Blockchain ile güvenli elektronik sağlık sistemi

Abstract

İnternetin icadı ve bilgi teknolojilerindeki gelişmelerle birlikte dijitalleşme insan hayatının her alanına girmiştir. Sağlık sektörü de dijitalleşmenin yaşandığı önemli alanların başında gelir. Dijitalleşme birçok açıdan hizmet ettiği sektöre faydalar sağlarken bir takım zorlukları ve riskleri de beraberinde getirir. Sağlık sektörü gibi kişisel verilerin gizliliğinin ve güvenliğinin kritik öneme sahip olduğu günümüzde merkezi ve güncel bilgi teknolojileri yöntemleri bu risklerin ortadan kaldırılmasında yetersiz kalmaktadır. Yeni ve gün geçtikçe popüler hale gelen blockchain teknolojisi klasik merkezi bilişim sistemlerinin sunduğu hizmetleri kökünden değiştirecek özellikler sunmaktadır. Blockchain kavramı daha çok dijital para birimleri ile aynı olarak görülse de aslında dijital para birimlerinin arkasındaki teknolojik altyapıdır. Blockchain'in sahip olduğu potansiyel dijital para birimlerinin çok daha ötesindedir. Bu teknolojinin potansiyeli fark edilip finans dışı uygulamalarda da kullanılabileceği fikrinin gündeme gelmesiyle birçok sektörden araştırmacılar uygun kullanım senaryoları üzerinde çalışmaya başlamışlardır. Bu sektörlerden birisi de sağlık sektörüdür. Blockchain teknolojisi ile birlikte gelen bu özelliklerden faydalanarak bu çalışma kapsamında güvenli bir elektronik sağlık sistemi altyapısının nasıl olması gerektiği ele alınmıştır.Bu çalışmanın ilk bölümünde blockchain teknolojisinin temel özellikleri ve tarihi gelişimi hakkında bilgiler verildikten sonra devam eden bölümlerde blockchain teknolojisinin mimarisi, sahip olduğu bileşenler, kriptografik altyapılar ve süreçler teknik açıdan ayrıntılı şekilde ele alınmıştır. Elektronik sağlık sistemlerinin ele alındığı bölümde güncel sistemlerin yapısı incelenerek sağlanması gereken güvenlik standartları incelenmiştir. Elektronik sağlık sistemlerinin sahip olduğu başlıca sorunlar ele alınarak Avrupa ve Amerika'da yapılmış bazı araştırma ve anket sonuçlarına yer verilmiştir.Çalışma kapsamında Etherum blockchain teknolojisi kullanılarak web tabanlı dağıtık bir elektronik sağlık uygulaması geliştirilmiştir. Uygulama geliştirilirken html, css, javascript, reactJs gibi web teknolojileri kullanılmıştır. Hastaların elektronik sağlık verilerin şifrelenmiş versiyonları dağıtık veritabanı teknolojisi kullanılarak kayıt altına alınmıştır. Dağıtık veri tabanlarında tutulan verilerin mesaj özü(hash) karşılıkları etherum blockchain sisteminde kurulan özel ağ üzerindeki bloklarda işlem setleri olarak saklanmıştır. Uygulamanın mantıksal iş katmanı solidty dili ile geliştirilen akıllı sözleşmeler aracılığıyla oluşturulmuştur. Uygulamanın teknik ayrıntıları, kullanım senaryoları ve mimari bileşenleri ayrıntılı şekilde ele alınmıştır.

Medical science is an important scientific field for many centuries. Health is the first priority for humanity since the first days of humankind. Millions of people get treatment in the whole world in every year. Treatment methods and medical devicesare improved with advancing technology. Information technology also made a big contribution to medical science in many aspects in recent years. A new term `e-Health` is created with using computers and mobile devices in healthcare systems. These technological advancements enhance healthcare services in many ways but it comes with new problems such as security and patient privacy. All sectors which use information and telecommunication technologies (IT) like computers, internet and smart phones have certain security weaknesses. This situation comes with IT nature because each device which is connected to internet can be hacked and informations transferred via internet can be stolen. When it comes with health informations, the security of it becomes more important. Growing use of mobile devices to capture and exchange electronic health information resents complex security and confidentiality problems. Main causes of security weaknesses can be listed as; inadequately configured legal system, defective safeguards by healthcare providers and negligent technical system design. Security in e-health can be examined in two main categories; legal framework and technical security. Legal framework issues can be handled by the legislators and goverments. On the other hand technological data privacy problems can be solved with the help of new distributed technologies like Blockchain.Blockchain technology can be described as distributed and immutable public ledger which consist of transactions that added by blockchain users and nodes. All transactions in the blockchain network stored in blocks with their hash values and every block connected to previous block with the hash of their header. These connected blocks form a chain where the name, blockchain, comes.. Every transaction in public ledger must be confirmed with blockchain nodes. After a transaction confirmed by independent blockchain nodes, the transaction is persistently added on public ledger. Blockchain technology provides data integrity as it doesn't allow for an update on transaction. In the centralized systems theintegrity of data must be provided by a central authority like companies or institutions despite that in the blockchain system cryptographic functions, decentralized computing systems and public ledger ensure the data integrity. Data integrity in electronic healthcare systems can be solved by blockchain technology. The other important concern about the electronich health records is the data privacy. Blockchain technology is transparent and transactions can be read by everyone. To Solve this problem, a centralized IT systems and blockchain technology should be combined. A central authority is considered as cryptographic key and identity provider. These keys used for encryption and decryption of electronic health information on blockchain transactions. Patients and other users in e-health system are registered by the central authority and get the unique identities and key pairs. When the patient creates a health record patient can control his/her own data privacy properties. The owner can decide whether the data should be shared with someone or not.With the development of blockchain technology a new concept DApp (Decentralized applications) is emerged in software development sector. An application should have some features to be called as DApp. First of all, a business logic must be developed on smart contracts and should not have dependency any backend server or web services. Smart contract transactions executed on blockchain network nodes and execution results also stored in these nodes. User interfaces should connect to blockchain enviroment directly using some frameworks like web3.js in the DApp software architecture. Helper frameworks help communication between smart contracts and user interfaces. There are some platforms like etherum, hyperledger and corda for developing decentralized applications. Software developers can use these platforms to develop their decentralized applications. Storing big size informations in blockchain is very expensive therefore some distributed storage solutions can be used in decentralized applications.In this thesis, a decentralized electronic health application is developed using Etherum blockchain technology. Truffle is used to create local private etherum network and node. Truffle is a framework for creating and managing etherum networks, migrations and deployments. Smart contracts is compiled and migrated using Truffle. Also Ganache framework used for managing accounts, private keys and monitoring blockchain network. Ganache and Truffle are configured according their white papers to communicate each others. Patients' and doctors' public informations, hash of electronic health records, data sharing options and other metadata are stored in etherum blockchain. Blockchain is a public ledger technology and all records are readable by everyone so critical informations should not be stored in blockchain. To solve this problem IPFS is used. IPFS (InterPlanetary File System) is a distributed file storage technology used to store encrypted electronic health records. IPFS can be described as a distributed file storage which returns calculated hash values of uploaded file. Electronic health records are stored in this IPFS system and hash of this documents stored in blockchain network.Business logic layer is developed on blockchain with smart contracts using solidity. Solidity is the programing language of the etherum blockchain platform which has similar javascript notations. Remix online solidity editor used when the coding the business layer. Smart contract functions developed based on application use cases which are creating doctor account, creating patient account, uploading patient electronic data, requesting patient data sharing permissions, patient replaying sharing requests, doctor viewing patient data.User interface is developed as a web project and html, css, javascript, jquery technologies are used in development process. Metamask is a browser based etherum wallet and it is used for user authentication. It can be installed as a browser addition. When the system admin create a doctor or patient account, he or she assigns an etherum account to this new user and shares the private key of the account. Newly created user imports this private key to metamask wallet and call the electronic healt system web address. Metamask inject the web3.js provider object to web site environment and authenticate the user account. Metamask sign the transactions with this imported private key so miners can verify the transactions by signer account public keys. Also all accounts public keys stored in blockchain and if any doctor would like to view a patient electronic health record, the doctor sends a sharing request to patient. Patient can view this requests on `my health` records screen and approve/disapprove the requests. If a patient allows the informations, firstly it is encrypted with the doctor's public key then uploaded to IPFS. IPFS calculates the hash of encrypted document and returns. Returned hash value stored in the blockchain. Finally web application gets the hash value of electronic document from the blockchain and calls the encrypted document from IPFS by this hash value when the doctor visits the patient health records page. Then encrypted file is decrypted by doctor private key. After all this process doctor can view the patient informations.