MedRec

Domain: Healthcare – Electronic Medical Records

Problem identification: Patient controlled medical records

Benefits (Why Blockchain):

Through a lifespan, a person (patient) can change several medical providers (individual doctors, hospitals). Each medical provider retains records regarding his/her condition each time. This knowledge, medical information, about the patient, stays within the premises of each institution and cannot be shared in an easy way with another provider. Thus, patient’s records remain scattered across different medical providers and the access to them is limited to non-existent. The patient has no knowledge who and why has access to their data.

MedRec is trying to solve the inaccessibility and obscurity of patients’ medical data. The main benefit of this project is that it gives patients control over the distribution of their own data. Patients have control over who can access their data. This case study also provides a comprehensive, immutable log and access to medical information across providers and treatment sites.

Key problems that the project addresses are:

  • Misinformation,
  • Multiple data silos, 
  • Lack of communication between patients, providers, hospitals, and doctors,
  • Slow access to medical data,
  • Lack of system interoperability.

The system’s benefits are:

  • Patient engagement. 
  • Patient can access his/her medical data across providers in a unifying way.
  • Patient is informed of their medical history in each of their conditions.
  • Patient can easily get another opinion about a diagnosis or treatment. 
  • Patient can share his/her records with his/her family creating their family medical history.
  • Patient can easily donate his/her data to medical research. Data quality is assured.

Functional Description

MedRec is a distributed management system for medical data. It gives the patient control over the distribution of their own medical data. MedRec manages authentication, confidentiality, accountability and data sharing. 

The patient medical record is considered to be sensitive information. Any system must be very careful about how it handles this information. In MedRec, the patients’ medical records cannot be replicated to any server. The records exist only in the original location, where the data were first created. MedRec utilizes the existing medical data silos that the medical providers already have.

In MedRec, the data access and permission management is powered by an Ethereum Proof-of-Authority blockchain that utilizes Smart Contracts written in the programming language Solidity.

The default consensus mechanism for the Ethereum blockchain is the Proof-of-Work, PoW. The main drawbacks with PoW blockchains are the high cost and latency of the system transactions. Furthermore, the security on PoW blockchain depends on the number of people who maintain the blockchain (miners). Thus, the PoW blockchains provide a financial incentive to the miners, cryptocurrencies. MedRec changes the incentive from financial to trust using Proof-of-Authority as a consensus mechanism. The patients already trust the medical providers with their medical data. Therefore, MedRec chooses to use the medical providers as the group that maintains the blockchain.

There are three main Smart Contracts:

  • Agent (one for each patient): The contract describes the relationship between the patient and the providers.
  • Relationship (multiple for each patient): The contract states who has access to a specific set of patient data and where the data are stored (in which provider).
  • Agent Registry (one for each provider): The contract states IP addresses of the providers for direct communication. This contract also contains the logic which manages the authorities of the blockchain (the providers). 

The system consists of 4 components:

  • Database Manager: API written in GoLang that provides access to an underlying database. R/W access is governed by permissions stored on the blockchain.
  • Ethereum Client: a pointer to the go-ethereum codebase.
  • Smart Contracts: The Solidity contracts and their tests that are used by other MedRec components.
  • User Client: a front-facing node app that can be used by any party to interact with the MedRec system.

 MedRec utilizes Smart Contracts for its operations. Each patient is represented by a patient agent contract. Each hospital is represented by a hospital agent contact. The relationship between a patient and a hospital is represented by a relationship contract. 

The patient uses a Decentralized application (User Client) on their phone or computer to connect to MedRec. When the patient opens the application, a call is made to the Database Manager of providers that have a relationship contract with the patient. Then, the patients records are displayed on the patient’s front end.

Technology used

  • Blockchain: Ethereum PoA blockchain
  • Software: Go-ethereum client
  • Main characteristics of the chosen blockchain
    • Permissioned Public Blockchain 
    • Healthcare Providers maintain the system [Authorities]
  • Smart Contracts 
    • Available Programming Languages: Solidity, Vyper
    • Chosen Programming Language: Solidity
  • Consensus mechanism:  Proof-of-Authority
  • Key Management
    • Deterministic Keys (12-word seed for backup)

Current status

The project’s code repository is public on github, url:https://github.com/mitmedialab/medrec. This project is being developed under the GPLv2 LICENSE.

The current MedRec version is version 2. The MedRec v2.0 was released this on Jun 28, 2018.  The last commit was on Jul 16, 2019. 

Focus point commentary indicating the value of the case study in relation with learning modules

Learning Modules Focus Points
Peer-to-Peer database design Ethereum Blockchain
Encryption techniques Key Management: Recovery Mechanism (12-word seed)

Alternatives: Zero-knowledge proofs
Consensus MedRec v2 use Proof-of-Authority.

MedRec v1 use Proof-of-Work.
Digital Signatures Anonymity, pseudonymity

Alternatives: ring signatures
Smart Contracts Smart Contract Analysis
Privacy and Property Rights Anonymity:

  • Disassociate each patient identity from provider identities → Multiple ethereum accounts for Health Providers (Delegate Accounts)

Alternatives: Enigma, Zero-knowledge proofs

Privacy:

  • No medical information stored on blockchain
Blockchain-based Decentralized Applications System Architecture
Decentralized Autonomous Organizations DAOs

Limitations:

  • The medical providers must adapt to a new system (create and maintain a new infrastructure).
  • Storage inefficiency.

Alternatives Approaches:

  • MedRec v1
    • Uses Ethereum blockchain with PoW concensus. 
    • Doctors could use the medical data for research in exchange for maintain the blockchain.
  • Konfido 
    • Uses Blockchain for logging and auditing mechanisms

References

  1. A. Ekblaw, A. Azaria, J. D. Halamka, A. Lippman. (August 2016). White paper. <<A Case Study for Blockchain in Healthcare:“MedRec” prototype for electronic health records and medical research data>>.  url:https://dci.mit.edu/research/blockchain-medical-records  
  2. N. Nchinda, A. Cameron, K. Retzepi, A. Lippman. (February 2019). <<MedRec: A Network for Personal Information Distribution>>. url:https://github.com/mitmedialab/medrec 
  3. N. Nchinda. <<MedRec: Patient Centered Medical Records Using a Distributed Permission Management System>>. 
  4. Project Website url:https://medrec.media.mit.edu/
  5. Project Code Repository (github) url:https://github.com/mitmedialab/medrec 
Tags: