Integrating Blockchain for Data

Sharing and Collaboration

in Mobile Healthcare Applications
Xueping Liang1,2,3 , Juan Zhao3 , Sachin Shetty4 , Jihong Liu1,2 , Danyi Li1 †
1
Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
2
University of Chinese Academy of Sciences, Beijing, 100190, China
3
College of Engineering, Tennessee State University, Nashville, TN 37209
4
Virginia Modeling Analysis and Simulation Center, Old Dominion University, Norfolk, VA 23529

Abstract—Enabled by mobile and wearable technology, detailed and strategic policies according to individual
personal health data delivers immense and increasing characteristics, benefiting customers to choose flexible
value for healthcare, benefiting both care providers and insurance plans according to their needs.
medical research. The secure and convenient sharing
of personal health data is crucial to the improvement To handle health data sharing between institutions,
of the interaction and collaboration of the healthcare there is a need for a secure data sharing infrastruc-
industry. Faced with the potential privacy issues and ture. However, there are several challenges related to
vulnerabilities existing in current personal health data privacy, security, and interoperability. First, health data
storage and sharing systems, as well as the concept of
self-sovereign data ownership, we propose an innovative
are highly privacy-sensitive, especially as more data
user-centric health data sharing solution by utilizing a are storing in a public cloud, raising the risks of
decentralized and permissioned blockchain to protect data exposure. Second, current systems use centralized
privacy using channel formation scheme and enhance the architecture, which requires centralized trust. Moreover,
identity management using the membership service sup- the effective integration of health data and the interoper-
ported by the blockchain. A mobile application is deployed
to collect health data from personal wearable devices,
ability between healthcare systems remain a challenging
manual input, and medical devices, and synchronize data task. Another challenge is that users have little control
to the cloud for data sharing with healthcare providers over their personal health data [1]. With the notion of
and health insurance companies. To preserve the integrity self-sovereignty [2] concept and the increasing adoption
of health data, within each record, a proof of integrity and of the mobile platform and wearable devices, there is an
validation is permanently retrievable from cloud database
and is anchored to the blockchain network. Moreover,
urgency to develop a new version of EHR systems with
for scalable and performance considerations, we adopt user-centric access control and privacy preservation.
a tree-based data processing and batching method to Blockchain technology originated from Bitcoin [3],
handle large data sets of personal health data collected providing the robustness against failure and attacks,
and uploaded by the mobile platform. as well as functions for data provenance [4]. [5] dis-
Keywords-Healthcare, eHealth, Privacy, Permissioned cussed the existing vulnerabilities and propose measures
Blockchain, Access Control, Scalability, Integrity, Wear- to improve blockchain security. Blockchain relies on
able Devices, Mobile Platform
pseudoanonymity (replacing names with identifiers) and
public key infrastructure (PKI), keeping the privacy of
I. I NTRODUCTION the users. The workshop [6] co-held by the Office of
In recent years, the rise of wearable technology and the National Coordinator for Health IT (ONC) and the
the Internet-of-Things has brought great opportunities National Institute for Standards and Technology (NIST)
and challenges to the healthcare domain. Enabled by focused on the blockchain usage in healthcare and re-
cloud computing and big data analytics, the data col- search, aiming to clarify the implications of blockchain
lected from individual devices contributes to big health as an infrastructure for healthcare use cases including
data and valuable insights can be derived. Hospitals and privacy preservation for predictive modeling, increasing
medical institutions can use these data to link with other interoperability between institutions at a large scale,
Electronic Health Record (EHR) data, such as clinical immutability of health records, health insurance claim
notes, to facilitate health monitoring, disease diagnoses process improvement, health information exchange,
and treatment. Health insurance companies can make healthcare delivery models with artificial intelligence,
identity management, monetization strategies and data
†Corresponding author. provenance requirements.
978-1-5386-3531-5/17/$31.00
c 2017 IEEE In this paper, we propose a mobile user controlled,
blockchain-based system for personal health data shar- relations. Besides, user can also record every-
ing and collaboration. In the implementation, we build day activities according to a particular medical
the system on Hyperledger Fabric [7], which is a treatment such as medicine usage to share with
permissioned blockchain requiring the network nodes the treatment provider for adjustment and better
to validate, and realizes a privacy preserving personal improvement.
healthcare system with a broader coverage of the health- • Wearable Device. Wearable Devices serve to
care ecosystem from the end device to the cloud, as well transform original health information into human-
as the emphasis of the user ownership for health data. readable format and then the data is synchronized
The rest of the paper is organized as follows. Section by the user to their online account. Each account is
II introduces the overall system design, including the associated with a set of wearable devices and pos-
architecture, system entities, key establishment and sys- sible medical devices. When a piece of health data
tem procedures. We describe the system implementation generated, it will be uploaded to the blockchain
in Section III and give a performance evaluation and network for record keeping and integrity protec-
security analysis in Section IV. Section V presents some tion.
related work, concludes the paper and talks about the • Healthcare Provider. Healthcare providers such
future work. as doctors are appointed by a certain user to per-
form medical test, give some suggestions or pro-
II. S YSTEM D ESIGN vide medical treatment. Meanwhile, the medical
A. System Overview treatment data can be uploaded to the blockchain
network for data sharing with other healthcare
Figure 1 is a general scenario for the user-centric
providers under the user’s permission. And the
personal health data sharing. Six entities are included,
current healthcare provider can request access to
namely user, wearable devices, healthcare provider, in-
previous health data and medical treatment from
surance company, the cloud database and the blockchain
the user. Every data request and the corresponding
network.
data access is recorded on the blockchain.
• Health Insurance Company. User may request
a health insurance quote from health insurance
companies or agents to choose a proper health
insurance plan. To provide better insurance poli-
cies, insurance companies request data access from
users including user health data from wearable
devices and medical treatment history. Users with
previous medical treatment(s) may need to pay
a higher rate and the history cannot be denied
by users to prevent insurance fraud. Users can
choose not to share exercise information due to
privacy issues but mostly they would desire to
Fig. 1: User Centric Personal Health Data Sharing. share because regular exercise can bring down the
insurance pay rate. However, users cannot hide or
modify medical treatment history data since those
B. System Entities data is permanently recorded on the blockchain
network and the integrity and trustworthiness is
• User. System users collect data from wearable ensured. Moreover, the insurance claims can also
devices which monitor users’ health data such as be recorded on the blockchain.
walking distance, sleeping conditions, and heart- • Blockchain Network. The blockchain network
beat. Those data is then uploaded to the cloud is used for three purposes. For health data col-
database hosted on trusted platform via the mobile lected from both wearable devices and health-
application. User is the owner of personal health care providers, each of the hashed data entry is
data and is responsible for granting, denying and uploaded to the blockchain network for integrity
revoking data access from any other parties, such protection. For personal health data access from
as healthcare providers and insurance companies. healthcare provider and health insurance company,
If the user is seeking medical treatment, the user each of the data access request should be processed
would share the health data with the desired doc- to get a permission from the data owner with
tors. If the treatment is finished, the data access is a decentralized permission management protocol.
revoked to deny further access from the doctors. The access control policies should be stored in a
Same scenario applies to user-insurance company
 distributed manner on the blockchain which en- a new higher level group node with a new hash. This
sures stability. Besides, each of the access request step is repeated until there is a single hash which will
and access activity should be recorded on the become the tree root, that is, the Merkle root.
blockchain for further auditing or investigation.
• Cloud Database. The cloud database stores user
health related data, data requests from the health-
care provider and insurance companies, data access
record and data access control policy. Data access
is accountable and traceable. Once data leakage is
detected, the malicious entity can be identified.
III. S YSTEM I MPLEMENTATION
A. Personal Health Data Collection
Personal health data comes from wearable devices
such as activity trackers or smart watches, and med- Fig. 3: Personal Health Data Integrity Protection.
ical devices such as pacemakers or defibrillation, as
well as manual user input for treatment tracking such
Chainpoint [9] is an open standard for creating a
as medicine usage and training. To synchronize the
timestamped proof of any data, file, or series of events,
personal data to the cloud for convenient access and
which proposes a scalable protocol for publishing data
further process, the user first can register to the cloud
records on the blockchain and generating a Merkle
service provider for an online account with enough
proof for each data record. In our implementation, we
storage capability. Figure 2 shows the data collection
anchor a list of data records to multiple Fabric channels
and synchronization architecture.
by binding the Merkle root to a blockchain transaction
and verify the integrity and existence of data without
relying on a trusted third-party. The hash of data records
brings two advantages. For one thing, each Merkle tree
can host a large number of records since only the hash
of the data record is stored. For another, the hash is an
effective measure to detect changes so that once a piece
of data is modified, the action can be detected easily by
Fig. 2: Personal Health Data Collection. traversing the tree.

C. Data Sharing and Healthcare Collaboration

B. Personal Health Data Integrity Protection and Val-
idation The user can share data with healthcare providers to
Figure 3 shows the basic data flow from the user seek healthcare services, and with insurance companies
device to the cloud server, finally anchored on the ledger to get a quote for the insurance policy and to be insured.
with proof of integrity and validation. The health data When data sharing is detected in the system, there will
comes from a variety of devices all day, resulting in a be an event generated to record the data access request.
large number of data records. To facilitate scalable and The event record can be described using a tuple as
efficient data processing and integrity protection, we de- {recordhash, owner, receiver, time, location, expirydate,
velop a tree-based method for the integrity management signature}. There are different types of operations from
of health data record. Some data records are batched to different parties, as listed in Table I.
form a tree-based data structure and handle dynamic
data enrollment. The adoption of Merkle tree [8] real- TABLE I: Types of Operations in the Healthcare Col-
izes the scalability requirement, and most importantly laboration System
improves the efficiency to validate the data integrity. Health Data Operator Operation
Merkle tree is a binary tree structure where the input is
Personal Health Data User Update, Query
a list of hashed data records. These records are ordered Healthcare Provider Query
by the time when they are generated. Every two records Insurance Company Query
are grouped together and the hashes of the two data Medical History Healthcare Provider Update, Query
User Query
records become two leaf nodes of the Merkle tree and Insurance Company Query
consequently constitute a high level group node with Insurance Information Insurance Company Update, Query
the group hash generated by concatenating two hashes. User Query
Healthcare Provider Query
Two group nodes will follow the same way to generate
 This record is then submitted to the blockchain their individual mobile platforms, and the healthcare
network which is followed by several steps to transform mobile application will send web requests to the cloud
a list of records into a transaction. A list of transactions server to for data synchronization or query. Healthcare
will be used to form a block, and the block will be providers and insurance companies also communicate
validated by nodes in the blockchain network. After with the server to request or update health data and
a series of processes, the integrity of the record can health insurance information. With the permission from
be preserved, and future validation on the block and users, these requests will be allowed to participate
the transaction related to this record is available. Each in a certain channel. The cloud server is configured
time there is an operation on the personal health data, a with a Fabric client to communicate with the Fabric
record will be reflected to the blockchain. This ensures blockchain network peer. For different user activities,
that every action on personal health data is accountable. the data will be labeled with different channel ID
We implement an access control scheme by utilizing to distinguish isolated domain. The query or update
the Hyperledger Fabric membership service component requests from the server will be forwarded to the Fabric
and the channel scheme [7], as is shown in Figure network via Fabric client for transaction confirmation.
4. The CA, also known as the membership service Distributed peers will validate the incoming requests
provider, is responsible for membership enrollment by and propose transactions by executing chaincode. The
issuing enrollment certificates and transaction certifi- ordering service is responsible for checking transaction
cates for participating nodes in the Hyperledger Fab- signatures and order them with channel IDs. For each
ric blockchain network and participating Fabric client, channel, there is a subledger, as part of the system
and generating the access control list during channel ledger, to record all transactions in the form of blocks.
establishment according to user settings and operations. For privacy concerns, the user can selectively share
Different access type can be specified in the certificate, health data with data requester, based on the necessity
such as query and update operations for chaincode of how personal health data is required to assist the
execution in the channel. Chaincode is a piece of code healthcare service. For example, a user’s insurance
that is deployed to Hyperledger Fabric for enabling history may not be important when the user is talking
interactions between peers and the shared ledger. There to a dentist. Similarly, the user’s dental treatment is
are three operations on the chaincode, including deploy, not necessary for skin testing or other treatment. To
invoke and query. A chaincode can be installed on a issue a specific certificate, the user can state clearly
blockchain by executing a deploy transaction while a in the certificate what category of personal data is
chaincode execution is launched by invoke transactions. allowed access, whether read-only or read-write access
Channel is formed to isolate individual activities among is allowed. Moreover, in different channels, different
authorized parties. grained information is shared. In this sense, our system
provides a user-defined, fine-grained privacy protection
and access control policy, enhancing the data ownership
of individuals.

IV. S YSTEM E VALUATION

Our system adopts a user-centric model for process-
ing personal health data using blockchain network, en-
suring the data ownership of individuals, as well as data
integrity. The operations on the data records are highly
inter-operable and compatible with current systems. By
enforcing access control policies, users can handle their
personal data without worrying about the privacy issues.
Meanwhile, each request and update from healthcare
Fig. 4: Data Sharing and Collaboration Using Hyper- providers and health insurance companies are recorded
ledger Fabric and Channel for Mobile Users. and anchored to the blockchain network, making actions
towards personal health data accountable.
To provide isolation between different data sharing With all the security objectives proposed in Section
domain, the CA issues certificate to the Fabric client I achieved, it is crucial to evaluate the system perfor-
on the cloud server, blockchain network peers for mance, regarding to the scalability and efficiency of
transaction validation, and the orderers (for ordering the data integrity proof generation and data validation
service). We have two channels established for two process. We test different numbers of concurrent records
users, respectively. In Figure 4, both user1 and user2 with a range from 1 to 10,000. Figure 5 and 6 shows
may perform data collection and synchronization on the average time cost, respectively.
 of channel supported by Hyperledger Fabric to deal
with the isolated communication required by specific
scenarios. In the future, we will explore how to combine
both personal health data and medical data together and
cover a broader scenario.
VI. ACKNOWLEDGEMENTS
This work was supported by Office of the As-
sistant Secretary of Defense for Research and Engi-
neering (OASD (R & E)) agreement FA8750-15-2-
Fig. 5: Average Time for Integrity Proof Generation.
0120. The work was also supported by a grant from
the National Natural Science Foundation of China
(No.61402470) and the research project of Trusted
Internet Identity Management (2016YFB0800505 and
2016YFB0800501).
R EFERENCES
[1] L. J. Kish and E. J. Topol, “Unpatients-why patients should
own their medical data,” Nature biotechnology, vol. 33, no. 9,
pp. 921–924, 2015.
[2] J. H. Clippinger, “Why Self-Sovereignty Matters,” https:
//idcubed.org/chapter-2-self-sovereignty-matters/, [Online; ac-
cessed 7-March-2017].
Fig. 6: Average Time for Integrity Proof Validation. [3] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,”
2008.
[4] X. Liang, S. Shetty, D. Tosh, C. Kamhoua, K. Kwiat, and
L. Njilla, “Provchain: A blockchain-based data provenance
From these two figures, we can conclude that the architecture in cloud environment with enhanced privacy and
system can handle a large dataset at low latency, which availability,” in International Symposium on Cluster, Cloud and
Grid Computing. IEEE/ACM, 2017.
indicates the scalability and efficiency of the data pro- [5] D. K. Tosh, S. Shetty, X. Liang, C. A. Kamhoua, K. A. Kwiat,
cess. By adopting Merkle tree method to batch data, we and L. Njilla, “Security implications of blockchain cloud
implement an algorithm with the computation complex- with analysis of block withholding attack,” in Proceedings
of the 17th IEEE/ACM International Symposium on Cluster,
ity of O(log2 n). This is an important advantage when Cloud and Grid Computing, ser. CCGrid ’17. Piscataway,
the data records are collected at a high frequencies. NJ, USA: IEEE Press, 2017, pp. 458–467. [Online]. Available:
https://doi.org/10.1109/CCGRID.2017.111
V. R ELATED W ORK AND C ONCLUSIONS [6] T. O. of the National Coordinator for Health IT (ONC), the Na-
tional Institute for Standards, and T. (NIST), “Use of blockchain
A mobile application is implemented in [10] for in healthcare and research workshop,” 2016.
healthcare data sharing but is limited to patient and [7] C. Cachin, “Architecture of the hyperledger blockchain fabric,”
in Workshop on Distributed Cryptocurrencies and Consensus
doctor. [11] proposes a proof of interoperability to avoid Ledgers, 2016.
the computation cost but didn’t mention the access con- [8] R. C. Merkle, “Protocols for public key cryptosystems,” in
trol. [12] addresses the adoption of blockchain in social Security and Privacy, 1980 IEEE Symposium on, April 1980,
pp. 122–122.
network domain but not fully explores the benefits of the [9] “Chainpoint: A scalable protocol for anchoring data in the
blockchain. Patientory [13] is designed for healthcare blockchain and generating blockchain receipts,” http://www.
storage network using Ethereum, but data privacy is chainpoint.org/.
[10] H. Kim, H. Song, S. Lee, H. Kim, and I. Song, “A simple
highly dependent on the cryptography methods. [14] approach to share users’ own healthcare data with a mobile
addresses the blockchain adoption in Internet of Things phone,” in Ubiquitous and Future Networks (ICUFN), 2016
environment. MedRec [15] is a record management Eighth International Conference on. IEEE, 2016, pp. 453–
455.
system focusing on EMRs using smart contract, but [11] K. Peterson, R. Deeduvanu, P. Kanjamala, and K. Boles, “A
raises privacy concerns. blockchain-based approach to health information exchange net-
In this paper, we design and implement a mo- works,” 2016.
[12] J. Zhang, N. Xue, and X. Huang, “A secure system for pervasive
bile healthcare system for personal health data collec- social network-based healthcare,” IEEE Access, 2016.
tion, sharing and collaboration between individuals and [13] C. McFarlane, M. Beer, J. Brown, and N. Prendergast, “Pa-
healthcare providers, as well as insurance companies. tientory: A healthcare peer-to-peer emr storage network v1. 0,”
2017.
The system can also be extended to accommodate the [14] X. Liang, J. Zhao, S. Shetty, and D. Li, “Towards data assur-
usage of health data for research purposes. By adopting ance and resilience in iot using distributed ledger,” in Military
blockchain technology, the system is implemented in a Communications Conference, MILCOM 2017. IEEE, 2017.
[15] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “Medrec: Us-
distributed and trustless way. The algorithm to handle ing blockchain for medical data access and permission manage-
data records can preserve both integrity and privacy ment,” in Open and Big Data (OBD), International Conference
at the same time. Meanwhile, we adopt the concept on. IEEE, 2016, pp. 25–30.