Page 348 - Special Topic Session (STS) - Volume 4
P. 348
STS1080 Asma A. et al.
concepts of a blockchain: shared ledger and hashing which together achieve
an acceptable level of integrity. Sha-2 was used to hash each transaction
ensuring users that transaction is accurate. There is no known breach to SHA-
2 making it near impossible for a hacker to replace or create a transaction that
fits on to the blockchain. The concept of shared ledger ensures that data within
the system is accurate and unaltered because each peer of the blockchain has
their own copy. Basic Scenario alone shows 2 key concepts which are enough
to achieve integrity but leaves much to be desired in regards for
confidentiality.
Permissioned Scenario scaffolds from Basic Scenario and implements
various access control providing confidentiality between different participants
on the blockchain. By granting different permissions to different roles within
the blockchain, the amount of users who have access to patients’ personal
data is significantly reduced, which will reduce the risk of data breach. In the
previous scenario, it was demonstrated that Hyperledger is a shared ledger
but to further increase confidentiality, transactions are hidden on the
Composer level if the transaction doesn’t affect the participant.
With Encryption Scenario, confidentiality is fully achieved by protecting
data outside of the blockchain. Basic Scenario and Permissioned Scenario
achieved confidentiality on the blockchain but fails to protect any in-transit
data. This scenario creates a bespoke REST API to encrypt and protect data
being transmitted between the client and the blockchain. Elliptic-curve Diffie
Hellman (ECDH) is used as the key exchange with the public-private key pair,
and AES128 is being used as the symmetric encryption method.
2.2 Regulation compliance
Throughout blockchains short lifespan it has been heavily criticised for its
lack of regulatory compliance. A key aspect of the developed blockchain was
to assess whether blockchain could comply with the GDPR. Basic Scenario
covers the GDPR’s right to access. The GDPR states that individuals have the
right to access their personal data and within the Basic Scenario, patients are
able to access their information quickly and easily. However, Basic Scenario’s
results fail to exhibit any key aspects of the GDPR or HIPAA that the healthcare
industry struggle with. A key aspect of health data regulations is to give control
back to the patients which are achieved in Permissioned Scenario. The
introduction of different access control rules grants patients the ability to
control who has access to their EHR. The GDPR states that individuals must
have the right to restrict processing. Allowing patients to control who has
access to their data is an alternative to removing data which is a large concern
for blockchain. The very idea of data immutability is what makes blockchain
infeasible in specific use cases. Personal data should not be kept longer than
someone needs it. In this scenario, patients can control how long practitioners
have access to their EHR.
337 | I S I W S C 2 0 1 9