<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta>
      <journal-title-group>
        <journal-title>Co-located with STAF</journal-title>
      </journal-title-group>
    </journal-meta>
    <article-meta>
      <title-group>
        <article-title>Maintaining Data Integrity in Electronic Health Records with Hyperledger Fabric</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Marten Kask</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Toomas Klementi</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Gunnar Piho</string-name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Peeter Ross</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>TalTech, Department of Health Technologies</institution>
          ,
          <addr-line>Akadeemia Str 15A, Tallinn, 12618</addr-line>
          <country country="EE">Estonia</country>
        </aff>
        <aff id="aff1">
          <label>1</label>
          <institution>TalTech, Department of Software Science</institution>
          ,
          <addr-line>Akadeemia Str 15A, Tallinn, 12618</addr-line>
          <country country="EE">Estonia</country>
        </aff>
      </contrib-group>
      <pub-date>
        <year>2023</year>
      </pub-date>
      <volume>18</volume>
      <fpage>18</fpage>
      <lpage>21</lpage>
      <abstract>
        <p>Diferent health data are collected and processed by diferent medical information systems. Generally, health data is collected by hospitals and stored in the form of Electronic Health Records (EHR). However, as this data contains confidential data, it has become a target for cyber-attacks. Also, as the medical data contains life-critical information, its legitimate origin, reliability and trustworthiness - i.e., data integrity are particularly important. In the last years, blockchain - a timestamped hierarchical and chronologicallyordered chain of blocks has been proposed as a suitable solution to address the challenges with data integrity. Hyperledger Fabric is an open-source distributed ledger platform allowing enterprise-gradelevel solutions to be developed. Therefore, this study aims to present a part of the initial architecture for supporting the integrity of EHRs when exchanging them between organizations. The architecture is based on a blockchain-based system using Hyperledger Fabric technology. Additionally, evaluation methods are proposed to analyze the credibility of architecture in future works.</p>
      </abstract>
      <kwd-group>
        <kwd>eol&gt;blockchain</kwd>
        <kwd>Hyperledger Fabric</kwd>
        <kwd>Electronic Health Record</kwd>
        <kwd>integrity</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>1. Introduction</title>
      <p>
        Diferent health data are collected and processed by various medical information systems.
Primarily, health data is collected by hospitals and stored in the form of Electronic Health
Records (EHR). EHRs are sets of health data items (observations, measurements, treatments,
dietary, etc.) and are usually, among other things, signed to prevent any changes to records
after the data entry [
        <xref ref-type="bibr" rid="ref1">1</xref>
        ]. EHRs aim to provide eficient availability of accurate data in a diverse
clinical setting [
        <xref ref-type="bibr" rid="ref2">2</xref>
        ].
      </p>
      <p>
        Health data has become a target for cyber-attacks as this kind of data is widely collected. It is
defined that data integrity measures the sanity of the data, i.e., it originated from a legitimate
source [
        <xref ref-type="bibr" rid="ref3">3</xref>
        ] and is reliable and trustworthy [
        <xref ref-type="bibr" rid="ref4">4</xref>
        ]. A monetary loss can be gained when an attacker
has accessed the data, and a ransom is required to restore access [
        <xref ref-type="bibr" rid="ref5">5</xref>
        ]. Often, the data in the health
information systems is stored in a centralized database which raises the risk that in case of
unauthorized access, all the stored data can be compromised. These incidents can significantly
reduce trust in organizations that store and process medical data but cannot provide and ensure
security. Also, preserving data integrity has become a challenge for medical institutions as
the organizations and the data they collect are complex. Also, it has been highlighted that
maintaining data integrity is a more critical challenge than the other cyber threats [
        <xref ref-type="bibr" rid="ref6">6</xref>
        ]. This is
because tampered medical information can be life-threatening for patients.
      </p>
      <p>
        Blockchain is a discovery in secure computing that provides decentralized authority in an
open networked system [
        <xref ref-type="bibr" rid="ref7">7</xref>
        ]. The central concept of blockchain is to replace the centralized
database with authoritative access control. It has been created and maintained as a hierarchical
and chronologically-ordered chain of blocks, including timestamps, since its inception in 2009
when Bitcoin was launched.
      </p>
      <p>
        Blockchain is frequently defined as a distributed ledger [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. A ledger is a data structure where
the transactions are formed into an ordered list, for example, monetary transactions between
multiple financial institutions.
      </p>
      <p>
        Many studies (e.g., [
        <xref ref-type="bibr" rid="ref10 ref5 ref6 ref9">6, 5, 9, 10, 11, 12, 13</xref>
        ] ), have analyzed the solutions to the issues related
to data integrity. They concluded that blockchain-based technology appropriately addresses
the health data integrity issues mentioned above. Therefore, this study aims to propose and
evaluate a blockchain-based system that is used to support maintaining the integrity of EHRs
by using Hyperledger Fabric technology.
      </p>
    </sec>
    <sec id="sec-2">
      <title>2. Technologies in use</title>
      <sec id="sec-2-1">
        <title>2.1. Hyperledger Fabric</title>
        <p>Hyperledger Fabric is a permissioned, distributed ledger technology (DLT) platform designed
to facilitate the development of enterprise-level blockchain applications [14], [15]. Permissoned
blockchains, in contrast to the permissionless blockchains (e.g., BitCoin), allow operating
blockchain only among a set of identified and verified participants. In general, that means
certain defined rules must be fulfilled before one can join the network, and other members must
agree and confirm new participants. This is particularly suitable in the context when transactions
related to sensitive data like EHRs. It provides a modular architecture and ofers features such as
scalability, security, and confidentiality. Industries such as supply chain management, healthcare,
ifnancial services, and IoT leverage the benefits of Hyperledger Fabric.</p>
        <p>The core components of Fabric’s architecture include nodes, channels, chaincode, and the
membership service provider (MSP). There are two types of nodes: peer nodes and orderer
nodes. Peer nodes can be endorsers, which simulate and endorse transactions, or committers,
which validate and commit transactions to the ledger. Orderer nodes establish the order of
transactions and create blocks.</p>
        <p>Channels are private communication pathways between network members that enable data
and transaction isolation. They provide a secure environment for executing chaincode and
sharing data between authorized participants.</p>
        <p>Chaincode, also known as smart contracts, contains the business logic for processing
transactions. It is deployed and executed on the blockchain network and facilitates interactions between
participants. The lifecycle of chaincode includes installation, instantiation, and execution.</p>
        <p>Hyperledger Fabric uses a pluggable consensus mechanism, allowing flexibility in
choosing the most suitable consensus protocol for a particular use case. The default mechanism,
called "Raft," is a crash fault-tolerant consensus algorithm that provides high performance and
scalability.</p>
        <p>The MSP handles identity management and access control within the network. It uses
digital certificates and certificate authorities (CAs) to verify and authenticate the identity of
participants.</p>
        <p>Although Hyperledger Fabric ofers various security and privacy features, such as the storage
of sensitive data in separate, private ledgers [16]; in this study, it is proposed that the private
data itself is not maintained in the Hyperledger Fabric blockchain. Encryption and decryption
capabilities protect the confidentiality of data, while access control ensures that only
authorized participants can access specific resources. Integration with existing systems is possible
through APIs and other interfaces that make the integration with the decentralized storage
uncomplicated.</p>
        <p>In conclusion, Hyperledger Fabric ofers a robust and secure foundation for building
enterprise-level blockchain applications. Its modular architecture and customizable features
make it a popular choice for various industries looking to leverage blockchain technology and
therefore, applicable for proposal in this study.</p>
      </sec>
      <sec id="sec-2-2">
        <title>2.2. Decentralized Storage</title>
        <p>Decentralized storage is an emerging serverless technology for securely storing large amounts
of data, including sensitive personal data like electronic health records [17]. It does not depend
on large servers in huge data centers, but instead, the data is stored in a peer-to-peer network
operated by volunteers and containing thousands, potentially millions of nodes. No central
authority exists in the network; it is only governed by the protocol implemented in the software
running on the nodes.</p>
        <p>Data uploaded to such a network is split into multiple small pieces that are then evenly
distributed among the nodes, with each piece stored on a diferent node. To lower the risk of
data being lost due to a node leaving the network, each piece is stored not just on a single node
but on a set of nodes. Additionally, each piece can be individually encrypted. This means that
the network is completely trustless - every node is ignorant of the content and owner of the
pieces of data it is storing. Data on such networks is addressed by the hash of its content, which
means that its integrity can easily be verified.</p>
        <p>The whole data set can be retrieved by its root hash initially known only to the owner of
the data. The owner can share the data with third parties by sharing the root hash. It is also
conceivable to use other mechanisms for data sharing – by exposing the data through an API
etc.</p>
        <p>An example of decentralized storage is Ethereum Swarm [18]. It is a distributed storage
platform and content delivery network and is designed to function as a foundational
infrastructure layer for the wider Ethereum ecosystem. Swarm aims to provide a fully decentralized,
redundant, and self-sustaining network for serving and storing data. An illustration of data
upload and storage in Swarm [19] is provided in figure 1.</p>
      </sec>
    </sec>
    <sec id="sec-3">
      <title>3. Proposed Solution</title>
      <sec id="sec-3-1">
        <title>3.1. Current Process of Managing EHRs</title>
        <p>Nowadays, health records are managed as EHRs [20]. Managing (including exchanging) them
is a crucial process in modern healthcare, facilitating improved patient care, eficient service
delivery, and a more coordinated approach to health management. The process usually involves
the following steps:
• Patient Identification : The first step is to correctly identify the patient whose records
need to be exchanged. This can be done using various identifiers like name, date of birth,
and unique patient identification numbers.
• Consent: Patient consent is a fundamental prerequisite for the exchange of medical
records. The healthcare provider must obtain explicit permission from the patient or their
representative to share their health records. This typically involves explaining why the
records are being shared, with whom, and for what purpose.
• Record Retrieval: Once the appropriate permissions are in place, the healthcare provider
retrieves the necessary patient records from their electronic health record (EHR) system.
• Data Format Standardization: To ensure that the receiving system can read and
understand the data, the patient records are converted into a standardized format, such
as HL7, FHIR, or CCD, which are common healthcare interoperability standards.
• Data Transmission: The records are then transmitted securely (e.g., encrypted) to the
intended recipient. This is typically done via a health information exchange (HIE), a
secure network designed specifically for the transfer of health information.
• Record Reception and Integration: Upon receiving the patient data, the recipient’s EHR
system imports the records. This includes mapping the incoming data to the appropriate
ifelds within their own system.
• Verification and Review : The recipient healthcare provider then verifies the information
and reviews the records to ensure accuracy and completeness.
• Utilization: Finally, the healthcare provider uses the records to make informed decisions
about patient care.</p>
        <p>Data security and patient privacy are paramount throughout this process. This is often ensured
by using encryption, secure networks, and strict access controls. Laws and regulations, such as
HIPAA in the U.S and GDPR in EU, also mandate specific data handling practices to protect
patient information during this process.</p>
        <p>In this study, the focus is on the two simplified scenarios related to the EHR exchange. The
ifrst is the use case, where the doctor logs in to their hospital information system by providing
credentials and entering the patient’s health data. In a generalized approach, the data is stored
in a centralized database that is accessible by other hospitals in the region. The other use case
is that a patient wishes to access their health records. The patient logs in to the patient web
portal that is provided by another healthcare provider in the region and opens a dedicated page
where the health data is displayed.</p>
        <p>These use cases rely significantly on internal business processes that other health
organizations cannot verify transparently. For example, hospitals can agree on which authentication
methods and access are required for the doctors to be allowed to enter health data in the
database (and patients to request their health data). However, the other organizations must trust
that other parties follow the agreed rules. External audits are often carried out to verify that
agreements are followed, but instant verifications for every transaction are usually impossible.
The architecture described in the following sections addresses the described issues and proposes
solutions for how transparency can be increased. Additionally, the study addresses the concern
related to health data storage in a centralized database, whereas a decentralized alternative is
provided instead.</p>
      </sec>
      <sec id="sec-3-2">
        <title>3.2. Deployment</title>
        <p>According to the description provided in the previous sections, the following deployment setup
was constructed. It is expected that at least two diferent organizations (e.g., hospitals) exchange
EHRs. A descriptive diagram is provided in figure 2.</p>
        <p>In accordance with Hyperledger Fabric requirements, the blockchain network is initiated by
setting up the channel. Channel consists of peers that store the copy of distributed ledger. Each
organization is represented by the peer. There is a channel configuration that defines how the
peers are added to the channel. Smart contracts that are described in the following section are
invoked by the client applications that are represented by the hospital information systems
(Hospital IS) in the deployment described in this study.</p>
      </sec>
      <sec id="sec-3-3">
        <title>3.3. Smart Contracts</title>
        <p>In blockchain, Smart contracts generally define the rules that allow creating, reading, updating
and deleting business objects in the ledger [21]. They define a transaction logic that allows
controlling the lifecycle of these business objects. In Hyperledger Fabric, it is developed in
chaincode, and all the members have to agree to have them implemented. Smart contracts are
invoked by the client applications that are considered as hospital information systems in this
paper.</p>
        <p>The following main smart contracts are proposed in this study:
• SC1 - authorizing the Doctor
– Description: It is expected that only authorized persons are allowed to enter new
Electronic Health records. Thus, the smart contract shall verify:
∗ a) the person who enters the EHR data (e.g., using technology that corresponds
to the EU regulation of eIDAS (electronic IDentification, Authentication and
trust Services);
∗ b) the verified person is registered in the acceptable registry (e.g., Health Care</p>
        <p>Workers Registry).</p>
        <p>As described in the beginning of this section, all the organizations have to agree to the smart
contracts. That means each organization recognizes the agreed authorization methods and
registers of health workers.</p>
        <p>• SC2 - authorizing the Patient
– Description: It is expected that only authorized persons are allowed to view/retrieve
their Electronic Health records. Thus, the smart contract shall:
∗ a) verify the person who views/retrieves the EHR data (e.g., using
technology that corresponds to the EU regulation of eIDAS (electronic IDentification,
Authentication and trust Services);
∗ b) decrypt the unique hash of the EHR according to the authentication data
Additionally, smart contracts for ensuring data quality can be introduced to verify, for example,
that contradictory information is not entered but it is not in the scope of the present study.</p>
      </sec>
      <sec id="sec-3-4">
        <title>3.4. Hyperladger Fabric with Decentralized Storage</title>
        <p>Although Hyperledger Fabric and decentralized storage (e.g., Ethereum Swarm) are both
described with a keyword as "decentralized", yet they mostly serve diferent purposes in the realm
of decentralized systems.</p>
        <p>Hyperledger Fabric is a blockchain framework implementation intended for developing
applications or solutions with a modular architecture. It allows components, such as consensus
and membership services, to be plug-and-play and ofers features like channels for private
communications between a specific set of members. It is primarily used for developing private,
permissioned blockchain networks where all participants are known and identifiable.</p>
        <p>On the other hand, decentralized storage like Ethereum Swarm is a distributed storage
platform and content delivery service which allows a network of peers to store and distribute
chunks of arbitrary data. It is designed to function as a foundational layer of infrastructure
for the Ethereum ecosystem, providing a fully decentralized and resilient way of storing and
serving digital content.</p>
        <p>Therefore, we propose that these two systems complement each other. Blockchains like
Hyperledger Fabric are not designed for storing large amounts of data as it would quickly
become impractical due to scalability issues and the necessity for all nodes to carry a full copy
of the blockchain. Instead, we propose that the actual data is stored on decentralized storage,
and then store the reference to that data on the Hyperledger Fabric blockchain. This way, it is
possible to get the data integrity, audibility, and traceability benefits of a blockchain, and the
scalable, resilient data storage capabilities from decentralized storage.</p>
      </sec>
      <sec id="sec-3-5">
        <title>3.5. Proposed Process for Entering a New EHR</title>
        <p>In this subsection, a simplified proposed process for entering a new EHR is described. To enter
a new Electronic Health Record, Doctor uses a hospital information system. After entering the
health data of the patient, the system constructs an EHR according to the standard and stores it
temporarily in the information system. Based on the constructed EHR, a unique hash of the
record is generated using a defined algorithm. After that, the generated hash of the EHR is
encrypted and submitted to be stored in Hyperledger Fabric blockchain.</p>
        <p>After the request to submit the hash in the blockchain, Hospital A Peer creates a smart
contract request (SC1), validates, signs and invokes it. In addition, the request is sent to the
peers of other hospitals as well who all are following the same procedure. If the request is
successful, all peers send a response to the Hospital A IS. Subsequently, Hospital IS validates
the responses and broadcasts them to the orderer.</p>
        <p>Orderer receives the responses and orders them chronologically. After that, the block of
transactions is generated and delivered to all the peers. Then the peers validate and append the
block to the chain, and send a notification to the Hospital A IS that the ledger is updated. If
Hospital A IS receives the confirmation that the ledger has been updated, the constructed EHR
with the unique hash is sent to the decentralized storage and deleted from the Hospital A IS’s
temporary storage. The process is illustrated in a figure 3.</p>
      </sec>
      <sec id="sec-3-6">
        <title>3.6. Proposed Process for Retrieving a EHR</title>
        <p>In this subsection, a proposed process for retrieving an EHR is described. It follows a similar
process as entering a new EHR as described in the previous subsection. To simplify the example,
it is expected that Hospital A’s information system provides a Patient Portal. However, on the
broader picture it can be assumed that special organizations exist in the blockchain channel
that are focused on providing user interfaces for patients.</p>
        <p>To retrieve an existing Electronic Health Record, the Patient uses Patient Portal. After
providing identification data, the system submits a request to Hyperledger Fabric blockchain to
decrypt and retrieve a unique hash that can be used to access EHR from decentralized storage.
After the request to retrieve a unique hash is submitted in blockchain, Hospital A Peer creates a
smart contract request (SC2), validates, signs, and invokes it. In addition, the request is sent to
the peers of other hospitals as well who all are following the same procedure. If the request is
successful, all peers send a response to the Hospital A IS. Subsequently, Hospital IS validates
the responses and broadcasts them to the orderer.</p>
        <p>Orderer receives the responses and orders them chronologically. After that, the block of
transactions is generated and delivered to all the peers. Then the peers validate and append
the block to the chain, and send a notification to the Hospital A IS that the ledger is updated
with a new entry. If Hospital A IS receiving confirmation that the ledger has been updated, the
decrypted unique hash is provided to the Patient Portal that uses it to retrieve the EHR from
the decentralized storage. The process is illustrated in figure 4.</p>
      </sec>
    </sec>
    <sec id="sec-4">
      <title>4. Discussion</title>
      <sec id="sec-4-1">
        <title>4.1. Related Works</title>
        <p>Several studies have been conducted to improve the data integrity of EHRs by implementing
blockchain technology. Pilares et al. [22] have proposed an EHRChain framework that is enabled
by dual-blockchains based on Hyperledger Sawtooth and InterPlanetary File System (IPFS).
They have outlined that EHR data cannot be tampered with when the supermajority of nodes
are trustworthy. Kim et al. have [23] proposed a secure protocol for cloud-assisted EHR system
using Hyperledger Fabric blockchain that log transactions are used to provide data integrity
and access control. Another blockchain based application is introduced by Faroug et al. [24]
using Hyperledger Fabric and Ethereum platforms. A Hyperledger Fabric-based solution is
proposed by Kumar and Dakshayini [25].</p>
        <p>Additionally, BiiMED (a Blockchain framework for Enhancing Data Interoperability and
Integrity) has been proposed by Jabbar et al. [26] regarding EHR-sharing. However, in addition
to the blockchain’s properties, Decentralized Trusted Third Party Auditor (TTPA) is used for
ensuring data integrity as well. After retrieving shared data from another medical facility, the
Health Information System will compare the hash of the received data with the stored hash to
verify the integrity of the received data. Kalaipriya et al. [27] describe a blockchain-based design
using Ethereum framework for current Electronic Health Records (EHR) frameworks where
two smart agreements, classified contracts, and user record associated contracts are introduced
as well.</p>
        <p>Ghayvat et al. [28] propose a scheme that integrates blockchain (BC)-based
confidentialityprivacy (CP) preserving scheme, CP-BDHCA, that operates in two phases. It is highlighted
that blockchain addresses the healthcare cloud and application limitations about agreements,
accountability, rights management, and data integrity in healthcare big data. A more general
approach is described by Yuan et al. [29]. A scheme that integrates the Ethernum blockchain and
third-party auditors (TPA) is studied by Liu et al. [30]. In addition to the blockchain attributes,
user can send an auditing request for data integrity. The TPA examines the integrity of health
records through the auditing proof upon receipt. A system design integrating edge computing
paradigm, blockchain technology and Inter-Planetary File System (IPFS) is another study by
Makina et al. [31] where in addition to blockchain’s attributes, supplementary measures are
introduced to ensure data integrity. MB-EHR (Multilayer Blockchain-based EHR) proposes a
layered blockchain structure to support better the operational hierarchy in health organisations
where PDP-like data verification mechanism protects data integrity [ 32]. Furthermore, authors
[33] present a MEChain, a multilayer blockchain structure, which aims to solve the adoption,
storage and consensus problems when implementing blockchain in EHR systems. They outline
that data synchronisation method provides data verification and retrieve mechanisms to protect
data integrity.</p>
        <p>Ajayi et al. [34] propose a blockchain-based solution that facilitates a scalable and secured
inter-healthcare EHRs exchange where the integrity and consistency of EHR requests and replies
is verified and presented in a standard format to make them easily understandable for diferent
healthcare systems. Shahnaz et al. [35] propose a framework that implements blockchain
technology for EHR and secondly to provides secure storage of electronic records by defining
granular access rules for the users of the proposed framework where access rules ensure that
patients’ private data or medical records are not accessible and remain temper-proof.</p>
        <p>A wrapper layer integration mechanism, named as the blockchain handshake, between the
existing cloud-based EHR management system and public blockchain network to develop a
tamper-proof health record management system is introduced by Rahman et al. [36]. Akbar et
al. [37] propose an Ethereum blockchain-based solution where a function to ensure that the
content of the smart contract from the system does not change by comparing the bytecode of
the deployed smart contract with the one that has not deployed.</p>
        <p>A Scrybe, a permissioned blockchain, to store proof of clinical trial data provenance is
introduced by Oakley et al. [38]. They illustrate how Scrybe addresses each control and the
limitations of the Ethereum-based blockchains. Khan et al. [39] propose a blockchain-based
framework to facilitate health data availability and sharing. An internet-inspired framework
(ChainNet) to facilitate interoperability within blockchain-based systems whereby two
systems within independent Blockchain networks can securely exchange data with each other is
introduced by Abdullah et al. [40].</p>
        <p>All the included studies have addressed maintaining data integrity by outlining the general
blockchain attributes, i.e., that the records are immutable. What is more, some authors have
described maintaining data integrity in more detail. e.g., used cryptography. Also, some authors
introduced additional tools like third-party auditors in addition to the general attributes of
blockchain to maintain the data integrity. Many studies propose that medical data itself is stored
in blockchain. This, however can negatively influence the scalability as the amount of data can
be high and privacy issues as all the blockchain members are able to read the data from ledger.</p>
        <p>Therefore, the solution proposed in this study introduces an integrated solution where
Hyperledger Fabric is used to control the business processes related to EHR management and
decentralized storage to store medical information in a distributed form. To sum up, there are
several diferences between the existing works and advantages that the study proposes. For
example, to highlight the most important ones, this study proposes integrating eIDAS and
acceptable registries to increase trust in authentication and authorization. Furthermore, some
studies presented solutions where the health data is stored on a blockchain, but this brings
scalability problems and means that all the nodes somehow store a copy of the data.</p>
        <p>Although there are studies that suggest that only a hash of the data instead of the whole
record is stored on a blockchain, there needs to be more emphasis on storing the actual data. This
research proposes complementary integration with decentralized storage, ensuring scalable and
resilient data storage. In ransom attacks, the intruder has often accessed the whole centralized
database and encrypted it. Nevertheless, suppose an attacker obtains access to one of the
decentralized nodes. In that case, it is only possible to receive a fragment of the data with which
it is impossible to assemble the entire record.</p>
      </sec>
      <sec id="sec-4-2">
        <title>4.2. Future Work: A Possible Evaluation Methodology for the Proposed</title>
      </sec>
      <sec id="sec-4-3">
        <title>Solution</title>
        <p>To verify whether the proposed solution resolves the previously outlined concerns and does not
create new ones, an evaluation methodology shall be addressed in the future works. It shall be
comprehensive and focused on critical aspects like security, privacy, interoperability, scalability,
and performance. It also should be adapted to the specific use cases and organizations. Engaging
stakeholders, including healthcare providers, IT experts, and patients, in the evaluation process
will ensure that the chosen solution architecture addresses the needs and concerns of all parties
involved.</p>
        <p>We have planned a possible evaluation methodology as follows:
1. Define Evaluation Criteria : Establish clear and quantifiable criteria to assess the
proposed solution architecture. These criteria may include:
• Data Integrity
• Data Confidentiality
• Access Control
• Interoperability
• Scalability
• Performance
• Compliance with standards and regulations
• User Experience
2. Develop Evaluation Metrics: For each criterion, define specific metrics that can be
used to objectively measure the solution’s performance. Examples include:
• Data Integrity: percentage of successful data validation checks, percentage of data
discrepancies
• Data Confidentiality: encryption strength, percentage of unauthorized data breaches
• Access Control: number of successful/failed authorization attempts, time to
grant/revoke access
• Interoperability: number of successfully integrated systems, data exchange success
rate
• Scalability: response time under varying loads, number of concurrent users
supported
• Performance: transaction processing time, system response time
• Compliance: number of compliance checks passed, audit results
• User Experience: user satisfaction ratings, time to complete tasks
3. Create Test Scenarios and Benchmarks: Design test scenarios and benchmarks that
simulate real-world use cases and challenges. These tests should be conducted in a
controlled environment to compare diferent solution architectures fairly.
4. Implement and Test Solution Architectures: Build prototypes or proof-of-concept
implementations to evaluate each solution architecture. Conduct tests using the designed
scenarios and benchmarks, and collect data on the defined metrics.
5. Analyze Results: Analyze the collected data and compare the performance of each
solution architecture against the evaluation criteria and metrics. Identify strengths and
weaknesses in each architecture and determine areas for improvement.
6. Rank and Select the Best Solution: Based on the analysis, rank the solution
architectures and select the one that best meets the evaluation criteria. Consider trade-ofs and
the overall alignment of the solution with the goals and requirements of the EHR system.
7. Iterate and Refine : Continuously iterate on the chosen solution architecture, refining
and optimizing it to enhance its performance and meet evolving needs.</p>
        <p>Due to the huge amount of data that is exchanged in the medical domain, the scalability issue
can be the first one to address when improving the proposal and developing a Proof-of-Concept.
For example, it may not be reasonable that all the participating members in the Hyperledger
Fabric network maintain the whole history of ledger all the time. Generally, in the everyday
use cases, it might be suficient for the doctor or patient to be sure that the EHR they currently
process is the most recent and valid. The fundamental solution to approach that can be by
introducing blockchain sharding - splitting the blockchain into shards or partitions that allow
processing more transactions in parallel.</p>
        <p>Another challenge to address is future-proofing. As the computational power is growing over
time and the distribution of quantum computers can put the cryptography used in Hyperledger
Fabric and decentralized storage on the spot. Thus, the solutions should take into account that
cryptographic providers could be upgraded over time. On the other hand, the introduction of
quantum computers can be the solution to the scalability concerns outlined previously.</p>
        <p>Additionally, the membership service provider that is used in Hyperledger Fabric to prove
the identity of blockchain participants shall be analyzed in the future as it was not in the scope
of this paper. For example, the possibility of integration of European Digital Identity can be
examined and determined.</p>
      </sec>
    </sec>
    <sec id="sec-5">
      <title>5. Conclusion</title>
      <p>This paper introduced an initial architecture concept for supporting EHR integrity when
exchanging them between organizations. The architecture is based on a blockchain-based system
using Hyperledger Fabric technology, while the EHR data is stored in decentralized storage.
Hyperledger Fabric and decentralized storage concepts are introduced, and their main components
are described.</p>
      <p>To present a proposed solution, a current process of managing EHRs are briefly outlined.
Based on the concepts of introduced technologies in use and the current process, a deployment
and example use cases are represented.</p>
      <p>In the following, a short overview of related works on improving data integrity of EHRs is
provided. It is outlined that all the studies address that data integrity can be maintained by
the main attributes of blockchain. Also, many studies described that health data itself is also
stored in blockchain. As this can have negative implications, this study proposes an integrated
solution where Hyperledger Fabric is used to control the business processes related to EHR
management and decentralized storage to store medical information in a distributed form.</p>
      <p>Additionally, evaluation methods are proposed to analyze the credibility of architecture in
future works. Challenges to address, like future-proofing and membership service provider, are
also outlined to be addressed in prospective studies.</p>
    </sec>
    <sec id="sec-6">
      <title>Acknowledgments</title>
      <p>This work in the project ‘ICT programme’ was supported by the European Union through the
European Social Fund.
2021 International Workshops: DETECT, SIAS, CSMML, BIOC, HEDA, Tallinn, Estonia,
June 21–23, 2021, Proceedings 10, Springer, 2021, pp. 259–268.
[11] A. Gonzales, S. R. Smith, P. Dullabh, L. Hovey, K. Heaney-Huls, M. Robichaud, R. Boodoo,
Potential uses of blockchain technology for outcomes research on opioids, JMIR Medical
Informatics 9 (2021) e16293.
[12] K. Fan, S. Wang, Y. Ren, H. Li, Y. Yang, Medblock: Eficient and secure medical data sharing
via blockchain, Journal of medical systems 42 (2018) 1–11.
[13] M. Jones, M. Johnson, M. Shervey, J. T. Dudley, N. Zimmerman, Privacy-preserving methods
for feature engineering using blockchain: review, evaluation, and proof of concept, Journal
of medical Internet research 21 (2019) e13600.
[14] Hyperledger fabric whitepaper, https://www.hyperledger.org/wp-content/uploads/2020/
03/hyperledger_fabric_whitepaper.pdf, note = Accessed: 2023-05-20, ????.
[15] Introduction - hyperledger-fabricdocs main documentation, https://www.hyperledger.org/
wp-content/uploads/2020/03/hyperledger_fabric_whitepaper.pdf, ????. Accessed:
2023-0520.
[16] Private data - hyperledger-fabricdocs main documentation, https://hyperledger-fabric.</p>
      <p>readthedocs.io/en/latest/private-data-arch.html, ????. Accessed: 2023-05-20.
[17] T. Klementi, K. J. I. Kankainen, G. Piho, P. Ross, Prospective research topics towards
preserving electronic health records in decentralised content-addressable storage networks
3264 (2022). URL: https://ceur-ws.org/Vol-3264/HEDA22_paper_7.pdf.
[18] Welcome! | swarm bee client, https://docs.ethswarm.org/docs/, note = Accessed:
2023-0520, ????
[19] P. Febrero, An overview of ethereum swarm: A decentralised filestore, 2020. URL: https://
ifnance.yahoo.com/news/overview-ethereum-swarm-decentralised-filestore-140009996.
html.
[20] A. Shibu, A. M, A. T. Anilkumar, A. Radhakrishnan, S. Izudheen, Secure storage and
retrieval of electronic health records, in: 2022 International Conference on Computing,
Communication, Security and Intelligent Systems (IC3SIS), 2022, pp. 1–5. doi:10.1109/
IC3SIS54991.2022.9885484.
[21] Smart contracts and chaincode -; hyperledger-fabricdocs main documentation, https:
//hyperledger-fabric.readthedocs.io/en/release-2.5/smartcontract/smartcontract.html, ????
Accessed: 2023-05-18.
[22] I. C. A. Pilares, S. Azam, S. Akbulut, M. Jonkman, B. Shanmugam, Addressing the challenges
of electronic health records using blockchain and ipfs, Sensors 22 (2022). URL: https:
//www.mdpi.com/1424-8220/22/11/4032. doi:10.3390/s22114032.
[23] M. Kim, S. Yu, J. Lee, Y. Park, Y. Park, Design of secure protocol for cloud-assisted electronic
health record system using blockchain, Sensors 20 (2020). URL: https://www.mdpi.com/
1424-8220/20/10/2913. doi:10.3390/s20102913.
[24] A. Faroug, M. Demirci, Blockchain-based solutions for efective and secure management
of electronic health records, in: 2021 International Conference on Information Security
and Cryptology (ISCTURKEY), 2021, pp. 132–137. doi:10.1109/ISCTURKEY53027.2021.
9654325.
[25] N. Kumar S., M. Dakshayini, Secure sharing of health data using hyperledger fabric based on
blockchain technology, in: 2020 International Conference on Mainstreaming Block Chain
Implementation (ICOMBI), 2020, pp. 1–5. doi:10.23919/ICOMBI48604.2020.9203442.
[26] R. Jabbar, N. Fetais, M. Krichen, K. Barkaoui, Blockchain technology for healthcare:
Enhancing shared electronic health record interoperability and integrity, in: 2020 IEEE
International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), 2020, pp.
310–317. doi:10.1109/ICIoT48696.2020.9089570.
[27] R. Kalaipriya, S. Devadharshini, R. Rajmohan, M. Pavithra, T. Ananthkumar, Certain
investigations on leveraging blockchain technology for developing electronic health records,
in: 2020 International Conference on System, Computation, Automation and Networking
(ICSCAN), 2020, pp. 1–5. doi:10.1109/ICSCAN49426.2020.9262391.
[28] H. Ghayvat, S. Pandya, P. Bhattacharya, M. Zuhair, M. Rashid, S. Hakak, K. Dev, Cp-bdhca:
Blockchain-based confidentiality-privacy preserving big data scheme for healthcare clouds
and applications, IEEE Journal of Biomedical and Health Informatics 26 (2022) 1937–1948.
doi:10.1109/JBHI.2021.3097237.
[29] L. Q. Yuan, M. E. Rana, Q. A. Maatouk, Enhancing medical data transparency and integrity
with blockchain based implementation, in: 2021 Third International Sustainability and
Resilience Conference: Climate Change, 2021, pp. 279–285. doi:10.1109/IEEECONF53624.
2021.9668137.
[30] X. Liu, Y. Luo, X. Yang, L. Wang, X. Zhang, Lattice-based proxy-oriented public auditing
scheme for electronic health record in cloud-assisted wbans, IEEE Systems Journal 16
(2022) 2968–2978. doi:10.1109/JSYST.2021.3138861.
[31] H. Makina, A. B. Letaifa, A. Rachedi, Leveraging edge computing, blockchain and ipfs
for addressing ehealth records challenges, in: 2022 15th International Conference on
Security of Information and Networks (SIN), 2022, pp. 01–04. doi:10.1109/SIN56466.
2022.9970495.
[32] H. Wu, L. Li, H.-y. Paik, S. S. Kanhere, Mb-ehr: A multilayer blockchain-based ehr, in:
2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 2021, pp.
1–3. doi:10.1109/ICBC51069.2021.9461075.
[33] H. Y. Wu, L. J. Li, H.-Y. Paik, S. S. Kanhere, Mechain: A multi-layer blockchain structure with
hierarchical consensus for secure ehr system, in: 2021 IEEE 20th International Conference
on Trust, Security and Privacy in Computing and Communications (TrustCom), 2021, pp.
976–987. doi:10.1109/TrustCom53373.2021.00136.
[34] O. Ajayi, M. Abouali, T. Saadawi, Secure architecture for inter-healthcare electronic health
records exchange, in: 2020 IEEE International IOT, Electronics and Mechatronics
Conference (IEMTRONICS), 2020, pp. 1–6. doi:10.1109/IEMTRONICS51293.2020.9216336.
[35] A. Shahnaz, U. Qamar, A. Khalid, Using blockchain for electronic health records, IEEE</p>
      <p>Access 7 (2019) 147782–147795. doi:10.1109/ACCESS.2019.2946373.
[36] M. S. Rahman, I. Khalil, P. C. Mahawaga Arachchige, A. Bouras, X. Yi, A novel architecture
for tamper proof electronic health record management system using blockchain wrapper, in:
Proceedings of the 2019 ACM International Symposium on Blockchain and Secure Critical
Infrastructure, BSCI ’19, Association for Computing Machinery, New York, NY, USA, 2019, p.
97–105. URL: https://doi.org/10.1145/3327960.3332392. doi:10.1145/3327960.3332392.
[37] I. M. Akbar, A. Bhawiyuga, R. Siregar, An ethereum blockchain based electronic health
record system for inter-hospital secure data sharing, in: Proceedings of the 6th
International Conference on Sustainable Information Engineering and Technology, SIET
’21, Association for Computing Machinery, New York, NY, USA, 2021, p. 226–230. URL:
https://doi.org/10.1145/3479645.3479699. doi:10.1145/3479645.3479699.
[38] J. Oakley, C. Worley, L. Yu, R. R. Brooks, u. Özçelik, A. Skjellum, J. S. Obeid, Scrybe:
A secure audit trail for clinical trial data fusion, Digital Threats (2022). URL: https:
//doi.org/10.1145/3491258. doi:10.1145/3491258, just Accepted.
[39] A. Khan, A. Anjum, Blockchain-based distributed platform for accountable medical data
sharing, in: Proceedings of the 14th IEEE/ACM International Conference on Utility and
Cloud Computing Companion, UCC ’21, Association for Computing Machinery, New
York, NY, USA, 2022, pp. 1–8. URL: https://doi.org/10.1145/3492323.3503506. doi:10.1145/
3492323.3503506.
[40] S. Abdullah, J. Arshad, M. Alsadi, Chain-net: An internet-inspired framework for
interoperable blockchains, Distrib. Ledger Technol. 1 (2022). URL: https://doi.org/10.1145/3554761.
doi:10.1145/3554761.</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          [1]
          <string-name>
            <given-names>T.</given-names>
            <surname>Kanwal</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Anjum</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Khan</surname>
          </string-name>
          ,
          <article-title>Privacy preservation in e-health cloud: taxonomy, privacy requirements, feasibility analysis, and opportunities</article-title>
          ,
          <source>Cluster Computing</source>
          <volume>24</volume>
          (
          <year>2021</year>
          )
          <fpage>293</fpage>
          -
          <lpage>317</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          [2]
          <string-name>
            <given-names>P.</given-names>
            <surname>Vimalachandran</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H.</given-names>
            <surname>Wang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y.</given-names>
            <surname>Zhang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>B.</given-names>
            <surname>Heyward</surname>
          </string-name>
          ,
          <string-name>
            <given-names>F.</given-names>
            <surname>Whittaker</surname>
          </string-name>
          ,
          <article-title>Ensuring data integrity in electronic health records: a quality health care implication</article-title>
          ,
          <source>in: 2016 International Conference on Orange Technologies (ICOT)</source>
          , IEEE,
          <year>2016</year>
          , pp.
          <fpage>20</fpage>
          -
          <lpage>27</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          [3]
          <string-name>
            <given-names>V. G.</given-names>
            <surname>Garagad</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N. C.</given-names>
            <surname>Iyer</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H. G.</given-names>
            <surname>Wali</surname>
          </string-name>
          ,
          <article-title>Data integrity: a security threat for internet of things and cyber-physical systems</article-title>
          ,
          <source>in: 2020 International Conference on Computational Performance Evaluation (ComPE)</source>
          , IEEE,
          <year>2020</year>
          , pp.
          <fpage>244</fpage>
          -
          <lpage>249</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          [4]
          <string-name>
            <given-names>S.</given-names>
            <surname>Manu</surname>
          </string-name>
          , G. Bhaskar,
          <article-title>Securing sensitive data in body area sensor network using blockchain technique</article-title>
          ,
          <source>in: 2020 5th International Conference on Communication and Electronics Systems (ICCES)</source>
          , IEEE,
          <year>2020</year>
          , pp.
          <fpage>1</fpage>
          -
          <lpage>5</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          [5]
          <string-name>
            <given-names>A. K.</given-names>
            <surname>Pandey</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A. I.</given-names>
            <surname>Khan</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y. B.</given-names>
            <surname>Abushark</surname>
          </string-name>
          ,
          <string-name>
            <surname>M. M. Alam</surname>
            ,
            <given-names>A.</given-names>
          </string-name>
          <string-name>
            <surname>Agrawal</surname>
            ,
            <given-names>R.</given-names>
          </string-name>
          <string-name>
            <surname>Kumar</surname>
            ,
            <given-names>R. A.</given-names>
          </string-name>
          <string-name>
            <surname>Khan</surname>
          </string-name>
          ,
          <article-title>Key issues in healthcare data integrity: Analysis and recommendations</article-title>
          ,
          <source>IEEE Access 8</source>
          (
          <year>2020</year>
          )
          <fpage>40612</fpage>
          -
          <lpage>40628</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          [6]
          <string-name>
            <given-names>M.</given-names>
            <surname>Zarour</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Alenezi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M. T. J.</given-names>
            <surname>Ansari</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A. K.</given-names>
            <surname>Pandey</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Ahmad</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Agrawal</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Kumar</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R. A.</given-names>
            <surname>Khan</surname>
          </string-name>
          ,
          <article-title>Ensuring data integrity of healthcare information in the era of digital health</article-title>
          ,
          <source>Healthcare Technology Letters</source>
          <volume>8</volume>
          (
          <year>2021</year>
          )
          <fpage>66</fpage>
          -
          <lpage>77</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          [7]
          <string-name>
            <given-names>R.</given-names>
            <surname>Zhang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Xue</surname>
          </string-name>
          , L. Liu,
          <article-title>Security and privacy on blockchain</article-title>
          ,
          <source>ACM Computing Surveys (CSUR) 52</source>
          (
          <year>2019</year>
          )
          <fpage>1</fpage>
          -
          <lpage>34</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          [8]
          <string-name>
            <given-names>M.</given-names>
            <surname>Abdelhamid</surname>
          </string-name>
          , G. Hassan,
          <article-title>Blockchain and smart contracts</article-title>
          ,
          <source>in: Proceedings of the 8th International Conference on Software and Information Engineering</source>
          ,
          <year>2019</year>
          , pp.
          <fpage>91</fpage>
          -
          <lpage>95</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          [9]
          <string-name>
            <given-names>A.</given-names>
            <surname>Hasselgren</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Kralevska</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Gligoroski</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S. A.</given-names>
            <surname>Pedersen</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Faxvaag</surname>
          </string-name>
          ,
          <article-title>Blockchain in healthcare and health sciences-a scoping review</article-title>
          ,
          <source>International Journal of Medical Informatics</source>
          <volume>134</volume>
          (
          <year>2020</year>
          )
          <fpage>104040</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          [10]
          <string-name>
            <given-names>M.</given-names>
            <surname>Kask</surname>
          </string-name>
          , G. Piho, P. Ross,
          <article-title>Systematic literature review of methods for maintaining data integrity, in: Advances in Model and Data Engineering in the Digitalization Era: MEDI</article-title>
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>