Improve auditing and privacy of electronic health records by using blockchain technology
Not peer reviewed
MetadataShow full item record
An ever-increasing amount of sensitive patient data is shared between healthcare institutions. The data is strictly personal and the consequences of unintentional disclosure are severe. Recordkeeping systems embedded in the various healthcare systems must therefore adhere to the highest standards of auditability and privacy. Blockchains allow for immutable recordkeeping, which means that data stored on the blockchain cannot be changed or tampered with. Each block on the blockchain stores the computed hash of the contents of the previous block, which makes each new block dependent on the previous block. Nodes store their own copies of the blockchain and keep them synchronized by using mechanisms for distributed consensus. Distributed consensus mechanisms for blockchains facilitate methods to decide which block is to be added to the blockchain next and essentially decide which version of the blockchain is the correct one. This thesis presents an implementation of a blockchain framework for improving auditing and privacy measures of electronic health record (EHR) systems. The framework was partly presented by Yang et. al in 2018 and submitted for publishing in 2019. The proposed framework presents a new layer that can be implemented on top of existing EHR systems. This makes the process of adopting the system much simpler and less costly. The aim of this thesis is to assess how such an implementation can be created using the Hyperledger Fabric blockchain. The implementation facilitates improved privacy and auditing through a solution of storing access control lists and logs directly on the blockchain. Each attempt to access a record is verified in the access control list and subsequently logged before access is granted to the user. This introduces a standard way of managing access control and auditing across several providers, even if the internal system architecture is different for each provider. The layer can be deployed on top of existing systems and only minor changes to the database interfaces are required for the systems to support the new layer. Although the presented implementation is intended for use in EHR systems, it should also be applicable to other types of recordkeeping systems.
PublisherThe University of Bergen
SubjectJavaHyperledgerBlockchaincryptographysecuritydatabaseprivacysmart contractHyperledger FabricrecordkeepingblockchainEHRE-HealthPrivacyauditinge-healthconsensus
Copyright the Author. All rights reserved