62
63 One of the research limitations was a failure to receive the required responses to the distributed survey. The number of responses is considered low, specifically the number of healthcare professionals and those that work in the management of healthcare entities. Therefore, more responses will have a clearer effect on the analysis of the results. In addition, the analysis was limited to the available health policies, laws, and guidelines from the different UAE's Health Information Systems along with the survey results, but the lack of implementation and performance or risk assessment
analysis limits the validation of the proposed solution, as there is no real case to
implement the policy framework and test it to identify the shortcomings in the policy.
Finally, in order to evaluate the effectiveness of the proposed Blockchain-based policy framework to manage the Electronic Health Records effectively, there is a need for an existing, implemented healthcare Blockchain solution to assess the policy and identify its applicability, regardless of its size, nature, complexity, etc. In addition, future work will focus on generally enhancing the statements mentioned in the policy, whether by adding, deleting, or modifying the statements in order to ensure comprehensive
coverage of the EHR-related Blockchain activities. The future of Blockchain will remain challenging, but at the same time, the advancements are exciting, which makes
depending on it for EHRs a wise idea. It is important to keep in mind that Blockchain is still in the development stage and is facing issues such as scalability, maturity, etc. This is a key realization that should guide any regulatory action since it needs time and experience to develop. Whenever general governance is addressed in relation to Blockchain, more detailed discussion on both a local and global level is required.
64
References
[1] “Consortium Blockchain.jpeg 1,400×545 pixels.”
https://miro.medium.com/max/1400/1*82pWsHCoFTrSRyteQJjXrA.jpeg (accessed Oct. 19, 2022).
[2] S. Ølnes, J. Ubacht, and M. Janssen, “Blockchain in government: Benefits and implications of distributed ledger technology for information sharing,” Gov. Inf. Q., vol. 34, no. 3, pp. 355–364, Sep. 2017, doi: 10.1016/j.giq.2017.09.007.
[3] Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends,” in 2017 IEEE
International Congress on Big Data (BigData Congress), Jun. 2017, pp. 557–564.
doi: 10.1109/BigDataCongress.2017.85.
[4] Y. Wang and M. He, “CPDS: A Cross-Blockchain Based Privacy-Preserving Data Sharing for Electronic Health Records,” in 2021 IEEE 6th International Conference on Cloud Computing and Big Data Analytics (ICCCBDA), Apr. 2021, pp. 90–99.
doi: 10.1109/ICCCBDA51879.2021.9442539.
[5] Ž. Turk and R. Klinc, “Potentials of Blockchain Technology for Construction Management,” Procedia Eng., vol. 196, pp. 638–645, Jan. 2017, doi:
10.1016/j.proeng.2017.08.052.
[6] L. Hirtan, P. Krawiec, C. Dobre, and J. M. Batalla, “Blockchain-Based Approach for e-Health Data Access Management with Privacy Protection,” in 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of
Communication Links and Networks (CAMAD), Sep. 2019, pp. 1–7. doi:
10.1109/CAMAD.2019.8858469.
[7] “Dubai Blockchain Strategy.” https://www.digitaldubai.ae/initiatives/blockchain (accessed Sep. 26, 2022).
[8] “Emirates Blockchain Strategy 2021 - The Official Portal of the UAE Government.”
https://u.ae/en/about-the-uae/strategies-initiatives-and-awards/federal-governments- strategies-and-plans/emirates-blockchain-strategy-2021 (accessed Sep. 26, 2022).
[9] S. Ramachandran, O. Obu Kiruthika, A. Ramasamy, R. Vanaja, and S. Mukherjee,
“A Review on Blockchain-Based Strategies for Management of Electronic Health Records (EHRs),” in 2020 International Conference on Smart Electronics and Communication (ICOSEC), Sep. 2020, pp. 341–346. doi:
10.1109/ICOSEC49089.2020.9215322.
[10] “Blockchain in Data Analytics.pdf.” Accessed: Sep. 26, 2022. [Online]. Available:
https://www.cambridgescholars.com/resources/pdfs/978-1-5275-4429-1-sample.pdf [11] A. Banafa, “Blockchain Technology and Applications,” 2020. Accessed: Sep. 26,
2022. [Online]. Available: https://ieeexplore-ieee- org.uaeu.idm.oclc.org/document/9227147
65 [12] A. Donawa, I. Orukari, and C. E. Baker, “Scaling Blockchains to Support Electronic
Health Records for Hospital Systems,” in 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), Oct.
2019, pp. 0550–0556. doi: 10.1109/UEMCON47517.2019.8993101.
[13] K. Werbach, “The Siren Song: Algorithmic Governance by Blockchain,” p. 26.
[14] Weltgesundheitsorganisation, Medical records manual: a guide for developing countries. Geneva: World Health Organization, 2002.
[15] “Electronic Health Records: Manual for Developing Countries.pdf.” Accessed: Oct.
04, 2022. [Online]. Available:
https://apps.who.int/iris/bitstream/handle/10665/207504/9290612177_eng.pdf;jsessi onid=1D07A885AE116883D2D0604A53D0AF06?sequence=1
[16] Dr. T. Seymour, D. Frantsvog, and T. Graeber, “Electronic Health Records (EHR),”
Oct. 2014, doi: 10.19030/ajhs.v3i3.7139.
[17] “Blockchain_Guide.pdf.” Accessed: Oct. 05, 2022. [Online]. Available:
https://ai.gov.ae/wp-content/uploads/2020/01/Blockchain_EN_v1-online.pdf [18] “Federal Law No. (2) of 2019 Concerning the Use of Information and
Communication.” https://mohap.gov.ae/app_content/legislations/php-law-en- 77/mobile/index.html (accessed Oct. 05, 2022).
[19] “GUIDELINES FOR MANAGING HEALTH RECORDS Version 2.pdf.”
Accessed: Oct. 05, 2022. [Online]. Available:
https://www.dha.gov.ae/uploads/112021/31364f62-fa09-4cb8-9484- d1683b155b91.pdf
[20] AbuDhabi - Department of Health, “ABU DHABI HEALTHCARE DATA PRIVACY STANDARD,” p. 18, Sep. 2020.
[21] N. B. Al Barghuthi, C. Ncube, and H. Said, “State of Art of the Effectiveness in Adopting Blockchain Technology - UAE Survey Study,” in 2019 Sixth HCT Information Technology Trends (ITT), Nov. 2019, pp. 54–59. doi:
10.1109/ITT48889.2019.9075108.
[22] “dubai-blockchain-policy.pdf.” Accessed: Oct. 05, 2022. [Online]. Available:
https://www.digitaldubai.ae/docs/default-source/policies-standards/dubai- blockchain-policy.pdf?sfvrsn=ddfaec24_4
[23] M. Pandey, R. Agarwal, S. K. Shukla, and N. K. Verma, “Security of Healthcare Data Using Blockchains: A Survey,” Mar. 2021, doi: 10.48550/arXiv.2103.12326.
[24] R. Zhang, R. Xue, and L. Liu, “Security and Privacy for Healthcare Blockchains,”
IEEE Trans. Serv. Comput., pp. 1–1, 2021, doi: 10.1109/TSC.2021.3085913.
[25] G. Magyar, “Blockchain: Solving the privacy and research availability tradeoff for EHR data: A new disruptive technology in health data management,” in 2017 IEEE 30th Neumann Colloquium (NC), Nov. 2017, pp. 000135–000140. doi:
10.1109/NC.2017.8263269.
66
[26] V. B, S. N. Dass, S. R, and R. Chinnaiyan, “A Blockchain based Electronic Medical Health Records Framework using Smart Contracts,” in 2021 International
Conference on Computer Communication and Informatics (ICCCI), Jan. 2021, pp.
1–4. doi: 10.1109/ICCCI50826.2021.9402689.
67
Appendices
Appendix A: Federal Law No. (2), MOHAP, of 2019
The Federal Law No. (2), from the Ministry of Health and Prevention in UAE, of 2019 Concerning the Use of Information and Communication Technology (ICT) in Health Fields [8], applies to all information and communication technology techniques and applications in the health care sector. The law is divided into three main sections:
1. Use Controls of Information and Communication Technology a. ICT Use Obligations
b. Establishment of the Central System
c. Principles, Standards, and Controls of Electronic Systems d. Joining the Central System
e. Obligations of Using the Central System
f. Publication and Distribution of the Instruction Manual
g. Coordination between the Ministry and the Competent Authority or Health Authority
h. Ensuring Compatibility of Used Information Systems i. Storage of Health Information and Data in the State
j. Storage and Transfer of Health Information and Data Outside the State k. Prohibitions of Using the Central System
l. Obligations of Using the Central System Use
m. Confidentiality of Information Related to Patients and Exclusions n. Advertisement Licensing
o. Violation of the Controls and Standards of Health Advertisements p. Training and Qualification of Human Resources
q. Keeping Health Information and Data
r. Inclusion of the Identity Number in Health Transactions and Files 2. Penalties
a. Application of the Severer Penalty
b. Penalty of Unauthorized Advertisement Publication c. Penalty of the Violation of Article (13)
68
d. Disciplinary Sanctions
e. Grieving against Disciplinary Sanctions 3. Final Provisions.
a. Judicial Officers
b. Regularization of Affairs of the Competent Authorities c. Issuance of the Executive Regulation of the Law d. Abrogation of Violating and Contradicting Provisions e. Publication and Entry into Force of the Law
69 Appendix B: A Blockchain Based Policy Framework for the Management of
Electronic Health Record (EHRs) – Survey Questions
Primarily, the existing electronic health record management approach is built on access controls. There is no policy in place to govern how Blockchain will store EHR, identify who will have access to it, or who will be able to edit or contribute to it. This survey will focus on entities' knowledge of the technology and their needs, as well as how well the policy framework will be accepted. You will be asked a series of questions on your familiarity on the topic of Blockchain in general. Once the survey is started, you must fill out all the questions.
Participation in the survey is voluntary and you don't have to continue.
Withdrawal will not result in any penalties. We are expecting to gather information on people's perspectives on the Blockchain and see what might be preventing them from adopting Blockchain as an enabler technology for good management of electronic health records to determine the barriers that need to be overcome.
The questions will not be personal or psychological; instead, they will focus on your knowledge of Blockchain technology. The survey is fully anonymous, no personal information will be attached to your answers or released to the public. Your employment status and job title will be used to categorize your responses to the questions.
By answering Question 1 of the survey:
1) I confirm that I voluntarily consent to participate in this study. I have read and completely understood the information provided above.
Yes No
2) Are you currently working? Yes No
If yes, what is your job title? __________________________________________
3) Do you want to be able to control who can have access to your EHR, such as who can view, update, or use it for research?
Yes No Unsure
70
4) How comfortable are you with the idea of other organizations (hospitals, research centers …) viewing your EHR?
Uncomfortable Neutral
Comfortable Do not care
5) In the event that your EHR is shared, do you trust that your personal and medical information is being disclosed only to authorized users?
Yes No Unsure
6) Would you like to be notified whenever your EHR is shared with another organization?
Yes No
Do not care
7) Would you like the power to be able to approve or deny having your EHR shared with another party other than who you a consent to?
Yes No
Do not care
8) Do you believe that your medical records are less likely to be disclosed to unauthorized parties as an EHR as opposed to physical files and documents?
Yes No
9) Are you worried about data leakage and other users having unauthorized access to stored EHRs?
Yes No Partially
71 10) Are you aware of any precautions being taken by organizations to avoid data
leakage of EHRs?
Yes No
11) How safe and private do you believe that EHRs are?
Unsafe Questionable Somewhat safe
Safe, but needs improvement.
Completely safe
12) Do you know of any used systems to exchange EHRs nationally or internationally?
Yes, both nationally and internationally.
Only internationally.
Only nationally.
No
Don’t know
13) For what reasons do you think EHRs are usually shared? Select all applicable reasons.
Medical, as pertained to the patient.
Medical-related Research.
National Concerns (national security, epidemics control).
Investigations (law enforcement).
Others, please specify:
14) Do you think that sharing an EHR internationally should affect the kind of information being shared?
Yes, some data should be redacted.
Yes, additional data should be added.
No
Don’t know
15) Are you aware of methods being implemented for auditing EHRs sharing?
72
Yes No
16) If yes, how often you think should an audit take place?
Monthly Quarterly Twice per year Yearly
Intermittent
17) Are there measures in place, that you are aware of, to prevent unauthorized parties from accessing EHRs as they are being shared with another organization?
Yes No
Don’t know
18) How likely, in your opinion, that an unauthorized party can access EHRs during the sharing process?
Highly unlikely Unlikely
Unsure Likely
Highly likely
19) Do know if international privacy regulations (such as the GDPR, HIPAA) affect the exchange of EHRs?
Yes, some data needs to be redacted.
Yes, extra data needs to be added.
No
Don’t know
20) How often do you think policies regarding EHRs storage, sharing, and modification should get updated?
Weekly Monthly
Once every few months.
73 Yearly
Never
21) Are you aware of the current UAE policies with respect to sharing EHRs?
Yes No
22) Have you heard of Blockchains Technologies?
Yes No
23) If the use of Blockchains for EHR sharing will ensure security and privacy of EHRs sharing, will you encourage organization to use such a technology?
Yes No
24) Do you know of any organization currently implementing or planning to implement Blockchain technologies for EHRs sharing?
Yes, currently implementing Blockchain technologies.
Yes, plan to implement Blockchain technologies soon.
No, but I know that they are investigating the possibility of implementing Blockchain technologies.
Don't know.
Other (please briefly describe):
25) What benefits do you hope for from using Blockchains for EHRs sharing? (Please select all that apply.)
Improved business efficiency.
Better transaction integrity and visibility.
Increased transaction speed.
Better data protection provided by Blockchain's ability to eliminate points of failure in business networks.
Lower transaction cost.
Stronger working relationship with partners (via better collaboration, etc.).
74
Time savings (i.e., reducing time required for settling disputes, finding information, and verifying a transaction, leading to quicker settlement and deliveries, etc.).
Reduction of risks (i.e., by eliminating the risk of collusion, tampering, and unintentional leakage of information, etc.).
Don't know.
Other (please briefly describe):
26) What do you think the challenges are that need to be addressed for a successful Blockchain implementation for EHRs sharing? (Please select all that apply.)
Blockchains are still an emerging technology.
Lack of understanding just what Blockchain can do/is good for.
Lack of experts skilled in Blockchain technology.
Lack of industry standards.
Regulatory constraints.
Privacy and security considerations.
Don't know.
Others (please briefly describe):
27) Do you have any concerns about giving patients control over their own EHRs?
Yes No
Don't know.
28) Do you think that new regulations are needed to ensure controlled sharing of one’s EHR among parties even when Blockchains are used?
Yes No
Don't know.