Blockchain in Personal Health Information Exchange

Zhou, Xiaohu (2024) Blockchain in Personal Health Information Exchange. Doctoral thesis, Birmingham City University.

[img]
Preview
Text
Xiaohu Zhou PhD Thesis published_Final version_Submitted May 2023_Final Award Jun 2024.pdf - Accepted Version

Download (11MB)

Abstract

The secure and efficient exchange of personal health information is a critical challenge in the healthcare sector. It is a social-technical issue, being concerned with the individual’s right to data protection as well as the interoperability of existing health information management systems, such as electronic medical record systems. In particular, there is the need to legally, securely, and efficiently share personal health information between different organisations and entities within and across regions. The various entities in personal health information exchange have different requirements and responsibilities. This thesis focuses on two of these: (1) individuals as data subjects should have the opportunity to oversee the processing of their health information by others and to restrict the exchange of their health information, and (2) entities should be able to verify that data controllers are securely sharing personal health information as agreed and in compliance with regulations, laws and the preferences of data subjects.

To address these challenges, blockchain technology has been actively explored in the research community of health information exchange as a potential solution. This thesis is intended to contribute towards this global effort. Blockchain technology provides benefits on decentralisation, immutability, transparency and traceability of data transactions and public access of data by network users. As a distributed technology, the adoption of blockchain in health information exchange can support interoperability, security, and privacy protection. This thesis aims to explore the use of blockchain technology in personal health information exchange between stakeholders for privacy protection, confidentiality, non-repudiation, and auditability. The four main contributions of the thesis can be summarised as follows:

Firstly, the research identified the requirements of different roles involved in the cases of health information exchange and the current challenges of health information exchange in the sector by reviewing related work on personal health information exchange and blockchain technology, and discussing existing blockchain-based applications in health information exchange. In summary, there are several challenges related to PHI exchange, including legal and regulatory barriers, privacy and security breaches, lack of interoperability between healthcare information systems, trust-building barriers, and low levels of patient engagement.

Secondly, to explore the use of blockchain technology in data exchange, the study designed a blockchain-based auditing framework for workflows involving different entities. This framework, called AudiWFlow, provides an audit trail for records verification on-the-fly and after the fact using smart contracts and personal receipts. In the context of data exchange in the health sector, the AudiWFlow framework makes data transactions auditable and builds trust between different entities located in the same jurisdiction. Workflow entities share required protected data with each other and use the blockchain to store proof of integrity about transaction records. The blockchain plays the role of an audit server in the framework and has a stable time delay compared to traditional servers.

Thirdly, to address challenges of secure cross-regional data exchange in health, particularly when combined with existing infrastructures in the health management system, this study developed a proper blockchain-based framework called BRUE that can help entities meet fit-for-purpose security requirements in the exchange of personal health information. The BRUE framework reconstructs the concepts of User-Managed Access protocol and uses personal data receipts and token-based records to achieve access control fulfilling the needs of privacy preservation, auditing, non-repudiation, and confidentiality.

Finally, to improve privacy preservation in the exchange of personal health information, the study developed a blockchain-based framework named BRESPE. This framework utilises sticky policy triggered by smart contracts to enforce access control, aligning with user preferences and data protection regulations during data transmission.

Item Type: Thesis (Doctoral)
Dates:
DateEvent
19 May 2023Submitted
14 June 2024Accepted
Uncontrolled Keywords: Blockchain; Personal health information; Health information exchange; Auditing
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
CAH11 - computing > CAH11-01 - computing > CAH11-01-03 - information systems
Divisions: Doctoral Research College > Doctoral Theses Collection
Faculty of Computing, Engineering and the Built Environment > College of Computing
Depositing User: Jaycie Carter
Date Deposited: 02 Sep 2024 13:23
Last Modified: 02 Sep 2024 13:23
URI: https://www.open-access.bcu.ac.uk/id/eprint/15765

Actions (login required)

View Item View Item

Research

In this section...