How blockchain can help us build better health data defences
With increasing amounts of our personal data being stored digitally, there’s a growing need for organizations to bolster protections that make sure this information is kept private. In the case of medical records, which need to be regularly accessed by other parties, this is a particular challenge.
For the past decade, computer science professor Ali Miri has been working on ways to improve digital privacy for patient data. Most recently, he has explored the potential for blockchain technology to help tackle the issue alongside Ryerson PhD student Shadan Ghaffaripour.
From their base at Ryerson’s Information and Computer Security Lab, professor Miri and Ghaffaripour have successfully created a system that can lock out unauthorized parties and give patients more control over who has access to their records. According to professor Miri, new privacy solutions will be increasingly needed as governments move to huge, fully centralized record databases. One example of this is the eHealth Ontario program.
“Data privacy has always been an issue and it has become an even more prominent issue because of the way that patients interact with their caregivers, doctors and clinics,” he said. “More and more, both here and elsewhere, people do their bookings, see their results and have consultations with their doctors all online.”
The researchers say that blockchain is suitable for this purpose because it permanently records who has looked at a file and what they did with it. This transparency builds trust in the system, which is important not only for patients, but also for those who require access to our health data in order to do their jobs. These include doctors and health-care professionals, insurance companies, our legal representatives and people conducting research.
“The user determines who can have access to their particular record,” said Ghaffaripour. “For example, I as a patient can say that, for a particular record of mine, it can only be viewed by doctors who work at a specific hospital.”
The framework, which the researchers presented at the ACS/IEEE International Conference on Computer Systems and Applications, external link, opens in new window, provides this privacy by using two layers of protection. The first layer uses programs known as smart contracts, which require users to have certain attributes in order to meet the terms of a contract and then access files. If someone erroneously passes through this layer, they will then face a second encryption barrier that can only be unscrambled if they are a user with the specified role.
Ghaffaripour explained that, up until now, this double-layer approach had not been tested. “We could see that we could add something new to this domain,” she said. “To the best of my knowledge, the double-layer mechanism has not been created before.”
These layers of protection could help to build patients’ trust in the system. Blockchain also allows for intermediaries to be cut out, addressing another potential vulnerability of electronic medical databases. As the researchers point out, patient trust is vital because health-care professionals need to be able to access patient records in order to provide appropriate care. It also has the potential to benefit medical research, as patients may be more inclined to participate in studies if they are confident that investigators will only be able to access the allowed information.
If this system were to be implemented, patients and other users would not necessarily be aware of the complex computational processes happening behind the scenes. They would simply access information on a standard, web-based interface. Professor Miri believes that, in the future, it’s likely that blockchain will be adopted by health-care providers and governments as they try to build public faith in data privacy and eliminate vulnerabilities. He says that citizens are beginning to realize that, in various aspects of their lives, their personal data is being used by organizations in ways that they were not necessarily aware of.
“Privacy and privacy-preserving technology are about being able to give the power back to users, in this case patients,” he said.
This research was supported by the Natural Sciences and Engineering Research Council of Canada.