As a service platform, blockchain has faced compliance issues since the General Data Protection Regulation (GDPR) came into effect in May 2018. Although many technical solutions have been proposed to solve the compatibility issues between blockchain and the GDPR, unresolved challenges remain. This study presents the gaps between the blockchain and the GDPR and explores solutions to bridge the gap. We review 91 previously published articles using a systematic literature review methodology. Then, we answer the following research questions: 1) Which solutions have been explored to allow the blockchain to comply with the GDPR? 2) What are the research gaps in the blockchain compliance field? Finally, we present five research gaps in this field: 1) development of a consent ontology model; 2) development of a methodology for monitoring fairness in the blockchain; 3) resolution of the contradiction between auditing and obfuscation; 4) development of a methodology for tracking controllers in the blockchain; and 5) integration of the different-purposed technical solutions without conflicts. Our research can raise the compatibility level of the blockchain and GDPR and guide the company adopting a blockchain to comply with the GDPR. Furthermore, it can advise the regulator to embrace new technologies into the GDPR while protecting a blockchain's nature.
BACKGROUND Digital healthcare is a comprehensive, customized medical service that combines healthcare services and IT. Convenient use of information (e.g., real-time use of patients’ medical records), as well as secure and efficient management of considerable data, is important in digital healthcare[1]. As a result, data and services in the healthcare field are gradually migrating to the cloud[1]. However, a cloud environment that outsources data faces high risk of data tampering, data leakage, and unauthorized access if the security of user accounts or application programming interface is not properly managed. The blockchain has been drawing attention as an ideal solution for solving security issues with cloud environments. It can ensure a high level of integrity of recorded data, and therefore, prevents tampering with sensitive medical data, and above all, allows us to achieve a global view of the patients’ medical history in an efficient, verifiable, and permanent manner. However, there are three challenges in introducing the blockchain into a digital healthcare. First, the medical data recorded in the blockchain become permanent once they are recorded, which is not in compliance with the right to be forgotten according to the General Data Protection Regulation in the EU[2]. Second, the blockchain has performance limitations in terms of processing large video-based medical data files. Finally, there is a question whether the blockchain can provide complete access control of data. A blockchain data is publicly available, so an access control systems are essential in order to protect a privacy of patients. However, if we restrict access to the transactions depending on access policy, must devise an encryption and key management method in the blockchain. This paper effectively solves these challenges and proposes a digital healthcare service based on the blockchain that can process large medical data files while ensuring privacy. OBJECTIVE This paper proposes a theoretical framework and an actual system model of a digital healthcare system that can effectively record and manage medical information while making tampering impossible and reducing the risk of unauthorized release of personal information, by using the blockchain. METHODS This paper proposes an access control system based on an attribute-based encryption schemes that can provide a secure management of medical data. The proposed model stores medical data in the cloud after encrypting them using attributes (affiliation, department, etc.). And it records only meta-data and hash values on the blockchain. It can not only gurantees integrity, confidentiality, availability and right to be forgotten of the data, but also authorization is provided because only the person whose attributes are matches the access policy can decrypt a data. The greatest technological obstacle in establishing the proposed system is to solve the problem of performance decline of blockchains caused by attribute-based encryption schemes. To solve these problems, encryption functionalities for access control are implemented off-chain, outside of the blockchain. As a result, the amount of on-chain transactions and demand for storage are reduced, which leads to improved overall performance of the blockchain. RESULTS We implemented the proposed model in an actual blockchain, Hyperledger Besu 1.3.8 version, and measured the TPS along with other legacy blockchain while increasing the size of transactions from 500KB and 3MB. As a result, the proposed system exhibits 60 times faster than lagacy blockchain in terms of TPS. The main reason for the difference is that cryptographic operations are performed off-chain. In the blockchain, only a small amount of transactions are processed, which leads to reduce the consensus time. This experiments objectively proven the effects of off-chain and confirmed practical applicability of the proposed model. CONCLUSIONS This paper effectively solves the challenges in introducing a blockchain into digital healthcare ecosystems and proposes a theoretical framework and actual system model that can protect privacy of medical data. The core concept of our novel model is an access control system based on an attribute-based encryption schemes. The proposed model stores medical data in the cloud after encrypting them using attributes (affiliation, department, etc.). And it records only meta-data and hash values on the blockchain. It can not only gurantees integrity, confidentiality, availability and right to be forgotten of the data, but also authorization is provided because only the person whose attributes are matches the access policy can decrypt a data. The performance decline of the system is the biggest obstacles in establishing the system model. Encryption requires considerable computer calculations and storage and causes delay in blockchain consensus and decline in overall network performance. To solve these problems, encryption functionalities for access control are implemented off-chain, outside of the blockchain. The proposed system is implemented in an actual blockchain, and the performance is evaluated. As a result, the amount of on-chain transactions and demand for storage are reduced, which leads to improved overall performance of the blockchain.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
