JMIR Publications

ABSTRACT

Background:

With the recent use of information technology in healthcare, various eHealth data are increasingly being collected and stored by national health agencies. Because these eHealth data can advance the modern healthcare system and make it smarter, many researchers want to utilize such data in their studies. However, utilizing eHealth data brings about privacy and security concerns. The analytical environment that supports healthcare research must also consider many requirements. For these reasons, countries generally provide research platforms for healthcare, but some data providers (e.g., patients) are still concerned about the security and privacy of their eHealth data. Thus, a more secure platform for healthcare research that guarantees the utility of eHealth data while focusing on its security and privacy is needed.

Objective:

This study aims to implement a secure research platform for healthcare than previous healthcare research platforms have offered. In particular, this study proposes a more secure research platform than previous healthcare research platforms. Our proposal utilizes attribute-based encryption to ensure the privacy and security of eHealth data in an open environment. In addition, in our proposal, platform administrators can perform appropriate follow-up and monitoring via private blockchain.

Methods:

We first conduct a literature review of the state-of-the-art technologies intended for healthcare research platforms. Then, security requirements (SRs) related to these research platforms are defined, and a secure collaborative platform for healthcare research is then proposed. Finally, we implement our proposal to prove its feasibility along with case studies of detecting illegal users.

Results:

This study defined major security threats and five SRs for a secure healthcare research platform. We also performed case studies for illegal users’ detection via the implemented platform based on specific scenarios about the threats. As a result, the platform detects illegal users appropriately via the security agent. Furthermore, in the empirical evaluation of massive data encryption (e.g., 100,000 rows with three sensitive columns within 46 columns) for column-level encryption, full-encryption after column-level encryption, and full decryption including column-level decryption, our approach achieved about 3 min, 1 min, and 9 min, respectively. In the blockchain, average latencies and throughputs in 1Org with 2Peers reach about 18 s and 49 TPS (read mode) and about 4 s and about 120TPS (write mode), respectively, in 300TPS.

Conclusions:

Our proposal enables flexible and fine-grained access control as well as ensures the security and privacy of eHealth data. It also provides non-repudiation and accountability through the blockchain. Therefore, we believe that our proposal provides a sufficiently secure environment for the utilization of eHealth data in healthcare research.