STS1080 Asma A. et al.
                  different levels of control to diverse range of users. This is only possible with
                  a  permissioned  framework  like  Hyperledger  fabric.  Unlike  Ethereum,
                  Hyperledger allows nodes to have different roles within the blockchain. Nodes
                  can  be  restricted  on  read,  create,  update  and  delete  rights.  Even  though
                  “delete” rights are offered to different nodes, no data is deleted on Fabric. A
                  delete on Hyperledger is a  transaction which simply  marks certain data as
                  “deleted”.  Moreover,  we  have  used  Hyperledger  composer  which  is  a
                  development toolset to develop business networks. Hyperledger Composer
                  has a UI for configuring, testing and deploying the business networks called
                  “Playground”  which  is  the  main  tool  being  used  for  implementation.
                  Playground allows developers to simulate business networks by utilising assets
                  (goods or services that are stored in the blockchain); participants (members of
                  the  blockchain)  and  transactions (methods  which  participants  interact with
                  assets). In order to discover whether blockchain should be adopted in the
                  industry, it must solve the key issues related to security, regulation compliance,
                  scalability and flexibility. In term of security, the blockchain platform must be
                  able to implement integrity, confidentiality and availability of the data. In order
                  to test whether the healthcare industry can utilise blockchain; the business
                  network must take steps to comply with the GDPR as much as possible.

                  1.5. Test approach and scenario
                      Hyperledger  composer  offers  3  different  types  of  tests  for  blockchain
                  applications:  interactive  test,  automated  unit  tests  and  automated  system
                  tests. This business network will be using interactive tests to assess whether
                  the  scenarios  could  be  implemented  into  blockchain.  As  well  as  scenarios,
                  interactive tests will be used to check validation, verification, permissions and
                  the overall performance of the blockchain..
                      To test the blockchain environment, the following scenarios have been
                  designed:
                      Scenario  1-  Basic  scenario  :  This  scenario  tests  the  different  access
                  control  between  a  standard  user  and  specified  member  of  the  blockchain
                  (patients, medical institutions or medical practitioners). Specified member will
                  be able to view data on the blockchain whereas a standard user will have no
                  access. Further to this, this scenario will confirm the use of a strong hashing
                  function and the concept of a  shared ledger. The patient and the medical
                  practitioner should have a copy of the same transaction.
                      Scenario  2  -  Permissioned  Scenario:  This  scenario  tests  the  level  of
                  permissions utilised on Hyperledger regarding create, read, update and delete
                  operations.  The  goal  of  this  scenario  is  to  explore  whether  Hyperledger’s
                  permissions could be used to restrict different types of participants to ensure
                  an extra layer of security and minimise the number of security threats.
                      Scenario  3  -  Purging  data  Scenario:  To  be  GDPR/HIPPA  compliant
                  patients must have complete control over their EHRs, this includes both giving

                                                                     335 | I S I   W S C   2 0 1 9