No doubt that medical data sharing is very crucial but important in realizing cross-hospital diagnosis and improving research development. In traditional mechanisms, there always exists a tradeoff between correctness of medical data and patient privacy. Here we are going to introduce the concept of blockchain and smart contract to build up an electronic medical record sharing mechanism: medical blockchain. Specifically, we have implemented the medical record sharing through cryptography design. Simulations have demonstrated that the correctness of medical data and privacy of patient can be guaranteed through the adoption of blockchain, while the integrity of a specific patient can be achieved via the smart contract control. Furthermore, the proposed medical blockchain can resist the potential Internet attack simulated by the formal verification. Thus, no leakage of patient identity occurs, and the tradeoff could be eliminated effectively without the modification of current hospital devices according to the simulation results.
With the explosive development of technology and the Internet communication, the electronic health record (EHR) is widely applied in medical field [1, 2]. This can help each hospital effectively sharing the medical data, such as evidence-based medicine (EBM). EBM is a procedure to systematically review the clinic research findings and patient knowledge for assisting the optimum clinic care to patient. Basically, the clinical decision support system (CDSS) is used to implement EBM which is a program-based artificial intelligence in medical data system. When the system acquires more patient knowledge, it is able to offer the better predict accuracy for medical diagnosis. Accordingly, we learn that the EHR is important in both EBM and CDSS fields . The exchange data directly transmitted via the Internet, however, is insecure. Therefore, the United States Congress has passed the Health Insurance Portability and Accountability Acts (HIPAA) since 1996, which is the most significant and integrated standard for EHR . The EHR contains the entire health message of an individual, such as medical record, medical image, and health examination [4, 5]. All of medical information relating to electronic process have to comply with HIPAA, including healthcare organizations and healthcare clearinghouses. There are two main ideas of HIPAA, privacy and security regulations, which describe how to avoid improper violation and unauthenticated disclosure of EHR. First, the privacy regulation depicts that a patient owns right to manage and understand the usage of his/her medical information [6, 7]. In other words, each EHR content shall not be disclosed to the public without permission of the patient. Furthermore, privacy regulation determines the baseline of de-identification [8, 9]. No one has the ability to learn the true status of the patient from EHR, especially for a medical researcher. Second, the security regulation has three safeguards: administrative, physical, and technical, in which it is used for ensuring the confidentiality (C), integrity (I), and availability (A) of EHR during the processes of storage, access, and transmission.
In this article, the blockchain and smart contract have been adopted to design a medical data sharing mechanism, which can accomplish seven fundamental properties of a secure medical data sharing platform. The leakage problem of patient data on the cloud platform can be firmly avoided. The anonymity and immutability of blockchain are used to preserve the patient privacy and keep the correctness of health data, respectively; thus, leading to integrating cross-hospital diagnosis and enhancing research precision. Even the patient occurs the emergency situation, the first responder is able to access the his/her EHR smoothly. Aside from complying with HIPAA regulations and cybersecurity framework to share medical data, simulation results have demonstrated that medical blockchain can be implemented in current hospital devices to achieve the practicability. Moreover, we simulate the formal verification tool, AVISPA, to prove the robustness of our proposed mechanism. In the future work, we focus on access control of EHRs to achieve a more feasible data management, including partial-grant, fullgrant, and proxy-grant of medical data.