This chapter presents a blockchain-based solution to ensure secure and convenient sharing of personal health data. With the advent of mobile and wearable technology and rising concerns about potential privacy issues and vulnerabilities in current personal health data storage and sharing systems, there is a desire for a trusted information sharing framework to ensure security and privacy of personal health data. We present a permissioned blockchain and Intel Software Guard Extensions (SGX) empowered user-centric health data sharing solution. The blockchain-based design involves anchoring the operations on records on the blockchain network, preserves the integrity of the health data and provides proof of integrity and validation permanently retrievable from cloud database. The privacy is ensured through leveraging Intel SGX’s capabilities. We present in detail how the integrated blockchain and SGX platform can ensure integrity and privacy of health data. We demonstrate how through a Web application for personal health data management (PHDM) systems, the individuals are capable of synchronizing sensor data from wearable devices with online account and controlling data access from any third parties. The protected personal health data and data access records are hashed and anchored to a permanent but secure ledger with platform dependency, ensuring data integrity and accountability. We provide results that indicate our approach provides user privacy and accountability with acceptable overhead. We discuss scalability issues and present a tree-based data processing and batching method can handle large datasets.
- Healthcare security
- Health data privacy
- Permissioned blockchain
- Software guard extension
- User-centric health data sharing
- Medical devices
This is a preview of subscription content, access via your institution.
Abdullah, N., Hakansson, A., & Moradian, E. (2017). Blockchain Based Approach to Enhance Big Data Authentication in Distributed Environment. In Ubiquitous and Future Networks (ICUFN), 2017 Ninth International Conference on (pp. 887–892). IEEE.
Anati, I., Gueron, S., Johnson, S., & Scarlata, V. (2013). Innovative Technology for CPU Based Attestation and Sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (Vol. 13).
Angela, S. (2018). FDA Issues Safety Communication on Availability of Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott’s (Formerly St. Jude Medical’s) Implantable Cardiac Pacemakers. https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm573853.htm
Aumasson, L. (2016). Sgx Secure Enclaves in Practice: Security and Crypto Review – Kudelski Security. Black Hat USA.
Bahack, L. (2013). Theoretical Bitcoin Attacks with Less Than Half of the Computational Power (Draft). arXiv preprint arXiv:1312.7013.
Bastiaan, M. (2015). Preventing the 51%-Attack: A Stochastic Analysis of Two Phase Proof of Work in Bitcoin. Available at http://fmttools.ewi.utwente.nl/files/sprojects/268.pdf
Brickell, E., & Li, J. (2011). Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation. International Journal of Information Privacy, Security and Integrity 2, 1(1), 3–33.
Callegati, F., Cerroni, W., & Ramilli, M. (2009). Man-in-the-Middle Attack to the https Protocol. IEEE Security Privacy, 7(1), 78–81.
Chen, L., & Li, J. (2013). Flexible and Scalable Digital Signatures in tpm 2.0. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 37–48). CCS’ 13. New York: ACM.
Clippinger, J. H. (2017). Why Self-Sovereignty Matters. https://idcubed.org/
Courtois, N. T., & Bahack, L. (2014). On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency. arXiv preprint arXiv:1402.1718.
Dua, G., Gautam, N., Sharma, D., & Arora, A. (2013). Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password. CoRR abs/1304.3550.
Ekblaw A, Azaria A, Halamka JD. Lippman A. A Case Study for Blockchain in Healthcare: “MedRec” prototype for electronic health records and medical research data. White Paper. 2016. http://dci.mit.edu/assets/papers/eckblaw.pdf
Hardjono, T., & Pentland, A. S. (2016). Verifiable Anonymous Identities and Access Control in Permissioned Blockchains. http://www.venturecanvas.com/wp-content/uploads/2016/04/506b6-chainanchor-identities-04172016.pdf
Harris, P. (2016). Connected Patient Report. Salesforce Research.
Intel. (2013). Intel Software Guard Extensions Programming Reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf
Kim, M., Song, S., & Jun, M.-S. (2016). A Study of Block Chain-Based Peer-to-Peer Energy Loan Service in Smart Grid Environments. Advanced Science Letters, 22(9), 2543–2546.
Kish, L. J., & Topol, E. J. (2015). Unpatients-Why Patients Should Own Their Medical Data. Nature Biotechnology, 33(9), 921–924.
Lee, B., & Lee, J.-H. (2017). Blockchain-Based Secure Firmware Update for Embedded Devices in an Internet of Things Environment. The Journal of Supercomputing, 73(3), 1152–1167.
Liang, X., Zhao, J., Shetty, S., & Li, D. (2017a). Towards Data Assurance and Resilience in IoT Using Blockchain. In IEEE Military Communications Conference (MILCOM). Baltimore, pp. 261–266.
Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., & Njilla, L. (2017b). Provchain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability. In International Symposium on Cluster, Cloud and Grid Computing. IEEE/ACM Baltimore, MD.
Liang, X., Zhao, J., Shetty, S., Liu, J., & Li, D. (2017c). Integrating Blockchain for Data Sharing and Collaboration in Mobile Healthcare Applications. In 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC) (pp. 1–5), Montreal, QC.
Matt, M. (2015). Tip of the Iceberg: FDA’s Alert to Unplug Hospira’s Drug Infusion Pumps from Clinical Networks. https://researchcenter.paloaltonetworks.com/2015/08/tip-of-the-iceberg-fdas-alert-to-unplug-hospiras-drug-infusion-pumps-from-clinical-networks/
McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C. V., Shafi, H., Shanbhogue, V., & Savagaonkar, U. R. (2013). Innovative Instructions and Software Model for Isolated Execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP ‘13). New York: ACM.
Merkle, R. C. (1980). Protocols for Public Key Cryptosystems. In Security and Privacy, 1980 IEEE Symposium on (pp. 122–122). IEEE.
National Institute for Standards and Technology (NIST) and Office of the National Coordinator for Health IT. (2016). Use of Blockchain in Healthcare and Research Workshop. https://oncprojectracking.healthit.gov/wiki/display/TechLabI/Use+of+Blockchain+in+Healthcare+and+Research+Workshop
Paquin, C. (2013). U-prove Technology Overview v1.1 (Revision 2). https://www.microsoft.com/en-us/research/publication/u-prove-technology-overview-v1-1-revision-2/
Paquin, C., & Zaverucha, G. (2011). U-prove Cryptographic Specification v1. 1. Technical Report, Microsoft Corporation.
Peterson, K., Deeduvanu, R., Kanjamala, P., & Boles, K. (2016). A Blockchain-Based Approach to Health Information Exchange Networks. https://www.healthit.gov/sites/default/files/12-55-blockchain-based-approach-final.pdf
Rosenfeld, M. (2011). Analysis of Bitcoin Pooled Mining Reward Systems. arXiv preprint arXiv:1112.4980.
Sarangdhar, N., Nemiroff, D., Smith, N., Brickell, E., & Li, J. (2016). Trusted Platform Module Certification and Attestation Utilizing an Anonymous Key System. https://www.google.com/patents/US20160142212. uS Patent App. 14/542,491.
Thierer, A. D. (2014). The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns Without Derailing Innovation. Richmond Journal of Law & Technology, 21, 1.
Tierion. (2016). Tierion Api. https://tierion.com/app/api
Wayne, V., Jason, B., & Shawn, W. (2016). Chainpoint: A Scalable Protocol for Anchoring Data in the Blockchain and Generating Blockchain Receipts. http://www.chainpoint.org/
Yue, X., Wang, H., Jin, D., Li, M., & Jiang, W. (2016). Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control. Journal of Medical Systems, 40(10), 218. https://doi.org/10.1007/s10916-016-0574-6.
Zhang, J., Xue, N., & Huang, X. (2016). A Secure System for Pervasive Social Network-Based Healthcare. IEEE Access, 4, 9239–9250.
Editors and Affiliations
Rights and permissions
© 2019 The Author(s)
About this chapter
Cite this chapter
Shetty, S., Liang, X., Bowden, D., Zhao, J., Zhang, L. (2019). Blockchain-Based Decentralized Accountability and Self-Sovereignty in Healthcare Systems. In: Treiblmaier, H., Beck, R. (eds) Business Transformation through Blockchain. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-99058-3_5
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-319-99057-6
Online ISBN: 978-3-319-99058-3
eBook Packages: Business and ManagementBusiness and Management (R0)