Secure and Trustable EMR Sharing using Blockchain:
Open Challenges and Lessons Learned
Alevtina Dubovitskaya, Rohit Shukla, Zhigang Xu, Samuel Ryu, Michael Schumacher, Fusheng Wang
2
Medical data are distributed
https://thedatamap.org/map2013/index.php3
Medical data…
http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/
• Sensitive• Distributed
4
Medical data…
http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/
• Sensitive• Distributed• Heterogeneous & Dynamic
5
Medical data…
http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/
• Sensitive• Distributed• Heterogeneous & Dynamic• Have to be maintained life-long• Can be required urgently
6
Medical data…
http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/
• Sensitive• Distributed• Heterogeneous & Dynamic• Have to be maintained life-long• Can be required urgently• Need to be exchanged often
(consent is required)
7
Medical data are being digitalized
https://dpconline.org/handbook/organisational-activities/creating-digital-materialshttp://www.scbhrserv.com/medical-record-review.html 8
…but the consents are still paper based!
https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b
…but the consents are still paper based!
https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b
• treatment delays,• wasted resources,• increased costs,• lost control over the data.
?
Web app prototypefor patients and doctors
11
Patient: My data
12
Patient: My data
13
Patient: Add permissions
14
Patient: Add permissions
(1)
15
Patient: Add permissions
(2)
16
Patient: My permissions
17
Patient: My permissions
18
Doctor: Show available data
19
Doctor: Show available data
20
Doctor: Download data
21
Doctor: Download data
22
https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b
01010011…
23
Who is going to store and manage all these consents/permissions/data?
https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b
01010011…
24
Who is going to store and manage all these consents/permissions/data?
https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b
01010011…
25
Who is going to store and manage all these consents/permissions/data?
https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b
01010011…
26
Who is going to store and manage all these consents/permissions/data?
https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b
01010011…
Single point of trust (and failure)
27
28
Blockchain, What is it?
29
Blockchain, what is it?
30
Blockchain, what is it?
31
How to update the ledger?
32
State…
How to update the ledger?
33
State…
How to update the ledger?
34
LogicState…
How to update the ledger?
35
LogicState…
State
How to update the ledger?
36
Logic…
How to update the ledger?
• Logic/Smart contract – a program that defines functionality of the blockchain applications
37
Chaincode (CC):
LogicState…
Who can update the ledger?
• Permissionless: everyone maintaines the ledger and can compete to become the « leader » and add the new block (PoW, PoS, …)
• Permissioned: only predefined set of users maintaines the ledger and participates in the leader election can create and add a new block to the ledger
• Hybrid: predefined set of users is changing
38
Who can update the ledger?Who can access the ledger?
• Permissionless: everyone maintaines the ledger and can compete to become the « leader » and add the new block (PoW, PoS, …)
• Permissioned: only predefined set of users maintaines the ledger and participates in the leader election can create and add a new block to the ledger
– Public: everyone can access the data stored on the ledger– Private: only predefined set of users can access the data stored on the ledger
• Hybrid: predefined set of users is changing
39
Who can update the ledger?Who can access the ledger?
• Permissionless: everyone maintaines the ledger and can compete to become the « leader » and add the new block (PoW, PoS, …)
• Permissioned: only predefined set of users maintaines the ledger and participates in the leader election can create and add a new block to the ledger
– Public: everyone can access the data stored on the ledger– Private: only predefined set of users can access the data stored on the ledger
• Hybrid: predefined set of users is changing
40
Which one to choose?
Permissionless blockchain
Logic
41
Permissionless blockchain
Logic
42
Permissionless blockchain
Leader
Logic
43
Permissionless blockchain
Logic
Leader
Validator Validator
ValidatorValidator
44
Permissionless blockchain
• Anonymous (till certain level)• Every node can compete to become a leader• PoW (solving crypto-puzzle) is energy consuming• Transaction fees• Privacy?
Logic
45
Permissioned blockchain
Membership service
Leader
Validator Validator
Validator
Logic Logic
Logic
Logic
46
Permissioned (public) blockchain
• Scalable?• Who hosts membership service?• Privacy?
Membership service
Leader
Validator Validator
Validator
Logic Logic
Logic
Logic
47
Permissioned (private) blockchain
• Scalable?• Who hosts membership service?• Privacy?
Membership service
…
Leader
Validator Validator
Validator
Logic Logic
Logic
Logic
48
…
Leader
Validator Validator
Validator
Hybrid blockchain (validators are changing after certain number of blocks)
Logic Logic
Logic
Logic
49
Hybrid blockchain (validators are changing after certain number of blocks)
…
Leader
Validator
Validator • PoW / random choice of validators? • Transaction fees• Privacy?
Validator ValidatorLogic Logic
Logic
Logic
Logic
50
Our choice : permissioned private blockchain with chaincode functionality
Validator
Logic
Membership service
…
LogicLogic
Logic
51
Healthcare Data(provided by)
Clinical Data Patient Data
Healthcare Data Management
52
Healthcare Data(provided by)
Clinical Data Patient Data
System Metadata
• Metadata• Permissions
…of…
…for…
Healthcare Data Management
53
Healthcare Data(provided by)
Clinical Data Patient Data
System Metadata
• Metadata• Permissions
…of…
…for…
Healthcare Data Management
Logic
54
Healthcare Data(provided by)
Clinical Data Patient Data
System Metadata
• Metadata• Permissions
…of…
…for…
Healthcare Data Management
Logic
• Limited storage capabilities • Efficiency?
55
Healthcare Data(provided by)
Clinical Data Patient Data
System Metadata
• Metadata• Permissions
…of…
…for…
Healthcare Data Management
Logic
• Limited storage capabilities • Efficiency?
56
Healthcare Data(provided by)
Clinical Data Patient Data
System Metadata
• Metadata• Permissions
…of…
…for…
Healthcare Data Management
Logic
HIPAA Compliant Cloud Storage (CS)
57
Validating Node (VN1)
Validating Node (VN3)
Validating Node (VNN)Chaincode
Chaincode
ChaincodeLogic State
EMR BlockchainNetwork
HIPAA Compliant Cloud Storage (CS)
…
System Overview
Validating Node (VN2)
58
Validating Node (VN1)
Validating Node (VN3)
Validating Node (VNN)Chaincode
Chaincode
ChaincodeLogic State
Membership Service (MS)Reg. A ECA TCA TLS-CA
Validating Node (VN2)EMR Blockchain
Network
HIPAA Compliant Cloud Storage (CS)
The National
Practitioner Data Bank
…
System Overview
59
Validating Node (VN1)
Validating Node (VN3)
Validating Node (VNN)Chaincode
Chaincode
ChaincodeLogic State
Membership Service (MS)Reg. A ECA TCA TLS-CA
Solution User (SU)Patient P
Caregiver C
Validating Node (VN2)EMR Blockchain
Network
HIPAA Compliant Cloud Storage (CS)
The National
Practitioner Data Bank
…
System Overview
60
Validating Node (VN1)
Validating Node (VN3)
Validating Node (VNN)Chaincode
Chaincode
ChaincodeLogic State
UI Provider (UIP)mobile/web app
Non-Validating Node
Membership Service (MS)Reg. A ECA TCA TLS-CA
Solution User (SU)Patient P
Caregiver C
Validating Node (VN2)EMR Blockchain
Network
HIPAA Compliant Cloud Storage (CS)
The National
Practitioner Data Bank
…
System Overview
61
Validating Node (VN1)
Validating Node (VN3)
Validating Node (VNN)Chaincode
Chaincode
ChaincodeLogic State
UI Provider (UIP)mobile/web app
Non-Validating Node
Membership Service (MS)Reg. A ECA TCA TLS-CA
Solution User (SU)Patient P
Caregiver C
Validating Node (VN2)EMR Blockchain
Network
HIPAA Compliant Cloud Storage (CS)
The National
Practitioner Data Bank
…
System Overview
62
63
Open challenges• No legal base on blockchain• Conflict with GDPR “right to be forgotten”
• Emergency access• Risks of the new technology (adoption?)
• Correctness of the chaincode? (*)• Who controls Membership service? (*)• Key management (*)• Usability? (*)
64
legal
medical/social
technical
Open challenges• No legal base on blockchain• Conflict with GDPR “right to be forgotten”
• Emergency access• Risks of the new technology (adoption?)
• Correctness of the chaincode? (*)• Who controls Membership service? (*)• Key management (*)• Usability? (*)
65
legal
medical/social
technical
Open challenges• No legal base on blockchain• Conflict with GDPR “right to be forgotten”
• Emergency access• Risks of the new technology (adoption?)
• Correctness of the logic of the chaincode? (*)• Who controls Membership service? (*)• Key management (*)• Usability? (*)
66
legal
medical/social
technical
Contact and more information: [email protected]