Date of Publication

12-12-2022

Document Type

Bachelor's Thesis

Degree Name

Bachelor of Science in Computer Science major in Network and Information Security

Subject Categories

Computer Sciences | Databases and Information Systems

College

College of Computer Studies

Department/Unit

Computer Technology

Thesis Advisor

Katrina Ysabel Solomon

Defense Panel Chair

Marnel S. Peradilla

Defense Panel Member

Fritz Kevin S. Flores
Gregory G. Cu

Abstract/Summary

Electronic Health Records (EHRs) are faced with both confidentiality breach and accessibility problems. EHR systems with mediocre security can be vulnerable to malicious attacks that might lead to sensitive healthcare data being accessible to unauthorized users. In order to protect the privacy and confidentiality of EHRs against malicious attacks, existing state-of-the-art security mechanisms of EHR systems cause difficulty of access in the records of patients as well as in the sharing process among healthcare players and peers. Integrating blockchain technology into EHRs can improve both accessibility and security of the EHR. However, most public blockchain implementations have limitations when it comes to preserving the privacy and confidentiality of the medical data inside the EHR during data sharing. In this work, an Application Programming Interface (API) with secure sharing functionalities to an existing public blockchain framework as a means to strengthen the privacy and confidentiality of healthcare data upon sharing was developed. The API allows for user registrations with designated roles, record additions, and secure sharing of said records with other users. The study focused on a specific type of EHR, particularly immunization records, and implemented a blockchain-based on BHEEM, a blockchain-based framework for securing health records. Additionally, the study implemented a suitable cryptographic algorithm, AES on the implemented existing framework to strengthen privacy and confidentiality when sharing immunization records. The API was tested for its functionalities: access permission, record sharing, and record retrieval through the use of a client application on a web application wherein the researchers were able to conclude that the API functionalities are working as intended. Additionally, a simple application that utilizes the API was also tested for its security with the use of OWASP ZAP, which resulted in finding five alerts with varying degrees of risk levels. Overall, the developed API was able to utilize blockchain technology for healthcare and provide a secure way of sharing sensitive data by using a combination of access control permissions and cryptography. However, the use of blockchain technology has its disadvantages as well, particularly on the smart contract’s limitation on the number of variables allowed to be processed in a transaction limits the information that can be stored in the blockchain, and its immutability with erroneous inputs. The possibility of using databases alongside blockchain could be a better system implementation that harnesses the strengths of both technologies to create a better overall system.

Abstract Format

html

Language

English

Physical Description

105, 18 leaves

Keywords

Application program interfaces (Computer software); Medical records--Data processing; Information storage and retrieval systems--Medical records; Blockchain (Databases)

Upload Full Text

wf_yes

Embargo Period

12-12-2023

Share

COinS