Secure and Trustable EMR Sharing using Blockchain:

Open Challenges and Lessons Learned

Alevtina Dubovitskaya, Rohit Shukla, Zhigang Xu, Samuel Ryu, Michael Schumacher, Fusheng Wang

2

Medical data are distributed

https://thedatamap.org/map2013/index.php3

Medical data…

http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/

• Sensitive• Distributed

4

Medical data…

http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/

• Sensitive• Distributed• Heterogeneous & Dynamic

5

Medical data…

http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/

• Sensitive• Distributed• Heterogeneous & Dynamic• Have to be maintained life-long• Can be required urgently

6

Medical data…

http://www.eu-patient.eu/Members/Weekly-Mailing/eTriks-research-data/

• Sensitive• Distributed• Heterogeneous & Dynamic• Have to be maintained life-long• Can be required urgently• Need to be exchanged often

(consent is required)

7

Medical data are being digitalized

https://dpconline.org/handbook/organisational-activities/creating-digital-materialshttp://www.scbhrserv.com/medical-record-review.html 8

…but the consents are still paper based!

https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b

…but the consents are still paper based!

https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b

• treatment delays,• wasted resources,• increased costs,• lost control over the data.

?

Web app prototypefor patients and doctors

11

Patient: My data

12

Patient: My data

13

Patient: Add permissions

14

Patient: Add permissions

(1)

15

Patient: Add permissions

(2)

16

Patient: My permissions

17

Patient: My permissions

18

Doctor: Show available data

19

Doctor: Show available data

20

Doctor: Download data

21

Doctor: Download data

22

https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b

01010011…

23

Who is going to store and manage all these consents/permissions/data?

https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b

01010011…

24

Who is going to store and manage all these consents/permissions/data?

https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b

01010011…

25

Who is going to store and manage all these consents/permissions/data?

https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b

01010011…

26

Who is going to store and manage all these consents/permissions/data?

https://medium.com/wehearthealthliteracy/wanted-plain-language-consent-forms-26557ff9fe1b

01010011…

Single point of trust (and failure)

27

28

Blockchain, What is it?

29

Blockchain, what is it?

30

Blockchain, what is it?

31

How to update the ledger?

32

State…

How to update the ledger?

33

State…

How to update the ledger?

34

LogicState…

How to update the ledger?

35

LogicState…

State

How to update the ledger?

36

Logic…

How to update the ledger?

• Logic/Smart contract – a program that defines functionality of the blockchain applications

37

Chaincode (CC):

LogicState…

Who can update the ledger?

• Permissionless: everyone maintaines the ledger and can compete to become the « leader » and add the new block (PoW, PoS, …)

• Permissioned: only predefined set of users maintaines the ledger and participates in the leader election can create and add a new block to the ledger

• Hybrid: predefined set of users is changing

38

Who can update the ledger?Who can access the ledger?

• Permissionless: everyone maintaines the ledger and can compete to become the « leader » and add the new block (PoW, PoS, …)

• Permissioned: only predefined set of users maintaines the ledger and participates in the leader election can create and add a new block to the ledger

– Public: everyone can access the data stored on the ledger– Private: only predefined set of users can access the data stored on the ledger

• Hybrid: predefined set of users is changing

39

Who can update the ledger?Who can access the ledger?

• Permissionless: everyone maintaines the ledger and can compete to become the « leader » and add the new block (PoW, PoS, …)

• Permissioned: only predefined set of users maintaines the ledger and participates in the leader election can create and add a new block to the ledger

– Public: everyone can access the data stored on the ledger– Private: only predefined set of users can access the data stored on the ledger

• Hybrid: predefined set of users is changing

40

Which one to choose?

Permissionless blockchain

Logic

41

Permissionless blockchain

Logic

42

Permissionless blockchain

Leader

Logic

43

Permissionless blockchain

Logic

Leader

Validator Validator

ValidatorValidator

44

Permissionless blockchain

• Anonymous (till certain level)• Every node can compete to become a leader• PoW (solving crypto-puzzle) is energy consuming• Transaction fees• Privacy?

Logic

45

Permissioned blockchain

Membership service

Leader

Validator Validator

Validator

Logic Logic

Logic

Logic

46

Permissioned (public) blockchain

• Scalable?• Who hosts membership service?• Privacy?

Membership service

Leader

Validator Validator

Validator

Logic Logic

Logic

Logic

47

Permissioned (private) blockchain

• Scalable?• Who hosts membership service?• Privacy?

Membership service

…

Leader

Validator Validator

Validator

Logic Logic

Logic

Logic

48

…

Leader

Validator Validator

Validator

Hybrid blockchain (validators are changing after certain number of blocks)

Logic Logic

Logic

Logic

49

Hybrid blockchain (validators are changing after certain number of blocks)

…

Leader

Validator

Validator • PoW / random choice of validators? • Transaction fees• Privacy?

Validator ValidatorLogic Logic

Logic

Logic

Logic

50

Our choice : permissioned private blockchain with chaincode functionality

Validator

Logic

Membership service

…

LogicLogic

Logic

51

Healthcare Data(provided by)

Clinical Data Patient Data

Healthcare Data Management

52

Healthcare Data(provided by)

Clinical Data Patient Data

System Metadata

• Metadata• Permissions

…of…

…for…

Healthcare Data Management

53

Healthcare Data(provided by)

Clinical Data Patient Data

System Metadata

• Metadata• Permissions

…of…

…for…

Healthcare Data Management

Logic

54

Healthcare Data(provided by)

Clinical Data Patient Data

System Metadata

• Metadata• Permissions

…of…

…for…

Healthcare Data Management

Logic

• Limited storage capabilities • Efficiency?

55

Healthcare Data(provided by)

Clinical Data Patient Data

System Metadata

• Metadata• Permissions

…of…

…for…

Healthcare Data Management

Logic

• Limited storage capabilities • Efficiency?

56

Healthcare Data(provided by)

Clinical Data Patient Data

System Metadata

• Metadata• Permissions

…of…

…for…

Healthcare Data Management

Logic

HIPAA Compliant Cloud Storage (CS)

57

Validating Node (VN1)

Validating Node (VN3)

Validating Node (VNN)Chaincode

Chaincode

ChaincodeLogic State

EMR BlockchainNetwork

HIPAA Compliant Cloud Storage (CS)

…

System Overview

Validating Node (VN2)

58

Validating Node (VN1)

Validating Node (VN3)

Validating Node (VNN)Chaincode

Chaincode

ChaincodeLogic State

Membership Service (MS)Reg. A ECA TCA TLS-CA

Validating Node (VN2)EMR Blockchain

Network

HIPAA Compliant Cloud Storage (CS)

The National

Practitioner Data Bank

…

System Overview

59

Validating Node (VN1)

Validating Node (VN3)

Validating Node (VNN)Chaincode

Chaincode

ChaincodeLogic State

Membership Service (MS)Reg. A ECA TCA TLS-CA

Solution User (SU)Patient P

Caregiver C

Validating Node (VN2)EMR Blockchain

Network

HIPAA Compliant Cloud Storage (CS)

The National

Practitioner Data Bank

…

System Overview

60

Validating Node (VN1)

Validating Node (VN3)

Validating Node (VNN)Chaincode

Chaincode

ChaincodeLogic State

UI Provider (UIP)mobile/web app

Non-Validating Node

Membership Service (MS)Reg. A ECA TCA TLS-CA

Solution User (SU)Patient P

Caregiver C

Validating Node (VN2)EMR Blockchain

Network

HIPAA Compliant Cloud Storage (CS)

The National

Practitioner Data Bank

…

System Overview

61

Validating Node (VN1)

Validating Node (VN3)

Validating Node (VNN)Chaincode

Chaincode

ChaincodeLogic State

UI Provider (UIP)mobile/web app

Non-Validating Node

Membership Service (MS)Reg. A ECA TCA TLS-CA

Solution User (SU)Patient P

Caregiver C

Validating Node (VN2)EMR Blockchain

Network

HIPAA Compliant Cloud Storage (CS)

The National

Practitioner Data Bank

…

System Overview

62

63

Open challenges• No legal base on blockchain• Conflict with GDPR “right to be forgotten”

• Emergency access• Risks of the new technology (adoption?)

• Correctness of the chaincode? (*)• Who controls Membership service? (*)• Key management (*)• Usability? (*)

64

legal

medical/social

technical

Open challenges• No legal base on blockchain• Conflict with GDPR “right to be forgotten”

• Emergency access• Risks of the new technology (adoption?)

• Correctness of the chaincode? (*)• Who controls Membership service? (*)• Key management (*)• Usability? (*)

65

legal

medical/social

technical

Open challenges• No legal base on blockchain• Conflict with GDPR “right to be forgotten”

• Emergency access• Risks of the new technology (adoption?)

• Correctness of the logic of the chaincode? (*)• Who controls Membership service? (*)• Key management (*)• Usability? (*)

66

legal

medical/social

technical

Contact and more information: alevtina.dubovitskaya@epfl.ch67