Tuesday, 23 June 2020

i4C Blogathon - Second Runner Up Prize Winning Entry by Ms. Ruchika Pande | Theme - Healthcare Automation & Renewable Energy

Reinventing the Healthcare System by leveraging Blockchain on Cloud-aided Electronic Health Records.

Second Runner Up Prize Winning Entry  | Theme - Healthcare Automation & Renewable Energy 

Ms. Ruchika Pande
3rd Year, Electronics/Electrical
Pune Institute of Computer Technolog
Healthcare industry is one of the slowest developing sectors in the world. According to the patient experience, it works the same as it did two decades ago. However, it would be incorrect to assert that there has been no innovation in this field from the past few years.
With the advancement of science and technology, the life expectancy of humans has increased and is receiving better and more effective medication. This is remarkable but the goal still remains unaccomplished. Despite of technological advancements, the health record remains on the paper. The Internet, Cloud Computing, Blockchain & AI are some of the technologies that are making several industries better, faster and efficient. The Healthcare Industry is the slowest in this regard to adopt the changes. 

Figure 1: Healthcare industry over the span of 20 years
Electronic Health Records
Electronic Health Record is the first step to a transformed healthcare system. An Electronic Health Record (EHR) is an electronic document that details all the significant clinical reports of an individual, over some stretch of time [1]. EHR is more than just a digital version of patient data. EHR may contain data like treatment plans, medical history, prescriptions, test results, x-rays, etc
The main purpose of the EHR is to eliminate the penmanship which has prevailed for the years together now and to raise the computerized records. These computerized health record improves the quality of healthcare by pulling in features such as health information exchange, precise information in the health records, reduced medical errors, etc. into the system. Through data sharing and coordination, the EHR robotizes and streamlines the health suppliers' work process, as well as evidence-based decision making [2].
 Flaws in the EHR systems
Inspite of these advantages, the individual medical institutions have the sole responsibility of exchanging of medical data outside that specific institution.
There is no common architecture and standard for safe data exchange among the stakeholders. There is a communication gap between different EHR systems.
Different hospitals maintain different structure of the EHR which makes the retrieval of information and its interpretation difficult. Either in the database which is within the organization or a defined network of stakeholder acquires these records. The flow of information should not stop at one organization instead should be directed to nationwide organization for research work.
There is no guarantee in the integrity and security of patient data in the current state of centralized medical data. In this case, patients cannot trust in the data credibility and most of the times are prey to personal information leakage.
Medical experts and researchers have to limit their research work due to restrictions in the healthcare information exchange program. This may happen mainly when one healthcare institution may deny sharing information to another fearing its loss of its regular patient or one institution may ask for fee for information retrieval and the requesting institution might deny paying the required amount.
The problem of process of collecting medical data does not end here. The insurance companies are facing losses every year due to its inability to prevent health insurance fraud. Forgery of data by the healthcare providers are frequent causes denial of the claims. Maintaining electronic copies introduces the possibility of attacks on patient data and information privacy [3].
Bring Cloud Services into Play

Figure 2: EHR deployed on the cloud [4]
Deploying the EHR on the cloud has shown benefits for both patients and medical institutions. However, with increasing demand and usages these are more prone to hacks and data breaches. This makes the data vulnerable and liable to tampering. Designing an access control model for encrypted EHRs in the cloud relies mainly on various aspects, including the encryption scheme, the key management mechanism of encrypted EHRs and the natural flow of communication between the different participants [5]. Even though encryption is used, the keys are stored with the cloud service provider which eventually reduces the security provided by encryption. When one medical institution outsources EHR to the cloud servers, patients would not physically own their EHR but the medical institution can access the EHR as needed for diagnosing, making the EHR’s integrity protection an alarming task, especially in the case that a medical malpractice occurs, where the medical institution may collaborate with the cloud servers to tamper with the outsourced EHR to hide the medical malpractice.
Solution via Blockchain and Cloud
A Blockchain-based EHR framework can be used to address to address the aforementioned issues. It has been found a promising solution for EHR data management. It provides trust and interoperability among all the stakeholders. The inherent secure by design feature of Blockchain which has a distributed, auditable, immutable, chronological and time stamped ledger to store the data has the potential to provide events of EHR which are a tamper-proof.
The Blockchain technology redefines the Healthcare System to a Patient-centric healthcare system. It provides an ideal personal health record platform that brings reliability and transparency. This platform opens the possibility for variety of services like for the insurance companies, the research centers, etc. Using a Blockchain with due permission, allows the hospitals and patients across the world to be connected to each other [6].
However, direct usage of Blockchain for EHR is not a good solution since it has limited storage for large clinical data. Besides this, the ledger is public so we cannot store critical medical information on-chain.

Figure 3: System Architecture [7]

The main idea for an efficient healthcare system is a cloud-aided healthcare system on which Blockchain is leveraged to protect the outsourced EHR from illegal modification. The EHR can be outsourced to the cloud by only authenticated doctor. Each operation on the EHR is integrated into a Blockchain as a transaction. The transaction on the Blockchain includes the data owner’s account address, doctor’s account address, timestamp, some details of the patient and disease using encryption and keyword which can be used by a third party to search the relevant EHR, thus, achieving data security with searchability. The patient’s EHR are converted to ciphertext using encryption and are stored in the cloud. The data asker such as insurance companies, research agencies, hospitals, etc. can search the desired keyword to find the expected EHR on the Blockchain and get the decrypted ciphertext from the cloud once it gets data owner’s authorization. Their operations are recorded as a transaction on the Blockchain. When given an outsourced EHR, any participant can check the integrity of the record by checking the corresponding transaction.

EHR are generated when the patient visits the doctor in hospitals for medical services. The patients have the ownership and control rights to this clinical data. They must register on EHR consortium Blockchain for data sharing. The doctors are the managers of the EHR. They encrypt and upload the EHR to the cloud server after receiving the patient’s authorization. After uploading, they conduct a transaction which consists of ciphertext of EHR, patient’s and doctor’s account address, timestamp and send it to the transaction pool. The cloud servers are responsible for storing the encrypted EHR. People or organizations, who want to access the records, searches for keywords in the Blockchain first. They send an authorization request to the data owners, i.e. the patient after getting the search result. After they get authorization, they receive the health record from the cloud. This operation results in a transaction and is stored on the Blockchain.
 Considering this model, security goals such as data confidentiality, integrity, access control and privacy preservation are achieved. The health records cannot be read or modified by other entities without data owner’s authentication. The patients who are the data owners have the ability to control the data access. Their identity cannot be revealed with EHR and account address. The original record cannot be revealed to the third party. Even if the third party colludes with the cloud server, they cannot access the EHR without access permission. 
Leveraging the Blockchain Technology in the healthcare systems has shown how it can apply to large scale management in an EHR system. It is clear from the analysis that a medical record is the most comprehensive record about the identity of a person and must be handled in a secure manner.
Since Blockchain encoded data can't be changed or erased, it guarantees total uprightness and security of clinical records from the very first moment of its utilization. In this way, to empower confided-in access to clinical information, patients would be placed at the focal point of their medical information and could give or renounce access to whatever other foundation that needs to get to their data. The Blockchain framework innovation is energizing advancements that show guarantee in the social insurance industry. It ought to be a piece of the vital structure for the business procedure modernization of a foundation who stressed over issues of security, interoperability, and protection.

[1] K. Hayrinen, K. Saranto and P. Nykanen, “Definition, structure, content,
use and impacts of electronic health records: a review of the research
literature”, International Journal of Medical Informatics, 77(5),291-
304,doi:10.1016/j.ijmedinf.2007.09.001 PMID: 17951106
[2] Jing Hua Zhang, “Impacts of US health care reform on IT firms’ revenue:
The case of EHR Meaningful Use criteria”, International Conference on
Engineering, Management Science and Innovation (ICEMSI), 2013.
[3] R. C. Barrows Jr and P. D. Clayton, “Privacy, confidentiality, and electronic
medical records”, Journal of the American Medical Informatics Association,3:139-148, 1996.
[4] Nieves, Parker. “What is a cloud-based EHR?”elationhealth.com. July 28,2017. 
[5] Anam Sajid, Haider Abbas, "Data Privacy in Cloud-assisted Healthcare
Systems: State of the Art and Future Challenges", Journal of
Medical Systems, vol. 40, 2016.
[6] Gaganjeet Singh Reen, Manasi Mohandas, and S. Venkatesan,
“Decentralized Patient Centric e-Health Record
Management System using Blockchain and IPFS” in 2019 IEEE Conference
on Information and Communication Technology.
[7] Yong. Wang1, Airing. Zhang1, Peiyun. Zhang2, Huaqun. Wang, “Cloud-
Assisted EHR Sharing with Security and Privacy Preservation Via Consortium
Blockchain” in 2019 IEEE
Conference on Information and Communication 

No comments:

Post a Comment