Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2024 Nov 28:28:16-28.
doi: 10.1016/j.csbj.2024.11.036. eCollection 2025.

Self-sovereign management scheme of personal health record with personal data store and decentralized identifier

Tong Min Kim  1 Taehoon Ko  1   2   3 Byoung Woo Hwang  4 Hyung Goo Paek  4 Wan Yeon Lee  4   5
Affiliations

Self-sovereign management scheme of personal health record with personal data store and decentralized identifier

Tong Min Kim et al. Comput Struct Biotechnol J. .

Abstract

Conventional personal health record (PHR) management systems are centralized, making them vulnerable to privacy breaches and single points of failure. Despite progress in standardizing healthcare data with the FHIR format, hospitals often lack efficient platforms for transferring PHRs, leading to redundant tests and delayed treatments. To address these challenges, we propose a decentralized PHR management system leveraging Personal Data Stores (PDS) and Decentralized Identifiers (DIDs) in line with the Web 3.0 model. Our system features secure interoperability and personal identification masking. Interoperability is achieved through DID digital certificates for verifying PDS addresses and a dynamic access key (AK) system to minimize credential exposure. Data de-identification, including anonymization and encryption, ensures privacy and prevents unauthorized access. We developed a prototype using the Solid open-source library and Hyperledger Aries protocol. Testing showed efficient performance, with DID validations and AK generation under one second, and data operations for 500 MB-sized PHRs completing in two seconds. De-identification processes were both effective and timely. The system demonstrated the ability to manage PHRs securely, empower users with control over their healthcare data, facilitate seamless and secure data transfer between patients and medical entities, and prevent exposure of sensitive information. This approach advances decentralized PHR management, supporting improved healthcare outcomes and patient experiences in the digital era.

Keywords: Decentralized identifier; Personal data store; Personal health record; Privacy; Security.

PubMed Disclaimer

Conflict of interest statement

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Figures

ga1
Graphical abstract
Fig. 1
Fig. 1
The workflow of the proposed PHR management system utilizing a PDS Access Agent.
Fig. 2
Fig. 2
Flowchart of PDS URL verification with DID digital certificate.
Fig. 3
Fig. 3
Input and output folder structure within PDS.
Fig. 4
Fig. 4
PDS Management SW in PDS Access Agent.
Fig. 5
Fig. 5
(a) Anonymization and (b) Pseudonymization results of FHIR record.
Fig. 6
Fig. 6
Lossless image steganography into JPEG image file structure.
Fig. 7
Fig. 7
Execution time comparison of conventional and proposed mechanisms.
Fig. 8
Fig. 8
PDS address delivery methods: (a) Conventional and (b) Proposed.
Fig. 9
Fig. 9
Four de-identification procedures: (a) Anonymization, (b) Pseudonymization, (c) encryption, and (d) Concealment.
Fig. 10
Fig. 10
(a) Docker with ACA-Py API, (b) creation result of the DID digital certificate, and (c) verification of PDS URL in DID certificate.
See this image and copyright information in PMC

References

    1. Kish L.J., Topol E.J. Unpatients—why patients should own their medical data. Nat Biotechnol. 2015;33:921–924. doi: 10.1038/nbt.3340. 339 2015. - DOI - PubMed
    1. Perwej D.Y., Abbas S.Q., Dixit J.P., Akhtar D.N., Jaiswal A.K. A systematic literature review on the cyber security. Int J Sci Res Manag. 2021;9:669–710. doi: 10.18535/IJSRM/V9I12.EC04. - DOI
    1. Daniel N.F. EU Data Governance: Preserving Global Privacy in the Age of Surveillance 2022.
    1. Lähteenmäki J., Leppänen J., Kaijanranta H. Interoperability of personal health records. Annu Int Conf IEEE Eng Med Biol Soc IEEE Eng Med Biol Soc Annu Int Conf. 2009;2009:1726–1729. doi: 10.1109/IEMBS.2009.5333559. - DOI - PubMed
    1. Lee K., Lee Y., Lee J.H. Evaluating the landscape of personal health records in korea: results of the national health informatization survey. Health Inf Res. 2023;29:386. doi: 10.4258/HIR.2023.29.4.386. - DOI - PMC - PubMed

LinkOut - more resources