This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Journal of Medical Internet Research, is properly cited. The complete bibliographic information, a link to the original publication on https://www.jmir.org/, as well as this copyright and license information must be included.
With the increasing sophistication of the medical industry, various advanced medical services such as medical artificial intelligence, telemedicine, and personalized health care services have emerged. The demand for medical data is also rapidly increasing today because advanced medical services use medical data such as user data and electronic medical records (EMRs) to provide services. As a result, health care institutions and medical practitioners are researching various mechanisms and tools to feed medical data into their systems seamlessly. However, medical data contain sensitive personal information of patients. Therefore, ensuring security while meeting the demand for medical data is a very important problem in the information age for which a solution is required.
Our goal is to design a blockchain-based decentralized patient information exchange (PIE) system that can safely and efficiently share EMRs. The proposed system preserves patients’ privacy in the EMRs through a medical information exchange process that includes data encryption and access control.
We propose a blockchain-based EMR-sharing system that allows patients to manage their EMRs scattered across multiple hospitals and share them with other users. Our PIE system protects the patient’s EMR from security threats such as counterfeiting and privacy attacks during data sharing. In addition, it provides scalability by using distributed data-sharing methods to quickly share an EMR, regardless of its size or type. We implemented simulation models using Hyperledger Fabric, an open source blockchain framework.
We performed a simulation of the EMR-sharing process and compared it with previous works on blockchain-based medical systems to check the proposed system’s performance. During the simulation, we found that it takes an average of 0.01014 (SD 0.0028) seconds to download 1 MB of EMR in our proposed PIE system. Moreover, it has been confirmed that data can be freely shared with other users regardless of the size or format of the data to be transmitted through the distributed data-sharing technique using the InterPlanetary File System. We conducted a security analysis to check whether the proposed security mechanism can effectively protect users of the EMR-sharing system from security threats such as data forgery or unauthorized access, and we found that the distributed ledger structure and re-encryption–based data encryption method can effectively protect users’ EMRs from forgery and privacy leak threats and provide data integrity.
Blockchain is a distributed ledger technology that provides data integrity to enable patient-centered health information exchange and access control. PIE systems integrate and manage fragmented patient EMRs through blockchain and protect users from security threats during the data exchange process among users. To increase safety and efficiency in the EMR-sharing process, we used access control using security levels, data encryption based on re-encryption, and a distributed data-sharing scheme.
With the development of information and communication technology, the existing medical information system, which used paper charts to manage medical information such as patient treatment information and clinical results, changed to a digital-based medical information system. As of 2017, more than 94% of the hospitals in the United States have used digital health information systems [
Medical information that directly affects a patient’s health must have integrity and be reliable. Moreover, the patient’s privacy should be protected from exposure to unauthorized users. Therefore, it is necessary to develop a secure EMR-sharing system that can provide the integrity and reliability of an EMR and protect patient privacy by addressing the problems of the existing centralized EMR-sharing systems. Decentralization of the system has been proposed to complement the problems of the existing EMR-sharing system, and blockchain is receiving much attention as a technology suited for this purpose [
The blockchain-based decentralized EMR-sharing system has the opposite characteristics to the existing client–server-based centralized system. Through these opposite characteristics, the blockchain-based EMR-sharing system overcomes the current system’s problems and provides various advantages. Unlike the existing centralized system, the blockchain-based decentralized EMR-sharing system exhibits strong resistance to the single point of failure because no central administrator or server controls the system. As multiple nodes operate the decentralized EMR system, data loss or service failure can be prevented even if a specific node fails. Therefore, it is possible to build a more robust system and provide stable service.
In terms of performance, the blockchain-based EMR-sharing system exhibits low throughput and high latency compared with centralized systems because of the data propagation delay between nodes and the consensus mechanism. However, performance problems can be overcome through various methods, including automation of the system by using smart contracts, lightweight consensus mechanisms, and private blockchain models. In a centralized system, only the central administrator manages the database. Hence, the data stored in the database can be arbitrarily modified or deleted only by the central administrator. However, to modify stored data in the decentralized EMR-sharing system, the consent of most of the blockchain nodes is required; therefore, an arbitrary user cannot modify the data at will. Therefore, the blockchain-based EMR-sharing system provides high data integrity and a transparent process, allowing EMRs to be shared without the intervention of a third party, unlike centralized systems. The decentralized EMR-sharing system prevents data leakage and privacy threats from third parties with these characteristics.
Despite many concerns about technological limitations and suitability, many researchers are studying blockchain-based EMR-sharing systems to take advantage of the benefits of blockchain technology [
Decision-making flowchart to determine whether blockchain is an appropriate technical solution to a problem, adapted from the study by Wüst and Gervais [
Comparison of the decentralized (blockchain) and centralized (client–server) electronic medical record–sharing system.
Characteristics | Decentralized system | Centralized system |
System-fault tolerance | Strong | Weak |
Throughput | Low | High |
Latency | High | Low |
Data integrity | High | Medium |
Trusted third party | No | Yes |
Storage | Distributed ledger | Centralized database |
Privacy preservation | Strong | Weak |
Researchers have proposed various EMR-sharing system models based on blockchain to secure the integrity and reliability of EMRs and build a secure EMR-sharing environment. The studies on EMR-sharing systems based on blockchain technology are presented in
Azaria et al [
Blockchain-based electronic medical record (EMR)-sharing systems.
Year | Authors | Description | Limitation | Entities |
2016 | Azaria et al [ |
The authors proposed a new distributed record management system that handles EMRs Researchers and public health authorities participate in the blockchain network as miners Miners given access to anonymized aggregate data as mining rewards through proof of work |
Scalability and security | Patient and provider |
2018 | Griggs et al [ |
All events between patients and physicians are stored and managed using a customized smart contract in the blockchain All sensor data captured by IoTa devices are stored and managed in the blockchain Smart devices can provide automated alerts using smart contracts to users and health care providers |
Scalability and security | Patient and hospital |
2018 | Uddin et al [ |
Design a lightweight blockchain model and an encryption algorithm for the IoT-based remote patient-monitoring system |
Centralization, verification cost, and scalability | Patient, IoT device, cloud service provider, and hospital |
2018 | Maslove et al [ |
The authors presented a proof-of-concept blockchain-based clinical trial data management solution, enabling patients and researchers to participate in clinical research |
Scalability and security | Patient and researcher |
2019 | Guo et al [ |
The study presents an attribute-based encryption system for authorization and dynamic authentication of medical on-demand services in remote medical systems Data index management using blockchain for data security of public cloud-based telemedicine services |
Centralization and security | Patients, hospital, cloud service provider, and authorities |
2019 | Hylock and Zeng [ |
The authors proposed a proxy re-encryption–based redactable blockchain system for a privacy-preserving and efficient medical data exchange system |
Scalability | Patient, hospital, and researcher |
2019 | Wu and Du [ |
Data-masking techniques were presented to prevent personal information leakage in blockchain-based medical systems IPFSb, a distributed file-sharing protocol, was used to share large-capacity data such as medical images |
Security | Patient and physician |
2020 | Abdellatif et al [ |
The authors proposed a system model and priority-based data-sharing algorithm using blockchain and edge computing for remote health care systems |
Scalability, security, and centralization | Patient and hospital |
aIoT: Internet of Things.
bIPFS: InterPlanetary File System.
Hylock and Zeng [
Wu and Du [
Abdellatif et al [
Existing studies on blockchain-based EMR-sharing systems have used blockchain models designed for cryptocurrencies such as Bitcoin and Ethereum. However, existing blockchain models for cryptocurrency have limitations in providing the security and scalability required in sharing EMRs. The system also failed to meet the requirements of EMR-sharing systems as defined in
In this paper, we propose a patient information exchange (PIE) system. The proposed blockchain-based EMR-sharing system overcomes the limitations of existing blockchain-based EMR-sharing systems and satisfies the privacy and security framework defined by the ONC. Furthermore, our proposed system prevents data loss and privacy breaches in sharing data through the data encryption scheme based on re-encryption, ensuring strong data security. Moreover, data integrity is ensured by preventing the forgery and alteration of EMRs by using the decentralized ledger structure and the unique hash value of the data. Furthermore, allowing patients to set their data-access rights ensures patient ownership of their EMR and establishes a patient-centered medical system. Moreover, the PIE system provides improved performance by solving the low processing performance and scalability issues due to the limited block capacity of the existing blockchain through the distributed data-sharing method using the IPFS. As a result, we contribute business process optimization, cost reduction, patient outcome improvements, and enhanced compliance in the health care field [
Here, we describe the proposed PIE system. In the
We propose a blockchain-based PIE system to improve the security and efficiency of the EMR-sharing process. To prevent forgery of EMRs and protect patient privacy, we use a consortium blockchain model in which only authorized users can participate. The medical consortium that operates and manages the blockchain comprises state-approved and trusted medical institutions. As the proposed blockchain-based PIE system uses a private blockchain model, the consensus algorithm in the block generation process is not addressed. Instead, the chain is constructed by sequentially storing the generated EMR transactions to create a block and connecting them. Hospitals and medical institutions serve as blockchain nodes that issue EMR transactions and store them in block form. Health care workers and patients who create and use EMRs participate in the blockchain network as users by using IDs issued according to user type after a certification process by a CA. Users participating in the blockchain network can register their EMRs on the blockchain and use them at any time. The proposed PIE system is a patient-centered EMR-sharing system where patients directly participate in the EMR upload and EMR-sharing process. The patient directly generates a key to encrypt the EMR and defines the categories of users who can access the EMR. By allowing patients to manage their own EMRs, we build a user-centered system that protects patients’ privacy and gives them ownership of their EMRs.
The proposed PIE system securely protects patient EMRs from security threats such as data forgery and personal information leakage, which can occur during EMR management and sharing. To protect EMRs from the aforementioned security threats, we use public key–based asymmetric encryption and our proposed PRE-based decryption authority delegation mechanism. The proposed decryption authority delegation mechanism prevents private key leakage by decrypting data encrypted with the public key. Moreover, delegating authority to decrypt data solves the problem of data access in an emergency when a patient cannot respond to a request for access to their EMR, as de Oliveira et al [
The performance and scalability of the PIE system are enhanced by using the IPFS, which supports distributed data-sharing technology. The EMR encrypted with the patient’s encryption key is stored on the IPFS network, and the hash value of the EMR is stored on the medical blockchain in the form of metadata. Instead of storing the data as a whole in the blockchain, it is possible to reduce the load on the system by storing only the hash value of the data. Furthermore, if data are shared using the IPFS, large-capacity data such as magnetic resonance imaging, computed tomography, and endoscopy images can also be shared, improving the scalability of the blockchain system.
The proposed blockchain-based patient information exchange system model. EMR: electronic medical record. IPFS: InterPlanetary File System.
The proposed PIE system consists of blockchain nodes (medical consortium), users of the blockchain network (patients and health care workers), and the IPFS. The role of each entity is outlined in the following paragraph:
A medical consortium consisting of hospitals and medical institutions that wish to share EMRs builds and manages a distributed ledger as operator of a permissioned blockchain network in which only authorized users can participate. The medical consortium blockchain stores the information of the EMRs generated by each hospital. The information recorded on the blockchain is a hash value of real medical data stored in the IPFS and simplified medical information that users can comprehend. Data registered on the blockchain cannot be arbitrarily deleted or modified, providing high reliability and medical data integrity. Patients and physicians, who are the users of the blockchain network, share EMR information through the network. Patients can use a decentralized app to share their EMRs in the PIE system. Furthermore, patients set their APs for their EMRs and generate re-encryption keys for re-encryption. Unlike traditional hospital-centered health care systems, the PIE system guarantees the patient’s ownership of their EMR. In a patient-centered health care system, where patients have rights to their own EMRs, they have the freedom to choose who can use their EMR and their data at any time. Furthermore, patients may sell their medical data to research institutions or hospitals, in addition to using the data for therapeutic purposes. Health care workers consist of reliable physicians and health care service providers such as medical researchers and insurance agents. Health care workers use computer systems at hospitals or medical institutions to encrypt EMRs generated during the patient treatment process and upload them to the IPFS. After uploading the EMRs, health care workers submit the EMR information to their hospitals and institutions. Health care workers also serve as consumers of medical data by, for example, sharing EMRs through a blockchain network to treat patients or using the data for clinical research. The IPFS is a distributed file-sharing system that splits data stored on multiple computers worldwide into small pieces and shares only a portion. The distributed data-sharing method used by the IPFS enables rapid sharing of large-capacity data such as magnetic resonance imaging or computed tomography images. In addition, the IPFS prevents duplicate creation and storage of medical data by managing data with hash values based on data content.
In this study, we consider the traditional cryptographic system, not the postquantum cryptographic system. Therefore, we use the discrete logarithm problem, which is one of the difficult problems of 1-way functions. The discrete logarithm problem is one where given
Attack scenarios and threats considered by the proposed system.
Types and attack scenario | Threats | |
|
||
|
Eavesdropping | Private data leakage (eg, electronic medical record and personal information) |
|
Denial of service | Service unavailable |
|
||
|
Abnormal access | Private data leakage |
|
Data forgery | Unexpected output |
The proposed blockchain-based medical system uses transactions designed to effectively share the desired medical data while preventing leakage of personal information and data when uploading the medical data to the blockchain. A unique identifier or ID is used in the blockchain network by the physician who created the EMR and the patient who is the owner of the generated data. The CA issues a user ID according to the type of user participating in the blockchain network. A user ID is a randomly generated value consisting of numbers and letters; it is possible to identify users but not know who the owner is. Information about users who can map users to user IDs is securely managed by a CA such as the trusted government authority that issued the ID. As the user IDs are correlated, users are protected from the threat of personal information leakage [
Transaction structure for electronic medical record (EMR) sharing.
Field | Definition |
User ID | IDs of the patient and physician |
Timestamp | Time the transaction was created |
EMR information | Summary of information in the EMR |
Metadata | Hash value of encrypted EMR |
Contract code | Patient’s defined access permission policy |
Signature | Signing with the user’s private key |
Patient EMRs may include data relating to clinical trials and insurance as well as sensor data generated by health care devices, in addition to medical information generated during the process of receiving treatment in hospitals. Depending on the EMR data type, the required security levels will differ. For example, if information such as name, residence, and social security number, which can identify an individual, is leaked to outside parties, it can lead to serious personal information leakage; consequently, a high security level is required. Conversely, information that is not personally identifiable, such as gender, age, eating habits, and exercise status, does not require a high security level because it is not a serious problem even if this information is disclosed to outside parties. Therefore, it is necessary to provide differentiated security levels and separate management, with respect to the sensitivity of the personal information, according to the EMR data type.
The minimum security level required for each data type is established by categorizing privacy sensitivity according to data type and evaluating accessibility and data potential per user. The security levels assigned according to the sensitivity of private information fall into three classes: private, moderate, and low.
Security levels required depending on the type of information contained in the electronic medical record.
Division and class | Security level | |
|
||
|
Medical information | Private |
|
Admission record | Private |
|
Prescription | Private |
|
Medical imaging (x-ray, magnetic resonance imaging, and computed tomography) | Private |
|
||
|
Medical device | Low |
|
Medicine | Low |
|
Clinical observation | Low |
|
Omics (genomics) | Low |
|
||
|
Sensor data (weight, heart rate, and sleep pattern) | Moderate |
This section presents the EMR-sharing process that protects the patient’s EMR from various attacks and safely shares it. Moreover, it describes the work performed in each process. A more detailed description of each process-specific algorithm is provided in
Notations used for electronic medical record (EMR) encryption and re-encryption in the proposed system.
Notation | Description |
ID | User ID (patient or physician) |
SK | Private key of the user |
PK | Public key of the user |
DEK | Dedicated encryption key to encrypt EMR |
RK | Re-encryption key |
Ci | Encrypted EMR |
Pi | Patienti |
Di | Doctori |
AP | Access policy |
hashi | Hash value of the encrypted EMR |
Patients and physicians want to participate in the blockchain network to manage EMRs and securely share them with other users. Users participate in the blockchain network through the user registration process, which consists of an identity registration phase to register the user’s identity and an authentication phase to obtain security parameters to generate an encryption key.
Initial phase: the user registration process to participate in the blockchain network.
When a medical record is generated for treatment, the patient creates a dedicated encryption key to encrypt their EMR and a re-encryption key
Phase 1: electronic medical record (EMR) upload flowchart of the proposed blockchain-based patient information exchange system. AP: access policy; DEK: dedicated encryption key; IPFS: InterPlanetary File System.
Input: Secret keyPatient, public keyDoctor, dedicated encryption key, user IDPatient, hash(CPatient), and access policy
Output: Re-encryption key, access policy, summary information from electronic medical record, hash value returned by the InterPlanetary File System, and transaction
The patient selects a random security parameter value
The patient uses their secret key
The patient generates an access policy that defines which users can access their electronic medical record.
The patient transmits the dedicated encryption key,
The physician who receives the dedicated encryption key, RKP→Di, access policy, and
The physician uploads the encrypted patient electronic medical record
The physician submits the patient’s ID, summary information from
The hospital uses the received information to create a transaction and uploads it to the blockchain network.
Users who want to share and use a particular EMR can search for it on the blockchain through a smart contract and request a re-encryption key. As the medical field is closely related to human life, the target and purpose regarding the EMR data must be legitimate. However, it would be difficult to find the desired EMR among countless data because it is hidden to protect the patient’s privacy. Therefore, in the proposed PIE system, smart contracts are applied so that patients and health care workers who are users of the blockchain network can perform a quick and accurate search for the data they want. Moreover, the efficiency of the EMR-sharing process has been improved by automating the process of requesting decryption rights after searching for an EMR. The requester uses summary information from the EMR and the user ID (the ID of the hospital that uploaded the data or the patient’s ID) to quickly search for a transaction containing the information of the desired EMR. Then, the requester downloads the encrypted EMR from the IPFS using the acquired transaction information. As the downloaded EMR is encrypted with a dedicated encryption key, it must be decrypted using the patient’s private key or re-encrypted using the re-encryption key before using it. However, because sharing the patient’s private key is very dangerous, the requester must send a message to the patient requesting a re-encryption key for re-encryption. The message requesting the re-encryption key goes through the user verification process of the access check contract. Initially, the user verification process checks whether the requester’s security level satisfies the patient’s EMR AP. When it is confirmed that the user has met the required security level, a message requesting a re-encryption key is sent to the patient, the owner of the EMR. Upon receiving the message requesting the re-encryption key, the patient sends
Input: Summary information from the electronic medical record, user ID, and user’s security level
Output: Re-encrypted electronic medical record
The physician executes a smart contract for electronic medical record retrieval to find a transaction containing the information of the desired electronic medical record.
The smart contract uses the user ID or the electronic medical record’s summarized information to find a transaction containing the desired information and returns it.
The physician who receives the transaction information downloads the encrypted electronic medical record
The physician executes the re-encryption key request smart contract to request the key
The smart contract for requesting the re-encryption key performs a user authentication step to verify that the security level submitted by the user who requested the message transmission satisfies the access policy set by the patient.
If the security level of the user requesting the re-encryption key satisfies the access policy, the smart contract sends a message requesting the re-encryption key to the patient (if the user’s security level does not meet the criteria, the request is denied).
The patient who receives the message requesting the re-encryption key generates
The physician receiving
The physician uses their private key to decrypt
Phase 2: electronic medical record (EMR)–sharing process flowchart of the patient information exchange system. (A) EMR-sharing process in the general case where the patient controls the re-encryption key, (B) EMR-sharing process in emergencies where the patient has no control over the re-encryption key IPFS: InterPlanetary File System; PK: public key.
A simulation was designed to verify that the proposed blockchain-based medical system sufficiently reflects the medical field’s requirements and enables safe data sharing. We simulated the process of sharing encrypted EMRs over a blockchain network. In the EMR-sharing process of uploading and downloading EMRs over the network, we checked the effect of the time taken to process the data and the size of the data shared on the system’s performance. Moreover, the performance of the proposed smart contract–based re-encryption key–sharing method was verified by measuring the execution time of the smart contract. This paper does not cover improvements to the consensus process performed on the blockchain network; therefore, the improvements were not evaluated.
The test environment was designed based on the data-sharing process defined in the
The simulation was performed on 1 PC to directly compare the host’s and guest’s processing times. Blockchain implementation was performed using Hyperledger 2.3.1 [
Simulation parameters.
Parameters | Values |
Data size | 0.4 kB, 1 MB, 10 MB, 100 MB, and 1 GB |
Data type | CSV (text) and DICOMa (images and videos) |
Number of orderer nodes | 4 |
Number of organizations | 3 |
Number of peer nodes | 6 |
Number of channels | 1 |
Data rate | 100 Mbps |
Block size | 1 MB |
Block timeout | 2 seconds |
Database | Apache CouchDB |
aDICOM: Digital Imaging and Communications in Medicine.
To evaluate the performance of the proposed PIE system, we measured the time required for the EMR-sharing process and the execution time of the smart contract for re-encryption key sharing. The EMR-sharing process was divided into upload and download processes, and the time taken to perform each process was measured. The execution time of the EMR upload process was defined as the time taken to upload the EMR to the IPFS and post the returned EMR hash value to the blockchain. The execution time of the EMR download process was a measure of how long it took users to download the EMR over the IPFS. Considering the characteristics of an EMR that supports various types of data, the simulation was performed using various data, ranging from text format (0.4 kB) to medical images (1 GB). The simulation measured only the time required in the communication process for exchanging data among users and did not consider the impact on the process of the data encryption and decryption operations. To objectively evaluate the performance of the proposed system, we performed a comparative analysis with existing blockchain-based medical information exchange systems. Simulations were performed for three types of systems (an on-chain–based system designed for cryptocurrency, an Ethereum-based system using the IPFS, and a PIE system); the results of the simulations for the EMR upload process are shown in
Through the EMR upload simulation it was confirmed that the larger the data to be uploaded, the longer it takes; the larger the amount of data to be uploaded, the higher the required data rate. As a result, the processing time increased dramatically for data that exceeded the acceptable data rate (100 Mbps) in the simulation environment. In an on-chain–based system that stores data in the original form in blocks, the size of data that can be uploaded is limited to 1 MB, which is the maximum size of the block; therefore, there is no simulation result for data beyond that size. Most of the time taken to upload an EMR was when a query request needed to be made to the blockchain network, which took an average of 2.1 (SD 0.0343) seconds. The actual time taken to upload an EMR to the IPFS increased depending on the size of the data, but it was very short. A graph of the time it takes to upload EMR to IPFS can be found in
The simulation results for downloading the EMR posted on the blockchain are presented in
We performed a simulation of the smart contract–based re-encryption key–sharing process. The re-encryption key–sharing process verifies the user requesting the re-encryption key to use the patient’s EMR and passes the re-encryption key to the user. The user who receives the re-encryption key performs the re-encryption process and finally decrypts the encrypted EMR using their private key to use the patient’s EMR. A graph of the smart contract simulation results for re-encryption key sharing is in
In this section, we will check how the proposed PIE system effectively responds to security threats and analyze whether it is possible to share secure medical data using the proposed PIE system.
When medical data are shared using a network, an external attacker can obtain the medical data through a sniffing or eavesdropping attack. If medical data are leaked, the patient’s privacy in the EMR is also exposed. In the proposed PIE system, medical data are encrypted using the dedicated encryption key for the safe sharing of medical data. As encrypted medical data can only be decrypted by the patient or by a user approved by the patient, the information in the data is not exposed even if the data are stolen. By granting data decryption authority using the PRE technique, the user approved by the patient can decrypt the data using their private key during the data decryption step. The proposed EMR-sharing method prevents the leakage of private information during the EMR-sharing process and ensures safety by eliminating the private key–exchange process for data decryption. If an internal attacker attempts unauthorized access to the patient’s information, in our proposed system,
The internal attacker can perform forgery attacks by accessing the medical data that medical institutions manage independently. If the original data stored at a medical institution are damaged, it is difficult to recover the data; moreover, it is also significantly challenging to determine whether the data have been forged or altered. These attacks can be effectively prevented by storing and managing EMR-related information such as the hash value of medical data, publicly available medical information, and hospital ID in the blockchain. As the EMR information recorded on the blockchain contains the information at the time of creation, it is easy to check whether the data are damaged. If the data are damaged, they can be quickly restored using the distributed data-sharing method. For an attacker to forge the data stored in the blockchain, they must possess the mighty hash computation power of more than 50% of the entire network and create new blocks faster than other honest nodes propagate them to the network. As meeting the necessary conditions to forge blockchain data is challenging, attackers cannot delete or modify data. Therefore, using a blockchain-based medical system ensures medical data integrity and reliability, thereby enabling safe medical data management and sharing.
The external attacker can perform denial-of-service attacks on the PIE system. As a result, the system’s operation becomes abnormal and it produces unexpected outputs. The system we propose is directly or indirectly related to patients’ lives; therefore, high availability is important. Hence, we use distributed systems such as a medical consortium blockchain and the IPFS. If the attacker breaks down the sharing system, patients cannot share their medical data and physicians or health care providers cannot obtain the required information. However, in the proposed sharing scheme based on blockchain, if the attacker makes a few of the blockchain nodes unavailable, the other nodes can provide the needed services.
The study’s principal findings concern implementing integrated management of fragmented EMRs, preventing leakage of personal information of patients during the EMR-sharing process, and establishing a patient-centered medical data system by granting decryption authority, as outlined in the following list:
We designed a blockchain-based PIE medical system that effectively manages and shares medical data. EMRs generated by different medical institutions are managed through a blockchain network to prevent the fragmentation of medical data. Moreover, through the PIE system, duplicate EMRs can be avoided, reducing the cost and wastage of storage space.
The PIE system encrypts the patient’s medical data and uploads and shares the encrypted EMR and data identification parameters to the network with minimal medical information. Thus, the proposed method fundamentally overcomes the problem of possible leakage of personal data when the data are posted on the blockchain for sharing with other network members. Therefore, privacy preservation required in a system handling sensitive EMR information is guaranteed, making safe EMR management and sharing possible.
Our system reinforces the patient’s role in the medical system by allowing them to grant decryption rights to their data to other users using re-encryption techniques. If other users (eg, physicians or researchers) wish to use a patient’s EMR data, they must obtain a re-encryption key and re-encrypt the EMR data. Building a patient-centered medical data system differs from the existing hospital-centered medical data system in that the patient’s role is reinforced in our system.
Blockchain-based medical systems receive considerable attention as next-generation medical systems that will replace existing medical data management systems, and numerous researchers are conducting various studies. However, blockchain-based medical systems’ technological maturity remains at the prototype level. Moreover, as the medical data formats used by different countries or institutions vary considerably, it is challenging to share the medical data. Consequently, research into standardized medical data formats such as the Health Level 7 Fast Healthcare Interoperability Resources [
This paper presented the PIE system based on a consortium blockchain that allows patients to manage their medical data. The PIE system can securely manage and share EMRs by overcoming the existing blockchain-based medical system’s problems. The PIE system uses a distributed data-sharing method and lightweight transaction structure to solve scalability and privacy issues, a chronic problem of blockchain-based medical systems. By rapidly sharing large-capacity data such as medical images using a distributed data-sharing method, the issues of low processing speed and block sizes of existing blockchains are addressed. Lightweight transactions can store more information in blocks because they contain only minimal information, such as the encrypted EMR metadata and EMR summary information. The vast amount of medical data generated daily is effectively processed and managed using a lightweight transaction structure. The re-encryption–based data encryption method is used to resolve the problem of leakage of data and personal information when sharing EMRs. Even if the EMR encrypted with the dedicated encryption key is leaked during the sharing process, it cannot be decrypted; therefore, it is safe from the threat of leakage. Honest users wishing to use the patient’s data can re-encrypt the EMR by obtaining a re-encryption key from the patient. The EMR-sharing process was performed using smart contracts. Security level–based access control was performed using smart contracts to prevent unauthorized users from using medical data, and re-encryption keys were delivered only to authorized users. As a result, the proposed blockchain-based medical system provides improved security and scalability, enabling efficient and safe medical data sharing.
Proxy Re-encryption based EMR Encryption & Decryption.
Average data upload time by electronic medical record size.
Average data upload time to the InterPlanetary File System by electronic medical record.
Average data download time by electronic medical record size.
Smart contract execution time for re-encryption key sharing.
access policy
certificate authority
electronic medical record
InterPlanetary File System
Office of the National Coordinator for Health Information Technology
patient information exchange
proxy re-encryption
trusted third party
This research was supported by the MSIP (Ministry of Science, Information and Communication Technology, and Future Planning), Korea, under the National Program for Excellence in Software (2018-0-00192) supervised by the IITP (Institute for Information & communications Technology Planing & Evaluation), and Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (No. NRF-2018R1D1A1B07049043)
None declared.