Report an accessibility problem

ASU Blockchain Research

MedFabric4Me

Introduction

Stakeholders of the healthcare industry are operating in the technological stone age. Insurance providers rely on outdated medical data, clinics communicate inefficiently, and in turn, patients receive inadequate service. As other industries adopt technologies to make practices more efficient, healthcare has been forgotten and effectively left in the dust.[1]

MedFabric4Me provides a simple, yet effective blockchain based solution to mitigate the drawbacks of this broken system and build a healthcare environment that supports patient-centered data integrity and security. By utilizing the technology presented byMedFabric4Me we can provide better record management for patients, faster emergency response times, and improved security of sensitive information.

 

Existing Problems with the Healthcare Industry

Before we identify the problems existing with the status quo of the industry, let’s first explain what Electronic Health Records[3] (EHRs) are and how they are currently being used. EHRs are a systemized collection of patient health data in a digitized form. EHRs include a range of patient information in the form of demographics, medical history, immunization records, and billing information. As we’ll explore next, the type of data these records hold aren’t where the problems exist but instead in how this data is being managed and stored.

The infrastructure that the EHR system was built upon wasn’t meant to sustain the multi-institutional vast network of medical data we witness today. This robustness and lack of cooperation in the industry makes data synchronization between different medical facilities a frustratingly long process. Unfortunately for stakeholders, these systems operate in siloed environments, making updates and changes to medical records an inefficient endeavor. Patient privacy is another point of contention as the systems that contain medical data have been proven to have inadequate security protocols[2]. Along with the inefficiency and vulnerability of these systems, the industry lacks a clearly defined line on where the liability of ownership and management of patient data exist. In the event of there being an attack or loss of data, it’s hard to identify who’s at fault and the appropriate steps to reduce the risk of future system failure.

Electronic Health Records (EHRs) presently exist in a void of “innovative” digital medical data, and inadequate infrastructure from the early 2000s[4]. By utilizing blockchain technology there is an opportunity to overhaul the outdated framework of digital medical records and eliminate some of the pitfalls of the industry. Blockchain integration motions to improve communication inefficiency, the lack of transparency between providers, medical record sharing/updating, inadequate security protocols, and privacy concerns.

 

System Implementation

To meet the needs of the MedFabric4Me project we will use the widely popular blockchain platform, Hyperledger Fabric. Hyperledger Fabric is a permissioned blockchain platform that operates without the use of digital currency. Fabric is highly modular and easily configurable, allowing MedFabric4Me to have a flexible and reliable structure.  Chaincodes, otherwise known as smart contracts will be deployed to validate medical data entries by network participants. These chaincodes are then used to indicate where medical data is stored and gives permissions to authenticate and locate these records.

MedRec4Me is a two-pronged solution platform, composed of on-chain and off-chain components. The on-chain solution is implemented on the secure network of Hyperledger Fabric. While the off-chain solution is used to store data securely via the  IPFS (Interplanetary File System).The chaincodes are used to connect the solutions by mapping patient, provider, and insurer off-chain data to their on-chain identities.

Chaincodes encode a list of references which point between patient-provider relationship agreements. These agreements allow patients to manage the acceptance, rejection, and deletion of relationships between their medical data. When a patient or provider requests access to a medical record, a request is sent to the off-chain solution, the IPFS database.. A “gatekeeper” then verifies the requesters identification using  a cryptographic key signature as part of the on-chain solution. If the requesters have permission to access the records, the chaincode runs a query on the IPFS database and delivers the appropriate information. Additionally, the proposed method of a private peer-to-peer network of verified nodes managing electronic healthcare records provides the network with increased privacy and security.

 

Channels

Hyperledger Fabric channels are commonly established for the sharing of private data between authorized parties in a network. In MedFabric4Me, when the network receives requests for patient data from hospitals, insurers, researchers and other healthcare stakeholders, a message will be sent to the client seeking permission to access the data. At this point, the user will be prompted with a decision to allow the requests access to their data. If permission is approved the requester will be allowed to participate in the channel.  As for privacy concerns, the user can selectively share what type of health data is shared with each individual data requester. This may be based on the necessity of the type and quantity of personal healthcare data necessary to assist the healthcare provider. For example, a user’s insurance history may not be pertinent information when receiving a routine check-up at the dentist. Similarly, the user’s dental treatment may not be necessary when communicating with their skin care provider. To issue a specific certificate, the user can state clearly what category of personal data is allowed to be accessed, and whether they have read-only or read-write access to the documents.

Security

To improve security a notch further, MedFabric4Me will be using Proxy Re-Encryption (PRE) which enables us to securely share data. PRE will ensure that no third party can access our data and should be accessed only by those who have authorization.

Patients encrypt data with their own encryption keys. They then upload their encrypted records to IPFS storage. When patients wish to grant access to a healthcare provider or data researcher, they issue re-encryption keys targeting the recipient. The network uses these re-encryption keys to transform the ciphertext in IPFS for the recipient, at which point the recipient is able to decrypt the records with their own private key. If the patient switches medical providers or wishes to revoke access for any reason, they issue a revocation request and the relevant re-encryption key is deleted. A significant advantage to using PRE is that every granular detail  of a patient record (e.g : First Name, Date of Birth, Sugar Level) can be securely encrypted while simultaneously allowing for the permissions attached to those record to be easily changed.

Sharing Data Outside the Network

In the case of an emergency, one of our users may receive healthcare services from a provider outside of the MedFabric4Me defined network. This situation poses a problem due to the private blockchain network that MedFabric4Me is built upon. Because only authorized users have access to specific patient information, we will build a secure PRE based public network. On this network even providers outside of MedFabric 4Me can be granted authorization and access to patient medical data. This PRE base public network helps us to keep the integrity of data and ensures providers that the data is tamper proof and reliable. Patients can manage who has permission to access their data and have the ability to track with whom their data is being shared with.

 

References:

  • Kirsh, D. (2019). How outdated medical record systems and devices could risk lives | Medical Design and Outsourcing. [online] Medical Design and Outsourcing. Available at: https://www.medicaldesignandoutsourcing.com/outdated-medical-record-systems-devices-risk-lives/ [Accessed 12 Mar. 2019].
  • En.wikipedia.org. (2019). Electronic health record. [online] Available at: https://en.wikipedia.org/wiki/Electronic_health_record [Accessed 12 Mar. 2019].
  • Travis Good, M. (2019). 2017 Healthcare Trends Part 3: The Rise and Fall of the EHR | Datica Blog. [online] Datica.com. Available at: https://datica.com/blog/2017-healthcare-trends-part-three-the-rise-and-fall-of-the-ehr/ [Accessed 12 Mar. 2019].