April 5, 2021
Nowadays businesses often need a system-of-record platform with auditing capability to keep track of critical data such as internal compliance, regulatory data (e.g., GDPR) or complete history of assets. For this kind of use cases, blockchain technology offers many advantages compared to traditional database systems. Blockchain based systems provide their consumers with trust in the integrity and validity of the data stored thanks to its immutability properties and consensus mechanisms (to learn more about Blockchain and its basic concepts we recommend reading our Basic Concepts article, and to get acquaintance with Hyperledger Fabric Concepts that will be heavily used through this article).
Particularly, and in several scenarios, the HealthCare Industry seems to have issues regarding the cooperation between different organizations in terms of client privacy and sensitive data which is heavily regulated.
We strongly believe that this case is a perfect fit for Smart Contracts, as they allow all parties involved to agree on the implementation of a system that guarantees that required regulations are followed while information exchange protocols can be agreed on top of this technology. During this article we focus on describing a scenario with a custom solution using blockchain technology.
Before we get into the thing, I don’t want to skip mentioning the great team of software engineers that contributed and provided feedback into putting this together: Matias Diaz, Luciano Pereira & Emanuel Vecchio— thank you guys, you made it happen!
What we will show you ahead consists of a system of record implementation that allows different Medical Provider organizations to store their patient’s Electronic Medical Records (EMRs) and share them between each other as needed.
Each medical provider has three type of actors, each one playing a different role in the network:
Regarding smart contracts implementation, we conceptually divide them by actors in the network.
As we have already defined the different entities and their roles in our scenario, we now want to detail the 2 workflows we chose to implement for our medical records business. Our record system has two workflows: “Managing an EMR” and “Sharing and EMR”.
This one is the main workflow. It involves EMR’s creation and edition process. Each entity is in charge of specific operations to create or update an EMR as is showing in the following flow:
This is a workflow between Medical Providers. It allows EMRs to be shared from one Medical Provider to another, after the patient’s authorization:
We implemented our solution using the Hyperledger Fabric platform. We think this platform is the most fitting for our scenario since it was originally designed for enterprise use and it focus on permissioned systems.
For the smart contract development, Hyperledger Fabric offers three different programming languages: Golang, Java, and Node.js. We decided to use Node.js for our reference implementation since it is the most widely used language between the three.
We also created shell scripts that utilize Docker-Compose and the Hyperledger Fabric binaries and Docker images to easily create and manage a Blockchain network where medical provider organizations can be added as members. These scripts also provide the entry point that allow medical providers to interact with the network and execute its smart contracts.
EMR managing process consist of one Health Provider organization creating patient’s EMR (at first visit, if does not exist before). Later, physicians from that Medical Provider are allowed to read and append medical entries to patient’s EMR — this process create the history captured within the EMR. That instance of the EMR belongs to the Medical Provider which creates the record and cannot be accessed nor read by any other institution in the network.
The diagram above shows the following:
EMR sharing process consist of one Health Provider organization giving another organization access to read one of their patient’s EMRs (with patient consent). As stated before, organizations own the EMRs, but once shared (for reading purposes as they still control appending operations) they do not control what recipients do with this information. Additionally, when sharing an EMR with another organization in the network, it allows that organization’s physicians to access it.
Since patient’s EMRs are often updated with information about new medical appointments and treatments, when sharing an EMR between organizations we evaluated two alternatives. The first one was to give full access to the EMR, allowing the recipient to access the latest EMR version and see updates in real time. The second one was to provide the recipient with a current snapshot of the EMR, requiring the process to be repeated if the receiver organization needs new information.
We decided to go with the second option and share an EMR snapshot since it gives the sharer organization more control over the information being shared, allowing for more privacy.
The diagram above shows the following:
We created the following diagram in order to give you an idea of the high-level picture of the different actors (virtual or human) that interact with each other within the platform (it has all components and entities structured as a hierarchy of relations):
Our solution’s chaincode is composed of different methods or “smart contracts” that manipulate the ledger’s data.
The Hyperledger Fabric response objects contain a JSON object, together with a status field that follows the HTTP status codes. For more information you can check the Fabric SDK documentation.
These operations can only be executed by an authenticated healthcenter user:
These operations can only be executed by an authenticated physician user:
These operations can only be executed by an authenticated patient user:
As we have seen through this article Blockchain technology can be applied to many different scenarios and industries and not only be tied to crypto-currencies (as most of people think).
Blockchains, as distributed ledger technology, offering transparency to network members as well as immutability of the data being recorded within them are a perfect fit for several domains. In addition, different flavors of them which add different layers of security and privacy of transactions are the perfect fit and way to cover a wide set of use cases and requirements (from business solution & compliance to technical perspective).
In this case, the Health Industry can leverage this technology to handle sensitive medical data & records of their customers with highest levels of confidentiality, resiliency, flexibility, and scalability, while being compliant with most regulations in the sector. The scenario described in the article is just a glimpse of what it can be achieved with these amazing technologies.
We hope you liked it! Don’t forget to visit our reference implementation if you are curious into technical details or just want to dig deeper into decisions being made during the construction of this sample.
 Electronic Medical Record: (aka EMR) A digital medical record maintained by a specific medical provider.
 Medical Provider: A medical institution that is responsible for creating and maintaining an Electronic Medical Record.
 Physician: A health-care professional licensed to practice medicine.
 Medical Record: Documentation of a single patient’s medical history and care across time within one medical provider’s jurisdiction.
Originally published by Mauro Krikorian for SOUTHWORKS on Medium 05 April 2021