J Med Syst (2018) 42:130 https://doi.org/10.1007/s10916-018-0982-x
MOBILE & WIRELESS HEALTH
Healthcare Blockchain System Using Smart Contracts for Secure Automated Remote Patient Monitoring Kristen N. Griggs1 · Olya Ossipova1 · Christopher P. Kohlios1 · Alessandro N. Baccarini1 · Emily A. Howson1 · Thaier Hayajneh1 Received: 21 March 2018 / Accepted: 18 May 2018 © Springer Science+Business Media, LLC, part of Springer Nature 2018
Abstract As Internet of Things (IoT) devices and other remote patient monitoring systems increase in popularity, security concerns about the transfer and logging of data transactions arise. In order to handle the protected health information (PHI) generated by these devices, we propose utilizing blockchain-based smart contracts to facilitate secure analysis and management of medical sensors. Using a private blockchain based on the Ethereum protocol, we created a system where the sensors communicate with a smart device that calls smart contracts and writes records of all events on the blockchain. This smart contract system would support real-time patient monitoring and medical interventions by sending notifications to patients and medical professionals, while also maintaining a secure record of who has initiated these activities. This would resolve many security vulnerabilities associated with remote patient monitoring and automate the delivery of notifications to all involved parties in a HIPAA compliant manner. Keywords Blockchain · IoT · Healthcare · Smart contracts · Secure remote patient monitoring · Ethereum · PHI · WBAN · HIPAA
Introduction The rapid growth of Internet of Things (IoT) devices and wearable technology has opened up new possibilities in the realm of medical sensors, particularly for remote patient monitoring. One subset of this IoT healthcare trend is This article is part of the Topical Collection on Mobile & Wireless Health Thaier Hayajneh
thayajneh@fordham.edu Kristen N. Griggs kgriggs2@fordham.edu Olya Ossipova oossipova@fordham.edu Christopher P. Kohlios ckohlios@fordham.edu Alessandro N. Baccarini abaccarini@fordham.edu Emily A. Howson ehowson@fordham.edu 1
Fordham Center for Cybersecurity, Fordham University, New York, USA
Wireless Body Area Networks (WBANs). In a WBAN, a patient is equipped with various wearable or implanted medical devices that take real-time measurements of vital indicators, such as heart rates or glucose levels. Other devices may act as actuators, which can provide automated treatments based on the measurements taken by the sensors. All of the patient’s WBAN devices report to a master device (typically a mobile phone) which transmits the collected data to healthcare providers and provides an interactive interface for the user. This remote monitoring reduces the need for time-consuming doctor’s appointments and allows patients to go about their daily lives more freely [3]. The popularity of remote patient monitoring is rapidly growing; in 2016, 7.1 million patients around the world utilized remote monitoring as part of their health management, and the number is predicted to reach 50.2 million by 2021 [12]. Additionally, the U.S. Centers for Medicare & Medicaid Services implemented new reimbursement incentives as of January 1, 2018 that promote the use of devices with an “active feedback loop” to provide real-time monitoring [7]. As the realm of remote patient monitoring expands, concerns about efficient and secure transmission of the medical data are raised. The measurements collected