Blockchain-enabled Secure and Trusted Personalized Health Record

Dong, Yibin

20 December 2022

Longitudinal personalized electronic health record (LPHR) provides a holistic view of health records for individuals and offers a consistent patient-controlled information system for managing the health care of patients. Except for the patients in Veterans Affairs health care service, however, no LPHR is available for the general population in the U.S. that can integrate the existing patients' electronic health records throughout life of care. Such a gap may be contributed mainly by the fact that existing patients' electronic health records are scattered across multiple health care facilities and often not shared due to privacy and security concerns from both patients and health care organizations. The main objective of this dissertation is to address these roadblocks by designing a scalable and interoperable LPHR with patient-controlled and mutually-trusted security and privacy. Privacy and security are complex problems. Specifically, without a set of access control policies, encryption alone cannot secure patient data due to insider threat. Moreover, in a distributed system like LPHR, so-called race condition occurs when access control policies are centralized while decisions making processes are localized. We propose a formal definition of secure LPHR and develop a blockchain-enabled next generation access control (BeNGAC) model. The BeNGAC solution focuses on patient-managed secure authorization for access, and NGAC operates in open access surroundings where users can be centrally known or unknown. We also propose permissioned blockchain technology - Hyperledger Fabric (HF) - to ease the shortcoming of race condition in NGAC that in return enhances the weak confidentiality protection in HF. Built upon BeNGAC, we further design a blockchain-enabled secure and trusted (BEST) LPHR prototype in which data are stored in a distributed yet decentralized database. The unique feature of the proposed BEST-LPHR is the use of blockchain smart contracts allowing BeNGAC policies to govern the security, privacy, confidentiality, data integrity, scalability, sharing, and auditability. The interoperability is achieved by using a health care data exchange standard called Fast Health Care Interoperability Resources. We demonstrated the feasibility of the BEST-LPHR design by the use case studies. Specifically, a small-scale BEST-LPHR is built for sharing platform among a patient and health care organizations. In the study setting, patients have been raising additional ethical concerns related to consent and granular control of LPHR. We engineered a Web-delivered BEST-LPHR sharing platform with patient-controlled consent granularity, security, and privacy realized by BeNGAC. Health organizations that holding the patient's electronic health record (EHR) can join the platform with trust based on the validation from the patient. The mutual trust is established through a rigorous validation process by both the patient and built-in HF consensus mechanism. We measured system scalability and showed millisecond-range performance of LPHR permission changes. In this dissertation, we report the BEST-LPHR solution to electronically sharing and managing patients' electronic health records from multiple organizations, focusing on privacy and security concerns. While the proposed BEST-LPHR solution cannot, expectedly, address all problems in LPHR, this prototype aims to increase EHR adoption rate and reduce LPHR implementation roadblocks. In a long run, the BEST-LPHR will contribute to improving health care efficiency and the quality of life for many patients. / Doctor of Philosophy / Longitudinal personalized electronic health record (LPHR) provides a holistic view of health records for individuals and offers a consistent patient-controlled information system for managing the health care of patients. Except for the patients in Veterans Affairs health care service, however, no LPHR is available for the general population in the U.S. that can integrate the existing patients' electronic health records throughout life of care. Such a gap may be contributed mainly by the fact that existing patients' electronic health records are scattered across multiple health care facilities and often not shared due to privacy and security concerns from both patients and health care organizations. The main objective of this dissertation is to address these roadblocks by designing a scalable and interoperable LPHR with patient-controlled and mutually-trusted security and privacy. We propose a formal definition of secure LPHR and develop a novel blockchain-enabled next generation access control (BeNGAC) model, that can protect security and privacy of LPHR. Built upon BeNGAC, we further design a blockchain-enabled secure and trusted (BEST) LPHR prototype in which data are stored in a distributed yet decentralized database. The health records on BEST-LPHR are personalized to the patients with patient-controlled security, privacy, and granular consent. The unique feature of the proposed BEST-LPHR is the use of blockchain technology allowing BeNGAC policies to govern the security, privacy, confidentiality, data integrity, scalability, sharing, and auditability. The interoperability is achieved by using a health care data exchange standard. We demonstrated the feasibility of the BEST-LPHR design by the use case studies. Specifically, a small-scale BEST-LPHR is built for sharing platform among a patient and health care organizations. We engineered a Web-delivered BEST-LPHR sharing platform with patient-controlled consent granularity, security, and privacy realized by BeNGAC. Health organizations that holding the patient's electronic health record (EHR) can join the platform with trust based on the validation from the patient. The mutual trust is established through a rigorous validation process by both the patient and built-in blockchain consensus mechanism. We measured system scalability and showed millisecond-range performance of LPHR permission changes. In this dissertation, we report the BEST-LPHR solution to electronically sharing and managing patients' electronic health records from multiple organizations, focusing on privacy and security concerns. While the proposed BEST-LPHR solution cannot, expectedly, address all problems in LPHR, this prototype aims to increase EHR adoption rate and reduce LPHR implementation roadblocks. In a long run, the BEST-LPHR will contribute to improving health care efficiency and the quality of life for many patients.

Longitudinal Personalized Health Record

Security

Privacy

Patient Consent

Trust

Sharing Platform

Droits du patient : étude comparée entre la France et la Tunisie / Patient rights : a comparative study between France and Tunisia

Chouaibi, Meriam

09 December 2016

Le système juridique français accorde une grande importance aux droits du patient, essentiellement à travers la loi du 4 mars 2002. Ce texte a été construit de manière à placer le patient au centre du dispositif et à lui attribuer des droits liés à sa qualité de sujet de droit. Cette idée est quasiment absente dans la législation tunisienne. En Tunisie, la législation relative aux droits des patients est insuffisante. Il est vrai que le législateur tunisien a défini certains droits pour le patient. Cependant, ces consécrations législatives ne nous permettent pas de confirmer l’idée selon laquelle le patient est le centre de la relation médicale, particulièrement parce que le paternalisme médical trouve encore une consécration en Tunisie. L’étude comparative a montré certaines convergences entre les deux systèmes juridiques mais aussi d’importantes divergences. Ainsi, pour un pays, comme la Tunisie, dont le système sanitaire confronte des difficultés intenses non seulement sur le plan infra-structurel mais également législatif, le code de la santé publique en général et la loi du 4 mars 2002 pour les droits des malades, en particulier, peuvent constituer une source efficace pour des changements en profondeur. Cependant, si en France la loi du 4 mars 2002 occupe une place primordiale dans le corpus des règles du droit de la santé, on ne peut nier que les droits du patient confrontent aujourd’hui des difficultés de mise en œuvre. En effet, même si le souci du législateur français était de protéger au maximum les droits des patients, certaines failles restent à signaler / The french legal system attaches great importance to patient rights, mainly through the law of 4 March 2002. This text was constructed to place the patient at the center of the device and assigning the rights to as a subject of law. This idea is almost absent in tunisian law. In Tunisia, legislation on the rights of patients is inadequate : the rights of patients are devoted so scattered in several legal texts. It is true that the tunisian legislature has defined certain rights for patients. However, these legislative consecrations do not allow us to confirm the idea that the patient is the center of the medical relationship, particularly because medical paternalism still finds consecration in Tunisia. The comparative study showed some convergence between the two legal systems but also important differences. Thus, for a country like Tunisia, whose health system confronts severe difficulties not only its infrastructure but also the legislative, the code of public health in general and the law of 4 March 2002 for the rights of patients, particular, can be an effective source for in-depth changes. However, if in France the Law of 4 March 2002 occupies a prominent place in the corpus of rules of health law, there is no denying that the patient's rights today facing implementation difficulties. Even if the concern of the french parliament was to maximally protect the rights of patients, some flaws still to report

Droits du patient

Droit à la protection de la santé

Droit à l’accès aux soins

Prévention sanitaire

Principe de non discrimination

Droit à la qualité des soins

Sécurité sanitaire

Dignité du patient

Secret médical

Droit à l’information

Consentement du patient

Patient rights

Right to protection of health

Right to access to care

Health prevention

Non-Discrimination principle

Right to quality care

Health security

Patient dignity

Confidential medical information

Right to information

Patient consent