An API for secure sharing of immunization records in a public blockchain
Electronic Health Records (EHRs) are faced with both confidentiality breach and accessibility problems. EHR systems with mediocre security can be vulnerable to malicious attacks that might lead to sensitive healthcare data being accessible to unauthorized users. In order to protect the privacy and c...
Saved in:
Main Authors: | , , |
---|---|
Format: | text |
Language: | English |
Published: |
Animo Repository
2022
|
Subjects: | |
Online Access: | https://animorepository.dlsu.edu.ph/etdb_comtech/13 https://animorepository.dlsu.edu.ph/context/etdb_comtech/article/1009/viewcontent/An_API_for_secure_sharing_of_immunization_records_in_a_public_blo_Redacted.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | De La Salle University |
Language: | English |
Summary: | Electronic Health Records (EHRs) are faced with both confidentiality breach and accessibility problems. EHR systems with mediocre security can be vulnerable to malicious attacks that might lead to sensitive healthcare data being accessible to unauthorized users. In order to protect the privacy and confidentiality of EHRs against malicious attacks, existing state-of-the-art security mechanisms of EHR systems cause difficulty of access in the records of patients as well as in the sharing process among healthcare players and peers. Integrating blockchain technology into EHRs can improve both accessibility and security of the EHR. However, most public blockchain implementations have limitations when it comes to preserving the privacy and confidentiality of the medical data inside the EHR during data sharing. In this work, an Application Programming Interface (API) with secure sharing functionalities to an existing public blockchain framework as a means to strengthen the privacy and confidentiality of healthcare data upon sharing was developed. The API allows for user registrations with designated roles, record additions, and secure sharing of said records with other users. The study focused on a specific type of EHR, particularly immunization records, and implemented a blockchain-based on BHEEM, a blockchain-based framework for securing health records. Additionally, the study implemented a suitable cryptographic algorithm, AES on the implemented existing framework to strengthen privacy and confidentiality when sharing immunization records. The API was tested for its functionalities: access permission, record sharing, and record retrieval through the use of a client application on a web application wherein the researchers were able to conclude that the API functionalities are working as intended. Additionally, a simple application that utilizes the API was also tested for its security with the use of OWASP ZAP, which resulted in finding five alerts with varying degrees of risk levels. Overall, the developed API was able to utilize blockchain technology for healthcare and provide a secure way of sharing sensitive data by using a combination of access control permissions and cryptography. However, the use of blockchain technology has its disadvantages as well, particularly on the smart contract’s limitation on the number of variables allowed to be processed in a transaction limits the information that can be stored in the blockchain, and its immutability with erroneous inputs. The possibility of using databases alongside blockchain could be a better system implementation that harnesses the strengths of both technologies to create a better overall system. |
---|