Designing a Private and Secure Personal Health Records Access Management System PDF

Summary

This article explores designing a private and secure system for managing personal health records using IOTA distributed ledger technology and integrates it with Internet of Things (IoT) medical devices. The authors aim to provide patients with full control of their health records by creating four prototype applications, and these demonstrate the proposed solution.

Full Transcript

sensors
Article
Designing a Private and Secure Personal Health Records Access
Management System: A Solution Based on IOTA Distributed
Ledger Technology
Serkan Akbulut 1 , Farida Habib Semantha 1, * , Sami Azam 1, * , Iris Cathrina Abacan Pilares 1 ,
Mirjam Jonkman 1 , Kheng Cher Yeo 1 and Bharanidharan Shanmugam 2

1 Faculty of Science and Technology, Charles Darwin University, Darwin, NT 0909, Australia
2 Energy and Resources Institute, Faculty of Science and Technology, Charles Darwin University,
Darwin, NT 0909, Australia
* Correspondence: [email protected] (F.H.S.); [email protected] (S.A.)

Abstract: The privacy and security of patients’ health records have been an ongoing issue, and
researchers are in a race against technology to design a system that can help stop the compromis-
ing of patient data. Many researchers have proposed solutions; however, most solutions have not
incorporated potential parameters that can ensure private and secure personal health records man-
agement, which is the focus of this study. To design and develop a solution, this research thoroughly
investigated existing solutions and identified potential key contexts. These include IOTA Tangle,
Distributed Ledger Technology (DLT), IPFS protocols, Application Programming Interface (API),
Proxy Re-encryption (PRE), and access control, which are analysed and integrated to secure patient
medical records, and Internet of Things (IoT) medical devices, to develop a patient-based access
management system that gives patients full control of their health records. This research developed
four prototype applications to demonstrate the proposed solution: the web appointment application,
the patient application, the doctor application, and the remote medical IoT device application. The re-
sults indicate that the proposed framework can improve healthcare services by providing immutable,
Citation: Akbulut, S.; Semantha, F.H.;
secure, scalable, trusted, self-managed, and traceable patient health records while giving patients full
Azam, S.; Pilares, I.C.A.; Jonkman,
control of their own medical records.
M.; Yeo, K.C.; Shanmugam, B.
Designing a Private and Secure
Personal Health Records Access
Keywords: privacy; security; IOTA; patient health record; medical record; access management; IoT
Management System: A Solution medical device; healthcare; IPFS; encryption
Based on IOTA Distributed Ledger
Technology. Sensors 2023, 23, 5174.
https://doi.org/10.3390/s23115174
1. Introduction
Academic Editor: Begoña
Garcia-Zapirain The privacy and security of health records have been the main concerns of patients, as
they do not want healthcare providers to be looking at their files when they do not need
Received: 22 February 2023 to. Giving ownership and allowing full control of health records to patients has been one
Revised: 21 May 2023
of the remedies to gain their trust in the system. However, this does not mean that privacy
Accepted: 25 May 2023
and security are ensured. Different techniques and technologies that can guarantee patient
Published: 29 May 2023
privacy and security are explored as options in designing systems to supplement existing
PHR. In addition to this, the big data healthcare services hold has become a lucrative
source for ransom and is becoming a worldwide issue. These issues are still at large, and
Copyright: © 2023 by the authors.
researchers and experts are doing their best to come up with solutions that can tackle these
Licensee MDPI, Basel, Switzerland. issues.
This article is an open access article As time flies by, these challenges become more complex due to rapid advancements
distributed under the terms and in technology. New technologies keep emerging, and they all swiftly change the way
conditions of the Creative Commons people live and enable people to work more efficiently. This innovation is not ready to
Attribution (CC BY) license (https:// slow down just yet as more technologies that disrupt people’s way of life are starting to roll
creativecommons.org/licenses/by/ out one by one. Part of this technological revolution is the explosion of billions of devices
4.0/). around the world, and the internet has enabled these devices to be interconnected with one

Sensors 2023, 23, 5174. https://doi.org/10.3390/s23115174 https://www.mdpi.com/journal/sensors
Sensors 2023, 23, 5174 2 of 35

another. IoT technology has transformed the way people communicate and connect with
each other. There are six main domains where IoT is used. These are home automation,
smart infrastructure, security and surveillance, transportation, industrial application, and
healthcare.
These domains are reaping the benefits of this advancement, and it has allowed them
to grow and mature at a pace they never expected [3,4]. The healthcare industry, however,
is adapting at a slower pace than others. Healthcare systems are complex, which makes the
adaptation of new technologies more difficult [5,6], particularly in IoMT interoperability.
Furthermore, it is an industry that nurtures and takes care of the lives of people, which
requires technology to be fully developed and tested before it is considered as a potential
addition or solution to their existing legacy systems.
IoT technologies are among the technologies that are being extensively used by many
industries; they provide an array of benefits, such as cost-effectiveness, increased produc-
tivity, and improved efficiency. It is not surprising that this technology has started
to penetrate the healthcare sector at a rather gradual stride; it brings with it a promising
progress. Healthcare monitoring, early diagnosis of medical issues, notification or alert
systems for emergency services, and computer-assisted rehabilitation are some of its uses,
to name a few. It has effectively proven its worth in the healthcare sector as it becomes
increasingly apparent how established this technology is in supporting health systems.
It has progressively gained significant traction since coronavirus (COVID-19) hit the
entire world. Remote patient monitoring, real-time patient monitoring, and drug manage-
ment are some of its uses that would have been very useful during this situation. After
realizing IoT’s benefits in healthcare, there has been an increased motivation to develop
a framework to integrate it into healthcare [2,10,11]. However, this also brought many
issues regarding PHR and IoMT interoperability. Managing device variety, scalability, data
privacy, data interchange, hardware implementation and design, optimization problems,
security difficulties, real-time processing, low power consumption, and data integration
can be categorized as these concerns.
This research will develop an access management system on a fully decentralized
personal health records system using IOTA Tangle that will provide full control of medical
records. The Patient Care Information System (PCIS) is primarily responsible for maintain-
ing the client records at the healthcare provider organisation , including programmes
that allow caregivers to keep track of individuals or groups of patients in a rapid, responsive,
adaptable, and courteous manner while maximising available resources. A new patient
can be registered in a healthcare facility through the patient registration process, which
includes personal details collection, patient records management, and maintaining the
register of every patient. Based on the patient’s needs, appropriate care provider resources,
such as healthcare facilities (room/bed), are assigned by the Client-Resource Management
Application. This research mainly focuses on the hospital admission, patient discharge,
and remote patient health data record when registering and retrieving personal data. Peo-
ple have seen the current situation where hospitals are challenged almost beyond their
breaking point. People who work at every healthcare service will fulfil their duty
to care for people even beyond their limits, but, hopefully, with the aid of appropriate
technology, the burden on their shoulders will somehow be lifted.
The benefits of IoT in healthcare continue to grow as more and more devices become
available. Some of its uses are still unexplored, and there will be applications brought about
by the convergence of devices people never would have imagined. However, its uses are
coupled with known challenges, such as unexpected risks related to big data, security ,
privacy, and storage due to the increasing number of users generating data. The benefits
outweigh the challenges, so the focus is on the challenges to be solved rather than finding
an alternative solution to using this technology. Some of the known working solutions to
this are restricting access to data and devices and giving ownership of data back to patients
so they have full authority and control over their data.
Sensors 2023, 23, 5174 3 of 35

1.1. Aim of This Study
This paper aims to design a fully decentralized PHR using IOTA Tangle to secure
patient medical records and IOT medical devices with an access management system that
gives patients full control of their own medical records.

1.2. Related Works
Policies and guidelines have been in place for electronic health records (EHR) in a bid
to protect their privacy and security. According to Rezaeibagha et al.’s findings,
well-defined access control policies should be provided in addition to implementing the
most appropriate architecture, framework, techniques, and policies to ensure the privacy
and security of EHR. Despite the remarkable improvement it brings to the traditional
healthcare system, such as reduction of medical errors, lowered healthcare costs, and
improved healthcare quality , it has faced a lot of barriers and low user uptake. To
boost the population’s confidence in and acceptance of this system, the ability for patients
to manage their own records was introduced. Improving the quality of care and safety,
as well as empowering patients to have full control and authority over their health records,
are some of the significant benefits of the widespread adoption of EHR.
However, there were some technical and non-technical barriers during the adoption
of EHR. Providers fail to involve the users when designing the system, which leads to
people finding it hard to trust the system. Technological literacy discourages people,
especially the elderly, from using PHR, and there is very little provision to support them in
using the system. The biggest barrier to date is privacy and security and not having
measures in place in case there is a breach [23–25].
There have been attempts to address privacy, security, and other challenges in PHR,
most of which are blockchain-based solutions. OmniPHR proposed a distributed
architecture by partitioning PHR in data blocks while being interoperable. This design can
handle a growing number of nodes and requests without significantly affecting the delivery
time. It does, however, lack in the evaluation of its security, privacy, and interoperability.
Semantha et al. [13,27,28] conducted a systematic literature review on privacy by design
and proposed a framework using distributed data storage and sharing for secure and
scalable electronic health records management. Another patient-centred novel framework
called Healthchain was proposed. This one is compliant with HL7 Fast Healthcare
Interoperability Resources (FHIR), which allows seamless transfers between systems follow-
ing the same standard. There are six main components to this framework: patient-centred,
uses permissioned blockchain, interoperable, utilizes mixed-block blockchain, uses smart
contracts, and is Health Insurance Portability and Accountability Act (HIPAA) compliant.
There are models proposed using blockchain-based access controls for personal health
records. Thwin and Vasupongayya’s proposal used the Ateniese, Fu, Green, and
Hohenberger (AFGH) proxy re-encryption (PRE) technique as its mechanism for access
control. It can apply fine-grained access controls and can revoke permission. Encrypted
health records are stored on the cloud, making data available all the time, while related
metadata are stored on private blockchain. Another study focusing on access control was
proposed by Meier et al.. All access management processes are carried out through
blockchain. It gives access information to users, but data had to be stored outside due to
large file sizes. Hussien et al. also proposed a blockchain-based access control scheme
to secure shared PHR using decentralized storage. Its access control scheme is based
on smart contract-based, attribute-based searchable encryption, and it complements the
system by using IPFS to allow sharing and storing of PHR without compromising security.
With PHR, patients are more informed, and it may let them feel that they are more
capable when they can request and make decisions together with clinicians. It allows
them to be in control of their health-related activities. This positive feedback from
patients does lead to better health outcomes. However, the privacy of patients is not solely
solved by giving patients control over their information. How PHR functions in healthcare,
what purposes it serves, and what values it promotes need to be properly articulated.
 IEW Sensors 2023, 23, x FOR PEER REVIEW
Sensors 2023, 23, x FOR PEER REVIEW 4 of 36 4 of 36
With PHR, With patients
PHR,
With patients
PHR,
With
are more patients
PHR,
areinformed,
more
patients
areinformed,
more are
and informed,
more
it may
and informed,
itletmay
andthemitletmay
and
feel
them itlet
that
may
feel
them
they
let
that
feel
are
them
theythat
more
feel
are
theythat
moa
Sensors 2023,Sensors23,2023,
x FOR 23,PEER
x FOR REVIEW
PEER REVIEW
With PHR, With patients
PHR,
With patients
PHR,
With
are more patients
PHR,
areinformed,
more
patients
With
are capable
informed,
more
PHR, capable
With
are
and when
informed,
more
patients
it
PHR,
Withcapable
may
and they
when can
informed,capable
patients
it
PHR,
let
With
are
may
and they
when
themrequest
more
it
PHR,
let can
patients
With
are
may
and they
when
feel
them request
andcan
informed,
more
patients
it
PHR,
let
that
are
may they
feelmake
them request
and
informed,
they
more can
patients
let
that
are
and decisions
make
feel
are
them request
and
informed,
they
moreitthat
more
are
may
anddecisions
make
feel
are and
together
informed,
they
more
itlet
that
more
may
anddecisions
make
are
them together
informed,
they
itlet
morewith
may
and decisions
feel
are
them together
clinicians.
itlet
that
morewith
may
and
feel
them
they together
clinicians.
itlet
thatwith
may
feelIt allows
are
them
they clinicians.
let with
that
more
feelIt allows
are
them
theythem
clinicians
that
more It allo
feel
are
theythea
that
mo
23, 23, x FOR PEER REVIEW Sensors 2023,to 23,bex FOR
into PEER
control
be intoREVIEW
control
of
be their
into control
of
behealth-related
their
in control
of health-related
their of health-related
activities
their health-related
activities. activities
This. positive4 positive
activities
This. ofThis
36
feedback. positive
This
feedback
frompositive
feedback
patients
from feedbac
patien
from
capable capable
With whenPHR,capable
they
when can
capable
they
patientswhen
request
can
are they
when
request
and
more can
capable
they
make
request
andcan
informed,
With capable
decisions
when
make
request
and
PHR, capable
and they
decisions
when
make
itand
together
can
patientscapable
may they
decisions
when
make
request
together
letcan
arewith
capable
they
decisions
when
themrequest
moreand
together
clinicians.
can
Withwith
they
when
feelmake
request
and
together
clinicians.
can
informed,
PHR,
that with
they
decisions
make
Itrequest
they allows
and
clinicians.
can
patients with
and decisions
make
areItrequest
itallows
and
together
them
clinicians.
more
are
maydecisions
make
It
moreallows
and
together
them
let with
decisions
make
It allows
them together
them
clinicians.
informed, with
decisions
feel together
them
clinicians.
thatwith
and Ititallows
they together
clinicians.
with
may It allows
are them
clinicians.
let with
more It allows
them them
clinicians
It allo
feel the
that
IEW
ensors
23,to
23,be
2023,
Sensors
x FOR
into23,
PEER
2023,
Sensors
x FOR
control
be intoREVIEW
23,
2023,
PEER
x FOR
control
of
be their
23,intoREVIEW
5174
PEER
control
of
be REVIEW
Sensors
health-related
their
in control
of 2023,
health-related
their
to of
be does
23,
health-related
activities
their
in to control
be lead
does
activities
into toactivities
xhealth-related
FOR PEER.
control
of
be lead
better
does
their
in
This
to to
REVIEW.
control
of
be lead
health
better
does to
health-related
positive
activities
their
in
This
to.
control
of
be lead
health
outcomes.
better
health-related
positive
their
in
This to
feedback.
control
of health
outcomes.
better
health-related
positive
activities
their
This
feedback
of However,
from health
outcomes.
4health-related
of 36
positive
activities
their However,
feedback.
patients
from outcomes.
the However,
4health-related
of 36
activities
This
feedback. privacy
patients
from the
positive However,
activities
This. privacy
patients
from ofthe
patients
positive4privacy
activities
This
feedback.
patientsof
of the
patients
36
positive
This 4is
feedback.
fromprivacy
of
not
of patients
36
positive
This solely
4is
feedback of
not
of
patients
from patients
36
positivesolved
solely
is
feedback
4
not
patients
from
of 35
solve
solel
is no
feedbac
patien
from
capable when they can request and capable
make decisions
when theytogether can requestWithwith
capable and
clinicians.
PHR,
With when
make
patients
PHR, they
decisions
Itpatients
allows
canmore
are request
together
them
are and
informed,
more with
make clinicians.
informed,
and decisions
it may
and Ititallows
together
letmaythem them
let with
feel
them clinicians
that
feel
theythat
does by giving by giving
patients
bythegiving
patients
control
by giving
patients
control