Blockchain-Based Decentralized Accountability and Self-Sovereignty in Healthcare Systems

  • Sachin ShettyEmail author
  • Xueping Liang
  • Daniel Bowden
  • Juan Zhao
  • Lingchen Zhang


This chapter presents a blockchain-based solution to ensure secure and convenient sharing of personal health data. With the advent of mobile and wearable technology and rising concerns about potential privacy issues and vulnerabilities in current personal health data storage and sharing systems, there is a desire for a trusted information sharing framework to ensure security and privacy of personal health data. We present a permissioned blockchain and Intel Software Guard Extensions (SGX) empowered user-centric health data sharing solution. The blockchain-based design involves anchoring the operations on records on the blockchain network, preserves the integrity of the health data and provides proof of integrity and validation permanently retrievable from cloud database. The privacy is ensured through leveraging Intel SGX’s capabilities. We present in detail how the integrated blockchain and SGX platform can ensure integrity and privacy of health data. We demonstrate how through a Web application for personal health data management (PHDM) systems, the individuals are capable of synchronizing sensor data from wearable devices with online account and controlling data access from any third parties. The protected personal health data and data access records are hashed and anchored to a permanent but secure ledger with platform dependency, ensuring data integrity and accountability. We provide results that indicate our approach provides user privacy and accountability with acceptable overhead. We discuss scalability issues and present a tree-based data processing and batching method can handle large datasets.


Blockchain Healthcare security Health data privacy Permissioned blockchain Software guard extension User-centric health data sharing Medical devices 


  1. Abdullah, N., Hakansson, A., & Moradian, E. (2017). Blockchain Based Approach to Enhance Big Data Authentication in Distributed Environment. In Ubiquitous and Future Networks (ICUFN), 2017 Ninth International Conference on (pp. 887–892). IEEE.Google Scholar
  2. Anati, I., Gueron, S., Johnson, S., & Scarlata, V. (2013). Innovative Technology for CPU Based Attestation and Sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (Vol. 13).Google Scholar
  3. Angela, S. (2018). FDA Issues Safety Communication on Availability of Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott’s (Formerly St. Jude Medical’s) Implantable Cardiac Pacemakers.
  4. Aumasson, L. (2016). Sgx Secure Enclaves in Practice: Security and Crypto Review – Kudelski Security. Black Hat USA.Google Scholar
  5. Bahack, L. (2013). Theoretical Bitcoin Attacks with Less Than Half of the Computational Power (Draft). arXiv preprint arXiv:1312.7013.Google Scholar
  6. Bastiaan, M. (2015). Preventing the 51%-Attack: A Stochastic Analysis of Two Phase Proof of Work in Bitcoin. Available at
  7. Brickell, E., & Li, J. (2011). Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation. International Journal of Information Privacy, Security and Integrity 2, 1(1), 3–33.CrossRefGoogle Scholar
  8. Callegati, F., Cerroni, W., & Ramilli, M. (2009). Man-in-the-Middle Attack to the https Protocol. IEEE Security Privacy, 7(1), 78–81.CrossRefGoogle Scholar
  9. Chen, L., & Li, J. (2013). Flexible and Scalable Digital Signatures in tpm 2.0. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 37–48). CCS’ 13. New York: ACM.Google Scholar
  10. Clippinger, J. H. (2017). Why Self-Sovereignty Matters.
  11. Courtois, N. T., & Bahack, L. (2014). On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency. arXiv preprint arXiv:1402.1718.Google Scholar
  12. Dua, G., Gautam, N., Sharma, D., & Arora, A. (2013). Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password. CoRR abs/1304.3550.CrossRefGoogle Scholar
  13. Ekblaw A, Azaria A, Halamka JD. Lippman A. A Case Study for Blockchain in Healthcare: “MedRec” prototype for electronic health records and medical research data. White Paper. 2016.
  14. Hardjono, T., & Pentland, A. S. (2016). Verifiable Anonymous Identities and Access Control in Permissioned Blockchains.
  15. Harris, P. (2016). Connected Patient Report. Salesforce Research.Google Scholar
  16. Intel. (2013). Intel Software Guard Extensions Programming Reference.
  17. Kim, M., Song, S., & Jun, M.-S. (2016). A Study of Block Chain-Based Peer-to-Peer Energy Loan Service in Smart Grid Environments. Advanced Science Letters, 22(9), 2543–2546.CrossRefGoogle Scholar
  18. Kish, L. J., & Topol, E. J. (2015). Unpatients-Why Patients Should Own Their Medical Data. Nature Biotechnology, 33(9), 921–924.CrossRefGoogle Scholar
  19. Lee, B., & Lee, J.-H. (2017). Blockchain-Based Secure Firmware Update for Embedded Devices in an Internet of Things Environment. The Journal of Supercomputing, 73(3), 1152–1167.CrossRefGoogle Scholar
  20. Liang, X., Zhao, J., Shetty, S., & Li, D. (2017a). Towards Data Assurance and Resilience in IoT Using Blockchain. In IEEE Military Communications Conference (MILCOM). Baltimore, pp. 261–266.Google Scholar
  21. Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., & Njilla, L. (2017b). Provchain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability. In International Symposium on Cluster, Cloud and Grid Computing. IEEE/ACM Baltimore, MD.Google Scholar
  22. Liang, X., Zhao, J., Shetty, S., Liu, J., & Li, D. (2017c). Integrating Blockchain for Data Sharing and Collaboration in Mobile Healthcare Applications. In 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC) (pp. 1–5), Montreal, QC.Google Scholar
  23. Matt, M. (2015). Tip of the Iceberg: FDA’s Alert to Unplug Hospira’s Drug Infusion Pumps from Clinical Networks.
  24. McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C. V., Shafi, H., Shanbhogue, V., & Savagaonkar, U. R. (2013). Innovative Instructions and Software Model for Isolated Execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP ‘13). New York: ACM.Google Scholar
  25. Merkle, R. C. (1980). Protocols for Public Key Cryptosystems. In Security and Privacy, 1980 IEEE Symposium on (pp. 122–122). IEEE.Google Scholar
  26. National Institute for Standards and Technology (NIST) and Office of the National Coordinator for Health IT. (2016). Use of Blockchain in Healthcare and Research Workshop.
  27. Paquin, C. (2013). U-prove Technology Overview v1.1 (Revision 2).
  28. Paquin, C., & Zaverucha, G. (2011). U-prove Cryptographic Specification v1. 1. Technical Report, Microsoft Corporation.Google Scholar
  29. Peterson, K., Deeduvanu, R., Kanjamala, P., & Boles, K. (2016). A Blockchain-Based Approach to Health Information Exchange Networks.
  30. Rosenfeld, M. (2011). Analysis of Bitcoin Pooled Mining Reward Systems. arXiv preprint arXiv:1112.4980.Google Scholar
  31. Sarangdhar, N., Nemiroff, D., Smith, N., Brickell, E., & Li, J. (2016). Trusted Platform Module Certification and Attestation Utilizing an Anonymous Key System. uS Patent App. 14/542,491.
  32. Thierer, A. D. (2014). The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns Without Derailing Innovation. Richmond Journal of Law & Technology, 21, 1.Google Scholar
  33. Tierion. (2016). Tierion Api.
  34. Wayne, V., Jason, B., & Shawn, W. (2016). Chainpoint: A Scalable Protocol for Anchoring Data in the Blockchain and Generating Blockchain Receipts.
  35. Yue, X., Wang, H., Jin, D., Li, M., & Jiang, W. (2016). Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control. Journal of Medical Systems, 40(10), 218.
  36. Zhang, J., Xue, N., & Huang, X. (2016). A Secure System for Pervasive Social Network-Based Healthcare. IEEE Access, 4, 9239–9250.CrossRefGoogle Scholar

Copyright information

© The Author(s) 2019

Authors and Affiliations

  • Sachin Shetty
    • 1
    Email author
  • Xueping Liang
    • 1
  • Daniel Bowden
    • 2
  • Juan Zhao
    • 3
  • Lingchen Zhang
    • 4
  1. 1.Virginia Modeling, Analysis and Simulation CenterOld Dominion UniversityNorfolkUSA
  2. 2.Sentara HealthcareNorfolkUSA
  3. 3.Center for Precision MedicineVanderbilt University Medical CenterNashvilleUSA
  4. 4.Information Engineering, Chinese Academy of SciencesBeijingChina

Personalised recommendations