A combined Blockchain and zero-knowledge model for healthcare B2B and B2C data sharing

Abstract

The two main forms of healthcare data exchange among entities are business-to-business (B2B) and business-to-customer (B2C). The former uses the electronic data interchange (EDI) technology between healthcare institutions, while the latter is usually conducted by providing web-based interfaces for patients. This research argues that both forms have inherent security and privacy weaknesses. Furthermore, patients lack appropriate transparency and control over their own Personally Identifiable Information (PII). We explore the issues of medical record exchange, analyze them and suggest appropriate solutions in the form of a new model to mitigate them. The vulnerabilities, ranging from critical to minor, include the possibility of Man-in-The-Middle (MiTM) and supply chain attacks, weak cryptography, repudiable transactions, single points of failure (SPOF), and poor access controls. A novel model will be presented in this research for healthcare data sharing which applies the best security practices. The proposed unified model will counter the listed vulnerabilities. It automates the healthcare processes in decentralized architecture by utilizing the smart contracts for B2C transactions such as medicine purchase. The model is based on the Blockchain and zero-knowledge proofs. It is made with novel controls which represent the latest advancements in cybersecurity. It has the potential of setting a new cornerstone.

Keywords:

• Zero-knowledge
• Blockchain
• healthcare
• business-to-business
• electronic data interchange
• business-to-customer
• cybersecurity
• smart cities

Disclosure statement

No potential conflict of interest was reported by the author(s).