Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
166 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Healthcare Policy Compliance: A Blockchain Smart Contract-Based Approach (2312.10214v1)

Published 15 Dec 2023 in cs.CR

Abstract: This paper addresses the critical challenge of ensuring healthcare policy compliance in the context of Electronic Health Records (EHRs). Despite stringent regulations like HIPAA, significant gaps in policy compliance often remain undetected until a data breach occurs. To bridge this gap, we propose a novel blockchain-powered, smart contract-based access control model. This model is specifically designed to enforce patient-provider agreements (PPAs) and other relevant policies, thereby ensuring both policy compliance and provenance. Our approach integrates components of informed consent into PPAs, employing blockchain smart contracts to automate and secure policy enforcement. The authorization module utilizes these contracts to make informed access decisions, recording all actions in a transparent, immutable blockchain ledger. This system not only ensures that policies are rigorously applied but also maintains a verifiable record of all actions taken, thus facilitating an easy audit and proving compliance. We implement this model in a private Ethereum blockchain setup, focusing on maintaining the integrity and lineage of policies and ensuring that audit trails are accurately and securely recorded. The Proof of Compliance (PoC) consensus mechanism enables decentralized, independent auditor nodes to verify compliance status based on the audit trails recorded. Experimental evaluation demonstrates the effectiveness of the proposed model in a simulated healthcare environment. The results show that our approach not only strengthens policy compliance and provenance but also enhances the transparency and accountability of the entire process. In summary, this paper presents a comprehensive, blockchain-based solution to a longstanding problem in healthcare data management, offering a robust framework for ensuring policy compliance and provenance through smart contracts and blockchain technology.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. S. Silow-Carroll, J. N. Edwards, and D. Rodin, “Using electronic health records to improve quality and efficiency: the experiences of leading hospitals,” Issue Brief (Commonw Fund), vol. 17, no. 1, p. 40, 2012.
  2. T. Highfill, “Do hospitals with electronic health records have lower costs? a systematic review and meta-analysis,” International Journal of Healthcare Management, 2019.
  3. S. K. Jindal and F. Raziuddin, “Electronic medical record use and perceived medical error reduction,” International Journal of Quality and Service Sciences, vol. 10, no. 1, pp. 84–95, 2018.
  4. J. King, V. Patel, E. W. Jamoom, and M. F. Furukawa, “Clinical benefits of electronic health record use: national findings,” Health services research, vol. 49, no. 1pt2, pp. 392–404, 2014.
  5. B. V. Rani and P. Singh, “A survey on electronic health records (ehrs): Challenges and solutions,” in 2022 6th International Conference on Computing Methodologies and Communication (ICCMC).   IEEE, 2022, pp. 655–658.
  6. E. Cherif and M. Mzoughi, “Electronic health record adopters: a typology based on patients’ privacy concerns and perceived benefits,” Public Health, vol. 207, pp. 46–53, 2022.
  7. A. Al-Marsy, P. Chaudhary, and J. A. Rodger, “A model for examining challenges and opportunities in use of cloud computing for health information systems,” Applied System Innovation, vol. 4, no. 1, p. 15, 2021.
  8. N. Mathai, M. Shiratudin, and F. Sohel, “Electronic health record management: expectations, issues, and challenges,” Journal of Health & Medical Informatics, vol. 8, no. 3, pp. 1–5, 2017.
  9. R. Bayer, J. Santelli, and R. Klitzman, “New challenges for electronic health records: confidentiality and access to sensitive health information about parents and adolescents,” Jama, vol. 313, no. 1, pp. 29–30, 2015.
  10. S. M. Shah and R. A. Khan, “Secondary use of electronic health record: Opportunities and challenges,” IEEE access, vol. 8, pp. 136 947–136 965, 2020.
  11. S. Mbonihankuye, A. Nkunzimana, and A. Ndagijimana, “Healthcare data security technology: Hipaa compliance,” Wireless communications and mobile computing, vol. 2019, pp. 1–7, 2019.
  12. G. M. Berg, T. Shupsky, and K. Morales, “Resident indentified violations of usability heuristic principles in local electronic health records,” Kansas Journal of Medicine, vol. 13, p. 84, 2020.
  13. I. Keshta and A. Odeh, “Security and privacy of electronic health records: Concerns and challenges,” Egyptian Informatics Journal, vol. 22, no. 2, pp. 177–183, 2021.
  14. “Health Care Fraud — ussc.gov,” https://www.ussc.gov/research/quick-facts/health-care-fraud, [Accessed 25-11-2023].
  15. Nov 1970. [Online]. Available: https://www.nhcaa.org/tools-insights/about-health-care-fraud/the-challenge-of-health-care-fraud/
  16. W. Raghupathi, V. Raghupathi, and A. Saharia, “Analyzing health data breaches: A visual analytics approach,” AppliedMath, vol. 3, no. 1, pp. 175–199, 2023.
  17. S. Sarkar, A. Vance, B. Ramesh, M. Demestihas, and D. T. Wu, “The influence of professional subculture on information security policy violations: A field study in a healthcare context,” Information Systems Research, vol. 31, no. 4, pp. 1240–1259, 2020.
  18. P. Garpenby and A.-C. Nedlund, “The patient as a policy problem: Ambiguous perceptions of a critical interface in healthcare,” Health, vol. 26, no. 6, pp. 681–701, 2022.
  19. L. Fowler, “How to implement policy: Coping with ambiguity and uncertainty,” Public Administration, vol. 99, no. 3, pp. 581–597, 2021.
  20. L. H. Yeo and J. Banfield, “Human factors in electronic health records cybersecurity breach: an exploratory analysis,” Perspectives in Health Information Management, vol. 19, no. Spring, 2022.
  21. M. Al Amin, A. Altarawneh, and I. Ray, “Informed consent as patient driven policy for clinical diagnosis and treatment: A smart contract based approach,” in Proceedings of the 20th International Conference on Security and Cryptography-SECRYPT, 2023, pp. 159–170.
  22. M. Al Amin, A. Altarawneh, S. Sarkar, and I. Ray, “Blockchain smart contracts for policy compliance: A healthcare perspective,” in 2023 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC).   IEEE, 2023, pp. 1–6.
  23. A. Shahnaz, U. Qamar, and A. Khalid, “Using blockchain for electronic health records,” IEEE access, vol. 7, pp. 147 782–147 795, 2019.
  24. A. H. Mayer, C. A. da Costa, and R. d. R. Righi, “Electronic health records in a blockchain: A systematic review,” Health informatics journal, vol. 26, no. 2, pp. 1273–1288, 2020.
  25. H. Wang and Y. Song, “Secure cloud-based ehr system using attribute-based cryptosystem and blockchain,” Journal of medical systems, vol. 42, no. 8, p. 152, 2018.
  26. A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “Medrec: Using blockchain for medical data access and permission management,” in 2016 2nd international conference on open and big data (OBD).   IEEE, 2016, pp. 25–30.
  27. F. Albalwy, A. Brass, A. Davies et al., “A blockchain-based dynamic consent architecture to support clinical genomic data sharing (consentchain): Proof-of-concept study,” JMIR medical informatics, vol. 9, no. 11, p. e27816, 2021.
  28. D. Tith, J.-S. Lee, H. Suzuki, W. Wijesundara, N. Taira, T. Obi, and N. Ohyama, “Patient consent management by a purpose-based consent model for electronic health record based on blockchain technology,” Healthcare Informatics Research, vol. 26, no. 4, pp. 265–273, 2020.
  29. A. B. Haque, B. Naqvi, A. N. Islam, and S. Hyrynsalmi, “Towards a gdpr-compliant blockchain-based covid vaccination passport,” Applied Sciences, vol. 11, no. 13, p. 6132, 2021.
  30. Y. Piao, K. Ye, and X. Cui, “A data sharing scheme for gdpr-compliance based on consortium blockchain,” Future Internet, vol. 13, no. 8, p. 217, 2021.
  31. O. f. C. R. (OCR), “Hipaa home,” Aug 2023. [Online]. Available: https://www.hhs.gov/hipaa/index.html
  32. J. V. Pergolizzi, F. A. Curro, N. Col, M. P. Ghods, D. Vena, R. Taylor, F. Naftolin, and J. A. LeQuang, “A multicentre evaluation of an opioid patient–provider agreement,” Postgraduate medical journal, vol. 93, no. 1104, pp. 613–617, 2017.
  33. V. C. Hu, D. R. Kuhn, D. F. Ferraiolo, and J. Voas, “Attribute-based access control,” Computer, vol. 48, no. 2, pp. 85–88, 2015.
  34. H. Wu and G. Zheng, “Electronic evidence in the blockchain era: New rules on authenticity and integrity,” Computer Law & Security Review, vol. 36, p. 105401, 2020.
  35. “The Interaction between Blockchain Evidence and Courts – A cross-jurisdictional analysis — blockgeeks.com,” https://blockgeeks.com/guides/blockchain-evidence/, [Accessed 25-11-2023].

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now