Blockchain-enabled Secure and Trusted Personalized Health Record

Dong, Yibin

20 December 2022

Longitudinal personalized electronic health record (LPHR) provides a holistic view of health records for individuals and offers a consistent patient-controlled information system for managing the health care of patients. Except for the patients in Veterans Affairs health care service, however, no LPHR is available for the general population in the U.S. that can integrate the existing patients' electronic health records throughout life of care. Such a gap may be contributed mainly by the fact that existing patients' electronic health records are scattered across multiple health care facilities and often not shared due to privacy and security concerns from both patients and health care organizations. The main objective of this dissertation is to address these roadblocks by designing a scalable and interoperable LPHR with patient-controlled and mutually-trusted security and privacy. Privacy and security are complex problems. Specifically, without a set of access control policies, encryption alone cannot secure patient data due to insider threat. Moreover, in a distributed system like LPHR, so-called race condition occurs when access control policies are centralized while decisions making processes are localized. We propose a formal definition of secure LPHR and develop a blockchain-enabled next generation access control (BeNGAC) model. The BeNGAC solution focuses on patient-managed secure authorization for access, and NGAC operates in open access surroundings where users can be centrally known or unknown. We also propose permissioned blockchain technology - Hyperledger Fabric (HF) - to ease the shortcoming of race condition in NGAC that in return enhances the weak confidentiality protection in HF. Built upon BeNGAC, we further design a blockchain-enabled secure and trusted (BEST) LPHR prototype in which data are stored in a distributed yet decentralized database. The unique feature of the proposed BEST-LPHR is the use of blockchain smart contracts allowing BeNGAC policies to govern the security, privacy, confidentiality, data integrity, scalability, sharing, and auditability. The interoperability is achieved by using a health care data exchange standard called Fast Health Care Interoperability Resources. We demonstrated the feasibility of the BEST-LPHR design by the use case studies. Specifically, a small-scale BEST-LPHR is built for sharing platform among a patient and health care organizations. In the study setting, patients have been raising additional ethical concerns related to consent and granular control of LPHR. We engineered a Web-delivered BEST-LPHR sharing platform with patient-controlled consent granularity, security, and privacy realized by BeNGAC. Health organizations that holding the patient's electronic health record (EHR) can join the platform with trust based on the validation from the patient. The mutual trust is established through a rigorous validation process by both the patient and built-in HF consensus mechanism. We measured system scalability and showed millisecond-range performance of LPHR permission changes. In this dissertation, we report the BEST-LPHR solution to electronically sharing and managing patients' electronic health records from multiple organizations, focusing on privacy and security concerns. While the proposed BEST-LPHR solution cannot, expectedly, address all problems in LPHR, this prototype aims to increase EHR adoption rate and reduce LPHR implementation roadblocks. In a long run, the BEST-LPHR will contribute to improving health care efficiency and the quality of life for many patients. / Doctor of Philosophy / Longitudinal personalized electronic health record (LPHR) provides a holistic view of health records for individuals and offers a consistent patient-controlled information system for managing the health care of patients. Except for the patients in Veterans Affairs health care service, however, no LPHR is available for the general population in the U.S. that can integrate the existing patients' electronic health records throughout life of care. Such a gap may be contributed mainly by the fact that existing patients' electronic health records are scattered across multiple health care facilities and often not shared due to privacy and security concerns from both patients and health care organizations. The main objective of this dissertation is to address these roadblocks by designing a scalable and interoperable LPHR with patient-controlled and mutually-trusted security and privacy. We propose a formal definition of secure LPHR and develop a novel blockchain-enabled next generation access control (BeNGAC) model, that can protect security and privacy of LPHR. Built upon BeNGAC, we further design a blockchain-enabled secure and trusted (BEST) LPHR prototype in which data are stored in a distributed yet decentralized database. The health records on BEST-LPHR are personalized to the patients with patient-controlled security, privacy, and granular consent. The unique feature of the proposed BEST-LPHR is the use of blockchain technology allowing BeNGAC policies to govern the security, privacy, confidentiality, data integrity, scalability, sharing, and auditability. The interoperability is achieved by using a health care data exchange standard. We demonstrated the feasibility of the BEST-LPHR design by the use case studies. Specifically, a small-scale BEST-LPHR is built for sharing platform among a patient and health care organizations. We engineered a Web-delivered BEST-LPHR sharing platform with patient-controlled consent granularity, security, and privacy realized by BeNGAC. Health organizations that holding the patient's electronic health record (EHR) can join the platform with trust based on the validation from the patient. The mutual trust is established through a rigorous validation process by both the patient and built-in blockchain consensus mechanism. We measured system scalability and showed millisecond-range performance of LPHR permission changes. In this dissertation, we report the BEST-LPHR solution to electronically sharing and managing patients' electronic health records from multiple organizations, focusing on privacy and security concerns. While the proposed BEST-LPHR solution cannot, expectedly, address all problems in LPHR, this prototype aims to increase EHR adoption rate and reduce LPHR implementation roadblocks. In a long run, the BEST-LPHR will contribute to improving health care efficiency and the quality of life for many patients.

Achieving Personalized Interoperable Patient Information Systems;benefits & challenges in Swedish context / Uppnående Personlig interoperabelt Patient Information Systems, fördelar och utmaningar i svenska sammanhang

Wasti, Syed Muhammad Taha

January 2009

Due to a rapid increase in aging population, demand for personalized health care increases proportionally. Personalized patient data can be a helpful way of catering the needs and requirements of elderly people staying at home. Indirectly, it can be a manner of providing better eHealth services according to their needs. Another interesting aspect of providing better personalized eHealth services is to make patient information systems interoperable. Interoperability of eHealth systems is an issue of great concern to current research and development but in this study, we focus on patient information systems. Like in some other European countries, introduction of open source platform to achieve interoperability and personalization of patient information system could save money for health care organizations and make the procedure easier in Sweden also. The purpose of this study is to identify what standards are available for interoperability and what are the benefits and challenges of introducing open source systems for achieving personalized interoperable patient information systems (PIPIS). In light of this investigation, author has identified the benefits and challenges of introducing OSS for achieving PIPIS. Author has also made several recommendations regarding the challenges identified. / In the name of ALLAH, the most gracious and merciful. I extend my gratitude to the beautiful creator of this beautiful universe that He made for us to conquer. Without the love of my parents this thesis report could never be possible for me to write. All my love and care is for them which no one else can share. I thank Mr. Hans Kyhlbäck whose supervision is a source of inspiration for doing this study. He is definitely the best supervisor to work with. In the end, I would like to thank my friends and colleagues whose help just kept me going despite of many hurdles that I faced.

Patient information systems

Eectronic health care

Personalized health

Interoperability

Open source software

Open source initiative

Computer Sciences

Datavetenskap (datalogi)

Human Computer Interaction

La circulation de la donnée à caractère personnel relative à la santé : disponibilité de l’information et protection des droits de la personne / Free movement of personal health data : Information availability and rights of data subject

Brasselet, Renato

03 December 2018

La e santé, la m-santé et la quantification de soi connectent le corps et bousculent le modèle traditionnel du soin. Ils le font glisser d’une médecine curative et monopolistique à une médecine préventive et adoptant une approche de la santé telle que définie par l’OMS. Par ce truchement, la personne n’est plus simplement placée au centre du dispositif de soin elle en devient l’un des acteurs y compris dans l’intimité de sa vie privée. Par ailleurs, sans cesse à la recherche de la réalisation d’économie mais aussi de qualité, le système de santé, a muté, sous l’effet du déploiement de l’e-santé. Il en résulte qu’il est désormais substantiellement décloisonné et ne peut plus être synthétisé dans la dichotomie classique entre le sanitaire et le médico-social. Le vecteur et la résultante de ce phénomène consiste dans la circulation de l’information de santé. Désormais majoritairement numérisée elle est devenue indispensable au soin ainsi qu’au fonctionnement du système de santé. Le soin est désormais conçu autour de l’échange et du partage catégoriel et inter-catégoriel, voire même homme-machine ou machine-machine et non plus sur une médecine fondée sur le secret. L’Homme devenu homo numericus n’en est pas pour autant dépourvu de tout droits et de toute intimité. Le droit et la techno-droit s’inscrivent dans ce jeu savant dont la moindre réforme inconséquente pourrait en bouleverser l’équilibre précaire / Health, m-health and self quantification connect the body and disrupt the traditional model of care. They are moving it from curative and monopoly medicine to preventive medicine and taking a WHO-defined approach to health. By this means, the person is no longer simply placed at the center of the care device he becomes one of the actors including in the intimacy of his privacy.On the other hand, in search of the realization of economy but also of quality, the health system, has mutated, under the effect of the deployment of e-health. As a result, it is now substantially landscaped and can no longer be synthesized into the classic dichotomy between health and social medicine. The vector and resultant of this phenomenon consists in the circulation of health information. From now on, it has become largely digital and essential for the care and functioning of the healthcare system. The care is now conceived around categorical and inter-categorical exchange and sharing, even man-machine or machine-machine and no longer on a medicine based on secrecy. The Man who has become a homo Numericus is not without all rights and privacy. Law and techno-law are part of this scholarly game, the slightest inconsistent reform of which could upset its precarious balance

Secret professionnel

Secret partagé

Système national des données de santé

Santé personnalisée

Données à caractère personnel

Données de santé

Professional secrecy

Shared secret

Ational health data system, research

Personalized health

Personal data

Health data

344.04

kBot: Knowledge-Enabled Personalized Chatbot for Self-Management of Asthma in Pediatric Population

Kadariya, Dipesh

16 August 2019

No description available.

Computer Science

Information Technology

Health Care Management

Virtual Assistant

Conversational Agent

Chatbot for Healthcare

Patient Generated Health Data

IoT for Personalized Health

Pediatric Asthma Management

Self Management

Personalized chatbot