Blockchain and IPFS for Electronic Health Records or EHRs (Part 20)
Welcome to the 20th part of the 100 part series on Blockchain.
The healthcare industry generates abundant health data from various sources. The meaningful use of health data can improve the decisions of healthcare providers and patient outcomes. The adoption of digitalized health care records, referred to as electronic health records (EHRs), provides an opportunity for healthcare data analytics and the coordination of results with the care of patients. For this, data sharing is needed for timely health information exchange to provide patients with coordinated and efficient care across healthcare facilities. However, there are security and privacy concerns about the sharing of sensitive health data of the patients.
Electronic health records (EHRs) of an individual are very unstructured and controlled by healthcare providers in their respective central databases. These databases lack interoperability, security and are vulnerable to cyberattacks or hacking.
Cyberattacks targeting healthcare institutions have increased exponentially. These attacks can cause serious damage as many healthcare institutes cannot operate after/during a cyberattack, rendering the whole institution useless and thus, devoiding needy patients of their healthcare needs. It is not only the operations of hospitals that are affected; the patients’ sensitive medical data are at stake, as hospitals store the patients’ data related to the appointment, reports, medical history, and prescriptions, along with other vital information in their central databases.
(i) DoS and DDoS attacks: Most healthcare providers often lose their patients’ data due to Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks. In a Denial of Service (DoS) attack, the attackers overwhelm the target healthcare computer system with a high number of processes, requests, and bandwidth usage. The attackers’ goal is to flood the system with more traffic than the server can handle so that it cannot be used for its intended purpose, like preventing patients from scheduling appointments and preventing doctors from sending or receiving important information. These attacks can even crash the system, leading to the loss of patients’ data. In the DoS, one attacking machine is used, but in the case of a DDoS attack, a swarm of attacking machines is used to exhaust the victim’s computer system. Thus, DDoS attacks are more severe than the DoS attacks because the malicious requests to the victim come from different machines, and most of the time, botnets are used for DDoS attacks.
(ii) Ransomware attack: In a ransomware attack, the attacker is able to run malware on the healthcare computer system. The malware takes control of the system and encrypts all the data present on the system, rendering it inaccessible. Then, they demand a ransom from the victim in exchange for the decryption key. If the ransom is not paid, the data can be lost forever.
(iii) Data breaches: Data breach is a violation in which the confidential and sensitive data of the patients is copied, viewed, stolen, or used by unauthorized individuals. For instance, in 2021, a data breach attack on Florida Healthy Kids Corporation affected 3,500,000 individuals, potentially exposing their personal information such as Social Security numbers, dates of birth, names, addresses, and financial information.
Challenges in data sharing
Although we have computers in nearly every medical facility and mobile phones in every pocket, we still face difficulty in collecting, exchanging, and sharing our medical history with a new doctor. Sharing medical data between various healthcare providers while maintaining the privacy and integrity of the patient’s data is the biggest challenge that health care systems face today.
(i) The health care system is not digitized everywhere in the world. Therefore, many healthcare providers still follow the traditional process and provide prescriptions on paper and graphs. In such a scenario, it becomes difficult for both patients and healthcare providers to refer to these prescriptions whenever required in the future.
(ii) Lack of interoperability: The healthcare systems work in silos and lack interoperability. Even the healthcare systems of different departments within the same hospital cannot interact with each other. So you can imagine the level of difficulty when systems of various healthcare providers have to interact with each other.
(iii) Non-availability of clinic history: In case of emergency conditions or if a patient wants to change the healthcare provider, it becomes challenging for him to procure his clinical history and share that with the new service provider. All diagnostic tests have to be performed again to know the exact problem, thus resulting in delayed treatment and further aggravation of the issue.
(iv) When the doctor is treating a patient who needs emergency care, it becomes challenging for him to know if the patient is allergic to any specific medicine. Therefore, he has to be extra cautious and has to perform drug allergy tests to validate this because the consequences can be pretty dire if the patient is administered any such medicine that he is allergic to.
(v) It is nearly impossible for hospital pharmacies to have a clear picture of the patient data. This, in turn, becomes a challenge for them to predict the inventory required to meet the needs of hospitals. For example, in the case of a sudden outbreak or some seasonal diseases, the pharmacies can go out of stock due to the non-availability of this data. Further, the drug shortages lead to delayed treatment and force healthcare providers and patients to shift to alternate medicines, decreasing the effectiveness of the treatment.
(vi) Telemedicine, also referred to as telehealth or e-medicine, cannot be used effectively. Telemedicine refers to providing healthcare to patients remotely through phones, computers, etc. It allows the healthcare providers to evaluate, diagnose and treat patients without the need for an in-person visit. However, every time a patient consults online, he is required to fill in all his history details. There is no effective way for patients to share their health data with the healthcare provider effectively through remote technology. Moreover, most health reports and consultations are on paper, thus making it cumbersome to be shared online to avail the telemedicine services.
Blockchain- The Solution
Blockchain technology can provide a secure and sustainable way to share the health data of patients while maintaining control of the patients over their data.
Type of Blockchain used
Private permissioned Blockchain is used when the Blockchain network is required to be created in one healthcare institution only. On the other hand, consortium permissioned Blockchain is used when the consortium of healthcare institutions is intended to become part of the Blockchain network. Permissioned Blockchain means users need to obtain permission to join the Blockchain, which limits the data access of the Blockchain to only authorized users.
(i) Storage of EHR data: The health data for patients who opt to participate in the Blockchain will be encrypted and stored in secured off-blockchain peer-to-peer distributed file system IPFS. It is because it is very expensive and energy-consuming to store large chunks of data on the Blockchain. The IPFS contains a unified patient medical record database, and the database is distributed across multiple hospitals or different departments of the same hospital institutional network. As it is not a centralized database, loss of any server or workstation does not mean the loss of any patient’s data.
Whereas all the transactions referring to EHR requests, exchanges, and the links for EHR data (metadata) will be stored on the main Blockchain.
Note: IPFS has been explained in detail in Part 18.
(ii) Smart contracts: The smart contract on the Blockchain platform is written in Solidity language. It manages the storage of metadata to access EHR data stored on IPFS. Once deployed, the smart contracts can never be modified.
Proposed Blockchain platform for healthcare facilities
(i) Each healthcare facility will be required to provide at least one Blockchain node, which runs the complete Blockchain on it.
(ii) All the users, such as patients and healthcare providers, can become a part of the Blockchain network through registering on the healthcare dApp. After verifying identities, each Blockchain user will be given a unique ID, represented by a hash value, also called an account address. Two keys are generated: private and public keys. The user keeps the private key confidential, and the public key is the account address that can be shared. The private key must sign any transaction related to the account address. A transaction can be defined as a process of uploading, updating, deleting, or exchanging EHR data. All transactions need to ensure the public and private keys are matched before transactions are recorded in the Blockchain.
Note: Refer to Part 6 for a detailed explanation of public and private keys.
(iii) After registering on the Blockchain network, the healthcare institution or the patients can upload their health records on the dApp. The EHR data of the patients, along with the data of their visits, prescriptions, billing, etc., will be encrypted and stored on IPFS. Once the documents are uploaded on IPFS, the address of stored documents is stored on the smart contracts. So every time a new document is uploaded, the IPFS hash of the record will be stored on the Blockchain rather than the data. Hence, using IPFS, the space needed to store on blocks is reduced, ultimately reducing every transaction’s cost.
The smart contracts on the Blockchain also play an important role in granting, revoking, and denying access to health care providers to retrieve the patients’ EHR data from the IPFS.
Therefore, Blockchain and IPFS powered distributed file storage system ensures that everyone on the network has access to the same “data.”
Granting access to EHR data
Blockchain technology, along with smart contracts, will help individuals to maintain their electronic health records and ensure that only authorized healthcare providers can access these Health Records. The individuals/patients will be the owners of their medical data. The hospitals or research institutes will require permission from patients to get access to their data. The patient will have the provision to select who can access his information and for what duration. Individuals can also preauthorize the healthcare providers to see their information during any unforeseen emergencies. Suppose a healthcare provider A wants to access patient X’s EHR. For this,
(i) The smart contract on Blockchain verifies the healthcare provider A’s permission to access patient X’s records.
(ii) When the patient grants permission to the healthcare provider, the smart contract retrieves the patient’s metadata, including the location of encrypted EHR data on IPFS.
(iii) The patient has to share his private key, with which the healthcare provider can decrypt the patient’s EHR data. For sharing the private key, the patient can encrypt his private key with the public key of the authorized healthcare provider. Thus, the private key of the healthcare provider is used to decrypt the patient’s private key, which is then used to access the EHRs. Without the patient’s private key, no one can access his data, enabling the patient to control who can access his information.
(iv) The other method of sharing EHRs with healthcare providers without revealing the private key is proxy re-encryption. Proxy re-encryption is the process of converting the encrypted data into another encrypted data, which can be decrypted by the recipient’s (healthcare provider) private key. As discussed, the patient’s EHR data stored on IPFS is encrypted with his public key. The patient can use his private key and the healthcare provider’s public key to create a re-encryption key. This will allow the encryption server or proxy to re-encrypt the original encrypted data (encrypted with the patient’s public key) into a new one so that only the authorized healthcare provider can decrypt it with his private key.
(iv) The Blockchain will also record the timestamp when the healthcare provider received the permission and when they received the EHR data. It allows the patients to revoke access to their records and track how many times their records have been accessed.
Applications of Blockchain in EHR
Application 1: Updating EHRs and sharing them with multiple healthcare providers
(i) Blockchain technology can provide a truly interoperable network. Whenever a patient undergoes any diagnostic test or consultation, this information can be incorporated into the patient’s unique electronic health chain. Even the health-related data collected from smart devices can also be securely incorporated into it. The electronic health record (EHR) data can then be easily exchanged among various health providers as and when needed. This would even reduce the cost of healthcare treatment by avoiding redundant diagnostic tests. And most importantly, the healthcare provider can provide better patient care based on this accurate data.
(ii) The technology also offers flexibility to individuals either to reveal their identity or share their data anonymously/pseudo anonymously. They can even decide what part of the information should be shared with these care providers.
(iii) Once implemented, the electronic health records on Blockchain will serve as a common and integrated backbone for the health industry. It will also reduce the overhead costs for hospitals and healthcare providers.
(iv) This transparent system can help the government to effectively identify the needed citizens for which the health schemes have been started.
(v) The hospitals can give the controlled and needed access to their pharmacies to maintain the required inventory to prevent the shortage of medicines and thus prevent any delay of medical care to the patients.
Application 2: Blockchain helps in reducing time delays during emergency cases
During emergency cases, the doctor rarely has access to the patient’s clinical history. He has to perform all the required tests that result in delayed treatment. Through his EHR on Blockchain and IPFS, the doctor can easily access the patient’s clinical history, and thus, the need to do redundant tests will be avoided that can fasten the treatment and cut down the medical costs at the same time. The health care providers can also be made aware of the allergies and drug incompatibilities of the patient through the EHR on Blockchain. In the current scenario, a doctor is required to perform the drug allergy tests again as the allergic medicine can further worsen a patient’s condition.
Let’s understand it through an example; a patient is allergic to a specific drug, say penicillin. He gets some bacterial infection and visits a doctor for his treatment. Suppose the doctor has access to the patient’s medical history. In that case, he will be aware that the patient has an allergy to penicillin, and subsequently, he will prescribe him some other medication avoiding penicillin. Thus, avoiding any unwanted medical error and any further health complications.
Application 3: Blockchain and Telemedicine can transform healthcare
The distributed Blockchain technology will also play a critical role in better adoption and working of telemedicine and remote monitoring. If the patient cannot physically visit the healthcare provider, he can easily share his EHR data present on Blockchain and get medical advice while sitting at his home. Thus, reducing clinic visits and also saving the commutation time required to visit a clinic. In addition, IoT devices, along with Blockchain and IPFS, can provide real-time data on vital patient measurements such as blood pressure, heartbeat, etc., for better diagnosis. It will also assist in timely follow-ups with doctors, thus making it easier to detect early signs of certain severe health conditions.
Last but not least, this technology would be a great help for the people who live in rural areas and do not have access to good medical facilities. It can be an excellent opportunity for better collaboration between the healthcare providers as well. They can share the patient’s information with each other to get an expert advice, with due consent of the patient on the Blockchain.
Application 4: Blockchain helps in better data integration of Wearables
The growing trend of consumer health wearables like fitbits, health bands, apple health kits, and watches is ushering in a new era of consumerization of healthcare. These devices record the daily data and activities of a consumer like calories, step counts, miles, heart rate, etc. With blockchain technology, all this daily data can be clubbed with other medical health care data like clinic visits, demographics, allergies, lab tests, and much more. Further, with the implementation of smart contracts, this data can be used to provide better medical care and monitoring by doctors.
Let us understand it through a practical world scenario. Andrew is diagnosed with fatty liver, and therefore, Dr. Steve designed a special exercise regimen for him. A smart contract is set between them to check whether Andrew is sticking to the regimen prescribed by the doctor. Andrew’s wearable smart gear logs in his daily movements, exercise regimen, and other essential data points. After every three days, the smart contract verifies if the terms of the contract are fulfilled.
And Dr. Steve only gets notified if Andrew fails to adhere to his exercise regimen continuously for two times. Thus, you can see that smart contracts, when clubbed with Blockchain, can be a game-changer for the healthcare industry.
Application 5: Getting compensated for your data
You will be shocked to know that your health data clubbed with millions of other users is sold by health informatics companies to pharmaceutical companies for billions of dollars. Pharma companies use this bundled data for research and marketing purposes. Of course, the name and other crucial identifying details are taken off before bundling and sharing the data of millions of users. The biggest irony here is that this data belongs to you and got recorded against the payment done by you or your insurance company, but it gets sold without your prior knowledge and consent.
With Blockchain, this situation is bound to change where you control your own data. With this technology, you can share your data anonymously or with your actual identity. Once you give your approval on this, your consent will be recorded on the Blockchain. The pharma companies can verify your consent by using a key that connects to the Blockchain and can then use your data for medical research and marketing purposes. Subsequently, you will also be given a pie of the revenue generated from this transaction.
Additionally, it will be a great help for these pharma companies because having a direct relationship with the patient will help them get more valuable insights, which is not feasible in the current world.
Alrebdi, N., Alabdulatif, A., Iwendi, C., & Lian, Z. (2022). SVBE: searchable and verifiable blockchain-based electronic medical records system. Scientific Reports, 12(1), 1–11.
Elhadad, A. (2020). Data sharing using proxy re-encryption based on DNA computing. Soft Computing, 24(3), 2101–2108.
Hang, L., Choi, E., & Kim, D. H. (2019). A novel EMR integrity management based on a medical blockchain platform in hospital. Electronics, 8(4), 467.
Kumar, S., Bharti, A. K., & Amin, R. (2021). Decentralized secure storage of medical records using Blockchain and IPFS: A comparative analysis with future directions. Security and Privacy, 4(5), e162.
Tanwar, S., Parekh, K., & Evans, R. (2020). Blockchain-based electronic healthcare record system for healthcare 4.0 applications. Journal of Information Security and Applications, 50, 102407.
Uddin, M., Memon, M. S., Memon, I., Ali, I., Memon, J., Abdelhaq, M., & Alsaqour, R. (2021). Hyperledger fabric blockchain: Secure and efficient solution for electronic health records. Comput., Mater. Continua, 68(2), 2377–2397.
Zhuang, Y., Chen, Y. W., Shae, Z. Y., & Shyu, C. R. (2020). Generalizable layered blockchain architecture for health care applications: development, case studies, and evaluation. Journal of Medical Internet Research, 22(7), e19029.
Thanks for reading!