Privacy Resilient Health Record Storage using Blockchain

Abstract

Blockchain is a decentralized peer-to-peer distributed ledger. Each block of blockchain stores the hash of the previous block creating a chain of blocks, thus the name blockchain. Blockchain is said to tamper-evident and tamper-proof. Blockchain is believed to be immutable due to its hash properties. Blockchain immutability came to light with the introduction of new General Data Protection Regulation (GDPR) laws adopted by the European Union. Article 16 and Article 17 of the GDPR states that information subject’s right to rectify and right to erasure, in certain circumstances when erasure of data is required can be invoked. Blockchain technology has provided many benefits to many industries. Similarly, blockchain technology has a lot to offer the healthcare industry in terms of protection, anonymity, confidentiality, and decentralization. We propose an architecture for patient-centric GDPR compliant Health data storage on the blockchain. The proposed system employs the Chameleon hash function with a trapdoor key in place of the standard hash function to facilitate redactions. With the knowledge of trapdoor key redactions can be made. The trapdoor key is distributed using secret sharing schemes. Multi-Party Computation is used to combine shares of trapdoor key. Actual data is stored on IPFS not stored on the blockchain only the hash of the data is stored on the blockchain. Smart contracts are deployed for the interaction of patients with other entities such as doctors. Reputation-governed rusted oracles are employed in the system to retrieve medical records reliably. Thus, the main intention of the study is to design a Blockchain-enabled GDPR compliant system that can store personal data that is privacy resilient, and the only controller of the data is the data subject itself.