Background: Longitudinal personal health record (PHR) provides a foundation for managing patients' health care, but we do not have such a system in the U.S. except for the patients in the Department of Veterans Affairs. Such a gap exists mainly in the rest of the U.S. by the fact that patients' electronic health records are scattered across multiple health care facilities and often not shared due to privacy, security, and business interests concerns from both patients and health care organizations. In addition, patients have ethical concerns related to consent. To patients, data security, privacy, and consent are based on trustfulness, rather than patients' engagement in ensuring only authorized people can view their PHRs with patient-managed granularity. Resolving these challenges is an important step in making longitudinal PHR useful for patient care.
Objective: This research aims to design and implement a blockchain-enabled sharing platform prototype for PHR with desired patient-controlled data security, privacy, and consent granularity.
Methods: Built upon our prior work of a blockchain-enabled access control (BAC) model, we design a blockchain-enabled sharing platform for PHR with patient-controlled security, privacy, and consent granularity. We further implement the construct by building a prototypical platform among a patient and two typical health care organizations. Health organizations that hold the patient's electronic health records can join the platform with trust based on the validation from the patient. The mutual trust can be established through a rigorous validation process by both the patient and the built-in Hyperledger Fabric blockchain consensus mechanism.
Results: We proposed a system trusted by patients and health care providers and constructed a Web-based PHR sharing platform with patient-controlled security, privacy, and consent granularity. We analyzed the system scalability in three aspects and showed millisecond range of performance when simultaneously changing access permissions on hundreds of PHRs. Consent, security and privacy of the model are ensured by the merits of the BAC model. We discovered the current blockchain model limits the system scalability due to using a non-graphical database. A new graphical database is suggested for future improvements.
Conclusions: In this research, we report a solution to electronically sharing and managing patients' electronic health records originating from multiple organizations, focusing on privacy, security, and granularity control of consent in the U.S. Specifically, the system protects data security and privacy, and provides auditability, scalability, distributedness, patient consent autonomy, and zero-trust capabilities. The prototypical instantiation of the designed model suggested the feasibility of combining emerging blockchain technology with next generation access control model to tackle a longstanding longitudinal PHR problem.
Keywords: Blockchain; Patient consent; Personal health record; Privacy; Security; Sharing platform; Trustfulness.
© 2023 The Authors.