A blockchain-based framework towards privacy preserving in health data sharing

Sharing health data for research is a crucial practice to generate knowledge. In the Coronavirus pandemic, it highlights data sharing importance because of researchers around the world to exchange information to discover an efficient vaccine against the virus. A technology workable for sharing health data is the blockchain that helps to avoid fraud and can bring benefits such as immutability, non-repudiation, and reliability. At this point, healthcare organizations suffering from data leakage, failure, and cyberattacks, one of them is the re-identification attack. The re-identification attack aims to associate public records of users with finding patterns to discover their identity. Our research considers the following hypothesis: (i) techniques to mitigate privacy issues on blockchain-based systems for sharing health data; (ii) we assume that a tracking token (the hash value which key for auditing on the blockchain) into image metadata can assist to track shared images. The method used to achieve our aim comprises developing a permissioned blockchain framework with the Hyperledger Fabric for preserve privacy in shared health data. Besides, we use the anonymization techniques K-Anonymity and Differential Privacy to aggregate in the framework and mitigate privacy risks. For tests, we adopt a pilot study for sharing medical imaging in front of re-identification attacks. Our results revealed the hardware and network performance for the framework has a higher overhead. However, the results are justifiable because they bring benefits, such as non-repudiation, reliability, and privacy. We apply statistics metrics and probability function to analyze behavior of privacy variables against re-identification attacks on blockchain. Our finds related to privacy reveals that both methods have low probability of identify similar records through the entropy. The source code of the framework can be found at: <https://github.com/eriksonJAguiar/bcpshield-framework>. (AU)