Privacy-preserving is a real problem in our
society, given the multitude of ways to communicate (especially electronic). We
provide personal information when we buy online, when we subscribe to a
newsletter, when we create accounts on social sites or when we apply to jobs on
specialized sites. The confidentiality of personal information is not so common
in certain situations. At least not for job sites, where we must provide
information such as first and last name, date of birth, phone number, address,
etc. Moreover, before the crucial employment interview, many employers try to
obtain private information of the potential future employee (religious
affiliation, sexual orientation, personal activities) as much they can.
Privacy-preserving represents a major
concern those days taking account that the amount of data in our world is rapidly
increasing. According to recent reports, total
Internet traffic has experienced dramatic growth in the past two decades. More
than 20 years ago, in 1992, global Internet networks carried approximately 100
GB of traffic per day. Ten years later, in 2002, global Internet traffic
amounted to 100 Gigabytes per second (GBps). In 2016, global Internet traffic
reached more than 20,000 GBps.1
In the Big Data
era, data is constantly being collected and analyzed, leading to innovation and
economic growth. Companies and organizations use the data they collect to
personalize services, optimize the corporate decision-making process, predict
future trends and more. Today, data is a valuable asset in our economy. 2
care system, a variety of personal information is generated by clinics,
hospitals, and health care applications, data that is stored in large
During their life,
people interact with a large number of medical specialists, for example
pediatricians, general practitioners, nurses, dentist, specialists in medical
insurance etc. Each of them stores data in their IT system, leading to a
fragmented system and databases that are not shared between them.
A second source
that generates data are the smart applications. Among those smart applications,
we can enumerate fitness applications, which generates personal information
like speed, distance, location of an individual that uses it. Another type of
application is Food and Nutrition, which customize a particular diet based on
information provided by user. Also, we ca include Mind and Brain applications
which helps the user to get rid of stress, anxiety and try to focus on
relaxation. All those personal information must be secured, protected and
can also include biometric sensors that contain data useful for identifying
individuals. Biometric data is distinctive, measurable and describe each of us.
Example of such data could be physiological characteristics, like fingerprint,
palm veins, face, facial expression, DNA, palm print, hand geometry, retina and
odor/scent. Also, we can add behavioral characteristics, like rhythm, gait, and
voice. Some of this information is closely related to health, taking account
companies can be included in the health care IT system, system that hardly
shares data. An entire supply chain represents this field: from pharmaceutical
manufactures, shipment, distributors, sales agents, to pharmacies. All these
entities have their own IT systems, where a wide range of inconsistent methods of
passing information and transactions are being used. Communication is different
among parties, information can be erroneous managed and unauthorized handling
of goods in the chain occurs.
Not all the
computer systems described above are interconnected into a single concept
governed by standard rules. This involves additional costs, time, material
resources, or event people’s live.
As the world
population ages, the number of pensioners is steadily increasing reporting to
the number of employees. The result is the steady increase in medical services
provided and a decreasing number of employed people financial contributing to
health care system.
these aspects, we believe that an electronic system based that encompasses all
these entities and ensures the confidentiality, integrity and authenticity of
the data would considerably reduce the costs of the medical system. The
question is: in the context in which many institutions and electronic devices
are involved, who will administer this IT system? We believe that the best
technology to be applied to health care is blockchain. In recent years, this
technology has been applied in various areas, the most important is the
financial one. Blockchain is based on a secure, distributed database that
operates without a central authority or administrator. It uses a distributed,
peer-to-peer network to make a continuous, growing list of ordered records
called blocks to form a digital ledger. Every block contains a set of signed
transactions and is validated by the network itself. Copies of the blockchain
are distributed on each participating node in the network.
In this report, we propose an innovative
model health care IT system focused based on privacy preserving. Users are
recognized as owners of their own data and have full control over it. They can
apply various security policies, such as sharing data with specific clinics,
doctors or institutions, can set a period for sharing it, and can contribute
anonymously to certain statistics. The blockchain uses public key cryptography
to create an immutable, append-only, timestamped chain of content. Each
participating node in the network has a copy of the blockchain. Due to a large
amount of data generated by all the participating institutions and devices, the
content of the nodes in formed only by a set of links to information,
permissions and other auxiliary information. The data itself is stored either
by the institutions that generated it or in the cloud.
the following sections we will present related work, the current state,
requirements for a healthcare IT system and, in the end, our solution.
1. Stadiul actual:
analiza cadrului existent
// de adaugat related work
2. Stadiul actual:
sinteza, limitari, neajunsuri
In Section 3 we
presented a series of solutions which use blockchain technology in health care.
Blockchain is a relatively new technology, applied in various areas, the most
important is the financial one. As we know, blockchain has been so far applied
in Estonia for electronic prescriptions. Some of previously presented solutions
embrace only certain components of the medical system, other solutions present
the applicability of the blockchain technology to an abstract level, and other
solutions present in detail a system, but involving other auxiliary entities,
as data lake.
3. Caiet de sarcini
Our goal is to
develop a secure mechanism based on blockchain technology that is able to
preserve privacy in health care system. The system is able to gather sufficient
information about users provided by clinics, hospitals, and health care
applications so it can act as a large database where is stored information
about the user’s health during his entire life.
All the entities, server and smartphones, must be full-proof against
passive and active attacks. The user has access to a dedicated web application
for getting the desired data or setting permissions. No other entity has access
to this information.
In the following
sections we provide a theoretical model accomplishing these facts.
solution consists in implementing a public blockchain health care as a unique
system of medical results management. Records can have different formats, for
example movies, pictures, etc. Due to fact that those formats could have
considerable size and every participant in the network have a copy of the
blockchain, our solution implies that blocks do not store the medical results,
but a link to the location.
The links to
recordings generated by clinics, hospitals, and health care applications are
stored in the blockchain only with patient’s approval. Along with the links,
there are stored a set of permissions regarding the access to data.
recognized as owners of their own data and have full control over it. Through a
web application, they can apply various security policies, such as sharing data
with specific clinics, doctors or institutions, can set a period for sharing
it, and can contribute anonymously to certain statistics. The blockchain uses
public key cryptography to create an immutable, append-only, timestamped chain
flow, the users query only the blockchain for getting the desired data and the
clinics, health care applications or other entities that generates medical data
uploads information in the blockchain only with patient’s approval. The system
is not designed with third parties that intermediates communication. Data generating
entities are responsible for storing them. In some cases, for example, health
care applications installed on devices with limited storage memory, a cloud
service is useful, as a third party. The data transmitted between the server
and the clients are encrypted to ensure the confidentiality, integrity and
Punere in opera
7.1 Technical Background
Blockchain is a peer-to-peer distributed
ledger technology for a new generation of transactional applications that
implies trust and transparency. Its design pattern consists of three
components: a distributed network, a shared ledger, and digital transactions. The
most known technology that uses Blockchain is Bitcoin.
Blockchain is a decentralized P2P
architecture where nodes are represented by the network participants. Each
network participant has a identical copy of the blockchain, as shown in figure
1. Moreover, they responsible of validating and certifying digital transactions
for the network.
7.1.2 Shared Ledger
participants record transactions in the shared ledger. The addition process
involves running evaluation and verification algorithms by the network members.
If the majority of members consider the transactions to be valid, a new nod
will be added to the shared ledger. The copies of the blockchain will be
updated with the new node in short time. The transaction cannot be modified or
7.1.3 Digital Transactions
The blocks can store
any type of transactions, but the blockchain can impose a certain data format. Data
is encrypted and digitally signed to guarantee the confidentiality, integrity
and authenticity. The blockchain contains blocks in chronological order and
each of them has stored a cryptographic hash to the prior, as shown in figure
7.2.1 User interaction
distributed network is made up by clinics, hospitals, research institutes,
insurance companies, health care applications and other entities that generates
medical data, which have the role of nodes.
interact with a particular node, and, as a result of this interaction, some
data is generated. This stored information is encrypted and digitally signed to
ensure privacy and authenticity of the information. The data must have a
certain format accepted by all the other nodes.
We could highlight
some use-cases, for example: after doctor consultation within a clinic, the
medical report is encrypted and sent to the patient. Records can have different formats, for
example text, movies, pictures, etc. If patient approves it, the clinic broadcasts
the transactions and, if the rest of the miners agrees with data format, a new
block is generated and appended to the blockchain.
example is the use of smart applications. We can enumerate Fitness applications, which
generates personal information like speed, distance, location or Food and
Nutrition apps, which customize a particular diet based on user’s health. In
addition, we can include Mind and Brain applications, which helps the user get
rid of stress, anxiety and try to focus on relaxation. The user has the
possibility to publish the encrypted data in the blockchain. Due to the limited
capability of smart devices, encrypted data can be stored in cloud.
this interaction, the node send a request to patient asking him if the
information will be published in the blockchain or not. This communication flow
is presented in figure 3.
The Mining term refers to adding blocks to the
blockchain. In general, the mining mechanism is similar to Bitcoin. The node
broadcasts Bitcoin transactions to the network and all miners collect it and
add them to the block they are working to solve. Each block contains, among a
record of all recent transactions and a reference to the block that came
immediately before it, an answer to a mathematical puzzle. A new block is valid
if its nonce is chosen so that the new block’s hash is less than a chosen
target. The proof-of-work puzzle is considered a difficult computation, but
checking the result is easy. The solution to a proof-of-work puzzle implies
spending a certain level of effort. An adaptive algorithm adjusts the
difficulty periodically. It is based on the recent block chain history to
maintain the long-term invariant that one block is mined about ten minutes. Due
to fact that each block contains a reference to the prior block, the collection
of all blocks is similar to a chain. It is possible for the chain to have
temporary splits, when two miners reach valid solutions for the same block at
the same time. The network solve those splits within a short time, so that only
the branch with the most combined difficulty survives.
consider that proof-of-work concept is not suitable in health care blockchain.
Instead, proof-of-interoperability is an alternative method that eliminates
some disadvantages, like powerful and costly hardware required for high
computations. Proof-of-interoperability implies that transactions and stored
data are interoperable with regard to a known set of structural and sematic
constraints. Structural constraints implies attributes such as type and
cardinality, and semantic constraints implies using an agreed value sets.
Proof-of-interoperability assume that all miners reach consensus regarding the
set of data templates advised by specialists in medical terminology.
considering the example of the patient is being consulted at a clinic, the
institution generates a set of analysis. This stored information is
encrypted and digitally signed to ensure privacy and authenticity of the
information. The institution sends a link with this information, and, if the
patient agrees to publish it, the clinic broadcast the transaction to the
network. The miners verify the data format and, if the majority agrees, then
the clinic generates a new block and append it to the blockchain in
chronological order. All the miners must update it.
Considering the example of a user generates some medical
data using wearable sensors, the algorithm is similar. The only exception is
that he query the sensors using his smartphone, device that act in this case as
4.2.3 Block generation
The node is also responsible for generating the block. To decrease
network delay and overhead, the block does not contain the information
regarding the medical results. Instead, it reference the encrypted data. An
advantage of this method is keeping sensitive patient data out of the
blockchain and decrease network overlay.
type of block contains the following characteristics:
Hash – the SHA256 of
Block type – information
Data owner ID – a unique ID
regarding the relationship between the user and the generating entity
Data type ID – each type of
medical data must have a unique ID within the blockchain, for example Heart
monitor, prescriptions, blood results, etc.
Data link – link to
In the same
way, a patient is able to add health data from mobile applications and wearable
can play the role of a node when he wants to share his own information with
certain entities. The user would also be able to view an audit log with
information like who, when and what personal data accessed.
permissions must be flexible and would handle more than “all-or-nothing”. The user is able
to define different security
policies, for example, type of data that can be accessed, the allotted time
frame for access, the node which is able to access it, like a research
institute, family, etc. The user can revoke access rights any time. The
access policies must be securely stored in the blockchain, and only the owner
must have the right to modify them, through a new block generation. Thus, data
access in the blockchain is transparent as the sharing transactions are stored
in the blockchain in chronological order.
This type of block
contains the following characteristics:
Hash – the SHA256 of
Block type – information
Entity’s ID that
has access to the data
entity ID – the patient can share certain information generated by one or more
Data type access ID – each type of
medical data must have a unique ID within the blockchain, for example Heart
monitor, prescriptions, blood results, etc.
Period of time – the patient can
share information for a certain amount of time, or for ever
We could enumerate
a few use cases, for example, a user wants to share data with a specific
research institute. The purpose of this sharing is to understand better a
disease and to make certain statistics, by age, sex, time allocated for sports
and the number of calories consumed, etc. Thus, medical institutes have the
opportunity to make new scientific discoveries based on all these factors.
Another example is
sharing information with pharmaceutical companies. Depending on the medications
prescribed by doctors, it can accurately determine the amount of medication
needed. To stimulate data sharing, these companies can reward offering them a
discount on buying medicines or offering priority on buying medicine if the
stock is limited.
We can also
highlight the example of sharing data with health insurance companies.
Depending on the medical history, the insurance company can create a better
offer to clients as stimulus method.
are presented in Figure 6.
blockchain technology for the development of immutable, secure and accessible
medical analysis has a great potential, but also notable challenges. The need
for a global health system is a growing need, as more and more people are
connected to internet. Adoption of this
system by clinics, hospitals, insurance companies, etc. will likely be
security, which implies both privacy and anonymity, are fundamental priorities
for a health care blockchain.
the system should be stored in plain text. Public key cryptography is the
solution for this kind of system: a public key available to everyone and a
private key that is used only by the patient. The medical analysis generated by
a clinic are encrypted using the patient’s public key, as for decrypting, it is
used the private key.
technology may have several limitations, for example publishing information can
be a security breach. In the case of a health care blockchain, the analyzes are
encrypted and are not public, but the transactions are. Each block has the
patient’s ID and the clinic’s ID, so data forensics specialists can observe
patterns of frequency analysis. For example, repeated interactions between
nodes within the blockchain may be discovered.
solution would be imposing white-list nodes, a type of node, which can read the
ledger. Another solution would be applying the Bitcoin model, where addresses
are assigned to data, not to users. This model includes a digital wallet, where
users control the keys to these addresses. The advantage of this method is that
the consensus on a single ID does not need to be reached because a patient can
have multiple IDs, more exactly an ID for each relationship between him and
each clinic. The patient manages his IDs using a digital wallet.
7. Sinteza / Concluzii
presented represents an advantage for both the patient and the medical partners.
Patients should no longer manage their medical analyses, take them personally
from medical laboratories and pass it to the specialists. Patients can give
specialists access to their personal data stored in the blockchain. Useful information
such as the result of the analyzes, the diet that is followed, the number of
calories consumed, etc. are useful data on which patients can receive better
the point of view of medical institutions, given the vast information they have
access to, they can offer better quality medical services. Shared information
is useful for research institutions, given the number and diversity of people. This
data lead to advancement of medical research, help identify and develop new
methods to treat and prevent diseases.
work may include using Artificial Intelligence for making diagnostic
predictions. A machine learning algorithm can take account of the analyzes’ result
made at medical laboratories in accordance with the patient’s life style detected
by wearable sensors and to recommend a diagnosis. This recommendation is a
useful independent reference to doctors. Taking account of doctor’s result, machine-learning
algorithms can be refined and improved.
technology is based on open standards, provides a shared distributed view of
data, where users have control on their personal data and will achieve
widespread acceptance on all domains.