BACKGROUND
The longitudinal personal health record (LPHR) is a foundation for managing patients’ health, but we do not have such a system in the US except for the patients in the Veterans Affairs (VA) Health Care service. The fact that individual health records are scattered in multiple health care facilities without any standards make it very difficult to build such system. In addition, patients have been raising privacy and ethical concerns related to consent and granular control of LPHR. Consent is desired to be specific. However, the current consent in the industry is not that granular. At most, there is an opt-in or opt-out choice. “A scalable and interoperable LPHR is desired with patient-controlled privacy and confidentiality that preserves patients’ health information integrity and availability” [1]. To patients, consent, data security and privacy are translated to trustfulness. Patients want to be engaged and ensure only authorized people can view their personal health records with patient-managed granularity. Solving this challenge of patient-controlled consent granularity on LPHR is an important step in making LPHR useful for patient care.
OBJECTIVE
This research aims to design a secure LPHR with patient-controlled consent granularity, data security and privacy that both patients and providers can trust in the United States.
METHODS
Built upon our prior work of the blockchain-enabled next generation access control (BeNGAC) model, we designed a blockchain-enabled personalized health record (BEPHR) sharing platform with patient-controlled consent granularity capability. We implemented the construct for a patient’s LPHR with a Web-based application prototype consisting of two health care organizations with their EHRs.
RESULTS
In this work, we proposed a BEPHR model trusted by patients and health care providers and implemented a Web-based BEPHR sharing platform with patient-controlled consent granularity. Consent, security and privacy of BEPHR are ensured by the merits of the BeNGAC model. The instantiation of the designed model suggested the feasibility of combining emerging blockchain technology with next generation access control model to tackle a longstanding health care LPHR problem
CONCLUSIONS
Our BEPHR solution provides patients with granularity, security and privacy they can trust and strengthens informed consent process. Jointly, the blockchain technology and NGAC offer security, privacy and confidentiality, data integrity, auditability, scalability, distributedness, patient consent autonomy, and zero-trust capabilities. The always-validate next generation access control model prevents the insider threats. A Fast Healthcare Interoperability Resources (FHIR) interface is incorporated to show readiness of LPHR interoperability and integration.