1. Introduction
The traditional business model of healthcare is generated by medical institutions, insurance companies, pharmaceuticals, or healthcare companies, along with patients [
1,
2]. Therefore, the value of a healthcare service is mainly focused on disease treatment with those who directly participate in the medical field, rather than health management for the general population [
3,
4].
The concept of MyData emerged as a paradigm shift in personal data management and the process of seeking to transform the current organization-centered system [
5,
6]. With the advancements in healthcare digitization, Internet of Things (IoT), wearable devices, and Artificial Intelligence (AI), further advanced analytics will empower the complementary value chain of healthcare business with a patient-centered health-management approach throughout the general population [
3,
7]. Furthermore, as the demand for healthcare shifts from being treatment-focused to disease prevention and health promotion, a self-managing environment for personal health records (PHR) for the general public has emerged [
8]. When individuals, current or potential patients, can have complete control over their own data aggregation, storage, and usage, patient-led and customized healthcare era emergence will be promoted even faster [
9,
10].
Since healthcare data, including medical data (such as treatment and drug administration information) and PHR (such as diet, exercise, and sleep information), may contain sensitive personal information, security is considered one of the most important issues; forgery and alteration must not occur during the data exchange process [
11,
12]. In this respect, blockchain technology can be applied in healthcare ecosystems, with the advantage of ensuring security as well as integrity, as data recorded in the blockchain cannot be modified [
11,
13,
14]. When applying the blockchain to the data subject’s consent in relation to personal information protection, security can be guaranteed with a private key encryption signature method and each document can be uniquely identified by a hash. It also means that once all parties have agreed, the document cannot be changed at will [
15,
16].
This study aimed to develop and demonstrate a blockchain-based MyData platform (MyHealthData) that could exchange integrity-proven health information on a dynamic consent system with self-determination for the data subject. We designed and verified the following major services through the blockchain-based platform, and standardized healthcare information: (1) Inquiry and exchange of medical records, (2) Confirming participation in clinical research, (3) Health promotion coaching using lifelog data and medical records, and (4) Private insurance automatic claims system.
2. Methods
2.1. Platform Development
Figure 1 shows the overall development of the MyHealthData platform. The platform consists of a mobile app for users, API (application–program interface) for data conversion and exchange installed in the hospital information system (HIS) or related organizations, and a relay server connected to the blockchain to relay requests between the server and the app. In order to secure data reliability, we applied Panacea [
17], a public blockchain for medical purposes, to prove the truth when transmitting medical data. The original copy of the medical data the patient collects with a mobile device is converted to a hash value before it is delivered. The hash value is then delivered to the relay server and stored in the blockchain. The hash value is used to prove the integrity of the original data.
2.2. Blockchain
The Panacea public blockchain developed by Medibloc is based on the Cosmos SDK (Software Development Kit) blockchain framework and the Tendermint consensus engine [
17]. As Tendermint implements the pBFT (Practical Byzantine Fault Tolerance) consensus algorithm and Cosmos SDK follows the DPoS (Delegated Proof of Stake) model, the Panacea has the fast-finality in that its average block time is about 2–6 s [
18,
19]. The Panacea consists of 21 validator nodes in Seoul, Tokyo and Singapore for high-availability and fault-tolerance. Each validator node bonded to some amount of MED coins in order to acquire the reasonable voting power. Whenever a new block needs to be created, all validators validate the block and transactions that are included in the block. If the block is validated with more than 2/3 of the total voting power, the block is committed to the chain. If any validator wants to violate the chain, it must acquire more than 2/3 of the total voting power. However, that is extremely unlikely to happen in reality. Since the Panacea is a public blockchain, all transactions are transparently open so that anyone can see the contents of transactions and validate them. Moreover, any token holders can delegate their MED coins to validators that they want. Thus, they can contribute to making the chain more secure without operating their own validator nodes. Additionally, the information and action history of all validators are also publicly open. The source code of the Panacea blockchain used in this study is also open to the public [
20]. For privacy protection, no information other than the hash value is recorded in the blockchain. Since Panacea does not support smart contracts, this is also not used.
2.3. API
API is a program that implements the necessary functions for users to obtain their medical data stored in the HIS through a mobile app, and is installed in a hospital network that can be accessed from the outside. The main features include user authentication to identify user information, call of the user’s health data, data encryption, hash value generation, and a signature function. The health data is converted to JSON (JavaScript Object Notation) data that complies with Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) [
21] standards for interoperability, and encrypted to communicate safely to users over the network. By using the SDK, which Medibloc offers for reliable improvement of data, the hash value and blockchain transaction of original data are created and transferred to the relay after the first signature. The insurance company that receives the data from the individual decrypts the encrypted data and queries the corresponding transaction in the blockchain, confirming the authenticity of data through a hash value comparison.
2.4. Relay Server
The relay server delivers requests and responses exchanged between the mobile app, clinics, hospitals, and third-party organizations, linking them to the blockchain. Each institution has an API for connecting with the mobile app. The relay server checks the blockchain transactions received from the mobile app or institutions, provides a second signing of the transactions, and records them in the blockchain.
2.5. Mobile App
The mobile app provides users with the ability to collect and share health data from medical institutions and built-in lifelog apps. It stores the collected data in the mobile phone, and provides a user interface that allows them to select the desired data and transmits it to medical institutions, the insurance company, and third-party institutions, or download it as a plain text file. Before transmitting the data, it is encrypted and a hash value is created to generate blockchain transactions.
2.6. Services to Users
We provided a total of four services to users through the platform developed in this study: inquiring about medical and health checkup records, health coaching, checking conditions of participation in clinical research, and claims. The study was approved by the institutional review board of the Seoul National University Hospital (H-1907-070-1047). Participants were enrolled at SNUH (Seoul National University Hospital, Seoul, Korea) and Chaum Clinic, a private clinic in South Korea.
2.7. Participants
Participants were adults aged 20 years or older who had, at some point, been treated at SNUH or had undergone national health examinations. South Korea provides mandatory biennial national health checkups for all citizens, covering nearly all forms of healthcare. For quantitative data collection, an online survey was conducted to evaluate users’ satisfaction. We explained the research to and obtained informed consent from patients who agreed to participate in the study. A total of 1228 participants were included.
2.8. User Survey
The user surveys examined perceived usefulness, perceived ease of use, and satisfaction. Perceived usefulness is a subjective belief that the productivity and efficiency of work will be increased by introducing a new technology or system. Perceived ease of use is the subjective belief that using a new system will not require much mental and physical effort. Respondents rated their level of perceived importance using a 5-point Likert scale of Strongly disagree (1), Disagree (2), Undecided (3), Agree (4), and Strongly agree (5) [
22]. The online questionnaire also included open-ended questions about the advantages and limitations of the platform. The questionnaires were administered using an online google survey form. Participants could access questionnaires through a URL and were able to complete the survey at any time or place, thereby ensuring privacy and honesty. We used a coefficient alpha (Cronbach’s alpha) to measure reliability of the survey [
23]. Cronbach’s alpha is a measure of the internal consistency of a test or scale. It is expressed as a number from 0 to 1 and the value of alpha is increased if the items in a test are correlated to each other with internal consistency [
24].
3. Results
Figure 2 shows the main flow of MyHealthData services. When the user agrees to the terms and conditions and goes through the self-verification process, the MyHealthData membership registration is completed by setting a password for using the app and entering some key information.
Data was requested from medical institutions in the form of RESTful API, received, and linked. Health information, such as health checkup results and test details, is visualized and expressed (
Figure 3 and
Figure 4).
A total of 1228 individuals signed up for the MyHealthData service (SNUH 976, Chaum Clinic 252, respectively). The criteria for service sign-up were for subscribers who performed self-authentication in the MyHealthData app. The most used service was “inquire about medical and health checkup records”, followed by “health coaching”, “check conditions of participation in clinical research”, and “claim private insurance”, respectively (
Table 1).
Users were able to download their MyData stored in SNUH from the MyHealthData app to their mobile phone. MyData was provided in json or csv file formats. Data could be shared selectively according to the needs of the users. Proof of data authenticity is verified thorough the blockchain; when healthcare data is sent through the MyHealthData app, the hash value of the data is recorded in the blockchain and proof of authenticity is confirmed by comparing hash values.
The health coaching service calculated various health care parameters (exercise amount, calories burned, exercise time, etc.) using measured lifelog data. Lifelog data was obtained in two ways. The user directly entered the anthropometric data, such as height, weight, waist circumference, and blood pressure, or obtained it by integrating information from personal mobile built-in lifelog apps, such as HealthKit [
25] (healthcare and fitness application for iOS) or S-Health [
26] (healthcare and fitness application provided by Samsung). This service reflected health needs by comparing users’ lifelog and medical data with the average population’s data. Physical activity volume and frequency could be provided to the attending physician and enabled more accurate diagnosis.
- iii.
Check conditions of participation in clinical research
The app showed the ongoing clinical trials from a list provided by the Clinical Trial Center of SNUH. Users could find out whether they could apply to a clinical trial based on their health records. Users also could figure out the eligibility criteria for each clinical trial and compare the eligibility criteria to their PHR.
- iv.
Claims through the app
Users could use the app for submitting claims to their private insurance. Receipts and medical certificates could be sent from the hospital to the app. All medical information was encrypted and stored in the app, and users could select and send the medical history which they wanted to claim.
User Surveys
A total of 976 people who participated in the study at SNUH responded to the survey from October to December 2019. For the usability test, the mean of perceived usefulness showed the highest score at 3.95 points out of 5, while the mean of perceived ease of use scored at 3.85 points (
Table 2). The reliability coefficients are 0.86 for perceived ease of use and 0.89 for perceived usefulness.
The satisfaction score for inquiring about medical treatment and health checkup records was the highest with 3.91 points out of 5, followed by confirmation of the conditions for clinical trial participation (3.85 points), health coaching (3.82 points), and the claim private insurance service (3.76 points) (
Table 3). The reliability coefficient is 0.88.
4. Discussion
We developed the MyHealthData service, a blockchain-based mobile platform that can exchange health information with proven integrity on a dynamic consent system with self-determination of the data subject. A total of 1228 people joined the service, and inquiring about medical or health checkup records was the most frequently used function. Users were able to download their own MyData that was stored in medical institutions.
MyData is a system in which the data subject proactively utilizes their personal information scattered among various institutions as a system for exercising their rights of self-determination [
5]. It is accomplished by downloading and using data owned by the person or by providing consent for third-party use [
27]. It is also possible to deposit personal information where it is needed and receive compensation for services based on that information. Since data is used as an individual’s right to self-determination, there is no need to amend the law, and it is a system that can be implemented immediately because information loss due to non-identification measures can be avoided [
28,
29]. The United States introduced the Blue Button concept in 2010, which aims to enable direct consumer access to personal medical information. If the individual consents, a single electronic file containing available health data can be downloaded [
30]. Blue Button was introduced where healthcare data is needed, such as an HIS. The Office of the National Coordinator for Health IT (ONC) is helping to develop standards and technologies so that the Blue Button service can be easily extended to various fields such as pharmaceutical companies, insurance companies, and research institutes, as well as the medical field [
30]. The European Union has promoted a Re-Health project that aims to design an integrated Electronic-PHR (E-PHR) platform that aims to store health data and related information in one electronic document [
31]. Taiwan’s National Health Insurance (NHI) has issued health smart cards to all citizens since 2001. The Integrated Circuit (IC) chip in the card stores the patient’s last six medical records, and allows the medical records to be queried through medical institutions [
32]. However, the current MyData service is limited because it cannot prove that the data has not been forged or altered [
33].
In South Korea, all medical institutions use various kinds of HISs and have developed and utilized different types of PHRs. In addition, each healthcare service provider, such as a clinic or hospital, has long been thought to own medical data. Uniquely, South Korea has a medical system based on the National Health Insurance Service (NHIS), which has been collecting billing data and general health checkup results from all healthcare service providers. However, health records are fragmented among the health care institutions that patients visit, as the EHR systems used by each institution are different and most are not interoperable [
34]. To alleviate this problem, the Ministry of Health and Welfare initiated a nationwide healthcare information exchange (HIE) project in 2017. This service electronically and securely sends and receives medical records and image data of patients who have consented to provide personal information to medical institutions for patient care. However, in the current HIE system, electronic information is generated only when the patient is referred to another medical institution; thus, it is difficult to use it in this situation as some information that is not related to HIE system cannot be utilized. In addition, the data exchanged with the HIE cannot be accessed by the patient and the data cannot be downloaded.
4.1. Improving Healthcare Interoperability
MyData can act as an alternative under these circumstances, acting as the key to patient-centric data collection. If individuals enter all their medical records in “MyData”, they will be able to store information from multiple sources in one place. This concept allows patients to manage their combined medical data through personal data storage. Therefore, it is expected that each institution, company, individual researcher, etc., using MyData, can access healthcare data more easily than when it is scattered among institutions. In addition, it will be possible to create even larger Big Data with the consent of many people. Moreover, MyData creates a cornerstone for utilizing Patient-Generated Health Data (PGHD) in the medical field, generated by the party’s activities on a mobile basis. Users can share their own lifelog data and medical records, and receive feedback or treatment through the MyData service from multiple platforms for health promotion.
4.2. Blockchain and Data Integrity
To realize personalized medicine, the most important topic of future medical care, an open ecosystem that can freely browse and distribute personal medical information should be established. However, since medical data handles sensitive personal information due to its nature, a considerable level of reliability and security is required. The use of the blockchain will greatly contribute to realizing medical innovation, as it is possible to deliver the medical information safely without falsification.
The blockchain is a distributed data storage technology based on a chain-form link in which small datasets called blocks are created in a peer-to-peer way [
35]. No one can arbitrarily modify it, but since anyone can view the result of the change, it can be used as a data-forgery-prevention technology [
35]. Medibloc is a blockchain-based open platform for medical information that enables safe integration and management of medical data scattered in various institutions and information produced through various devices, including smartphones [
17]. In this study, the MyData service using Medibloc was implemented to increase the data subject’s health data management capabilities, streamline the insurance claim process, and facilitate participation in clinical trials. In addition, it can contribute to increasing the sharing and utilization of research data, strengthening the protection of health information, securing the integrity of medical information, and reinforcing accountability traceability [
36,
37,
38].
4.3. MyData with Dynamic Consent
MyData ultimately aims for transparent and reliable data sharing. It is necessary to prepare technical tools for obtaining consents from data subjects based on various scenarios given the impact of the European Union General Data Protection Regulations’ (GDPR) regulations on explicit consent of data subjects [
39]. Therefore, it can be said that the user’s consent is at the core of utilizing MyData. The MyData model uses dynamic consent, to make people easier to understand and use [
5,
40]. Data subjects must express positive intentions for the processing of their personal information through actions, and the content of consent must be specified individually to secure user control and transparency, thus limiting the use of multiple purposes with one consent. Users can optionally consent to the use of MyData. In the MyHealthData platform in this study, users were able to selectively consent to provision of personal information. Given that MyData expands to various service items, in addition to medical institutions, it will be necessary to consider how data subjects will use dynamic consent in various fields such as insurance and pharmaceuticals in detail.
4.4. Integration of Healthcare Data
Healthcare data is currently heterogeneous, interspersed, and growing in volume, therefore it is difficult to hold and exchange the data among institutions. MyData can be an alternative. Existing healthcare databases were limited in that they lacked family tree, social capital, and environmental information. Information was also fragmented and stored in different standards, making integration difficult. In addition, it was difficult to combine lifelogs or genomic data due to the lack of personal consent. Thus, a new type of database platform is needed to enhance personal choice with personal information protection [
41]. Individuals can participate in data integration in a way that allows their own use of the data. Finnish Biobank is collecting data for health research with personal permission [
41,
42]. In addition, when integrating multi-center data using MyData, the international standard system for nomenclature and terminology, privacy, structural and semantic, and templates and technology platforms must be observed. If MyData is used for data sharing and collection, it can contribute to data integration based on standardized data. [
43]. The coordination and standardization of the MyData model is a way to increase data usability and interoperability, and continuous international cooperation and research is required [
41].
4.5. Strengths and Limitations
The strong scientific contribution of this study is that a MyData system that can prove the authenticity of data using blockchain technology was created and verified by implementing the concept of dynamic consent required by the GDPR. This study developed the MyHealthData platform and was used by 1228 large-scale participants, and conducted user surveys at the same time. Users could optionally view or download medical records as agreed, check clinical trial matching information, or claim private insurance. In the user surveys, the satisfaction with claims through app was the lowest, which might be because only one of the private insurance companies was linked in the early stages of development in 2019. As of May 2021, insurance claim services are widely used in conjunction with more than 20 insurance companies. In addition, limited information, such as prescription drugs, simple test results such as blood and urine, diagnosis names, and diagnosis codes, was provided. In the future, the data types should be expanded so that even complex and large amounts of information, such as medical images and functional tests, can be part of MyData. Issues regarding data capacity and transmission will have to be considered.