A Patient-centric Key Management Protocol for Healthcare Information System based on Blockchain

Traditional healthcare systems store and process personal healthcare record (PHR) in the centralized client-server architecture. PHR stored in a healthcare institution remain in depository which is not easily shared with other institutions due to technical and infrastructure related restrictions. In such a way, if a patient has to visit distinct institutions/hospitals or physicians, there is no effective and privacy-preserving data sharing mechanism. Furthermore, even if patients' privacy is protected by Health Insurance Portability and Accountability Act (HIPAA), it is still doubtful owing to the lack of the consideration of if the patient is directly involved. With the recent bloom of interest around blockchain, a technology with well-defined decentralized framework, privacy-preserving in healthcare information system (HIS) should be revisited to examine the new possibility. Actually, in the literature, the blockchain-based researches about the privacy and security in healthcare are prevalent in decentralized platform. However, they have drawn attention on the personal healthcare record management rather than focus on how to distribute the encryption/decryption key used to guarantee the confidentiality of PHR. Blockchain provides a shared, immutable and transparent history of all the transactions to build systems with trusty and decentralized environment. This provides an opportunity to develop a secure and trusty PHR data management system by blockchain technology. This paper presents the solution aiming at the patient's control by holding the knowledge of the encryption/decryption key which can be deduced from the previous transaction in blockchains. In such a way, a patient can control the personal healthcare record by controlling key usage.