Blockchain Support for Flexible Queries with Granular Access Control to Electronic Medical Records (EMR)

In this paper, we propose an architecture for Blockchain-based Electronic Medical Records (EMRs) called GAA-FQ (Granular Access Authorisation supporting Flexible Queries) that comprises an access model and an access authorisation scheme. Unlike existing Blockchain schemes, our access model can authorise different levels of granularity of authorisation, whilst maintaining compatibility with the underlying Blockchain data structure. Furthermore, the authorisation, encryption, and decryption algorithms proposed in the GAA-FQ scheme dispense with the need to use a public key infrastructure (PKI) and hence improve the computation performance needed to support more granular and distributed, yet authorised, EMR data queries. We validated the computation performance and transmission efficiency for GAA-FQ using a simulation of GAA-FQ against an access control scheme for EMRs called ESPAC as our baseline that was not designed using a Blockchain. To the best of our knowledge, GAA- FQ is the first Blockchain-oriented access authorisation scheme with granular access control, supporting flexible data queries, that has been proposed for secure EMR information management.

[1]  S. C. Mukhopadhyay,et al.  Wireless Sensor Network Based Home Monitoring System for Wellness Determination of Elderly , 2012, IEEE Sensors Journal.

[2]  Guomin Yang,et al.  An Efficient Identity-Based Key Exchange Protocol with KGS Forward Secrecy for Low-Power Devices , 2005, WINE.

[3]  Fusheng Wang,et al.  Secure and Trustable Electronic Medical Records Sharing using Blockchain , 2017, AMIA.

[4]  Wei Jiang,et al.  Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control , 2016, Journal of Medical Systems.

[5]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[6]  Kyung Sup Kwak,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[7]  Stefan Poslad,et al.  An Evaluation Framework for Adaptive Security for the IoT in eHealth , 2014 .

[8]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[9]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[10]  Philippe Genestier,et al.  Blockchain for Consent Management in the eHealth Environment: A Nugget for Privacy and Security Challenges , 2017 .

[11]  Fusheng Wang,et al.  How Blockchain Could Empower eHealth: An Application for Radiation Oncology - (Extended Abstract) , 2017, DMAH@VLDB.

[12]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.