Design and Implementation of a Hyperledger Fabric-Based Access Control System for an Enhanced Electonic Health Record System Using Pseudonymization. Adeyinka T.A. 18/52hp012 Telecommunications Science Faculty of Communication and Information science Kwara, Nigeria. 18-52hp012@students.unilorin.edu.ng AbstractIn today's technology-driven world, concerns about the privacy I. and confidentiality of healthcare records have become increasingly prevalent. This study addresses these concerns by INTRODUCTION integrating Record-keeping, a fundamental practice within human Hyperledger Fabric with pseudonymization to enhance the privacy of societies, has evolved across millennia from stone and clay Electronic Health Record (EHR) data and bolster the scalability of healthcare systems. The primary objective was to create an access control system for an EHR platform built on Hyperledger Fabric, thereby augmenting system security through advanced pseudonymization tablets to the more recent use of paper. Despite its historical significance, the advent of digital technology has prompted a paradigm shift in data storage, particularly in the realm of techniques. The study successfully accomplished the following objectives: healthcare. This transition from paper-based medical records to (i) designing the system's user interface, database structure, and security Electronic Health Records (EHRs) began in the early 1990s, measures based on a predefined architecture; (ii) implementing robust offering newfound opportunities for enhancing healthcare access control using Hyperledger Fabric; (iii) elevating privacy through quality and cost-efficiency. Electronic Health Records, the commonly known as EHRs, are digital repositories of patient utilization of untraceable pseudonyms; (iv) validating the functionality of the access control system with generated data; and (v) conducting a comprehensive analysis and evaluation of the proposed solution based on testing outcomes. The paper elucidates the architecture and operation of the Hyperledger Fabric-based solution, emphasizing its health information, poised to revolutionize healthcare data management [1]. The International Organization for Standardization (ISO) pivotal role in managing and auditing user access privileges within the defines EHRs as individual well-being and healthcare data EHR system. Furthermore, the study underscores the effectiveness of this stored in digital form, emphasizing the importance of approach in preventing unauthorized data breaches while ensuring standardized information models and interoperability across secure access for authorized healthcare professionals. It also underscores healthcare facilities [2]. EHRs have demonstrated their the significance of pseudonymization in safeguarding patient data. potential by providing secure and efficient means of storing, Finally, the study suggests recommendations, including the implementation of biometric authentication-enabled mobile applications and the adoption of container orchestration tools such as Kubernetes. sharing, and accessing patient health information. This transition from paper to digital has not been without challenges, with concerns surrounding privacy, security, and Keywords Hyperledger Fabric, Pseudonymization, Electronic Health Records, Privacy, Confidentiality, Access Control. interoperability persisting [3] [4] [5]. Access control mechanisms play a pivotal role in addressing these concerns, ensuring the privacy and security of XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE electronic medical records. Traditional methods such as role- Existing research has proposed blockchain-based based access control (RBAC) and access control lists (ACL) solutions to address access control challenges in healthcare have their limitations in terms of scalability and flexibility [6]. [12].These solutions utilize technologies like Ethereum smart Recent advancements in technology, particularly blockchain, contracts and attribute-based access control (ABAC) to manage have emerged as promising solutions to overcome these access to patient records [13]. limitations while addressing the broader challenges of access control in EHRs [7] [8] [9]. Challenges persist in achieving scalability and finegrained access control [14]. but ongoing research endeavors aim to This paper explores the evolution of EHRs and their role overcome these limitations. Emerging frameworks, including in modern healthcare data management. It delves into the Ancile, offer promise in providing secure, interoperable, and significance of access control mechanisms in preserving the efficient access to medical records while preserving patient privacy privacy and security of patient data. Furthermore, it [15] investigates the potential of blockchain technology as a In summary, the literature review highlights the solution to the existing challenges in managing access to significance of access control in healthcare data management and EHRs. By examining previous research and developments in the potential of blockchain technology to address security and this domain, we aim to provide insights into the future of privacy concerns. Access control models and recent research healthcare data management through the lens of access control efforts in this domain are integral to the evolving landscape of and blockchain. healthcare data security and management. The remaining section of this paper is structured as follows: Section 2 highlighted some literature review of the paper; Section 3 describe the system methodology used in the III. SYSTEM METHODOLOGY A. System Architecture project; Section 4 describe the system testing and results of the project; Section 5 concludes the paper and gives some recommendation for further projects. II. LITERATURE REVIEW This section gives a brief review of some of the existing literatures: Recent advancements in electronic medical record systems have spurred the need for secure and efficient access control mechanisms to safeguard patient information [10]. Access control plays a pivotal role in ensuring that only authorized individuals have access to healthcare data, thus addressing concerns of security and confidentiality. Blockchain technology, characterized by its decentralized nature, has gained attention across various sectors, including healthcare, for its potential to enhance security and privacy. Blockchain provides a distributed database that enables auditable peer-to-peer transactions, a key feature for protecting patient records [11]. Access control models, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), and RoleBased Access Control (RBAC), have been explored within the healthcare context. These models determine how access to healthcare data is granted, ensuring that user privileges align with organizational roles. Fig.1. System Architecture B. User Interface Design The user interface (UI) of the enhanced EHR system will be designed using HTML, CSS, and JavaScript to ensure an intuitive and user-friendly experience. 1. HTML Structure HTML will be used to structure webpages, adhering to semantic The markup principles to enhance accessibility and search engine communication optimization. Proper nesting of HTML elements will ensure a Hyperledger Fabric network, enabling operations such as data logical hierarchy and facilitate styling and scripting. submission, retrieval, transaction verification, and execution of 2. CSS Styling Hyperledger Fabric between Node.js the Node.js SDK will application facilitate and the privacy-enhancing functionalities defined in the chaincode. CSS will be employed to create visually appealing and consistent styles for UI components. A modular approach with CSS classes and selectors will be used for targeted styling, incorporating properties such as colors, fonts, and responsiveness. 3. JavaScript Interactivity JavaScript will enhance UI interactivity with features such as event listeners for user actions, client-side validation for input correctness, and dynamic updates for real-time user feedback. C. Backend Development (Node.Js) Node.js will serve as the backend technology for the EHR system due to its lightweight, event-driven architecture, and compatibility with web technologies. 1. API Development Restful APIs using Node.js and Express.js will facilitate communication between the frontend and backend of the EHR Fig. 2 System Flowchart system. API endpoints will handle user authentication, data retrieval, data submission, and interactions with the Hyperledger Fabric network, ensuring secure access to resources. 2. MongoDB IV. DISCUSSION A. Appointment Scheduling Process The figure below shows the details entered for Patient Adeyinka Tirenioluwa. It allows patient to book a date and time with the MongoDB, a NoSQL database, will be used to store patient doctor of his choice based on the doctors profession and information and relevant data. Its flexibility, scalability, and JSON- allows patient to input their health conditions as well. This view friendly nature make it a suitable choice for this project. is only available to patients. D. Integration With Hyperledger Fabric Network A Hyperledger Fabric network will provide a secure and distributed blockchain infrastructure for the EHR system. 1. Chaincode Development Smart contracts (chaincode) will be developed using the JavaScript programming language to implement pseudonymization, data validation, and access control rules. Fig. 3 Appointment scheduling window for Patient Adeyinka Tirenioluwa 2. Integration Between Backend and Hyperledger Fabric Fig.4 Successful appointment booking page for Patient Fig. 6 & 7 Access control pages for patient after doctor requests Adeyinka Tirenioluwa for access The above shows the successful booking page for patient The above shows the access control interface for patients to Adeyinka Tirenioluwa. This is displayed after the patient has control the doctors rights to access the patients data verified his booking details by clicking Book now in figure 4.1.1 above. The figure below displays the result of the patients appointment request on the doctors side of web application. It allows the doctor to choose whether to accept or decline the patients appointment request. Fig. 8 Access control page for doctor The access control process is patient-centric in that the patient is the principal authority controlling who has access to his records. The process is intiated when the Doctor agrees to an appointment request from the patient from which an access Fig. 5 Appointment page for doctor after patient requests for an appointment. B. Access Control View request is received from the doctor in question. The patient can then choose to either accept or deny the requests. The pseudonyms used in identifying the patient records were hashed as an extra measure in this study to further improve the overall security of the EHRs V. CONCLUSION AND RECOMMENDATION A. Conclusion In conclusion, this project delved into the design and implementation of an access control mechanism for an Electronic Health Record (EHR) system using Hyperledger Fabric. By incorporating pseudonymization techniques, it aimed to enhance privacy and security within the healthcare domain. Through research and development, this project has successfully demonstrated the potential for blockchain technology to play a crucial role in safeguarding sensitive patient data while ensuring authorized access. This project not only contributes to the evolving landscape of healthcare technology but also highlights the importance of innovative solutions in preserving patient privacy and data integrity in EHR systems. 5.2 Recommendation Due to some limitations encountered during this project, the following are specific recommendations that can be used for further studies and development of the access control system: A possible improvement should be to allow medical personnel to perform certain functions on patients data based on the level access being granted. Another possible development could be development of a mobile application which will incorporate biometric authentication based on smartphones latest addition of biometrics to their hardware. As well as adding an online chat feature for doctors to communicate with the patients in real time. Another possible improvement is to manage hyperledger fabric nodes using a container orchestration platform such as Kubernetes. REFERENCES [1] Evans R.S. Electronic Health Records: Then, Now, and in the Future. Yearb. Med Inform. 2016, 25, S48-S61. www.ncbi.nlm.nih.gov/pubmed/27199197. [2] International Organization of Standardization. Health InformaticsCapacity-Based eHealth Architecture RoadmapPart 1: Overview of National eHealth Initiatives; ISO: Geneva, Switzerland, 2012; Volume ISO/TR146391:2012(en). [3] N. T. Le, J. W. Wang, D. H. Le, C. C. Wang, and T. N. Nguyen, "Fingerprint Enhancement Based on Tensor of Wavelet Subbands for Classification," IEEE Access, vol. 8, pp. 6602-6615, 2020. DOI: 10.1109/ACCESS.2020.2964035. [4] G. S. Reen, M. Mohandas, and S. Venkatesan, "Decentralized patient centric e-Health record management system using blockchain and IPFS," 2019 IEEE Conference on Information and Communication Technology, CICT 2019, pp. 1-7, 2019. DOI: 10.1109/CICT48419.2019.9066212. [5] S. N. Shivappriya, S. Karthikeyan, S. Prabu, R. P. de Pérez de Prado, and B. D. Parameshachari, "A Modified ABC-SQP-Based Combined Approach for the Optimization of a Parallel Hybrid Electric Vehicle," Energies, vol. 13, no. 17, 2020. DOI: 10.3390/en13174529. [6] Q. Gao, J. Yu, and H. Huang, "A survey of blockchain technology in electronic health records: An analysis of secure and efficient access control," Journal of Medical Systems, vol. 45, no. 5, pp. 1-10, 2021. [7] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, "MedRec: Using Blockchain for Medical Data Access and Permission Management," 2016. DOI: 10.1109/OBD.2016.11. [8] A. Shahnaz, U. Qamar, and A. Khalid, "Using Blockchain for Electronic Health Records," IEEE Access, vol. 7, pp. 147782-147795, 2019. DOI: 10.1109/ACCESS.2019.2946373. [9] P. Zhang, D. C. Schmidt, and J. White, "Blockchain technology use cases in healthcare," Healthcare, vol. 6, no. 4, pp. 33-37, 2018. [10] I. Keshta and A. Odeh, "Security and privacy of electronic health records: Concerns and challenges," Egyptian Informatics Journal, vol. 22, no. 2, pp. 177-183, 2021. DOI: 10.1016/j.eij.2020.07.003. [11] A. Khatoon, "A blockchain-based smart contract system for healthcare management," Electronics (Switzerland), vol. 9, no. 1, 2020. DOI: 10.3390/electronics9010094. [12] M. Alblooshi, K. Salah, and Y. Alhammadi, "Blockchain-based Ownership Management for Medical IoT (MIoT) Devices," in Proceedings of the 2018 13th International Conference on Innovations in Information Technology, IIT 2018, pp. 151-156, 2019. DOI: 10.1109/INNOVATIONS.2018.8606032. [13] S. Rouhani, "MediChain TM: A Secure Decentralized Medical Data Asset Management System," in 2018 IEEE International Conference on Internet of Things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Section II, pp. 1533-1538, 2018. DOI: 10.1109/Cybermatics. [14] J. Paillisse, J. Subira, A. Lopez, A. Rodriguez-Natal, V. Ermagan, F. Maino, and A. Cabellos, "Distributed Access Control with Blockchain," in IEEE International Conference on Communications, 2019-May, 2019. DOI: 10.1109/ICC.2019.8761995 [15] G. G. Dagher, J. Mohler, M. Milojkovic, and P. Babu, "Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology," Sustainable Cities and Society, vol. 39, pp. 283297, 2018. DOI: 10.1016/j.scs.2018.02.014.
