Distributed storage of permissioned access healthcare patient data using IPFS and blockchain

Problem to solve: reliable and secure storage of patient data; storing and keeping trace of large binary files (e.g. x-ray scans) via blockchain; tracking changes.

Problem description: in healthcare IT infrastructures and software solutions there is a challenge of storing and retrieving large binary objects such as x-ray scans, high resolution photographs, audio / video recordings, test results etc that may be related to patient data or some other binary data generated during internal operations of a healthcare institution. There are limitations and impediments to storing these data objects in the cloud and/or allowing the access to 3rd parties due to confidentiality, privacy and security regulations. Storing files locally also requires high level of security and compliance as well as creates risks of data loss and often makes the data less accessible due to limiting factors of local IT infrastructure and/or administrative human resources. Data loss risks and data accessibility limitations are often more of a concern with healthcare data as healthcare infrastructures often use less advanced file storage technology compared to consumer and standard corporate application – a result of tighter regulation and higher patient data privacy concerns. At the same time there is a need and requirement to store, track and trace the data with full audit log of all operations (also see our “Better traceability via blockchain in Healthcare applications” article) while keeping it secure and preferably distributed.

Dappros solution:

Decentralised & Secure storage: decentralised encrypted patient data storage based on IPFS ensuring protection against server failure

• Unified patient record database identification and format
• Data is distributed across multiple hospitals, or different geographical locations of the same hospital /  institutional network
• Audit trace of any changes and updates reflected in immutable private blockchain. Can be shared with consortium and/or auditors
• Supports large files as well such as X-ray / fMRI scans and allows to sync them similarly to BitTorrent / Dropbox / Box sync
• No central architecture. The loss of any server or workstation does not mean the loss of any patient data, as long there is there are other nodes left in the network running IPFS database
• Fully protected and encrypted

The solution combines the full transparency and traceability of data storage and access operations (powered by blockchain) with high grade security and encryption.

Multi-signature access lock (powered by blockchain smart contracts)

The optional multi-signature access system allows for safer distributed storage of patient data. Consider, for example, a system where patient data can be securely stored in a distributed cloud across multiple clinics, hospitals and practices belonging to the same data sharing network. There is no need to send patient’s record or a scan over insecure channels or restrict such access. Instead, the blockchain and IPFS powered distributed file storage system automatically syncs all data between all nodes in the network, meaning each workstation has access to the same “data lake”. There is no need to request a scan or a record on ad-hoc basis. The data however remains secure being stored in encrypted form. It can only be accessed and decrypted where correct cryptography key or a combination of keys are present. Multi-signature access lock is possible where patient’s data can only be accessed and unlocked where both private keys of the patient and the healthcare network are present. As it is explained in detail in our healthcare operations traceability powered by blockchain article, blockchain allows for automatic tracking of all operations and events around patient’s records and related binary data. Dappros Platform API and blockchain, for example, implements a blockchain log of access to the IPFS storage objects. This allows for interesting and customer friendly scenarios where patient remains in full control when their data is being unlocked and accessed. Once again, by design of blockchain, IPFS, multi-signature smart contracts and the underlying cryptography involved, the patient can be in full control and in the know of when their data is unencrypted and accessed. The same can be applied to any internal or external data control and information officers overseeing the ePHI (electronic Patient’s Health Information) storage & access compliance.

Distributed storage of encrypted patient data (powered by IPFS)

By design the IPFS technology integrated along with blockchain as part of Dappros Platform is a distributed file system. This means the files get synchronized across nodes of the network with a desired replication factor. This, in turn, increases the security of the data against data loss and data corruption. Storing multiple copies of the same file physically achieves better chances of this data staying intact and being persistently available for users and processes. As explained above, however, the security of the data does not suffer as encryption and cryptographic key-based access are the core parts of the system architecture.  his does not require additional complex infrastructure as Dappros Platform automatically enables smooth operation of blockchain nodes and IPFS nodes at each instance of the system. Practically this means the more servers or workstations are running the system, the more secure the system is and the more storage is available for the data. Effectively this is like an internal peer-to-peer file storage system, with powerful encryption and blockchain being integral parts of the solution.