The implementation of the algorithms described in this chapter is in go language. This code is logically divided into components which is triggered once the participants on the network are enrolled in enrollment on the blockchain. In this chapter we will explain the details of our implementation, focusing on the instrumentation and analysis routines that make up the access control algorithm in the chain code.
For the purpose of implementing this model, blockchain is made the core of it. As what has already been mentioned in Chapter 2, multiple types of blockchains are available.
However, to ease testing and further development, Hyperledger blockchain is employed in the process. With its own characteristics and block parameters, Hyperledger Fabric is deemed as a permissioned private blockchain that provides the capability of creating our private blockchain for the purposes of studying and testing. As has been stated above, the EHR of a patient can be accessed through a front-end client application, created by the hospital and employed within the network.
After the EHR is created, a certificate authority is then issued to identify the patient on the blockchain network and then all administrative privileges are automatically appended to the patient’s account. As indicated in chapters 5 the ordering is the administration point providing all the entities-controlled access to the network, and the hospital updates the network configuration to enable the patients to be the administrator of their records upon creation of EHR. After this point, both the patient and the hospital possess equal rights over the network configuration on the network.
Although the ordering service runs on the infrastructure of the hospital, the patient has shared administrative rights over EHR records, as long as it has easy access to the network. In such situation, even though the hospital runs the ordering service and the patient has full administrative rights over EHR, third parties have limited rights to have access to these records unless otherwise stated in the proposed access control architecture in the chain code. After that, the hospital who is known as the network administrator is responsible for defining the access of EHR through access requests from other parties with and only with the approval of the patient who is the owner of records. This access policies or configuration of distribution are stored in the network configuration. As for the distribution configuration within the network configuration, it mainly defines the set of entities in the network which are willing to be a part of distribution in patients’ EHRs on the blockchain network with one another. Concerning this research, it is regarded as the patient, pharmacy, family doctor, physician and other third-party companies such as insurance and other interested governmental bodies. Once access is granted as stated in the chain code access control module, a channel is created accordingly for a participant to have easy access to EHR records. The channel is known as a security module for private communication created when a request by an entity within the network is granted by a patient for EHR to be accessed, which consequently creates the link of total privacy and exclusiveness to patient record through the distribution configuration. However, the access to EHRs is governed by channel configuration that is completely separated from the main network and it can be authorized by the patient only. All records are accessible on the ledger through the nodes, which is supervised by the ordering service. The chain code is also available on the blockchain, and can define all the common access patterns to the ledger . Our proposed module is mainly based on the chain code which will gives a well-defined set of ways through which the ledger can be queried or updated on the node. For the purpose of easing the distribution, the ledger is what holds the EHRs data or hashed EHR data which points to the main data stored on respective EHR servers.
The experiment is deployed using Docker images on a Virtual Machine hosted at the private cloud infrastructure. The parties connected to the network were split into different docker images independent operating systems sitting on a location in the blockchain network. All Docker images were run on the same virtual machine and made use of the host network to simplify the development and setup process. A docker-compose le managed the deployment of the different docker containers on the virtual machine.
A new EHR-based access control algorithm using the chain code to ensure ultimate privacy during the interoperability of electronic health records on the blockchain whiles maintaining all its security components is proposed. This module fixes all the privacy weakness in the distribution of electronic health records on a network and at all times authorization to access patient’s record is only given by patient from the registration of the patient on to the network from the beginning, therefore ensuring that any update to such contract can only be approved with the patients consent.
Enforcing this access control module through the use of chain code for private access of patient’s EHR is made possible through the chain code. It is logically written in the chain code to ensure that no unauthorized access to the information stored on EHR systems is allowed. This is how the module maintains its integrity. This demonstrates how the system provides a user-defined, fine-grained privacy protection and access control Algorithm, enhancing and ensuring data ownership of individual EHRs on the blockchain network.
In this experiment, we implement an access control algorithm by writing this process at the chain code level. Note the use of user and participant as it will be used interchangeably but means the same thing. The code for this work can be found in Figure 6.2. We implement restriction of users in the network by writing attributes to their account, once an EHR is created what is done is to add privacy rules to attributes of a user who is a participant in the network in the chain code to ensure total ownership of data by patients. In this experiment, we restrict data stored on the blockchain to only the patient and the healthcare provider. For the ease of understanding, we use limited attributes of EHRs to highlight the main function of the chain code. This is the basic workflow of the privacy access control algorithm: once a user is created, restrictions are then written to the users in the chain code. First, a USER A who is also a participant on the blockchain EHR network is registered in the network and then attributes present in a specific patient’s EHR is added to this USER A’s entity and this same attribute is then added to the chain code. If that chain code value is queried by USER A and attributes present in a patient’s EHR is present in the user’s certificate access is granted to user A. There’s an initLedger() method, this method adds a patient EHR information to the ledger. For this study inputs of EHR information into the ledger is done manually. The queryAllehr () method is also an important method in the chain code. This method allows for querying all patients EHRs, thus, a registered participant (i.e Doctor, Physician, home Doctor etc.) on the network is able to query all EHRs on the network if and only if they have EHR attributes present in the chain code and their user certificates. We include the attribute of the patient’s EHR into participants account explicitly upon enrolment onto the network in this case whoever the patient wants or authorizes to have access to their EHR information i.e Doctor, Physician, pharmaceutical company, home Doctors etc. Hence the attribute value of a specified group or individual EHRs are added to the participants’ users’ certificate in the above example USER A’s user certificate. Therefore, once the attribute values of these specific EHRs are added to USER A’s user certificate upon querying the chain code method, USER A will have access to these specific EHRs.
An attribute array is created and all the attributes are added to the authorized users’ account, thus the attributes added to a particular user certificate is unique and hence points to the particular EHR that it corresponds to. The algorithm states that when ecert is true (which is the attribute value of EHRId existing in the EHR) it will by default add the attribute value to that users’ express line certificate, however, when ecert is false then the attribute will not be added in the chain code and participants cannot access EHR of patients or a specific. Again, it is important to note that this attribute value is added during the enrolment of the user explicitly. After which the attribute (present in the users’ account) is then added to the chain code.
Below in Figure 6.1 is the user enrolment code for accessing the patient electronic health record by users (participant) on the blockchain network. It is important to note that the hospital will always be the administrator of the network hence these participants may include but not limited to healthcare practitioners such as the Doctor, physician, etc. Hence all participants created or enrolled on the network will have to be done by the administrator.
Below in Figure 6.2 is the algorithm that ensures that patients EHR are appended onto user certificates on the blockchain of any contributing participant on the network after a patient has agreed upon enrolment whiles Figure 6.1 is the user enrolment code.
The backend code is structured in two models which is the user registration and the chain code script in which the algorithm is programmed, the Hyperledger fabric platform provides the blockchain network on which the ledgers can be stored and allows communication with the Hyperledger blockchain programmatically, however, this platform offers only low-level functionality contained within the docker environment. The fabric modules do not contain dedicated unit-or- integration-tests but tests its functionality within the main function, which is executed only for testing purposes.
Upon registration of user on the blockchain network following the scripts in Figure 6.1, the chain code is programmed on enrolment after the patient’s authorization, to add a patient attribute to a requestor’s or participant’s user certificate on the network who is also involved in sharing the patient’s data. Note that all the prerequisites mentioned in chapter 4 for adding a user onto the blockchain must be fulfilled at this point to ensure a participant in the network. This variable attribute is a unique ID labeled EHRID which comprises of the patient’s full name plus the patient’s date of birth within patients’ EHR data. The date of birth takes the default DDMMYYYY format. The EHRID is an attribute within a patients’ EHR on the ledger. The EHRID of every EHR is explicitly specified into a user certificate upon enrolment onto the system. When a user on the Network queries the system for an EHR record, the chain code compares the EHRID within the patient’s EHR record to the incoming user participant or requestor’s User certificate EHRID to verify if that EHRID is present in user’s certificate who is the requestor of the data. Only if the requestors certificate contains the patient’s EHRID would the data be released for access. This condition filters out the EHR list with the attribute variable EHRID stored within the user’s certificate before providing access to Electronic Health Record information. This algorithm or logic is what this thesis is based on to grant access control on the blockchain network on patients EHRs as illustrated in the flowchart in Figure 6.3.
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.get help with your assignment