SmartMed: Secure and accountable sharing of medical records using smart contracts and blockchain

Our primary objective in this project was to facilitate solutions to the challenges of secure data sharing that healthcare registries are facing today. We were aiming to achieve this objective by leveraging on the rapidly developing technology of blockchain and smart contracts. Increasing amounts of health data are recorded in health registries, with the strategic initiatives of data sharing and fusion across different registries in Norway. This forms an excellent opportunity for world-class medical research as few countries have such a high-quality infrastructure. However, it also constitutes a very high privacy risk should a security breach occur. Publicized incidents of leaked medical records pose a major challenge for the digital trust in eHealth where storing, accessing and exchanging sensitive patient-related data must comply with several regulations, while remaining accessible to authorized health practitioners. Governmental legislations regarding data privacy, such as the EU's GDPR, present an additional source of concern for healthcare registries which are now faced with severe legal and financial consequences in case data confidentiality is breached. Our principal approach was to facilitate solutions for health registries by using Smart Contracts and the emerging Blockchain Paradigm. From the data safety, authenticity, and nonrepudiation standpoint, blockchain is a perfect fit for sharing medical data since it provides an easily accessible, immutable, and transparent history of all contract-related data, adequate for building applications with trust and accountability. Use of smart contracts brings a number of additional advantages for sharing medical data by healthcare registries: consent management, fine-grain privacy control, transparency, and reduced bureaucracy and expenses. SmartMed was proposed in cooperation with the Cancer Registry of Norway (CRN), which contributes to validating technological advances. CRN presently contains health information on more than 1,4 million cancer patients. Managing and using the data for medical research in a secure way as to minimize any privacy concerns is paramount. Improving privacy control and transparency will bolster public's trust in the use of CRN data for vital research on preventive medicine. The project has investigated the benefits and challenges of applying blockchain technology and smart contracts in the domain of healthcare data storage through a number of comparative studies and analysis. The results have been published in premier journals with high impact factor. We have developed techniques for addressing specific privacy and security risks through the use of the blockchain technology. In particular, we have designed a system for blockchain-assisted consent management compliant with data protection rules and regulations, such as GDPR and HIPAA. The resulting prototype has been deployed at the Cancer Registry. Additionally, we have investigated software engineering aspects of blockchain-based solutions and looked into identity management techniques that have impact on healthcare systems.

The project has investigated the benefits and challenges of applying blockchain technology and smart contracts in the domain of healthcare data storage through a number of publications. We have developed techniques for addressing specific privacy and security risks through the use of the blockchain technology. In particular, we have designed a system for blockchain-assisted consent management compliant with data protection rules and regulations, such as GDPR and HIPAA. The resulting prototype has been deployed at the Cancer Registry. Additionally, we have investigated software engineering aspects of blockchain-based solutions in this context. UiO’s work in the project has significantly contributed to the research field, as reflected in a number of publications in high-profile venues. It has affected the curriculum development for the blockchain course at UiO and other universities worldwide. Furthermore, the project has become an important axis in the portfolio of the Blockchain Lab at UiO, thereby playing an important role in the competence development. Simula’s work in the project was concentrated on researching the field of software engineering for blockchain-based application development, as well as the field of developing privacy-preserving solutions for managing sensitive healthcare information. As a result of the first research area, Simula gained a deeper understanding of the challenges associated with developing and testing blockchain applications and expanded its expertise in verifying and validating such applications. As a result of the second research area, where we focused on securing access to sensitive medical information, we increased our expertise in privacy-preserving software engineering. Both sets of expertise will be essential for Simula to initiate new research projects and supervise future PhD thesis on this topic. The CRN have gained a working knowledge of implementing blockchain/smart contract based software systems. This has put the CRN in a position to improve handling of sensitive health data, by implementing transparent, safe, and user friendly systems empowering research subjects who will have more control over how their data are being used. Moreover, the CRN now has the technical and knowledge to participate in new research projects, nationally and internationally, which utilizes blockchains in health care and health care research.

Increasing amounts of health data are recorded in health registries, with the strategic initiatives of data sharing and fusion across different registries in Norway. This forms an excellent opportunity for world-class medical research as few countries have such a high-quality infrastructure. However, it also constitutes a very high privacy risk should a security breach occur. Publicized incidents of leaked medical records pose a major challenge for the digital trust in eHealth where storing, accessing and exchanging sensitive patient-related data must comply with several regulations, while remaining accessible to authorized health practitioners. Governmental legislations regarding data privacy, such as the EU's GDPR, present an additional source of concern for healthcare registries which are now faced with severe legal and financial consequences in case data confidentiality is breached. Our principal approach is to facilitate solutions for health registries by using Smart Contracts and the emerging Blockchain Paradigm. From the data safety, authenticity, and nonrepudiation standpoint, blockchain is a perfect fit for sharing medical records since it provides an easily accessible, immutable, and transparent history of all contract-related data, adequate for building applications with trust and accountability. Use of smart contracts brings a number of additional advantages for sharing medical data by healthcare registries: consent management, fine-grain privacy control, transparency, and reduced bureaucracy and expenses. SmartMed is proposed in cooperation with the Cancer Registry of Norway (CRN), which will validate technological advances. CRN presently contains health information on over 1,4 million cancer patients. Managing and using the data for medical research in a secure way as to minimize any privacy concerns is paramount. Improving privacy control and transparency will bolster public's trust in the use of CRN data for vital research on preventive medicine.