APPLICATION OF BLOCKCHAIN TECHNOLOGY TO ELECTRONIC HEALTH

RECORDS

BY

AYENI AYOMIDE ELIZABETH (CSC/15/4071)

SUBMITTED TO

PROF. O.C. OLABODE

THE DEPARTMENT OF COMPUTER SCIENCE,

SCHOOL OF COMPUTING,

FEDERAL UNIVERSITY OF TECHNOLOGY AKURE (FUTA),

ONDO STATE, NIGERIA

IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR

THE AWARD OF THE DEGREE OF BACHELOR OF TECHNOLOGY IN

COMPUTER SCIENCE (B. TECH)

OCTOBER, 2019.
CERTIFICATION

I hereby certify that the content of this report was carried out by AYENI AYOMIDE
ELIZABETH of the department of Computer Science, School of Computing, Federal
University of Technology, Akure. Nigeria.

…………………………………... ………………………………....

AYENI AYOMIDE ELIZABETH Date

CSC/15/4071

This is to certify that this work was carried out by AYENI AYOMIDE ELIZABETH with
matriculation number CSC/15/4071 of the Department of Computer Science, School of
Computing, Federal University of Technology, Akure, Nigeria.

…………………………… ……………………………

PROF. O.C. OLABODE Date

Project Supervisor
DEDICATION
I dedicate this to God Almighty for his love, protection and provision, my parents, my
siblings and my colleagues for their care and endless support.
ACKNOWLEDGEMENT

My gratitude goes to my project supervisor Prof. O.C. Olabode and Dr. O.O Adebayo for
their consistent support and inputs in my project. I pray that God will bless him. I also thank
the Head of the Department of Computer Science, Dr. Obe and all my lecturers for their
continuous inputs both morally and academically in my life that gave me a foundation to
embark on this project.

I would as well like to thank my colleagues Akinrele Taye, Ayeoyenikan Temitayo,

Kolawole Segun and Yirenkyi David for their unending support and assistance since I
became an undergraduate; I pray God blesses them all abundantly.

My special thanks also goes to a father, Michael Fasere, whose inputs rendered helped me
gain speed on this project work. Thank you so much.

Lastly, I would like to thank my family; I could never have achieved all of these without
them all. I pray God bless them all immensely.
ABSTRACT

Electronic health record (EHR) has recorded the process of occurrence, development, and
treatment of diseases, therefore it has great medical value. Electronic health records are
personal and vital records for every patient, owing to the privacy and sensitive nature of
medical data for patients, the data sharing, security and privacy preservation are critical
issues in EHR. Technology advancement have created so much benefits which includes
improve security, user experiences that are key factors to the success of electronic health
records in recent years. However, there are still enormous issues being faced regarding the
security of medical records, users absolute ownership of data with integrity. The appropriate
solution to the identified issues could be the novel technology, i.e., Blockchain. The
technology is meant to provide well architected secure, tampered proof platform that allows
medical records to be stored with other healthcare related information.

Cryptographic techniques are employed to preserve privacy. Features of the model include
fine-grained and flexible access control, revocability of consent, auditability, and tamper
resistance. A detailed security analysis would show that the model is provably secure for
privacy and tamper resistance. The performance analysis would show that the model achieves
a better overall performance compared with the existing approach in the literature review.

Keywords: Electronic Health Record, Blockchain technology

CHAPTER 1

INTRODUCTION

1.1. BACKGROUND STUDY OF STUDY

Before the advent of modern technology, healthcare sector used paper based system to store
the medical records, i.e., using handwritten mechanism. This paper-based medical record
system was inefficient, insecure, unorganized and was not temper-proof. It also faced the
issue of data- duplication and redundancy as all the institutions that patient visited had
various copies of patient’s medical records.

PROBLEM STATEMENT

Below are some of the reasons that would led to the development of this system;

Information Asymmetry: There is inconsistency in information exchange between health

providers and patients which consist of medical errors, customer frustration, over- and under-

treament mostly in the western world and predominantly in the developing world. Equalizing

the information exchange will ensures there is an engagement with patienmts, improvement

with outcomes and reduction in unnecessary healthcare expenditure

Data Breaches:

According to US Department of Health and Human Services Office for Civil Rights,

Breaches in Healthcare, have been an issue across the healthcare sector for ages. Between

2009 and 2019 there have been over 3,054 healthcare data breaches involving more than 500

records. Those breaches have resulted in the loss, theft, exposure, or impermissible disclosure

of more than 230,954,151 healthcare records. That equates to more than 69.78% of

the population of the United States.

Given the rapid expansion in electronic health record deployment since 2012, as well as the

expected increase in cloud-based services provided by vendors supporting predictive

analytics, personal health records, health-related sensors, and gene sequencing technology,

the frequency and scope of electronic health care data breaches are likely to increase

1.2. PROJECT MOTIVATION

Electronic health record (EHR) is increasingly being implemented in many developing

countries. It is the need of the hour because it improves the quality of healthcare. Recent

news of security breaches has put a question mark on this system. Despite its increased

usefulness, and increasing enthusiasm in its adoption, not much attention is being paid to the

ethical issues that might arise. The frequency of data breaches in healthcare prompted this

project.

The motivation of this project is to improve and extend on existing work by implementing a

blockchain based electronic health record/medical record for security, integrity, privacy,

information asymmetry and data interoperability.

1.3. PROJECT OBJECTIVES

The objectives of this project is to develop a blockchain-based electronic health record

system that;

a. Secures the integrity, confidentiality and privacy of electronic health record.

b. Solves the issue of data interoperability which is insecure sharing of health records/

medical records of patients between health institutions

c. Solves the issue of information asymmetry which is allowing patients have better

access to their health records

d. Implementation of ‘a’, ‘b’ and ‘c’ above.

1.4. CONTRIBUTION TO KNOWLEDGE

It is expected that the proposed work would do the following;

a. Secure the electronic health records/ medical records of patients efficiently providing

integrity, privacy and confidentiality by storing the health records in a blockchain

b. Resolve the issues of information asymmetry and data interoperability between health

providers/ health institutions.

POSSIBLE CHALLENGES

a. Learning a whole new concept of blockchain technology and the implementation

b. The duration of time for the completion of the project

CHAPTER 2

LITERATURE REVIEW

2.0. RELATED WORK

Over the years a lot of works has been done to improve the security and privacy of electronic
health records. In this section, a number of works will be reviewed stressing their
motivations, objectives, methodologies, contributions to knowledge and limitations. Below
are some of the literature papers that I reviewed:

2.2. BLOCKCHAIN-BASED ACCESS CONTROL MODEL TO PRESERVE

PRIVACY FOR PERSONAL HEALTH RECORD SYSTEMS

2.2.1. Motivation

This project was motivated by the observation of the fact that Personal health record (PHR)
stores the health-related personal data of patients and usually contains highly sensitive
information, some incorrect modification or alteration of any PHR data may cause an
irreversible harmful consequence which makes privacy a key concern for personal health
record systems. The originality or tamper resistance feature is crucial for PHR system
because of the irreversible consequence of incorrect information. Blockchain technology
becomes a potential solution due to its immutability and irreversibility properties.

2.2.2. Introduction

The personal health record system could be seen as a promising solution for preventive care
of the PHR owners. PHR system enables the exchange of information with healthcare
provider and it can help to foresee the health issues. Personal health record (PHR) stores the
health-related personal data and usually contains highly sensitive information. Some incorrect
modification or alteration of any PHR data may cause an irreversible harmful consequence.
Thus, privacy becomes a key ingredient for any PHR system. In particular, a tamper
resistance property is the most important feature for PHR system. PHR system would
significantly provide the high-quality preventive personal healthcare if the lifelong health-
related information of an individual can be securely captured and stored on tamper resistant
storage. Immutability, cryptographic verifiability, and backup characteristics of blockchain
can be an effective tamper resistant storage mechanism for PHR system. Even though
blockchain technology possesses many good properties such as immutability and
irreversibility, blockchain technology also contains some potential drawbacks to using in a
PHR system development. The irreversibility property of blockchain becomes a barrier to a
consent revocation feature—allowing the users to eliminate a permission of a certain action
on the data for specified individuals. The transparent property of blockchain—allowing all
participants on the network to view all data—can cause a confidentiality issue. The limited
storage of blockchain becomes an availability issue for the explosive growth of the diverse
medical related data. Although the private blockchain such as Hyperledger Fabric can
regulate the participation in its blockchain network, the PHR system still requires allowing
only some certain members to access a specific part of the PHR system. As a result, a privacy
leakage is still an issue. Other issues include performance and energy consumption of
blockchain underlying mechanisms.

2.2.3. Objective
The main objective of this work was to propose a blockchain-based personal health record
(PHR) model that provides fine-grained access control, guarantees the tamper resistance,
supports the verification of the integrity of data conveniently, and ensures the privacy.

2.2.4. Methodology
In the overall architecture of the proposed model, the real personal health record data will be
encrypted using the public key (master key) of the PHR owner and stored on a cloud storage
to ensure the confidentiality. The PHR will be shared via a proxy reencryption process. Thus,
the reencryption keys and other information needed for an authentication process will be
Stored on a proxy called the gateway server. The metadata of the PHR will be stored on the
private blockchain to support search and tamper resistance features. The PHR will be
accessed by the PHR owner or others such as healthcare providers, e.g., doctors, nurses. Five
main entities included in their model were;
(i) The PHR owner (PO) is an entity who owns the PHR data and wishes to access or store
their PHR data. PO has a full control over his/her PHR data. PO must define an access
control policy on his/her PHR data and PO can allow or disallow some access permissions on
his/her PHR data to others at will. Therefore, PO has to generate the reencryption keys and
the metadata for his/her PHR. PO can also allow some users to add more data on his/her
behalf and PO can recontrol the access to the newly added PHR data.
(ii) The user (U) is an entity who requests an access to the PHR data with the permission
from the corresponding PO. Typical U can be from several sections such as healthcare
providers (e.g., doctors, nurses), health insurance providers, and caregivers. Users can search
and get the metadata via the blockchain and can later request the PHR data from the gateway
server. User with a delegated authority can create/upload the new PHR data into the system.
(iii) The gateway server (GS) is responsible for verifying the authenticity of all actions
inside the system. The actions include reencrypting the PHR data, storing the metadata, and
accessing the log on the chain. GS is also responsible for administering the private
blockchain. All communications between GS and other entities will be done via an SSL/TLS
Secure channel. In this work, GS is considered a semi trusted server—the server obeys the
procedure defined in the work but it is curious to know the data.
(iv) Cloud storage (CS) is responsible for storing the actual encrypted PHR data. CS is also
considered a semi trusted server.
(v) The private blockchain (BC) is responsible for storing the metadata and the access log
of the system. BC can be accessed by a predefined group of users.

2.2.5. Contribution to knowledge

The blockchain-based personal health record system to promote a privacy-preserving access
control model was proposed in this work. The proposed solution addresses the recurrent
requirements of PHR system and the issues of using the blockchain technology in PHR
system development. Then the privacy and security of the proposed model were analysed
with four threat models, namely, a tampering attack, a collusion attack, a replay attack, and a
malicious access attack, to ensure the accomplishment of their original goals.

2.2.6. Limitations
To handle the performance and energy consumption issue of blockchain, the private
blockchain (Hyperledger) was used in their system. Hyperledger supports the best transaction
of more than 10K transactions per second and can reduce the overhead of mining process.
Hyperledger Fabric uses various components and various processing phases. Hyperledger
Fabric provides various configurable parameters. However, the default parameter was used in
this work. Thus, a comprehensive study on the effect of Hyperledger Fabric configurable
parameters must be performed in future works.
2.3.0. BLOCKCHAIN FOR SECURE EHRS SHARING OF MOBILE CLOUD BASED
E-HEALTH SYSTEMS

2.3.1. Motivation
This project was motivated by the observation of the fact that recent years have witnessed a
paradigm shift in the storage of Electronic Health Records (EHRs) on mobile cloud
environments, where mobile devices are integrated with cloud computing to facilitate medical
data exchanges among patients and healthcare providers. However, this new paradigm raises
concerns about data privacy and network security for e-health systems. How to reliably share
EHRs among mobile users while guaranteeing high-security levels in the mobile cloud is a
challenging issue. Motivated by such advantages of blockchain, they proposed a new EHRs
sharing model on a mobile cloud platform based on the blockchain technique.

2.3.2. Introduction
Recently, there has been a growing interest in employing the blockchain technology to
promote medical and e-health services. Blockchain with its decentralized and trustworthy
nature has demonstrated immense potentials in various e-health sectors such as secure sharing
of Electronic Health Records (EHRs) and data access management among multiple medical
entities. Therefore, the adoption of blockchain can provide promising solutions to facilitate
Healthcare delivery and thus revolutionize the healthcare industry. Patients now can collect
their personal health information at home based on mobile devices (such as smartphones and
wearable sensors) and share on cloud environments where healthcare providers can access
instantly to analyse medical records and provide timely medical supports. This smart e-health
Service allows healthcare providers remotely monitor patients and offer ambulatory care at
home, which not only facilitates healthcare delivery but also brings economic benefits to
patients. Further, the availability of complete EHRs on clouds also helps healthcare providers
track patient health and offers proper medical services during diagnosis and treatment
processes. Besides all these great advantages, however, the trend of EHRs storage on clouds
also poses security challenges which hinder the deployment of e-health applications on
clouds.
Among such security issues is secure EHRs sharing between patients and healthcare
providers on mobile cloud environments. Unauthorized entities may gain malicious access to
EHRs without consent of patients, which has detrimental impacts on data integrity, privacy
and security of cloud e-health systems. Moreover, patients may find it difficult to track and
manage their health records shared among healthcare providers on clouds. It therefore is
necessary to propose efficient access control solutions for mobile cloud EHRs sharing
systems.
2.3.3. Objective
The main objective of the proposed work was to develop a framework that would achieve the
following design objectives.
1) The system should have the properties of user identity and authentication. The framework
ensures to strictly verify access from mobile to guarantee system trustworthiness. It should
only allow authorized entities to access EHRs, while preventing effectively potential threats
to the EHRs system.
2) The system should provide a fast data retrieval capability with an authorization design
based on smart contracts. The user access control design should be lightweight to avoid high
network latency.
3) The system should achieve high security levels, system integrity and data privacy and
provide flexibility to mobile users, which can make the proposed system feasible to many
healthcare scenarios.

2.3.4. Methodology
In this paper, they employed an Ethereum blockchain platform for building their e-health
system. They deployed a private Ethereum blockchain network on Amazon cloud computing
where two virtual machines AWS EC2 were employed as the miners, two virtual machines
Ubuntu 16.04 LTS were used as the admin and EHRs manager, respectively. Their smart
contract was written by Solidity programming language and deployed on AWS Lambda
functions. Each function interacts with the cloud blockchain via the web3.js API. Users can
interact with smart contracts through their Android phone where a Geth client (a command
line interface implemented in the Go language) was installed to transform each smartphone
into an Ethereum node. By using the Geth client, a mobile user can create an Ethereum
account to communicate with our blockchain network for accessing data. The web3.js library,
a lightweight Java library for working with smart contracts and blockchain, was also used for
developing the mobile application to connect with the Ethereum blockchain network. Next,
they set up IPFS on Amazon cloud to build a decentralized storage system. They built the
medical records system by their mobile healthcare platform called BioKin which includes a
network of wearable sensors and a mobile Android application to collect and process patient
data for cloud storage. A Java library for uploading data to IPFS on cloud was also integrated
with their mobile app. To encrypt medical data files in the mobile gateway, they employed an
asymmetric encryption algorithm RSA that was written in Java and deployed on Android app.

2.3.5. Contribution to knowledge

 They proposed a novel EHRs sharing architecture based on blockchain and

decentralized storage interplanetary file system (IPFS) for an e-health system on a
mobile cloud platform. To improve security of EHRs sharing, we develop a
trustworthy access control mechanism using smart contracts. Further, a data sharing
protocol is designed to manage user access to our EHRs system.
 They investigated the performance of the proposed EHRs sharing model through
usability tests on a mobile Android application and cloud computing provided by
Amazon Web Services (AWS). The evaluation results demonstrate that the proposed
method is feasible to various e-health scenarios.
 They provided a security analysis and extensive evaluation in various performance
metrics to highlight the advantage of the proposed framework over current EHRs
sharing solutions.
2.3.6. Limitations
The limitation of this research were;
 Uploading medical data to cloud for sharing in healthcare Blockchain which
introduces some critical privacy issues.
 Also, different healthcare providers can have different roles based on their
functionality, such as doctor, clinicians, physicians, nurses. Therefore, there is a need
to extend the current EHRs sharing system, aiming to adapt to scalable e-health
scenarios while guaranteeing high quality of user experience and e-health sharing
reliability.
 Low network latency.

2.4.0. EACMS: EMERGENCY ACCESS CONTROL MANAGEMENT SYSTEM FOR

PERSONAL HEALTH RECORD BASED ON BLOCKCHAIN

2.4.1. Motivation
This project was primarily motivated by the fact there is an uncertain remaining issue for the
role of PHR in emergencies. In a traditional emergency access system, the patient cannot give
consent to emergency staff for accessing his/her PHR. Moreover, there is no secured record
management of patient's PHR, which reveals highly confidential personal information, such
as what happened, when, and who has access to such information.
2.4.2. Introduction
Some applications of big data for health care services and medications may be dealt with
third parties or the public for surveys and the extraction of the useful report. In some cases,
the healthcare data for sensitive patients may be exposed to malicious attacks, and the risks
are involved in this process such as tampering and unauthorized access. Therefore, it is an
essential issue that must be considered to ensure security and privacy during the system
design for sensitive healthcare data. A PHR is a tool for electronically saving a person's
lifelong health data. It must grant specific access control for managing, tracing, and
participating in their health care data. PHR carries integrated and complete health care data
such as healthcare history, medication procedures, and significant disease as well as allergy
information, home-monitored data, family member's history, social records and lifestyle,
immunization record, prescribed medications, laboratory experiments, and genetic data.
Secure data sharing is crucial to present sufficient collaborative treatment and care choices
for patients. The information in the PHR should be correct, trustworthy, and complete. In the
emergency condition, the medical staff needs some necessary elementary and valuable health
information about the patient for increasing the chance to supply appropriate cure to save the
Patient’s life or assuage in perilous conditions. Due to the sensitive and confidentiality
system of PHR, access to the PHR is restricting for anyone included her/his physician. In the
emergency condition, such pre-defined access control policies become less because there is
no policy defined that would allow an emergency medical team to access the patients' health
record. Also, the patient is not in a sense and cannot operate the access control for giving
his/her PHR. Moreover, the patient's care is critical and his/her health record an essential
aspect of the patient's security and privacy. One more significant challenge is in the
emergency condition after accessing the PHR; misuse of personal information can be
exploited illegally. In the traditional PHR emergency cases, the system cannot verify the
identification of the object either a people or organization sent the PHR request. In the
traditional emergency access system, when the staff has done some activities on the PHR
records, and later, the malicious users could try to obtain the patient's PHR information.
There is no audit or transaction log where the patient can trace all the accesses of PHR
information because, in the emergency condition, the patient cannot participate in the
emergency access authorization.
2.4.3. Objective
The objective of this paper was to to alleviate these problems explained above and make sure
secure access handling is maintained during emergencies and maintain a secure ledger.
2.4.4. Methodology
The back-end comprises of a single server, which has configured routes and these routes are
detected and can be called by clients. Every route has connected a similar method with it.
These methods utilize the HF NodeSDK to interact with the blockchain network. The back-
end is created using NodeJS and Hyperledger Composer-SDK. It is capable of managing
client requests and return the response from the blockchain network. To access the database
through the system, there is a need for an authorization to access the blockchain network.
This is achieved by applying information in java script object notation (JSON) web created
during the login process. This network uses a single peer node with the world state database,
a single ordering node, and certificate authority (CA). When the network is started, it creates
a channel connecting a peer node to install a smart contract (a custom one) on a peer's file
system and execute the initialization function on that contract.

2.4.5. Contribution to knowledge

The contribution of the work is that this framework provides the security of sensitive patient's
PHR data items so that it guarantees time efficiency, and privacy, accessibility, and granular
access control management during emergency cases as opposed to traditional emergency
access systems

2.4.6. Limitation
No limitation recorded.

2.5.0. FLEXIBLE AND EFFICIENT BLOCKCHAIN-BASED ABE SCHEME WITH

MULTI-AUTHORITY FOR MEDICAL ON DEMAND IN TELEMEDICINE
SYSTEM

2.5.1. Motivation
This project was primarily motivated by the fact that as the population grows, the
requirement of medical resource increase dramatically in the healthcare system. Patients
living in underdeveloped areas, where traffic is inconvenient, are extremely lack of mobility
as well as access authority to high quality healthcare, especially for the aged or disabled ones.
The telemedicine system enables to bridge this gap. This system takes advantage of
telecommunication and information technology to supply the remote healthcare resource,
which overcomes the distance barriers to improve the medical services in remote rural
communities, and even saves the life in the critical and emergency situation. Meanwhile, the
outsourcing of healthcare data on public cloud platforms bring some new challenges on the
security.

2.5.2. Introduction
As the population grows, the requirement of medical resource increase dramatically in the
healthcare system. Patients living in underdeveloped areas, where traffic is inconvenient, are
extremely lack of mobility as well as access authority to high quality healthcare, especially
for the aged or disabled ones. The telemedicine system enables to bridge this gap. This
system takes advantage of telecommunication and information technology to supply the
remote healthcare resource, which overcomes the distance barriers to improve the medical
services in remote rural communities, and even saves the life in the critical and emergency
situation. Medical on demand (MoD) is aroused with the development of telemedicine system
recently. The patient is permitted to communicate with the most eminent doctors or
specialists in distance without visiting them face to face. According to the medical certificate
from the remote specialist in the large scale hospital, patient does some laboratory tests and
physical examinations on demand in local or community hospital, whose responsibility is
uploading the electronic health records (EHRs) to the database (or cloud). After receiving the
patient's examination reports, the remote specialist makes out the accurate diagnosis on him.
In this model, the telemedicine system supports remote diagnose and prescription
verification, which saves the precious medial resource and reduces the overall cost of
healthcare for poverty-stricken patient. Moreover, this system allows healthcare specialist in
different places to share information and discuss the diagnostic results as if they are staying
in the meeting room. In the face of serious illness, this system can also avoid the transmission
of infectious diseases or parasites between infectors and medical staffs (e.g., SARS).
Nowadays, the telemedicine system is usually established by Cloud Server Provider (CSP)
who provides a virtual platform that allows doctors and patients to work together for overall
wellness and health, and supports in-home care. By means of this platform, it built up the
communication links among patient, medical staff and storage server. Patient could subscribe
some medical services on demand for greater access to quality care and improving his
experiences. Cloud server is responsible to store EHRs and other related healthcare data. As
for specialist and researcher, they access the
Physical data stored in the cloud to make accurate diagnosis and do some scientific
researches.

2.5.3. Objective
The objective of the paper was;
 An Attribute based Encryption (ABE) scheme is to be presented to achieve the
dynamic authentication and authorization with higher flexibility and efficiency for the
Medical on demand services in telemedicine system. On the one hand, when the
patient alters his ordered service, it requires no updating on the parameters for those
whose statuses remain unchanged.
 To construct an independent-update key policy ABE scheme in the distributed
telemedicine system that aims to updates patient's keys separately.
 By using blockchain and distributed database technologies, the private healthcare data
stored in public cloud is protected in integrity, which avoids the misdiagnosis accident
from the inaccurate electronic health records distorted by a malicious user or authority
from the inner cloud.

2.5.4 Contribution to knowledge

In this paper, taking the telemedicine system in cloud computing into consideration, a
blockchain-based multi-authority KP-ABE with independent-update was proposed, which is
suitable for being applied in the distributed telemedicine system.
Their contributions are as follows.
(a) First of all, user in this system can dynamically join and leave freely, and he/she updates
or revokes access policy on-demand while other users will not be influenced, which enjoys
the forward security.
(b) Secondly, we adopt the mode of multi-authority co-management for meeting the
requirements of the distributed telemedicine system. Furthermore, it shares one
pseudorandom function seed privately in every two authorities. Besides that, in every user's
private key, it contains each authority's private key to resist (N-1) corrupted authorities at
most in the collusion attack.
(c) Thirdly, provided that the Decisional Bilinear Diffe-Hellman (DBDH) assumption holds,
the security of this scheme is proven in the standard model.
(d) Fourthly, this scheme employs the blockchain technology on the medical data transmitted
between the doctor and the patient, which provides the integrity and traceability of those
sensitive data.

2.5.6. Limitations
No limitation was recorded

2.6.0. A BLOCKCHAIN-BASED MEDICAL DATA SHARING AND PROTECTION

SCHEME

2.6.1. Motivation
This paper was motivated owing to the fact Research on medical sharing schemes based on
blockchain is still in its infancy at present. The existing schemes have the following
drawbacks:
(1) Most schemes only give the framework and don't describe the specific details for
implementation
(2) Although the details are given in some schemes, the cost of computation and
communication is high.
The motivation of this paper is to design a medical data sharing scheme based on blockchain.
It is helpful to the storage, management, and sharing of the medical data. The scheme should
satisfy the security requirements in medical data sharing schemes.

2.6.2. Introduction
With the development of computer and communication technology, EHR has become an
indispensable tool for medical services. The system utilizes some electronic devices such as
the computer to deal with digital medical records, and it has the advantages of easy to use,
stronger timeliness, and low cost. EHR not only provides the most useful data for diagnosis
and scientific research but also it gives one kind of judgment basis for handling medical
disputes. So, it has attracted a wide range of attention including the government, the medical
community, cybersecurity department, and so on. Because the medical data is crucial for the
diagnosis, and it is personal and sensitive for patients. Thus, data sharing and privacy
preservation issues are critical in EHR. The medical data should be stored, managed, and
accessed securely. Notably, the doctor usually needs to know the medical history of the
patient when he/she makes the diagnosis or treatment. However, the patient cannot
professionally describe his/her medical history, which will affect the latest treatment. Thus, in
EHR, historical medical data generated by different doctors in different hospitals should be
capable of being securely and timely queried by a legitimate doctor with the patient's consent.
In recent years, the EHR system is markedly developed with the rise of cloud computing. For
example, authors first expounded the security requirements of the EHR system based on
cloud computing. Also, some suggestions are suggested to ensure the security of medical data
in the cloud. The attribute-based encryption is utilized to protect the data in the cloud, and
then the proposed EHR system is implemented in an android phone. Xhafa et al. proposed an
attribute-based EHR with privacy awareness in cloud computing. However, these cloud-
based schemes have some flaws. For example, they have a dependency on the cloud provider.
If some targeted attacks to cloud provider are carried out, then the information leakage is
likely to occur. Additionally, the server may suddenly stop if the cloud providers would go
bankrupt or be swallowed up by the larger companies. That is, the security of EHR will be
threatened. In 2008, the blockchain structure was proposed. It can be viewed as a distributed
database and satisfies the features of decentralization, tamper resistance, and asymmetric
encryption. This technology can provide a reliable way to manage and store data. So it may
be a promising solution for EHR. At present, the blockchain-based researches for EHR have
already started attracting attention from medicine. How to design an efficient and secure EHR
system by using blockchain is their core task.

2.6.3. Objective
The Objective of this paper is to;
 Design a medical data sharing scheme based on blockchain. It is helpful to the
storage, management, and sharing of the medical data. The scheme should satisfy the
security requirements in medical data sharing schemes. Also, it should have low
computational and communication cost.

2.6.5. Contribution to Knowledge

The main contributions of this paper are listed as follows;
1) A lightweight medical data sharing and protection model is proposed, which is based on
blockchain. Utilizing the proxy re-encryption technology, the model could make data sharing
among doctors from different hospitals possible. The stored medical information is very
secure and could not be easily tampered since they are stored in the blockchain.
2) An improved consensus mechanism is proposed by improving the traditional delegated
proof of stake. It is secure, reliable, and efficient.
3) We design a symptoms-matching mechanism for patients who register in different
hospitals and have the same disease symptoms. One session key could be set between the
patients after they make mutual authentication. The mechanism can help patients to
communicate the disease information.

2.6.6. Limitations
No limitation was recorded

2.7.0. CLOUD-ASSISTED EHR SHARING WITH SECURITY AND PRIVACY

PRESERVATION VIA CONSORTIUM BLOCKCHAIN

2.7.1. Motivation
This project was motivated due to the fact that in recent years, cloud-based electronic medical
record sharing scheme has brought a lot of conveniences, but the centralization of cloud
exposes threats inevitably to data security and privacy preservation.

2.7.2. Introduction
With high-speed development of information technology and Internet technology, Electronic
Health Records (EHRs), as a replacement of traditional manuscript patient's health records on
paper, solve the problems of paper that easy to lose, difficult to save for a long time and not
easy to carry. For the research of disease, doctors or medical institutions need abundant EHRs
which contain similar or related disease to compare and analyse for seeking better therapeutic
methods. For a patient, he/she may not be able to remember his/her medical history or can't
describe detailed symptoms. EHR sharing is a promising solution for these problems, which
can help doctors know more about patients, such that improving the accuracy of disease
diagnosis. EHR sharing has attracted extensive attentions and researches from industry and
academia, where the most noteworthy issues are privacy preservation, data security and
interoperability. First, EHRs include personal and high privacy-sensitive information, thus
privacy preservation is the guard of patients' reputation and benefit. Second, only the
authentic data in EHRs can reflect the real situation and promote the development of medical
treatment. On the contrary, the forged or modified data reduces the effective utilization of
EHRs. Additionally, the interoperability can help patients to control the access right of their
EHRs and enhance mobility of EHRs between different healthcare institutions. In response to
these questions, cloud technology has been put forward for health data storage, management
and sharing. These works use different cryptographic algorithms and cloud technology to
design access control schemes for EHR sharing to realizing privacy preservation and data
security. Although these works provide promising solutions for EHR sharing in cloud
environment and pay high attention to data security and privacy protection, there still remains
one severe challenge: the cloud is supposed to be trusted in storing and managing the data.
The pattern of cloud-based EHR sharing relies on third-party which may steal, leak, tamper
or abuse the data once they are under attacks or lack of monitoring. Despite that many
cryptographic primitives are applied in different schemes, the problem of single point failure
can't be solved due to the centralization characteristic of cloud. Fortunately, blockchain
technology as a distributed public ledger is a prospective solution to figure out security issues
in EHR sharing after the cloud-based system. Due to the fact that the blockchain is open and
transparent, EHR sharing based on blockchain can help patients to control access permission
and supervise the utilization of their EHRs.

2.7.3. Objectives
In order to address the above challenges, they proposed a cloud-assisted blockchain scheme
which combines searchable encryption and proxy re-encryption technology to realize privacy
preservation and data security for EHR sharing between health institutions.

2.7.4. Contribution to Knowledge

The following contribution to knowledge was made;
 We propose a new framework for cloud-assisted EHR storage and sharing with
privacy preservation and data security based on consortium blockchain. The cloud is
used to store patients' EHR ciphertext while the consortium blockchain keeps record
of keyword ciphertext for data searching and sharing.
 We design the following core components for consortium blockchain: network model,
data construction, and consensus mechanism. We define different entities, and
stipulate their authority according to the demand of our system in the network. We
design the block structure and transaction structure and incorporate cryptography
primitives to store data securely. Furthermore, we put forward proof of authorization
as the consensus mechanism for consortium blockchain.
 We present a cloud-assisted secure and privacy-preserving EHR sharing protocol
based on consortium blockchain. Only the authorized data requesters who have
searching trapdoor are allowed to acquire the keywords and related information.
Moreover, the authorization and other access services are accomplished by the
blockchain accounts, which ensures identity privacy protection. Also, the cloud re-
encrypts the EHR cipher-text and sends the reencrypted ciphertext to specified data
requester when they come to an agreement with the patient.
2.7.6. Limitations
The scheme was implemented on Ethereum platform and performance of computational
overhead and communication overhead was evaluated. For future work, they stated that, the
scheme would be implemented on Hyperledger Fabric and perfect smart contracts for running
the algorithms of data sharing.

2.8.0. USING BLOCKCHAIN FOR ELECTRONIC HEALTH RECORDS

2.8.1. Motivation
This project was motivated by the fact that Electronic Health Record (EHR) systems faces
problems regarding data security, integrity and management, and that the healthcare sector
stands to benefit immensely from the blockchain technology due to security, privacy,
confidentiality and decentralization features addressing EHR issues.

2.8.2. Introduction
The recent advent in technology is affecting all parts of human life and is changing the way
we use and perceive things previously. Just like the changes technology has offered in
various other sectors of life, it is also finding new ways for improvement in healthcare sector.
The main benefits that advancement in technology is offering are to improve security, user
experience and other aspects of healthcare sector. These benefits were offered by Electronic
Health Record (EHR) and Electronic Medical Record (EMR) systems. However, they still
face some issues regarding the security of medical records, user ownership of data, data
integrity etc. The solution to these issues could be the use of a novel technology, i.e.,
Blockchain. This technology offers to provide a secure, temper-proof platform for storing
medical records and other healthcare related information. Before the advent of modern
technology, healthcare sector used paper based system to store the medical records, i.e., using
handwritten mechanism. This paper-based medical record system was inefficient, insecure,
unorganized and was not temper-proof. It also faced the issue of data- duplication and
redundancy as all the institutions that patient visited had various copies of patient's medical
records. The healthcare sector faced a trend shift towards EHR systems that were designed to
combine paper-based and electronic medical records (EMR). These systems were used to
store clinical notes and laboratory results in its multiple components. They were proposed to
enhance the safety aspect of the patients by preventing errors and increasing information
access. The goal of EHR systems was to solve the problems faced by the paper-based
healthcare records and to provide an efficient system that would transform the state of
healthcare sector. Despite the fact that notion behind usage of HER systems in the hospitals
or healthcare was to improve the quality of healthcare, these systems faced certain problems
like interoperability, scalability, data breaches and information asymmetry.

2.8.3. Objective
The aim of the proposed framework was firstly to implement blockchain technology for EHR
and secondly to provide secure storage of electronic records by defining granular access rules
for the users of the proposed framework. Moreover, this framework also discusses the
scalability problem faced by the blockchain technology in general via use of off-chain storage
of the records.

2.8.5. Contribution to Knowledge

Their proposed framework is a combination of secure record storage along with the granular
access rules for those records. It creates such a system that is easier for the users to use and
understand. Also, the framework proposes measures to ensure the system tackles the problem
of data storage as it utilizes the off-chain storage mechanism of IPFS. And the role-based
access also benefits the system as the medical records are only available to the trusted and
related individuals. This also solves the problem of information asymmetry of EHR system.

2.8.6. Limitations
The limitations of this project were;
 They plan to implement the payment module in the existing framework. For this we
need to have certain considerations as we need to decide how much a patient would
pay for consultation by the doctor on this decentralized system functioning on the
blockchain.
 They stated that it would be needed to define certain policies and rules that comply
with the principles of the healthcare sector.

2.9.0. BLOCK CHAIN BASED IMPLEMENTATION OF ELECTRONIC MEDICAL

HEALTH RECORD

2.9.1. Motivation

This project was motivated by how to supply security and police investigation for patient
medical health records. Providing security to patient medical records is utmost vital, however
Clinicians/physicians will access the stored

2.9.3. OBJECTIVES
The main objective is to produce confidentiality to patient medical records victimization.
Patient information secrecy or confidentiality is one amongst the foremost necessary pillars
of drugs. Protecting the personal details of a patient isn't simply a matter of ethical respect,
it's essential to bond trust between the doctor and also the patient.

2.9.5. Contribution to Knowledge

In this paper, we proposed situations of blockchain innovation utility in numerous social
insurance settings. They likewise exhibited a layout of the gadget for the unique wishes if
there must be an occurrence of radiation oncology data sharing and accomplished a version
that guarantees safety, security, accessibility, and best-grained get entry to electricity over
exceedingly sensitive patients' information.

2.9.6. Limitation
No case of implementation was recorded. A practical prototype of the projected design was
not introduced
References:

1. Blumenthal D. Wiring the health system—origins and provisions of a new federal

program. N Engl J Med. 2011;365(24):2323–2329. [PubMed] [Google Scholar]
2. US Department of Health and Human Services Office for Civil Rights [Accessed
December 4, 2020];Breaches affecting 500 or more
individuals. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.
3. Schneeweiss S. Learning from big health care data. N Engl J Med. 2014;370(23):2161–
2163. [PubMed] [Google Scholar]
4. Adler-Milstein J, Jha AK. Sharing clinical data electronically: a critical challenge for
fixing the health care system. JAMA. 2012;307(16):1695–1696. [PubMed] [Google Scholar]