How Blockchain Can Be Used for Personal Health Record Storage and Security

Abstract

When Satoshi Nakamoto, a Pseudonym used by several persons created blockchain in 2008 to trade online currency named Bitcoin, a whole new frontier was opened in computer security. The ability to trade in Bitcoin without involving banks was a big step towards its success. The ability of the blockchain to be decentralized was an attractive feature for any corporation looking to expand and store the ever-expanding amounts of Big Data that was continuously growing with the swiftly changing technology. This was particularly attractive to healthcare entities who previously used electronic medical records (EMRs) which were centralized within a healthcare facility. The advent of the EMRs and electronic health records (EHRs) and the need for access to health information quickly and efficiently from anywhere in the country made blockchain the perfect answer to security breaches and HIPAA violations. In addition, the advent of personal health records (PHRs) gives patients access and control of their records with an autonomy that had heretofore never been experienced.

This review will look at various aspects of differing value to the healthcare industry such as speed of transmission of data, smart contracts, different types of software architecture used, and frameworks used in blockchain. The purpose of this integrated literature review was to evaluate blockchain in healthcare and its ability to store, create privacy and security for healthcare entities and patients alike.

Introduction

In 2008 a group of IT experts working together under the Pseudonym “Satoshi Nakamoto” developed a computer procedure which we now call blockchain. Because blockchain is a system that compiles information cumulatively, it guarantees an accurate accounting for a certified flow of data. In recent years this has been applied to healthcare data.

This is a review of the existing literature on this relatively new development. The purpose of this literature review is to explore specifically the use of blockchain for storage and security of personal health records and other electronic health records (EHRs). This review examines different uses for blockchain in the healthcare field.

Blockchain uses nodes which are blocks of information that is coded on with a hash which links each block together cryptically. A key attribute of blockchain is decentralization where no central authority controls the content added to the blockchain (Li et al., 2018). Instead the entries passed on to the blockchain are agreed upon in a (P2P) peer-to peer network using various consensus protocols (Li et al., 2018). Each entity using the chain adds blocks of information to the chain. To be able to access the chain one must have permission to first add a block and then be able to access the rest of the chain. In addition to being decentralized and managed by a peer to peer network blockchain also uses date stamps. No one can access the chain without leaving evidence of being there. This is just one aspect of its security features. There are three basic blockchain types: public, private, and hybrid.

A public blockchain which is considered open and available. There are currently some arguments as to whether this could be considered blockchain because of its easy accessibility. You do not need permission to access this. Permissioned or private in which there are many security layers and one must be vetted by the owner. This is also known as a consortium blockchain. Consortium is considered semi-decentralized in that it is managed by more than one organization. The last blockchain is known as hybrid in that it is a combination of private and public. This features some data that is selected only for public view, the rest is private. Blockchain technologies have the potential to increase interoperability between patients, health care professionals, and researchers through the enablement of novel methods for data linkage of disparate sources (O’Donoghue et al., 2019).

Methods

This literature review’s research questions are: How do we evaluate blockchain in healthcare and its ability to store, create privacy and security for healthcare entities and patients alike? Can we develop a distributed and interoperable Patients’ Health Records (PHR) implementation using blockchain technology to store and create privacy and security for healthcare entities?

CINAHL, PubMed, and PRO QUEST databases were used for the search. Key search words were blockchain: personal health record, medical data, sensitive data, Ethereum, e-health, medical data storage, health systems, and smart contracts. Search parameters were peer reviewed, done in English, and full text. The time frame used was January 2017 to May 2020. Results for CINAHL were a total of 35, PubMed results were 107, and PRO QUEST results were 43 for a total of 185 articles meeting the criteria. Each returned article’s abstract was reviewed for relevance which yielded a final 12 studies for the review.

A PRISMA diagram of the search is presented in Figure 1.  

Figure 1: PRISMA 2009 Flow Diagram

From this review of the literature, it is interesting to note that when discussing blockchain some themes and issues automatically arose that were not predetermined by the keywords. They focused on interoperability of software architecture, scalability, security, and competitive systems. An evidence matrix was used as a tool to organize the search findings (Table 1).

Table 1: Evidence Matrix of Search Findings (Zip)

Discussion

There are obviously issues that naturally arise in discussing the use of blockchain in PHRs.  A look at sharing PHRs on an Ethereum network was studied. Transactions are limited in that they cannot save more than 64 KB. This limitation of the blockchain needs to be addressed to justify the use of blockchain as a PHR platform, since patient generated health data is present. Socioeconomic data, and genomic data are becoming larger, as are standard components of the PHR (Park et al., 2019). Larger data results in higher energy consumption which increases costs greatly. Another look at OMNI PHR using a chord replication algorithm which is not a typical blockchain format found better replication optimizing performance.  Applying the Chord algorithm for directed and limited data replication is a more scalable alternative than conventional cryptocurrency platform replication models (Roehrs et al., 2019).

Interoperability

Interoperability is a problem with electronic health records (EHRs).  For example, some hospitals use EPIC; others use CERNER. Programming companies want hospitals to buy their exclusive software, but hospitals need patient information that can be transferred swiftly between incompatible systems. Companies who participate in information blocking have said that new interoperability rules increase risks to patient privacy.

Omni PHR is a model which seeks to integrate personal health records for patients and providers with EHRs of different health systems (Roehrs et al., 2017). The problem with many legacy systems in healthcare facilities is that they are centralized and only accessible exclusively by those in the system with little interoperability. The data is not shared with patients in these systems. Problems may arise in the management and adoption of PHRs. There are concerns in PHR adoption from healthcare providers and patients, because users are afraid to share their data, as there are concerns about where data will be stored and who will have access to it (Roehrs et al., 2017). Some providers might go to a cloud service because of cost, but these are not as secure.

Patients own their accounts in PHRs and some providers question the validity of the data since the patient is the controller. OMNI PHR uses a peer-to-peer (P2P) system which allows a large storage capacity on a global scale. There are five different architectural models available for management of their system: Client server, P2P, DO, DC, and DE.

Client server systems allow clients to interact with servers in other host computers to access resources. P2P has no distinction between client and server. DO stands for Distributed Objects where a collection of objects has both local and remote capabilities. DC is Distributed Components where application and data storage are separated by servers. DE is Distributed Event-based systems which uses an intermediary for the communication process.

OMNI PHR features a routing overlay which receives information across the nodes to update data blocks with information about the PHR. Ten network setups used two different tests. There were 100 nodes with four routing overlays and 100 nodes with 16 routing overlays. Messages were doubled between 400 and 800 nodes (Roehrs et al., 2017).  Latency of transmission is maintained even with an increase in nodes.

Privacy, Storage, and Security

In a blockchain based data preservation system (DPS) security is provided through a proof of primitiveness.  This guarantees user privacy and makes it difficult to be tampered with. This DPS provides a reliable storage solution to ensure the primitiveness and verifiability of stored data while preserving user privacy (Lo et al., 2019). This preservation system used the Ethereum platform. Using a blockchain medical service framework improves access and storage of reliable data.

In this system there are three types of transaction bodies: Patients, medical institutions and third-party agencies. Patients have the most control of the data in this situation. Patients receive their medical information from the institution after a visit with their physician and have their own private key. The patient must verify the institutions signature and sends it back generating another encryption key to store it in the cloud. The usage rights of the medical data are completely controlled by the user and patients may authorize the third-party agency to access some of their medical data through the access control mechanism and can withdraw authorization at any time (Chen et al., 2018).

A study by Alonso et al., (2019) looked at blockchain use and challenges in e-health. Blockchain offers an opportunity for the efficient exchange of information between the interested parties and the protection of the patient’s privacy to guarantee the integrity of the data. Looking at a secure cloud storage is one answer to some of the storage problems in big data. A security problem was solved by using an attribute-based cryptosystem along with an identity-based encryption (IBE) and an identity-based signature (IBS). This greatly facilitated the management of the system, and did not need to introduce different cryptographic systems for different security requirements (Wang et al., 2018).

Smart Contracts, Referrals, and Tradeoffs

Blockchain smart contracts are used in Wireless Body Area Networks (WABNs). Remote patient monitoring requires secure handling of personal health information (PHI). This system will have a private and consortium led Blockchain, meaning that only authorized viewers can read the blocks and only designated nodes can execute smart contracts and verify new blocks (Hasselgren et al., 2020). This used the Ethereum platform but can also use IBM Hyperledger. Hyperledger is more user friendly but has a monthly fee at an extra cost.

A government-based referral system used a blockchain enabled app to help patients set up appointments. This used an app called iWellChain Dapp. This framework can render all medical referral processes automatic, paperless, and efficient, facilitating NHIA reimbursements (Meinert et al., 2019). While the list of trade-offs discussed is likely to be non-exhaustive due to the study limitations, the trade-offs discovered can improve understanding of blockchain systems for medical professionals, while also providing useful design information for organizations looking to develop blockchain EHRs (Griggs et al., 2018). Some of the topics were confidence versus speed, security versus scalability, and safety versus flexibility.

Conclusions

Blockchain has contributed to the overall safety of medical data in EHRs and PHRs.  There is still a lot of work to make it cost efficient and user friendly. The medical information encoded in blockchain is immutable and irreversible. The literature available is vast and varied. There are many different uses and platforms to decide on before making a financial decision for a healthcare entity.

The overall strength of these articles is the ability to break blockchain down into easy to understand sections. It takes a lot of patience, but when you can sit down and flesh them out it is easier to grasp the concepts. Understanding the different platforms and software architecture takes time.

The overall weaknesses are there is not one central area to concentrate on as the use of blockchain has expanded into many different areas. Healthcare is just one area that is using blockchain for security of electronic health records.  It was hard to find many articles on PHRs and blockchain. The literature is scattered into many different areas. Future studies will need to examine solutions to solve the problem with storage, as blockchain ledgers grow very large in size and require considerable storage capacity.

The next steps in research should be to make it accessible and understandable to everyone. People are put off immediately by the overwhelming aspects of the technology and we need to find ways to make it more accessible. The lack of technical knowledge in most non-traditional users’ needs to be considered. We also need more research into interoperability between systems. If it was possible to come up with one standardized system for each entity that would be progress. More research on how to make blockchain more financially feasible possibly with incentivization to implement in the healthcare industry would be useful. Lastly more research on the best ways to educate people on the use of blockchain is key.