Security and privacy in medical data sharing through blockchain

Abstract

The sharing of medical data is becoming ever more important. More and more health-related data is being generated everyday and as will be shown later, its primary as well as its secondary usage brings many benefits to the healthcare system. However, medical data systems are not fail proof and are often the target of cyber-attacks, compromising the privacy of patients and the availability of the system. In fact, there are several security and privacy parameters which a medical data sharing system should ideally adhere to. These include strong authentication and unforgeability, integrity and confidentiality of data, proper consent management and access control mechanisms, availability of data and services, identity anonymity, data anonymity and unlinkability. With the emergence of blockchain technology a new possibility has emerged to realize a secure and trusted medical data sharing system across different institutes, where patients are in control of their data. Through fundamental features of blockchain, like digital signatures, a peer-to-peer network, a distributed and immutable data structure, decentralized consensus, off-chain storage and smart contracts the various security and privacy goals of a medical data sharing system can be met. Primarily these features do a successful job in addressing the security related requirements of a medical data sharing system. Authentication and unforgeability are provided through digital signatures, integrity and confidentiality are met through digital signatures and the immutable ledger, consent management and access control can be implemented with smart contracts and finally availability is achieved through the peer-to-peer nature of the blockchain. Privacy requirements are not handled well through these inherent features and require additional techniques to be met. Identity mixers protocols, relying on zero-knowledge proofs, can be used to achieve identity anonymity and unlinkability.