STS1080 Asma A. et al.
            patients the ability to remove read rights from reading the EHR and deleting
            the  EHR.  The  GDPR  states  the  user  must  have  the  right  to  be  forgotten.
            Consequently, this scenario tests the removal of patient data.
                Scenario 4 - Data type scenario: This scenario tests how Hyperledger
            blockchains  interact  with  different  kinds  of  data.  Within  this  scenario,  the
            blockchain will have to cope with images and text to mimic the data used
            within the healthcare industry such as X-Ray’s and their annotations.
                Scenario 5- Encryption Scenario: This scenario tests the cryptographic
            capabilities available on the Hyperledger. To ensure that connection to the
            blockchain is secure and protected from man in the middle attacks a level of
            security must be available.
                Finally, to run these scenarios we have created different roles with different
            permissions.  These  permissions  and  roles  will  mirror  some of  the  different
            roles  used  in  the  healthcare  sector  and  will  illustrate  how  a  permissioned
            blockchain can be utilised in different use case scenarios.
                -  Admin: complete access to all users and system resources.
                -  Member:  Create,  delete,  read  and  update  their  own  participant
                    information.
                -  Medical  institution:  Create,  delete,  read  and  update  their  own
                    participant information. A medical institution such as a hospital can
                    view  their  employees’  participant  information  and  manage  medical
                    practitioners such as doctors, pharmacists, surgeons…etc.
                -  Medical  practitioner:  Create,  delete,  read  and  update  their  own
                    participant information, Read/ update permissioned HER (If authorised
                    by the patient) or refer it to other practitioners (granting access rights
                    for other practitioner on HER they have been authorised to manage).
                -  Patient:  Create,  delete,  read  and  update  their  own  participant
                    information and HER, grant or remove access rights to practitioners on
                    their HER.

            3.  Results
                This section will compile all the results from the implemented blockchain
            environment.

            2.1. Security
                Throughout each scenario, validation has been used to increase the fault
            tolerance of the developed blockchain. Even though, Hyperledger Fabric is
            described  as  fault  tolerant;  it  does  not  enforce  any  fault  tolerance  within
            chaincode leaving it up to the developer.
                Basic  Scenario  used  access  control  to  restrict  resource  utilisation  to
            named  roles  (patients,  medical  practitioners  and  medical  institutions).  This
            achieves a superficial level of confidentiality by keeps personal data private to
            blockchain  participants.  Further  to  this,  Basic  Scenario  showcases  2  key

                                                               336 | I S I   W S C   2 0 1 9