Fully Decentralized Multi-Party Consent Management for Secure Sharing of Patient Health Records

Mohammad Moussa Madine; Khaled Salah; Raja Jayaraman; Ibrar Yaqoob; Yousof Al-Hammadi; Samer Ellahham; Prasad Calyam

doi:10.1109/ACCESS.2020.3045048

IEEE Access (Jan 2020)

Fully Decentralized Multi-Party Consent Management for Secure Sharing of Patient Health Records

Mohammad Moussa Madine,
Khaled Salah,
Raja Jayaraman,
Ibrar Yaqoob,
Yousof Al-Hammadi,
Samer Ellahham,
Prasad Calyam

Affiliations

Mohammad Moussa Madine: ORCiD; Department of Electrical Engineering and Computer Science, Khalifa University of Science and Technology, Abu Dhabi, United Arab Emirates
Khaled Salah: ORCiD; Department of Electrical Engineering and Computer Science, Khalifa University of Science and Technology, Abu Dhabi, United Arab Emirates
Raja Jayaraman: ORCiD; Department of Industrial and Systems Engineering, Khalifa University of Science and Technology, Abu Dhabi, United Arab Emirates
Ibrar Yaqoob: ORCiD; Department of Electrical Engineering and Computer Science, Khalifa University of Science and Technology, Abu Dhabi, United Arab Emirates
Yousof Al-Hammadi: ORCiD; Department of Electrical Engineering and Computer Science, Khalifa University of Science and Technology, Abu Dhabi, United Arab Emirates
Samer Ellahham: ORCiD; Heart and Vascular Institute, Cleveland Clinic Abu Dhabi, Abu Dhabi, United Arab Emirates
Prasad Calyam: ORCiD; Department of Electrical Engineering and Computer Science, University of Missouri, Columbia, MO, USA

DOI: https://doi.org/10.1109/ACCESS.2020.3045048
Journal volume & issue: Vol. 8
pp. 225777 – 225791

Abstract

Read online

Patients are becoming aware of the importance of taking secure control and managing access over their medical data, thereby leading to the rise in the adoption of personal health record (PHR) systems. However, today's PHR systems fall short in providing secure and trustable data sharing and access facilities to patients when they are in emergency situations or temporarily incapacitated. Also, the existing PHR systems are centralized and vulnerable to the single point of failure problem. Integrating PHR systems with blockchain technology can help to overcome such limitations. In this paper, we propose a blockchain-based PHR architecture that employs smart contracts to implement multi-party authorization (MPA) and threshold cryptographic schemes to automate secure and trustable medical data sharing and access in PHR systems. Moreover, we mitigate the limited storage and computation capabilities of blockchain by using InterPlanetary File System (IPFS) storage and reputation-governed trusted oracles into the proposed architecture. MPA and threshold cryptographic schemes allow the patient to split and share a secret key with a set of trusted parties, such as the healthcare regulatory agency, guardians, and hospitals, in such a way that they can collectively decide on sharing medical data on behalf of patients. We present algorithms along with their full smart contract function implementation details. We evaluate the robustness and performance of our solution by performing correctness verification and cost analysis. Furthermore, we evaluate the proposed approach in terms of security, generalization, and limitation aspects to find out its feasibility and practicality. We make our smart contract code publicly available on GitHub.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords