2.Enabled = False
txtDateReg = Date
txtDateReg.Enabled = False
txtSurname.SetFocus
Else
MsgBox "Card Number already Exist!!!, Register another Patient", vbApplicationModal
+ vbOKOnly + vbExclamation, "Alert Message"
txtCardNo.SetFocus
' SendKeys "{home}+{end}"
End If
End Sub
Private Sub cmdStore_Click()
If txtCardNo2 <> "" And txtSurname <> "" And txtOthername <> "" _
And cboSex <> "" And txtAge <> "" And txtAddress <> "" _
And txtPhoneNo <> "" And txtName <> "" And txtAddress2 <> "" _
And txtPhoneNo2 <> "" And cboRelate <> "" And txtDateReg <> "" Then
rs.AddNew
rs("CardNo") = txtCardNo2
rs("SurName") = txtSurname
rs("OtherName") = txtOthername
rs("Sex") = cboSex
rs("Age") = txtAge
rs("Address") = txtAddress
47
rs("PhoneNo") = txtPhoneNo
rs("NextOfKinName") = txtName
rs("NOKAddress") = txtAddress2
rs("NOKPhoneNo") = txtPhoneNo2
rs("NOKAddress") = txtAddress2
rs("Relationship") = cboRelate
rs("Date") = txtDateReg
rs.Update
rs.Close
cn.Close
fraPatientReg.Visible = False
cmdClear_Click
frmConsultance.Show
CardNoglob = txtCardNo2
DateRed = txtDateReg
'rs.Close
Else
MsgBox "Ensure that some fields are not left blank", vbApplicationModal + vbOKOnly +
vbExclamation, "Alert!"
txtSurname.SetFocus
SendKeys "{home}+{end}"
End If
End Sub
Private Sub Form_Load()
cn.Open "provider=Microsoft.jet.OLEDB.4.0; Data Source=" & App.Path & "\Medical
Diagnosis System.mdb;"
''''
End Sub
Private Sub txtAge_KeyPress(KeyAscii As Integer)
If (KeyAscii >= vbKey0 And KeyAscii <= vbKey9) Or (KeyAscii = vbKeyBack) Then
End If
End Sub
Private Sub txtPhoneNo_KeyPress(KeyAscii As Integer)
If (KeyAscii >= vbKey0 And KeyAscii <= vbKey9) Or (KeyAscii = vbKeyBack) Then
Exit Sub
Else
KeyAscii = 0
Beep
End If
End Sub
Private Sub txtPhoneNo2_KeyPress(KeyAscii As Integer)
If (KeyAscii >= vbKey0 And KeyAscii <= vbKey9) Or (KeyAscii = vbKeyBack) Then
Exit Sub
Else
KeyAscii = 0
Beep
End If
End Sub
48
APPENDIX C
USER INTERFACE
Home
Login
49
Patient Registration form
50
Patients consultancy information
Patients maintenance form
51
Patients Consultancy maintenance form
Reports
Treatment platform
52
53
Download