DIGITAL HEALTH IDENTITY WITH BLOCKCHAIN

Carvalho, Frederico Pinto

http://hdl.handle.net/10400.8/12767

Use this identifier to reference this record.

Name:	Description:	Size:	Format:
[TESE]_DIGITAL_HEALTH_IDENTITY_WITH_BC_FredericoCarvalho_2220656_vF.pdf		22.19 MB	Adobe PDF	Download

Send Feedback

Authors

Carvalho, Frederico Pinto

Advisor(s)

Maximiano, Marisa da Silva

Gomes, Ricardo Jorge Pereira

Abstract(s)

The increasing demand for innovative healthcare systems and efficient information management has pushed institutions and private consortia to explore decentralized solutions to safeguard patients’ sensitive information. These solutions aim to enhance privacy and allow controlled access to specific entities requesting patient data. One of the key technologies explored to address these challenges is blockchain, which offers a decentralized, secure, and user-centric approach to managing digital health information. The major problem this work addresses, revolves around two critical aspects: identity management and access management. In traditional healthcare systems, the risk of identity exploits, personification, and linking patient data to identifiable individuals through mining algorithms poses a significant threat to patient privacy. Data mining techniques can aggregate and correlate health records with specific patients, even without direct identifiers, leading to breaches in privacy and unauthorized disclosure of patient information. The goal of this work is to develop a system that prevents such identity exploitation, ensuring that the identity behind the patient cannot be discovered nor connected to their health data. On the access management side, the challenge is ensuring that patients have full control over their health data. The system must allow patients to securely grant or revoke access to their data, while ensuring that even sophisticated mining algorithms cannot infer the ownership or identity behind the data, nor decrypt it without explicit authorization. This ensures that patient data remains private and secure, accessible only by authorized healthcare providers, and that no unauthorized third party can exploit the data for research or other purposes without consent. The objective of this work is to develop a decentralized and privacy-preserving system for managing patient data, enabling secure sharing of information between patients and healthcare providers. This system leverages blockchain technology, smart contracts, and Zero-Knowledge Proofs to ensure that patients maintain full control over their data while preventing unauthorized data aggregation, analysis, or decryption. To achieve these goals, this work involved the study of existing blockchainbased solutions, evaluating their feasibility for healthcare data management. Three potential approaches were considered for managing identity and resources. After thorough analysis, Zero-Knowledge Proofs were selected as the most suitable solution due to their ability to provide privacy-preserving mechanisms without revealing sensitive information. The implementation of the solution was followed by rigorous testing and validation to ensure its functional accuracy and alignment with privacy objectives. The results of this work demonstrate a proof-of-concept implementation that successfully integrates blockchain technology with Zero-Knowledge Proofs, allowing secure, patient-controlled data access while protecting against unauthorized data mining and ensuring the privacy of the patient’s identity. Central to this solution is the development of a "Data Sharing Agreement," which addresses the access management issue by enabling patients to selectively grant healthcare providers access to their medical data. Further studies are encouraged to integrate this solution into real-world healthcare systems, addressing scalability and operational challenges.