A patient’s medical record identifies the patient and contains information regarding the patient’s case history information such as medical history,care or treatments received,testresults,diagnoses and medications taken.These information regarding the patient records can be misused or stolen or even lost because of the third party access.At times insurer may not have the updated medical information and hence may refuse to pay for the treatment.So to overcome these issues we store the patient records on the blockchain.By implementing the patient records on blockchain we can overcome the various issues on integrity and security.The encryption on data is been done which is used for improving security of the records.
A patient’s individual medical record identifies the patient and contains information regarding the patient’s case history information ,care of treatments received, test result, diagnoses, and medications taken. Medical information can be tampered with, misused, stolen or even lost because of the intermediaries getting access to it. At times, the insurer, may not have the updated medical information and hence may refuse to pay for the treatment. Hence to overcome these issues medical record may be stored on a blockchain
Today blockchain is a growing list of records in which either the data is stored or the respective hash of the data is been stored. A blockchain consists of Timestamp, Hash value, previous hash. Timestamp is the one which records the time taken for a particular action or event. Hash value are the cryptographic functions which are used to link the blocks in the blockchain and the previous hash of the blockThe first block is called genesis block which has a zero value of previous hash.
A Blockchain is a decentralized ,distributed and public data ledger that is used to record transactions across many computer so that any involved record can be altered retroactively. Its database is usually managed using a peer to peer network. It is an value exchanging protocol.Blockchains are classified as Public Blockchains,PrivateBlockchains,ConsortiumBlockchains.
A public Blockchain as the name says there is no restriction for the access .The user who uses internet can access the records and send transactions and can also edit the records and will automatically become a validator.These public blockchains are Bitcoin and Ethereum
A private Blockchain undergoes authentication process or it is permissioned .An user cannot join the network unless and until he is been authorized or invited by the network administrators.So here an user cannot edit the records or send transactions which restrict the option of validator.This types of blockchains are used by companies handling sensitive data.
A consortium blockchain is a semi-decentralized.In this instead of single company,multiple companies operate on each node.The network administrators of this blockchain restrict reading rights and allow only a limited set of trusted nodes as they see fit to execute a protocol.
The paper Integrating Blockchain for data sharing and collaboration in Mobile Health care application deals with collection of data from personal wearable devices,manual input, and medical devices and synchronize data to the cloud for data sharing with healthcare providers and health data and health insurance companies.For preserving the integrity of health data,within each record,a proof of integrity and validation is been retrieved from the cloud database and which is been anchored to the blockchain network.
A system is proposed for maintaining EHRs to secure them before deploying them for sharing among healthcare providers. The proposed system is based on the following: A web-based system with secure login and registration.Cloud storage for flexible retrieval and is a feasible alternative. Data Classification and Encryption.
Web-Based System With Secure Login And Registration:A web-based system can be accessed anywhere, anytime with the help of good internet connectivity. The system is designed in such a way that only authorized users to access the relevant information. Patients and doctors have to first register. After registration, they will be a given a Unique Key that will be used by them to avail the information.
Cloud Storage For Flexible Retrieval And Is A Feasible Alternative: Cloud storage provides rapid deployment. It has greater accessibility and reliability, also data backup and disaster recovery is possible. The overall storage costs are low because there is no need of purchasing, managing and maintaining expensive hardware that makes Cloud storage economically feasible.
Data Classification and Encryption:Classification is done on the basis of sensitivity levels of confidential medical information. Data that falls under higher sensitivity will be given more security focus as compared to its less sensitive counterpart. Data is classified as authentication information, personal details and medical tests and reports. Medical tests and reports need highest security from exposure to unauthorized access than authentication information and personal details. This is done using various cryptographic techniques like Rivest-Shamir-Adleman (RSA) Algorithm, Advanced Encryption (AES) Algorithm to provide security to the data according to their associated sensitivity level.AES, RSA for providing confidentiality. Hashing techniques such as SHA-1, MD5 for integrity, e.g. passwords. For authenticity they proposed digital signatures. Security for databases. Possible elimination of different attacks like SQL Injection, Cross Side-Scripting, etc
In hospitals, documents consisting of sensitive patient information, that is stored digitally and security of such documents are very much essential . Privacy of such sensitive information can only be guaranteed, if it is encrypted by the data owner before it is being stored in data centers. In this work, the high end security is provided for the patient‟s sensitive data thereby ensuring maximum privacy for the patients.The users of this system are doctors and researchers. For registration, doctor needs to provide his username and password. Thereafter doctor can either view or needs to enter the patient‟s details such as name, age, health type etc.This is the work implemented on ‘Advanced Protection for patient information in medical database’
A data-hiding technique called the “bipolar multiplenumberbase” was developed to provide capabilities of authentication,integration, and confidentiality for an electronic patientrecord (EPR) transmitted among hospitals through the Internet which was proposed on the paper ‘A data hiding technique with authentication integration,and confidentiality for electronic health records’.The proposed technique is capable of hiding those EPR relateddata such as diagnostic reports, electrocardiogram, and digital signaturesfrom doctors or a hospital into a mark image. The markimage could be the mark of a hospital used to identify the originof an EPR. Those digital signatures from doctors and a hospitalcouldbe applied for the EPR authentication. Thus, different typesof medical data can be integrated into the same mark image. Theconfidentiality is ultimately achieved by decrypting the EPR relateddata and digital signatures with an exact copy of the original mark image. The experimental results validate the integrity andthe invisibility of the hidden EPR related data. This newly developedtechnique allows all of the hidden data to be separated andrestored perfectly by authorized users.This paper also uses Blockchain technology.
The proposed approach in building this model is to use blockchain technology as a solution to address eHealth applications challenges. They give attention to data exchange security and sensors’ low computational power. First, it is infeasible and provokes very poor performance to store all the data on the blockchain, so the blockchain will be used as a tool to transfer only part of the data, or a pointer to where the data actually is, and thus, Off-Chain database. IPFS is a tool that has been already discussed in Section II. This will be used in our architecture as Off-Chain database to store medical data .
This approach is based on blockchain technology to mainainsecuriy and integrity by cloud computing storage, they studied the potential to use the Blockchain technology to protect healthcare data.They suggested to store the health care data in off-storage that is not to directly store it in database only the hashes should be stored on-chain for secure storage.
The proposed features summarize what is implemented to overcome the challenges such as : (1) record type, (2) storage, (3) medical records and reports, (4) ownership and reading right, (5) data security, (6) western medical practice and Chinese medical practice, (7) patient’s right of knowledge,for the development of a reasonably sound and safe medical record system that will benefit most patients. Medical record types, formats and storage are the first few challenges in the whole development cycle.
They are resolved by today’s technology without much challenge. Whether they use off the shelf ready-made software or customer-designed system, it is never a challenge right now. They have a centralized system with backup in different locations for data storage, new data insertion or instant data record reading. Different channels are established for accepting documents or multi-media files. Standardization is been achieved by converting all files into a couple reading formats. All medical tests, test interpretation, diagnosis, treatment and recovering progress reports are important data records or files. A general medical report system are utilized different channels for accepting the data or files. A web based good looking user interface can be developed for such purpose.
It can upload individual files or a batch of files. As for the data or progress reports contributed by patients can be inputed through web based interfacing portal. All uploaded data files and records are now been saved to a centralized storage area or database for future retrieval. All records or files will be digitally signed by owners/contributors and will designate the possible viewing counterparties. Each record will be used later for either patient’s view, or original medical doctor’s review, or be reviewed by other medical doctors for further diagnosis and treatment, or be retrieved by court for judicial process.This author has proposed a system but yet to implement it.
The defects in these systems are the hashing is done through SHA-1 but for integrity verification SHA-256 is the best choice which is a type of SHA .Similarly they use RSA algorithm while we use AES encryption technique for better security.
RESULTS AND DISCUSSION
In this work we have ensured integrity for patient medical Records and assigned user roles for the accessing of the data. We have used SHA-256 and MD5 for hashing and compared the results and for encryption we have used AES encryption.Both SHA-256 and MD5 algorithms performed as expected.SHA-256 works slightly slower than MD5 but believed to be more secure. Therefore, we suggest that when computing capability or time is not a concern then SHA-256 may be better to use than MD5 since it may be more secure than MD5 due to the more bits used in the encrypted output message.
We store the hash value in the block chain and the previous hash is used for verification or modification in the medical records. Increasing the difficulty level of mining process increases the time taken to add a block.
CONCLUSION AND FUTURE WORK
In this work, we have implemented the block chain technology for ensuring integrity in patient medical records by using hashing and encryption algorithms. Our future work is to implement it as an mobile application using any of the exiting blockchain platforms.
- Liang, X., Zhao, J., Shetty, S., Liu, J., & Li, D. (2017, October). Integrating blockchain for data sharing and collaboration in mobile healthcare applications. In 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC) (pp. 1-5). IEEE.
- RizwanaShaikh 1, Jagrutee Banda2, Pragna Bandi. “Securing E-healthcare records on Cloud Using Relevant data classification and Encryption”. In International Journal Of Engineering And Computer Science , 2017.
- Ramdas, Shruthi, and K. Ankitha.’Advanced Protection for Patient Information in Medical Database.“In IJCSMC-International Journal of Computer Science and Mobile Computing , 2017
- Chao, H. M., Hsu, C. M., &Miaou, S. G. (2002).A data-hiding technique with authentication, integration, and confidentiality for electronic patient records. IEEE Transactions on Information Technology in Biomedicine, 6(1), 46-53.
- Rifi, Nabil, ElieRachkidi, NazimAgoulmine, and Nada ChendebTaher. ‘Towards using blockchain technology for eHealth data access management.’In 2017 Fourth International Conference on Advances in Biomedical Engineering (ICABME), pp. 1-4.IEEE, 2017.
- Esposito, Christian, Alfredo De Santis, GennyTortora, Henry Chang, and Kim-Kwang Raymond Choo. ‘Blockchain: A panacea for healthcare cloud-based data security and privacy?.’ IEEE Cloud Computing 5, no. 1 (2018): 31-37
- Liu, P. T. S. (2016, November). Medical record system using blockchain, big data and tokenization.In International conference on information and communications security (pp. 254-261).Springer, Cham.