MedRec: Using Blockchain for Medical Data Access and Permission Management

BY: MAGED MOHAMED ELGAZZAR@MMELJAZZAR

LINKEDIN.COM/IN/MMJAZZAR

10/24/2016 1

Conference 2016 2nd International Conference on Open and Big Data IEEE computer society.

10/24/2016 2

Agenda Introduction Problem statement. System Implementation. Smart contracts. The relationship between provider, patient nodes.

10/24/2016 3

Introduction Bureaucratic inefficiency. Data privacy. Scattered data across various Hospitals. Weak Archiving system.

10/24/2016 4

Problem statement Fragmented data. Slow access to medical data. System interoperability. Health information blocking. Improved data quality for medical research.

10/24/2016 5

The MedRec (Medical Records ) implementation

10/24/2016 6

The MedRec implementation the MedRec based on:- Smart contracts. Hash of the record. Identity confirmation. A syncing algorithm

10/24/2016 7

Smart contracts Log patient-provider relationships. Viewing permissions. Data retrieval instructions.

10/24/2016 8

Hash of the record Guaranteeing data integrity. Add a new record associated with a particular patient.

10/24/2016 9

Identity confirmation Public key cryptography. A DNS-like implementation

10/24/2016 10

A syncing algorithm Handles data exchange “off-chain” between a patient database and a provider database.

confirm permissions via database authentication server.

provide a reference to check for any updates.

10/24/2016 11

The contract function, structures, and relationships

10/24/2016 12

MedRec smart contracts architecture Registrar Contract (RC).

Patient-Provider Relationship Contract (PRR).

Summary Contract (SC).

10/24/2016 13

The contract function Enable advanced functionality (bidding, reputation, etc.).

Contain metadata about the record ownership, permissions.

Carry out policies.

10/24/2016 14

MedRec smart contracts architecture

10/24/2016 15

Registrar Contract Maps patient ID strings to their address identity (equivalent to a public key).

Maps identity strings to an address on the blockchain.

ID can be restricted only to certified institutions.

10/24/2016 16

Patient-Provider Relationship Contract Issued between two nodes in the system.

Defines data pointers and access permissions that identify the records held by the care provider.

Each pointer consists of a query string when executed, it returns a subset of patient data.

10/24/2016 17

Patient-Provider Relationship Contract A (hash table) maps viewers’ addresses to a list of additional query strings.

It specify which data the third party viewer is allowed access.

System formulates SQL queries and uploads them to the PPR on the blockchain.

10/24/2016 18

Summary Contract Locate patient medical record history.

It holds a list of references to PatientProvider Relationship contracts (PPRs).

It populate with references to all care providers they havebeen engaged with.

10/24/2016 19

Summary Contract Persists in the distributed network.

Adding backup and restore functionality

Access to their history by downloading the latest blockchain from the network.

10/24/2016 20

The relationship between provider, patient nodes

10/24/2016 21

Node Server Node server consist of four software components: Backend Library.Ethereum Client.Database Gatekeeper.EMR Manager.

These can be executed on servers, combining to create a distributed system.

10/24/2016 22

The data transferflow between provider node and patient node.

10/24/2016 23

Backend Library Exports a function-call API.

Handles the uncertainty of when transactions.

Do the low level formatting and parsing of the Ethereum protocol.

10/24/2016 24

Ethereum Client Implements the full functionality required to join in the network.

Implement a service to locate the node’s Summary Contract (SC) to monitor real-time changes to the SC.

10/24/2016 25

Ethereum ClientI f new block is created with the newly linked PPR, the client issues a signal which results in a user notification.

The user can then acknowledge or decline her communication with the provider.

If the accepted, it automatically issues a query request to obtain the new medical data.

10/24/2016 26

Database Gatekeeper runs a server listening to query requests from clients on the network.

A request contains a query string, as well as a reference to the blockchain PPR.

Once the issuer’s signature is certified, it verify if the address issuing the request is allowed access to the query.

10/24/2016 27

EMR Manager A web-based interface that presents the users with Update notifications. Data sharing . Retrieval options.

10/24/2016 28

Patient Nodes Contain the same basic components as providers.

An implementation of these can be executed on a local PC or even a mobile phone.

storage of the patient’s medical meta data.

10/24/2016 29

Future work Mining and ether curreny.

Medical researchers and health care authorities to mine in the network.

10/24/2016 30

Conclusion Gives patients a log of their medical history, which is not only comprehensive, but also accessible and credible. Allows for specific authorizations. Different metadata fields within a single record Facilitate continued use of their existing systems. Gives several key properties of decentralization.

10/24/2016 31