Content uploaded by Nadeem Javaid
Author content
All content in this area was uploaded by Nadeem Javaid on Nov 04, 2019
Content may be subject to copyright.
Trusted Remote Patient Monitoring
Using Blockchain-Based Smart Contracts
Hafiza Syeda Zainab Kazmi1, Faiza Nazeer2, Sahrish Mubarak3,
Seemab Hameed2, Aliza Basharat2, and Nadeem Javaid1(B
)
1Department of Computer Science,
COMSATS University, Islamabad 44000, Pakistan
nadeemjavaidqau@gmail.com
2Department of Computer Science,
Government College Women University, Sialkot 51141, Pakistan
3Department of Computer Science, University of Lahore,
Lahore 54590, Pakistan
http://www.njavaid.com
Abstract. With an increase in the development of the Internet of
Things (IoT), people have started using medical sensors for health mon-
itoring purpose. The huge amount of health data generated by these
sensors must be recorded and conveyed in a secure manner in order to
take appropriate measures in critical conditions of patients. Additionally,
privacy of the personal information of users must be preserved and the
health records must be stored in a secure manner. Possession details of
IoT devices must be stored electronically for eradication of counterfeited
actions. The emerging blockchain is a distributed and transparent tech-
nology that provides a trusted and unalterable log of transactions. We
have made a healthcare system using blockchain-based smart contracts
which support enrollments of patients and doctors in a health center
thereby increasing user participation in remote patient monitoring. Our
system monitors the patients at distant places and generates alerts in
case of emergency. We have used smart contracts for authorization of its
devices and provided a legalized and secure way of using medical sensors.
Using the blockchain technology, forgery and privacy hack in healthcare
settings is reduced, thereby increasing the trust of people in remote mon-
itoring. We have provided a graphical comparison of costs that verifies
the successful deployment of contracts.
Keywords: Remote patient monitoring ·Healthcare ·IoT ·
Blockchain ·Smart contracts ·Privacy
1 Introduction
In recent years, fast growing popularity and extensive development in Inter-
net of Things (IoT) can be witnessed. IoT is being used in smart cities, smart
c
Springer Nature Switzerland AG 2020
L. Barolli et al. (Eds.): BWCCA 2019, LNNS 97, pp. 765–776, 2020.
https://doi.org/10.1007/978-3-030-33506-9_70
766 H. S. Z. Kazmi et al.
cars, wearables, e-business and healthcare. Considerable increase in the num-
ber of medical patients has been observed in various countries. IoT and wear-
able devices have enhanced the patient monitoring quality and a large num-
ber of patients can be monitored remotely. Remote Patient Monitoring (RPM)
allows the monitoring of patients outside the health centre thereby increasing
the patient care and decreasing the appointments time and cost. The core func-
tionality of RPM is the monitoring of patients through wearable devices and
transmission of health readings for diagnosis and treatment. Healthcare devices
are divided into the following types [1]:
•Stationary: Devices having physical location e.g., remote chemotherapy
•Embedded: Implanted devices in a body e.g., deep brain stimulation
•Wearable: Body-worn devices e.g., insulin pump
As RPM is growing world-wide, concerns about secure transmission of Electronic
Health Record (EHR) is increased. The sensitive health data can be accessed
by unauthorized parties, so there is a motivation to secure the medical data
transmission [2]. SCs are used to maintain immutable log of the transactions
being made in RPM. Automatic health notifications using blockchcin increases
trust of patients in wearing medical sensors or devices.
2 Motivation and Problem Statement
The authors of [3] used blockchain for security and privacy preservation of EHR.
The authors used private and consortium blockchains for tackling the privacy
leakage issue of sensitive health data. Private blockchain is used to store the
Protected Health Information (PHI) whereas, consortium blockchain maintains
the indexes of the health record.
The authors of [4] have proposed a model for sharing medical information
exploiting the advantages of blockchain. They have used digital signatures for
protection of medical information against forgery and unauthorized access. Med-
ical information contains record number, date, time, doctor ID, patient name,
patient address, clinical health status, certificate ID and the digital signature
of the record. The authors concluded that blockchain technology is reliable and
provides traceability for medical data sharing.
Researchers are reluctant to share their data due to protection concerns. A
mechanism for stating terms of reuse of digital content is presented in [5]. The
authors used blockchain and SCs for research data rights management. They
maintained the agreements regarding digital content between the authors and
users in order to verify the reuse of data. Externally Owned Accounts (EOA)
for protection of data are used.
The authors of [6] used data masking for data privacy and implemented IPFS
for a secure EHR. The patient data used for data masking consists of name,
age, ID, address and disease. However, they have used data masking instead of
encryption. As the data volume increases, data masking time will also increase.
Trusted Remote Patient Monitoring 767
The use of IoT devices based is increasing day by day thereby enhancing the
comfort and lifestyles. The authors of [7] have suggested the use of blockchain
technology for securing the IoT devices from tampering and unauthorized access.
However, they have used the hyperledger for implementation instead of using
ethereum platform. Hyperledger uses no cyptocurrency and the transactions are
confidential, not transparent. Moreover, they have not considered authorizing
the enterprise who made the device (manufacturer) and device user’s in order to
avoid the counterfeited actions.
Remotely monitoring the patients helps in decreasing the cost thereby
increasing the patient care outside the health centres. The increased number
of IoT devices poses various privacy and security issues in a healthcare setting
where confidentiality of patients’ information must be maintained. The authors
of [2] have used blockchain-based SCs for preserving the health data received
from medical sensors. However, they have not maintained the profiles of patients
and medical professionals that are enrolled in a health centre because of the pri-
vacy leakage issue and people will be unwilling to provide personal data. A forged
or fake device can be risky for a patient and the log of device authorization must
be maintained without involving a third party.
The problems we have identified include: personal information privacy con-
cerns and risky devices of patients.
2.1 Contributions
We have written the following blockchain-based SCs for healthcare system:
•Patients and Doctors Enrollments: The personal information of patients and
doctors is sent using EOAs due to privacy concerns.
•Patients Health Monitoring: The health data of patient is analyzed and timely
alerts are relayed to the patients, doctors and helath centres. For patients’
health tracking, we have implemented the following modular SCs:
1. Blood Pressure Monitor
2. Temperature Monitor
3. Blood Oxygen Monitor
4. Brain Inflammation Monitor
•Enterprise: This SC will be initialized by the enterprise whenever a device is
made and it will facilitate the tracking and maintenance of the device log.
•IoT Device Authorization: The log of device’s original and new custodian
records or licences are maintained along with IoT device details in a decen-
tralized manner using SCs eliminating the participation of third party.
The paper is organized as follows: Detailed literature review is given in Sect. 3.
Section 4describes the proposed methodology. The experimental results and
evaluation of the proposed work is given in Sect. 5. Finally, Sect. 6concludes
the paper.
768 H. S. Z. Kazmi et al.
3 Related Work
Authors of [3] tackled the privacy and security issues of EHR sharing using
the immutable blockchain technology. Private and consortium blockchains are
used for PHI sharing thereby increasing the privacy. The data is encrypted with
keyword search. The proposed scheme achieved better data security and control
over data access.
Medical research is increasing with an increase of medical accidents [4].
Healthcare is facing many threats like forgery, unauthorized access and record
tracking. The authors used provided verification of the proposed solution
and concluded that the medical information is reliable and traceable using
blockchain. Their data recovery function helps save the medical information
against alteration.
Electronic Medical Records (EMRs) provide a way to store a huge amount of
sensitive medical data yet it is difficult to share the personal data among health
centres due to privacy concerns [6]. Blockchain provides a secure, trustworthy and
tamper resistent maintenance of health records thereby enhancing data sharing.
It is not feasible to store a huge amount of data on blockchain so, an IPFS storage
is used to store the confidential data after masking. The solution provided data
privacy due to data masking and the blockchain resources are saved using IPFS.
Medical records are an essential element of our lives and a considerable
increase can be witnessed in the medical big data [1]. RPM is based on the
wearable sensors which is helpful in providing healthcare services to patients.
There are many risks involved in the trafer of confidential data that can be
life threatening for patients. The authors have tackled the privacy leakage issue
using blockchain and the data generated by IoT devices is made anonymous.
The authors of [7] have maintained immutable logs of the IoT devices con-
figurations. The history of modifications is stored and made available for the
administrators. The model helps enterprises in tracking the device configuration
changes using the decentralized, secure and trusted blockchain technology.
To avoid security vulnerabilities in RPM, a trackable and unchangeable trans-
actions log must be maintained. The authors in [2] have used private blockchain
to store the health record transactions. The health reading taken using sensors
are evaluated based on threshold values. Health alerts are generated and sent to
the patients and hospitals. The emerging blockchain technology helped greatly
in protecting the EHR of patients.
Protection of medical data is an important factor to be catered for smoothly
executing the medical activities. The two main data protection strategies can be
used; one is access control and other is encryption. Access control mechanisms
can be applied on locally stored data however it can be tampered on local stor-
age. The encryption of data using key has a disadvantage of losing the key in
case of patient’s death. The authors in [8] have used Sibling Intractable Func-
tion Families (SIFF) that provides a shared key. Hyperledger fabric is used for
implementation and better efficiency is achieved.
People will be unwilling to participate in a RPM system due to the privacy
hack issue. The authors in [9] have proposed a conceptual model to manage the
Trusted Remote Patient Monitoring 769
health data using the distributed blockchain technology. In traditional setting,
patients were not allowed to view or manage their own data. The proposed model
guaranteed the data integrity by allowing patients to gather PHI. Blockchain is
a peer-to-peer network that eliminates the third party. The authors of [10]have
worked on IoT-enabled WSNs and achieved efficient routing. The authors of [11–
20] have implemented blockchain in various domains like IoTs, healthcare, smart
grids and crowd sensing networks. They have concluded that blockchain is an
effective solution for data trading, remote patient monitoring, energy trading,
malicious node detection, electric vehicles and IoT service provisioning.
4 Proposed Solution
In our scenario, medical sensors are embodied on patient’s body and the health
readings are sent to the specific SC via an master device i.e., a smart phone.
The patient profiles are managed by health centre using SCs. Patient’s health
status is analyzed according to the data being received. Health data is stored on
a decentralized IPFS storage. Patients and doctors are able to register or enrol
themselves using the master device. The health centre is in charge to authorize a
patient for a doctor. Additionally, IoT device possession details are also recorded
in SCs. Whenever an enterprise manufactures a device, SCs are made by both
the enterprise and the patient who takes possession of the device. The main SCs
named patient monitoring, enrolments, enterprise and IoT device authorization
are discussed below in detail.
4.1 Enrollment
Health centre initializes enrolments SC on the blockchain for initiating the doc-
tors and patients’ registrations. The enrolments contract consists of enrolment,
modification and authorization functions. As shown in Fig. 1, health centre entity
generates a public and a private key. Then, it posts the SCs address on the
smart phone for patients and doctors to get registered easily in a secure way.
The patient and doctors register in a health centre using their own EOAs via
SCs address using addpatient() and adddoc() functions. The information taken
from patient and doctors includes id, name, address and age and is made secure
using EOA due to privacy concerns. Personal information is made private so
that patient and medical assistants do not suffer from confidential information
theft. In this way, patients and doctors will not be reluctant to enroll themselves
due to the fear of privacy leakage and participation in the health system will be
increased. The enrolments contract also allows the modification of information
of both patients and doctors using modifypatient() and modifydoc() functions.
Also, only a specific doctor is allowed to check the health status of a patient.
The health centre maintains a list of doctors and can authorize and deautho-
rize a doctor from monitoring a patient’s health using authorize() and deautho-
rize() functions. Patients can view their information and authorized doctors by
means of EOA. The enrolment, modification and patient authorization details
770 H. S. Z. Kazmi et al.
can be seen or retrieved by patientdetails(),doctordetails(),authorizedpatientde-
tails() and deauthorizedpatientdetails() functions in enrolment SC.
4.2 Patient Monitoring
For patients’ monitoring, data received from the smart device is handled by the
main SC named as HealthContractCaller. Then, the main patient monitoring
or HealthContractCaller contract creates a specific contract for every individual
device it is getting data from. The main contract is like a container that orga-
nizes and creates links among all devices and relevant subcontracts for patient
monitoring as shown in Fig. 1. Authorized doctors are allowed to access patients’
information and will be able to change thresholds for monitoring purpose.
For instance, if the smart device receives blood pressure data from a patient’s
body sensor, the data will be sent to HealthContractCaller and subsequently,
BloodPressureMonitor() function will be called for patient monitoring. Minimum
and maximum blood pressure values will be sent by the device to this function
and an object is created by this function. Then, the individual sub contract
Blood Pressure Monitor will pass these values to its analyze() function in order
to evaluate the received data. Response upon the incoming data is generated
by subcontracts instead of regulating it to the main contract. If the analyze()
function returns any other value other than zero (0) or “OK”, then an alert
(e.g. high/low blood pressure) is sent to the patient, doctor and health centre
for treatment. The subcontracts we have used to monitor patient status include:
Heart Rate Monitor, Glucose Monitor, Blood Pressure Monitor, Temperature
Monitor, Blood Oxygen Monitor and Brain Inflammation Monitor. The moti-
vation of modular contracts i.e., Heart Rate Monitor and Blood Sugar Level is
taken from [2]. Whereas, we have proposed the use of other four subcontracts.
The stated subcontracts analyse the real time heart rate, sugar level, fever, oxy-
gen level in blood and brain inflammation measured using the body sensor of
the patient based on specific threshold values. These modular contracts provide
uncomplicated, trouble-free and simple maintenance. These modules will allow a
customized structure where any subcontract for a specific device can be changed
without changing the functionality of others.
4.3 Enterprise and Device Authorization
There are two types of SCs for device authorization, one is of the enterprise and
other is of the device custodian. Here, IoT device refers to the wearable body
sensor of the patient. The patient having that IoT device is referred as custodian
of the device. Device must be registered and the custody must be recognised. The
patient who buys a device must get registered and the device credentials must
be legalised. In traditional systems, the contracts were made by involving a third
party e.g., a bank. However, third parties are run by people that can be deceitful.
We have established device credential management by removing the third party
through SCs. The original custodian or the enterprise who manufactured the
device make a SC named newdevice() after the production of device as shown
Trusted Remote Patient Monitoring 771
PaƟent Monitoring
PaƟent and Docto r
Enrollments
IoT Devic e
Enterprise
Smart Contracts
Health Centres
Doctors
Health Alert
Device
InformaƟon
Body Sensors
Publis h SC Address
Enroll using EOA
Master
Device
Enroll using EOA
Health Readings
Get SC Address
Get SC Address
Health
Readings
Enrollments
Data
Device
Details and
Transfer
Health Alert
Device Deta ils and Transfer
Device
Manufactured
Enterprise
Enrollments
Data
PaƟent
Fig. 1. Blockchain-based healthcare system
in Fig. 1. Whenever a patient buys that medical device, it must make a contract
to get registered as the custodian of device. The device custodian also initiates
a SCs and stores device information like device name and device description. In
this way, device management will be done by the patient. The device custodian
can set access conditions and transfer the device possession to other parties in a
decentralized manner. The transfer of possession function changes the possession
using the current (registered) and new custodian (to be registered) address and
change the credentials of the device. The updated IoT device and custody details
will also be sent to the health centre.
5 Results
The specifications of the system used are: CPU@1.61 GHz, 8 GB RAM, 64 bit
operating system and X64-based processor. We have used ethereum platform
and solidity language for writing our SCs. The contracts are made operational
on the private blockchain using ethereum protocol. We have used open source
web browser environment Remix to test, debug and deploy our SCs. Metamask
browser extension is used for connectivity to distributed web.
Whenever an ethereum transaction takes place on the blockchain, two types
of costs are associated with it; one is the transaction cost and the other is
execution cost. The blockchain network has the potential to increase trust by
reducing the transaction costs because of its decentralized nature with no third
party involved.
772 H. S. Z. Kazmi et al.
•Transaction cost: It includes the cost of data being sent, operations being
performed and the storage of contract. Transaction cost is determined by
gasUsed×gasPrice where gasPrice is specified by the user and gasUsed refers
to the total gas used for operations.
•Execution cost: This cost refers to the storage of local and global variables as
well as the processing power for calculations.
Figure 2shows the transaction and execution costs of all SCs. SCs are shown
on the x-axis and their gas consumption on y-axis. Enrollment of patients and
doctors shows the costs about 2692790 gas and 1986938 gas in transaction and
execution of the contract. Monitoring and IoT device SCs cost less gas as com-
pared to other contracts because the number of inputs fed to the monitoring
contract are less than the inputs fields given in enrolments. More gas consump-
tion in enrolments depicts a huge internal storage because the more data sent
to the contract, the more cost it takes. Enterprise contract deployment took
1308577 as transaction and 950029 as execution cost. Less costs are recorded in
the deployment of IoT device and monitoring contracts that shows that these
contracts are logically less complex.
Fig. 2. SCs deployment
Figure 3shows the subcontracts being called by the main monitoring contract
on x-aix and the gas consumption on y-axis. The reason behind the deployment of
six subcontracts is to check the amount of gas consumption for patients having
more than 2 body sensors. These modular contracts cost less than the main
contract because breaking the contract up into subcontracts decreases the cost
during interaction. There is a slight difference in all contracts costs because the
modular concept makes the computation simple and the data types used in all
modular contract are almost same. However, the subcontract consuming the
Trusted Remote Patient Monitoring 773
Fig. 3. Patient monitoring modular SCs deployment
Fig. 4. Enrollments functions costs
least transaction and execution gas is due to the reason that instances are using
uint type instead of expensive types. This saves the blockchain from expensive
storage of variables in terms of gas for a transaction.
Figure 4displays the costs of transaction and execution made by all func-
tions of the enrolment SC. Adding the doctors and patient information cost
about 236109 and 235845, respectively which is relatively high as compared to
the costs of transactions in other functions. The execution costs of adding doctor
774 H. S. Z. Kazmi et al.
Fig. 5. IoT device functions costs
and patient are recorded as 209333 and 209069, respectively. The reason behind
high costs is that the larger transactions require a huge amount of fee. Trans-
action costs of authorization, deauthorization, doctor modification and patient
modification are 45832, 15788, 54365 and 54541, respectively. Execution costs of
these four functions are 21744, 6700, 27589 and 27765. These functions consume
less gas because smaller transactions are simpler to validate and consequently,
consume less gas.
Figure 5displays the gas consumption by IoT device contract where the
device contract is created and the possession is transferred from one custodian
to the other. When the possession is transferred, new owner will be allowed to
change the description of the device. The details are updated costing 30021 and
25357 transaction and execution fee. The possession is successfully transferred
consuming 27398 transaction gas whereas the failed transaction ended up con-
suming 23164 transaction cost. When the transfer is successful, the execution
cost is recorded as 5710 and if the same owner registers for the device again, the
transfer is failed consuming 484 execution costs.
6 Conclusion and Future Work
Remote medical care rapidly increasing with an increase in the use of IoT devices.
For improved health services, only the transfer of health status and patients
personal information is not enough rather an immutable record should be main-
tained. We have used blockchain for a secure and permanent log of health and
personal data of patients. The unchangeable nature of blockchain enables us to
keep track of unauthorized alterations to healthcare system. We have written SCs
using ethereum and provided patients and medical professionals with a secure
way of enrolling themselves in a health centre. The health centre maintains the
Trusted Remote Patient Monitoring 775
list of enrolled patients and authorizes them to medical assistants for treatment.
The medical device custody is verified through SCs and enabled the device cus-
todian to transfer the possession of device to other patients. The results show
the costs of all smart contracts and verify the successful deployment of the con-
tracts. For the future work, we aim to implement prescription review system in
which patients will be able to give reviews on doctor’s prescription. This system
will help the hospitals to get an idea of the reputation of the doctors. We will
also give a secure solution for medical data storage because blockchain is not
suitable for a huge amount of storage.
References
1. Dwivedi, A.D., Srivastava, G., Dhar, S., Singh, R.: A decentralized privacy-
preserving healthcare blockchain for IoT. Sensors 19(2), 326 (2019)
2. Griggs, K.N., Ossipova, O., Kohlios, C.P., Baccarini, A.N., Howson, E.A., Haya-
jneh, T.: Healthcare blockchain system using smart contracts for secure automated
remote patient monitoring. J. Med. Syst. 42(7), 130 (2018)
3. Zhang, A., Lin, X.: Towards secure and privacy-preserving data sharing in e-health
systems via consortium blockchain. J. Med. Syst. 42(8), 140 (2018)
4. Han, S.H., Kim, J.H., Song, W.S., Gim, G.Y.: An empirical analysis on medical
information sharing model based on blockchain. Int. J. Adv. Comput. Res. 9(40),
20–27 (2019)
5. P˜anescu, A.T., Manta, V.: Smart contracts for research data rights management
over the ethereum blockchain network. Sci. Technol. Libr. 37(3), 235–245 (2018)
6. Wu, S., Du, J.: Electronic medical record security sharing model based on
blockchain. In: Proceedings of the 3rd International Conference on Cryptography,
Security and Privacy, pp. 13–17. ACM, January 2019
7. Koˇsˇ
t´al, K., Helebrandt, P., Belluˇs, M., Ries, M., Kotuliak, I.: Management and
monitoring of IoT devices using blockchain. Sensors 19(4), 856 (2019)
8. Tian, H., He, J., Ding, Y.: Medical data management on blockchain with privacy.
J. Med. Syst. 43(2), 26 (2019)
9. Rahmadika, S., Rhee, K.H.: Blockchain technology for providing an architecture
model of decentralized personal health information. Int. J. Eng. Bus. Manag. 10,
1847979018790589 (2018)
10. Awais, M., Javaid, N., Imran, M.: Energy efficient routing with void hole allevi-
ation in underwater wireless sensor networks. MS thesis, COMSATS University
Islamabad (CUI), Islamabad 44000, Pakistan (2019)
11. Mateen, A., Javaid, N., Iqbal, S.: Towards energy efficient routing in blockchain
based underwater WSNs via recovering the void holes. MS thesis, COMSATS Uni-
versity Islamabad (CUI), Islamabad 44000, Pakistan (2019)
12. Naz, M., Javaid, N., Iqbal, S.: Research based data rights management using
blockchain over ethereum network. MS thesis, COMSATS University Islamabad
(CUI), Islamabad 44000, Pakistan (2019)
13. Javaid, A., Javaid, N., Imran, M.: Ensuring analyzing and monetization of data
using data science and blockchain in loT devices. MS thesis, COMSATS University
Islamabad (CUI), Islamabad 44000, Pakistan (2019)
14. Kazmi, H.S.Z., Javaid, N., Imran, M.: Towards energy efficiency and trustfulness
in complex networks using data science techniques and blockchain. MS thesis,
COMSATS University Islamabad (CUI), Islamabad 44000, Pakistan (2019)
776 H. S. Z. Kazmi et al.
15. Zahid, M., Javaid, N., Rasheed, M.B.: Balancing electricity demand and supply in
smart grids using blockchain. MS thesis, COMSATS University Islamabad (CUI),
Islamabad 44000, Pakistan (2019)
16. Noshad, Z., Javaid, N., Imran, M.: Analyzing and securing data using data science
and blockchain in smart networks. MS thesis, COMSATS University Islamabad
(CUI), Islamabad 44000, Pakistan (2019)
17. Ali, I., Javaid, N., Iqbal, S.: An incentive mechanism for secure service provision-
ing for lightweight clients based on blockchain. MS thesis, COMSATS University
Islamabad (CUI), Islamabad 44000, Pakistan (2019)
18. Khan, R.J.H., Javaid, N., Iqbal, S.: Blockchain based node recovery scheme for
wireless sensor networks. MS thesis, COMSATS University Islamabad (CUI),
Islamabad 44000, Pakistan (2019)
19. Samuel, O., Javaid, N., Awais, M., Ahmed, Z., Imran, M., Guizani, M.: A
blockchain model for fair data sharing in deregulated smart grids. In: IEEE Global
Communications Conference (GLOBCOM) (2019)
20. Rehman, M., Javaid, N., Awais, M., Imran, M., Naseer, N.: Cloud based Secure
Service Providing for IoTs using Blockchain, in IEEE Global Communications
Conference (GLOBCOM) (2019)