BLOCKCHAIN FOR CONSENT MANAGEMENT IN THE E-HEALTH ENVIRONMENT: A NUGGET FOR PRIVACY AND SECURITY CHALLENGE Philippe Genestier1 [PhD], Sajida Zouarhi1 [MSc], Pascal Limeux1 [MSc], David Excoffier1 [MSc], Alain Prola1 [MSc], Stephane Sandon1 [MSc], Jean-Marc Temerson1 [MSc] 1 Orange Labs, 28 Chemin du vieux chêne - BP 98, 38243 Meylan Cedex, France, [email protected] Abstract In our digital world, access to personal data has become an item of concern, with challenging security and privacy aspects. Occurrences of hacking intentions and privacy violation make digital trust a top challenge. This is true in the e-health area where patient’s health data management must comply with many regulations, while remaining accessible to duly authorized health practitioners. Everyone has heard about Blockchain via its most known application which is Bitcoin, in the payment area. Blockchain inner characteristics make it possible to fulfill the requirements of consent management, as illustrated in our implementation within a health domain use case. Keywords: Digital trust; Blockchain; privacy; security; auditability. Introduction and use case A critical point is for patients to be able to grant authorized persons a selected, partial or total access to their personal data. This is called consent management and is a key point for e-health. Existing solutions pretending to face the related challenges (governance, granularity, traceability) show low suitability due to several disadvantages: confidence based on a single solution provider, consents not being auditable by third parties, respect of privacy being in “all or nothing” mode. Figure 1. Existing solutions for consent management Dedicated recording for each application Global access to data for third party • • • • reading rights writing rights anytime over any kind of data « whole or nothing » mode Result: low suitability of classical solutions • • • trust relying solely on the solution provider consents are not auditable by third parties respect of privacy in everything or nothing mode In classical solutions, dedicated records are used: when a consent management function exists, it is managed in silo, by each application, as illustrated in figure 1, and the user therefore has to define his consents in each of them. Trust is based upon the sole application provider: unique trusted third party. Moreover, consent is generally given as global access for the whole set of user’s data in the application: user has no way to divide his consent, no way to control the kind of use made of his data. Figure 2. New features for a consent management environment Unified recording through our solution Access with fine grain for a specified third party 1. User selects the data type 2. User defines the reading rights 3. User defines the writing rights 4. User defines the access temporality In the « Orange Consent Management Service » solution we developed, these main issues are solved using a Blockchain based solution, and in addition to that, we also make it possible to share the consent management function among several applications (this last feature is illustrated in Figure 2 above). The main features that make Blockchain based solutions relevant for the selected use case are: trust improvement, as trust no more relies on a single actor but is distributed among a whole set of actors : approval of records and delivery of access authorization are totally decentralized. immutability due to impossibility of ledger falsification: non repudiation is effective because data register are replicated, and once a consent is recorded, it can no longer be modified neither deleted (if a modification is done, another consent is then recorded). Going to this method provides a huge trust improvement due to a responsibility of consents management ensured and distributed within several actors having different interest. This mechanism is illustrated in Figure 3 below. Transparency is also provided as auditability of consents by third parties is made possible. Figure 3. Blockchain solution for consent management service This transaction is spread to validating peer nodes Consent reached ! Transaction integrated in a Block being added to the blockchain Arrival of a new consent as a transaction The consent is validated and then added to the Blockchain ledger. It is available for consultation by any application third party Different kinds of Blockchains exist: public blockchains (access is open with no restriction) like Bitcoin1 or Ethereum2, and private or consortium blockchains (access to the network is restricted to duly authorized actors). For sensitive data management, a solution of the consortium type has been selected with Hyperledger 3. In this type of protocol, one must be invited to become a “node” and be part of the transaction and blocks validation process. Hyperledger provides a native security management, a membership service and a modular architecture (customizable consent) and, moreover it is industry oriented. Method The demonstrator we developed was built with Hyperledger and integrated in a medical data collection chain. In this solution, the consents are managed in smart contracts (computing programs offering operations such as “Create”, “Remove”, “Use”, “Delete”). When a user defines a consent, he interacts with a consent smart contract to create a new transaction, which is first memorized and then subsequently recorded in a block (once a majority of nodes running Hyperledger have validated it); then this block is added to the ledger with information that allow to ensure confidentiality and integrity of this block, but also of all the previous ones. Figure 4. Solution demonstrator, end to end vision Third party Third party Third party User Patient Data management server Consent management server Due to its intrinsic features (decentralization, built-in consensus, cryptographic techniques) Blockchain (lower right part of figure 4) can be an innovative way to address the consent management topic. That is why it was chosen to implement our patient consent management function which is integrated in a medical data collection chain. In complement to the Blockchain mechanism features, in the consent management function which we demonstrated, we added a new feature providing finer grain for patients to manage their consents: instead of being defined at the patient record level as in most existing solutions, the consent is set up at the vital sign level, Digital trust4 is also improved since the consent data recorded in the ledger are not under the responsibility of a single actor, but validated by a whole set of consortium partners. Results The end to end vision of the solution demonstrator is described in figure 4 above, which displays all actors, servers and sensors involved. In our specific use case, and for the purpose of our scenario, we also combine the integration of our Continua data collection chain, and a multi-vital signs sensor (Gogo EarBuds) which generates heart rate and steps measurements. The solution works in four steps, detailed in figures 5 to 8 as follows. The first step (figure 5 below) is the consent recording: it concerns the data owner (here, the patient) who defines his consent (through the application giving access to his data), the consent being recorded in the Blockchain through the consent management server. Figure 5. Solution demonstrator, step 1: consent recording Third party Third party Third party User Patient Data management server Consent management server In a second step (Figure 6) the patients’ data recording is classically done via the Continua data collection chain: from the Gogo earbuds sensor which measures heart rate and number of steps, via the gateway application on the patient’s mobile phone (which also computes data derived from the both measurements) and up to the data server. Figure 6. Solution demonstrator, step 2: data collection Third party Third party Third party User Patient Sensor (1) and (2) FHIR Message Heart rate (1) Number of walked steps (2) Data management server Consent management server During the third step, illustrated in figure 7, third parties can only access the data for which the patient has granted them authorization: upon a consultation request, the data management server consults the consent management server which transmits recorded authorizations in the Blockchain. Figure 7: solution step 3: Data consultation by health professional Third party Health professional Practitioner Third party Coach User Patient Fitness coach Third party Auditor Heart rate (1) Number of walked steps (2) Data management server Consent management server Figure 8 depicts how the Blockchain is used for ledger consultation (simple reading). Figure 8. Solution step 4: Blockchain status overview Third party Health professional Third party Coach Third party Auditor User Patient Data management server Consent management server Thus, a smart solution has been developed and demonstrated for patients’ consent management. This solution brings high governance: privacy is guaranteed, fine granularity too, with a precise level of accuracy in data access control for selection, definition of access modalities. In the end, a perfect traceability is made possible due to log of achieved actions: consent recording as well as access to data themselves, all traced in time. To summarize, an innovative solution for consent management has been developed, that could also open new possibilities of data valuation. This work, which can be applied to a number of domains other than e-Health (for example IoT), allows Orange customers to keep control of their data, respect their privacy, using innovating technologies. Future work This solution has been demonstrated with a beta version of Hyperledger promoted by the Linux Foundation and will thus need to be up-dated when the industrial grade solution will be released (expected in March 2017) before any eventual large scale launch. Last but not least, a remaining challenge is to check with actors of the health domain whether it is possible to find a sufficient number of actors agreeing to be part of such a consortium. Independently from that, the demonstrator will evolve in the frame of the Serene_IoT Penta5 European project where it will be implemented. Conclusions The high security and especially privacy regulations that apply in the health data sector need a cautious care when personal medical data are handled. Patients’ empowerment through a better personal data governance is also a critical feature to help them manage their pathology. Our first research work shows that Blockchain is a good candidate towards a smart and reliable solution to tackle these key issues in an innovative way. Acknowledgements Authors warmly thank Mrs Lan Wang and Mr Zili Lu, both from Orange Labs Bejiing, for their active contribution to the multi-vital signs sensor and for fruitful discussions. References [1] Satoshi Nakamoto, October 2008, whitepaper, “Bitcoin: A Peer-to-Peer Electronic Cash System” available at https://bitcoin.org/bitcoin.pdf last accessed 14 Januray 2017 [2] Vitalik Buterin, December 2013, Ethereum white paper, available at https://github.com/ethereum/wiki/wiki/White-Paper last accessed 13 January 2017 [3] Hyperledger - White paper, (20 pages), available at https://github.com/hyperledger/hyperledger/wiki/Whitepaper-WG last accessed 13 January 2017 [4] ILNAS (Institut Luxembourgeois de la normalisation, de l’accréditation, de la sécurité et qualité des produits et services), Digital Trust White paper: Version 1 June 2012, 144 available at https://portail- qualite.public.lu/fr/publications/confiance-numerique/etudes-nationales/Pub-ilnas-tudor-white-paperdigital-trust-june-2012-v1_0/ilnas-tudor-white-paper-digital-trust-june-2012-v1_0.pdf last accessed 14 January 2017 , and Version 2.0 – June 2014 ISSN 2354-5003 ; 146 pages available at https://portail-qualite.public.lu/fr/publications/confiancenumerique/etudes-nationales/white-paper-digital-trust-june-2014/White-Paper-Digital-Trust-June-2014.pdf last accessed 14 January 2017 [5] Serene_IoT Penta European project : http://www.penta-eureka.eu/ accessed 13 January 2017, and to be published in http://www.penta-eureka.eu/projects/local_index.php as soon as this web section will be updated with details on all PENTA projects after the first call is successfully running. Authors details Philippe Genestier (PhD) is working at Orange Labs since 1999 as a project manager. His current activities include the responsibility of Orange’s eHealth research projects, e-health services, dealing mainly with remote monitoring and interoperability, and the exploration of Blockchain use possibilities in eHealth and IoT. Sajida Zouarhi is an engineer and a PhD student in Computer Science and Network since 2014 with Orange labs and LIG (computer science laboratory of Grenoble).Her research work is about “Quality of service of complex and heterogeneous systems for critical data transmission” and Blockchain-based solutions. Pascal Limeux is technical architect and security expert at Orange Labs. He has designed the technical architecture of the Blockchain based Consent Management Service for data collection chain in Continua environment and is specifically in charge of the implementation of the servers and security aspects. David Excoffier is an experienced R&D project manager. He worked for a decade in the industrial field –aeronautic & spatial domains, and then was in charge for ten more years of leading several national & international collaborative research projects in the M2M/IoT field. David joined Orange Labs in 2015 to provide his leadership on research projects and his expertise on Internet of Things, Fog Computing & Blockchain. Alain Prola is application designer/developer on android platform. He has co-developed Continua connector in e-health data collection chain. Previously he has developed several mobile apps for emerging countries. Prior to that, he has worked 10 years in research in microelectronics. Stéphane Sandon, is a software engineer at Orange Labs. He worked on security protocols for the French administration (www.service-public.fr) and is now expert on Android platform development. Jean-Marc Temerson is R&D engineer working in “Health and Data” at Orange Labs. After involvement in collaborative projects management and preparation, and more recently in the eHealth area and medical image applications, he is now deeply involved in the “health data collection chain” project.
© Copyright 2024 Paperzz