blockchain for consent management in the ehealth environment

(1)

JOURNAL OF THE INTERNATIONAL SOCIETY FOR TELEMEDICINE AND EHEALTH

Genestier P, et al., J Int Soc Telemed eHealth 2017;5(GKR):e24 1

BLOCKCHAIN FOR CONSENT MANAGEMENT IN THE EHEALTH ENVIRONMENT: A NUGGET FOR PRIVACY AND SECURITY CHALLENGES

Philippe Genestier PhD, Sajida Zouarhi MSc, Pascal Limeux MSc, David Excoffier MSc, Alain Prola MSc, Stephane Sandon MSc, Jean-Marc Temerson MSc

Orange Labs, 28 Chemin du vieux chêne - BP 98, 38243 Meylan Cedex, France

Abstract

In our digital world, access to personal data has become an item of concern, with challenging security and privacy aspects. Occurrences of hacking intentions and privacy violations make digital trust a major challenge. This is true in the eHealth area where management of patient health data must comply with many regulations, while remaining accessible to duly authorised health practitioners. Most will have heard about Blockchain because of its most known application - Bitcoin - in the payment area. However, Blockchain’s characteristics make it possible to fulfill the requirements of consent management, as illustrated in an implementation within a health domain use case.

Keywords: digital trust; Blockchain; privacy; security;

auditability; healthcare

Introduction and Use Case

A critical capability is for patients to be able to grant authorised persons with select, partial or total access to their personal data. This is called consent management and is a key issue for eHealth. Existing solutions pretending to face the related challenges (governance, granularity, traceability) show low suitability due to several disadvantages: confidence based on a single solution provider, consent not being auditable by third parties, respect of privacy being in an “all or nothing”

mode.

In classical solutions, dedicated records are used:

when a consent management function exists, it is managed in silo, by each application (Figure 1), and the user therefore has to define their consents in each of them. Trust is based upon the sole application provider: a unique trusted third party. Moreover, consent is generally given as global access for the whole set of user’s data in the application: the user has

Figure 1. Existing solutions for consent management.

no way to divide their consent, and no way to control the kind of use made of their data.

In the ‘Orange Consent Management Service’

solution, these main issues are resolved using a Blockchain based solution, and in addition also make it possible to share the consent management function among several applications. (Figure 2).

Figure 2. New features for a consent management environment.

The main features that make Blockchain based solutions relevant for the selected use case are:

 trust improvement. Trust no more relies on a single actor but is distributed among a whole set of actors: approval of records and delivery of access authorisation are totally decentralised.

(2)

 immutability due to impossibility of ledger falsification. Non repudiation is effective because data registers are replicated, and once a consent is recorded, it can no longer be modified or deleted (if a modification is done, another consent is then recorded).

Using this method provides a huge trust improvement because responsibility for consents management is ensured and distributed across several actors each having different interests (Figure 3) Transparency is also provided because auditability of consents by third parties is made possible.

Figure 3. Blockchain solution for consent management service.

Different kinds of Blockchains exist: public blockchains (access is open with no restriction) like Bitcoin¹ or Ethereum², and private or consortium blockchains (access to the network is restricted to duly authorised actors). For sensitive data management, a solution of the consortium type has been selected with Hyperledger.³

In this type of protocol, one must be invited to become a “node” and be part of the transaction and blocks validation process. Hyperledger provides a native security management, a membership service and a modular architecture (customisable consent) and, moreover it is industry oriented.

Methods

The demonstrator was built with Hyperledger and integrated into a medical data collection chain. In this solution, the consents are managed in smart contracts (computing programs offering operations such as

“Create”, “Remove”, “Use”, “Delete”).

When a user defines a consent, they interact with a consent smart contract to create a new transaction, which is first memorised and then subsequently

recorded in a block (once a majority of nodes running Hyperledger have validated it); this block is then added to the ledger with information that allows confidentiality and integrity of this block to be ensured, but also of all the previous ones.

Due to its intrinsic features (decentralisation, built- in consensus, cryptographic techniques) Blockchain (lower right, Figure 4) can be an innovative way to address the consent management issue. That is why it was chosen to implement the patient consent management function which is integrated into a medical data collection chain.

User Patient

Third party Third party

Solution demonstrator : end to end vision

Third party

Data

management server Consent management server

Figure 4. Solution demonstrator, end to end vision.

Complementing the Blockchain mechanism features, a new feature was added to the consent management function that provided finer grain for patients to manage their consents. Instead of being defined at the patient level as in most existing solutions, the consent is set up at the vital sign level.

Digital trust^4,5 is also improved since the consent data recorded in the ledger are not under the responsibility of a single actor, but validated by a whole set of consortium partners.

Results

The end to end vision of the solution demonstrator is described in Figure 4, which displays all actors, servers and sensors involved. In this specific use case, and for the purpose of the scenario, the Continua data collection chain, and a multi-vital signs sensor (Gogo EarBuds) which generates heart rate and steps measurements, have been integrated. The solution works in four steps, detailed in Figures 5 to 8 as follows.

The first step (Figure 5) is the consent recording. It concerns the data owner (here, the patient) who defines their consent (through the application giving.

(3)

Figure 5. Solution demonstrator, step 1: consent recording.

access to their data), the consent being recorded in the Blockchain through the consent management server In the second step (Figure 6) the patients’ data recording is classically done via the Continua data collection chain. From the GogoEarbuds sensor which measures heart rate and number of steps, via the gateway application on the patient’s mobile phone (which also computes data derived from the measurements) and up to the data server.

During the third step (Figure 7), third parties can

Figure 6. Solution step 2: data collection.

only access the data for which the patient has granted them authorisation. Upon a consultation request, the data management server consults the consent management server which transmits recorded authorisations in the Blockchain.

Figure 8 depicts how the Blockchain is used for ledger consultation (simple reading). In this way, a smart solution has been developed and demonstrated for patient consent management

This solution brings high governance: privacy is guaranteed, fine granularity too, with a precise level of accuracy in data access control for selection, and definition of access modalities. In the end, perfect

Figure 7. Solution step 3: Data consultation by health professional.

traceability is made possible due to logs of achieved actions: consent recording as well as access to data themselves, all traced in time.

In summary, an innovative solution for consent management has been developed, that could also open new possibilities of data valuation. This work, which can be applied to a number of domains other than eHealth (for example IoT), allows Orange customers to keep control of their data, while respecting their privacy, using innovating technologies.

Figure 8. Solution step 4: Blockchain status overview.

Future work

This solution has been demonstrated with a beta version of Hyperledger promoted by the Linux Foundation and will need to be up-dated when the industrial grade solution is released (expected in March 2017) and before any eventual large scale launch. Last but not least, a remaining challenge is to check with actors of the health domain whether it is possible to find a sufficient number of actors agreeing to be part of such a consortium. Independently from that, the demonstrator will evolve in the frame of the Serene_IoT PentaEuropean project where it will be implemented.⁶

(4)

Conclusions

The high security and especially privacy regulations that apply in the health data sector need cautious care when personal medical data are handled. Patient empowerment through better personal data governance is a critical feature to help them manage their pathology. Our preliminary research shows that Blockchain is a good candidate towards a smart and reliable solution to tackle these key issues in an innovative way.

---

Correspondences to:

Philippe Genestier Orange S.A.

Orange Labs, 28 Chemin du vieux chêne BP 98, 38243 Meylan Cedex

France

e-Mail: philippe.genestier@orange.com

Conflict of interest. The author declares no conflict of interest.

Acknowledgements. Authors warmly thank Mrs Lan Wang and Mr Zili Lu, both from Orange Labs Beijing, for their active contribution to the multi-vital signs sensor and for fruitful discussions.

References

1. Satoshi Nakamoto, October 2008, whitepaper,

“Bitcoin: A Peer-to-Peer Electronic Cash System”. Available at:

https://bitcoin.org/bitcoin.pdf accessed 14 January 2017.

2. Vitalik Buterin, December 2013, Ethereum white paper. Available at:

https://github.com/ethereum/wiki/wiki/White- Paper accessed 13 January 2017

3. Hyperledger - White paper. Available at:

https://github.com/hyperledger/hyperledger/wiki/

Whitepaper-WG accessed 13 January 2017.

4. ILNAS (Institut Luxembourgeois de la

normalisation, de l’accréditation, de la sécurité et qualité des produits et services), Digital Trust White paper: Version 1 June 2012, 144 pages.

Available at: https://portail-

qualite.public.lu/fr/publications/confiance- numerique/etudes-nationales/Pub-ilnas-tudor- white-paper-digital-trust-june-2012-v1_0/ilnas- tudor-white-paper-digital-trust-june-2012- v1_0.pdf accessed 14 January 2017.

5. ILNAS (Institut Luxembourgeois de la

normalisation, de l’accréditation, de la sécurité et qualité des produits et services), Digital Trust White paper: Version 2.0 – June 2014, 146 pages.

Available at: https://portail-

qualite.public.lu/fr/publications/confiance- numerique/etudes-nationales/white-paper-digital- trust-june-2014/White-Paper-Digital-Trust-June- 2014.pdf accessed 14 January 2017.

6. Serene_IoT Penta European project. Available at:

http://www.penta-eureka.eu/ accessed 13 January 2017.