User Control of Personal mHealth Data Using a Mobile Blockchain App: Design Science Perspective

Abstract

Background Integrating pervasive computing with blockchain’s ability to store privacy-protected mobile health (mHealth) data while providing Health Insurance Portability and Accountability Act (HIPAA) compliance is a challenge. Patients use a multitude of devices, apps, and services to collect and store mHealth data. We present the design of an internet of things (IoT)–based configurable blockchain with different mHealth apps on iOS and Android, which collect the same user’s data. We discuss the advantages of using such a blockchain architecture and demonstrate 2 things: the ease with which users can retain full control of their pervasive mHealth data and the ease with which HIPAA compliance can be accomplished by providers who choose to access user data. Objective The purpose of this paper is to design, evaluate, and test IoT-based mHealth data using wearable devices and an efficient, configurable blockchain, which has been designed and implemented from the first principles to store such data. The purpose of this paper is also to demonstrate the privacy-preserving and HIPAA-compliant nature of pervasive computing-based personalized health care systems that provide users with total control of their own data. Methods This paper followed the methodical design science approach adapted in information systems, wherein we evaluated prior designs, proposed enhancements with a blockchain design pattern published by the same authors, and used the design to support IoT transactions. We prototyped both the blockchain and IoT-based mHealth apps in different devices and tested all use cases that formed the design goals for such a system. Specifically, we validated the design goals for our system using the HIPAA checklist for businesses and proved the compliance of our architecture for mHealth data on pervasive computing devices. Results Blockchain-based personalized health care systems provide several advantages over traditional systems. They provide and support extreme privacy protection, provide the ability to share personalized data and delete data upon request, and support the ability to analyze such data. Conclusions We conclude that blockchains, specifically the consensus, hasher, storer, miner architecture presented in this paper, with configurable modules and software as a service model, provide many advantages for patients using pervasive devices that store mHealth data on the blockchain. Among them is the ability to store, retrieve, and modify ones generated health care data with a single private key across devices. These data are transparent, stored perennially, and provide patients with privacy and pseudoanonymity, in addition to very strong encryption for data access. Firms and device manufacturers would benefit from such an approach wherein they relinquish user data control while giving users the ability to select and offer their own mHealth data on data marketplaces. We show that such an architecture complies with the stringent requirements of HIPAA for patient data access.