STS1080 Asma A. et al.
                  concepts of a blockchain: shared ledger and hashing which together achieve
                  an  acceptable  level  of  integrity.  Sha-2  was  used  to  hash  each  transaction
                  ensuring users that transaction is accurate. There is no known breach to SHA-
                  2 making it near impossible for a hacker to replace or create a transaction that
                  fits on to the blockchain. The concept of shared ledger ensures that data within
                  the system is accurate and unaltered because each peer of the blockchain has
                  their own copy. Basic Scenario alone shows 2 key concepts which are enough
                  to  achieve  integrity  but  leaves  much  to  be  desired  in  regards  for
                  confidentiality.
                      Permissioned  Scenario  scaffolds  from  Basic  Scenario  and  implements
                  various access control providing confidentiality between different participants
                  on the blockchain. By granting different permissions to different roles within
                  the blockchain, the amount of users who have access to patients’ personal
                  data is significantly reduced, which will reduce the risk of data breach. In the
                  previous scenario, it was demonstrated that Hyperledger is a shared ledger
                  but  to  further  increase  confidentiality,  transactions  are  hidden  on  the
                  Composer level if the transaction doesn’t affect the participant.
                      With Encryption Scenario, confidentiality is fully achieved by protecting
                  data  outside  of  the  blockchain.  Basic  Scenario  and  Permissioned  Scenario
                  achieved confidentiality on the blockchain but fails to protect any in-transit
                  data. This scenario creates a bespoke REST API to encrypt and protect data
                  being transmitted between the client and the blockchain. Elliptic-curve Diffie
                  Hellman (ECDH) is used as the key exchange with the public-private key pair,
                  and AES128 is being used as the symmetric encryption method.

                  2.2  Regulation compliance
                      Throughout blockchains short lifespan it has been heavily criticised for its
                  lack of regulatory compliance. A key aspect of the developed blockchain was
                  to assess whether blockchain could comply with the GDPR. Basic Scenario
                  covers the GDPR’s right to access. The GDPR states that individuals have the
                  right to access their personal data and within the Basic Scenario, patients are
                  able to access their information quickly and easily. However, Basic Scenario’s
                  results fail to exhibit any key aspects of the GDPR or HIPAA that the healthcare
                  industry struggle with. A key aspect of health data regulations is to give control
                  back  to  the  patients  which  are  achieved  in  Permissioned  Scenario.  The
                  introduction  of  different  access  control  rules  grants  patients  the  ability  to
                  control who has access to their EHR. The GDPR states that individuals must
                  have the right to restrict processing. Allowing patients to control who has
                  access to their data is an alternative to removing data which is a large concern
                  for blockchain. The very idea of data immutability is what makes blockchain
                  infeasible in specific use cases. Personal data should not be kept longer than
                  someone needs it. In this scenario, patients can control how long practitioners
                  have access to their EHR.

                                                                     337 | I S I   W S C   2 0 1 9