Secure Audit in Support of an Adrenal Cancer Registry

This paper describes the use of blockchain technology to ensure the integrity of data logs for a clinical registry, providing a technological means for a secure audit of that registry. The characteristics of a secure audit - tamper-resistance, verifiability, searchability and privacy - are described in their application to this registry, then an evaluation is performed detailing the use of blockchain to achieve these audit goals. The clinical registry tested - supporting ENSAT (the European Network for the Study of Adrenal Tumors) - is a production repository of clinical, phenotypic and genetic information about patients with adrenal cancer, a rare but often serious condition that affects approximately 1 in 600,000 of the world population. The registry is implemented using a standard n-tier web application, with a MySQL database back-end, and Java/JSP business logic and user interface. The information contributing to the full audit of data and usage of the registry, is captured in the application log-files, which are stored in two "mirrored" formats: ASCII text files compiled through the Java log4j project and in a MongoDB NoSQL database. Following a discussion of the relevant supporting features, the fully implemented solution - a private blockchain known as "ensatChain" - is evaluated for overall security, using the Microsoft "STRIDE" threat model.