Store private healthcare data off-chain and manage medical data using blockchain

Summary

This code pattern shows you how to use Blockchain Solution Manager and Blockchain Document Store, connected with the IBM Blockchain Platform, to build an application for the healthcare industry. This app uses these services to manage user access and patient medical records data, and create a well-defined hierarchical structure of all the stakeholders. The pattern showcases the flow of the application from the point of view of the solution admin, hospital admin, doctor, and patient.

Description

Electronic medical records and data is an area in serious need of innovation. The methods that are currently used for storing and securing patient health records do not reflect the technological advancements in this area over the past decade, and hospitals continue to use age-old data management systems for patient data. This is partly due to strict regulations around the privacy and security of medical data, which has stifled the use of current technologies that can make medical data management more transparent and useful for both patients and doctors.

This code pattern showcases a medical data/access management platform that’s built using blockchain. The application shows the platform from the perspective of four different stakeholders:

  • The solution admin is the admin for a conglomerate of hospitals, and has the highest level of access in the hierarchy. They have the ability to onboard a new organization (hospital) to the conglomerate and assign/de-assign hospital admins on their dashboard.
  • The organization (hospital) admin is the admin of a particular hospital that is part of a conglomerate/solution. This admin has the ability to onboard new users with the role of either patient or doctor, as well as remove users.
  • The doctor is a user in the organization with the appropriate role who has the ability to upload documents for patients and download and view patient documents to which they have been granted access.
  • The patient is a user in the organization with the appropriate role who has the ability to upload documents on their own, view them, view document access logs, and also manage access to the documents on their dashboard.

This code pattern is for developers who want to integrate with the Blockchain Solution Manager, Blockchain Document Store, and the IBM Blockchain Platform. When you have completed it, you will understand how to:

  • Connect the Blockchain Solution Manager and Blockchain Document Store with the IBM Blockchain Platform.
  • Create a Vue.js web app with multiple dashboards on a single page application, which can communicate in real time with one another.
  • Create a Node.js server that is deployed to Kubernetes on IBM Cloud, and connected with a Redis database that’s deployed on the IBM Cloud.
  • Store and retrieve data from a Redis datastore for persitent storage through a Node.js server.
  • Make REST calls to an external service.
  • Use JSON web token (JWT) tokens for user management.

Flow

flow

Login flow

  1. All of the application’s stakeholders (solution admin, hospital admin, doctor, and patient) begin the user flow by logging into their respective dashboards.
  2. Clicking the login button leads to the login portal of the Blockchain Solution Manager, hosted on the IBM Cloud.
  3. The login portal uses OpenAPI Connect and allows the user the login through any onboarded identity provider (IDP). (In this example, we have onboarded IBMID and GoogleID.) Successful authentication leads to the JWT credentials for the user.

    Admin dashboard

  4. The solution admin flow begins at the admin component, and requires the user to authenticate themselves through the login flow described above.

  5. After successful authentication, the user can access the solution admin dashboard. They are able to view the solution and add or remove hospitals from the solution using the admin APIs.
  6. All of the admin APIs connect with the Blockchain Solution Manager through REST to process the user queries.
  7. The Blockchain Solution Manager connects with the IBM Blockchain Platform and updates the ledger appropriately.

    Organization dashboard

  8. The hospital admin flow begins at the organization component, and requires the user to authenticate themselves through the login flow described above.

  9. After successful authentication, the user can access the hospital admin dashboard. They are able to add/remove any user in their respective hospital with the onboarded roles (patient/doctor in this case) using the organization APIs.
  10. All of the organization APIs connect with the Blockchain Solution Manager through REST to process the user queries.
  11. The Blockchain Solution Manager connects with the IBM Blockchain Platform and updates the ledger appropriately.

    Doctor dashboard

  12. The doctor flow begins at the doctor component, and requires the user to authenticate themselves through the login flow described above.

  13. After successful authentication, the user can access the doctor dashboard. They are able to upload a medical record for a patient who is part of their hospital and download any medical record associated with a patient to which they have access, using the doctor APIs. The access control lists (ACLs) for all the patient documents is application level and is maintained through the document ACL flow described below.
  14. All of the doctor APIs connect with the Blockchain Document Store through REST to process the user queries.
  15. The Blockchain Document Store connects with the IBM Blockchain Platform and updates the ledger appropriately.

    Patient dashboard

  16. The patient flow begins at the patient component, and requires the user to authenticate themselves through the login flow described above.

  17. After successful authentication, the user can access the patient dashboard. They are able to upload a medical record for themselves, download any of their medical records, view the access logs for their documents, and view and manage permissions to their documents using the patient APIs. The ACLs for all of the documents is application level and is maintained through the document ACL flow described below.
  18. All of the patient APIs connect with the Blockchain Document Store through REST to process the user queries.
  19. The Blockchain Document Store connects with the IBM Blockchain Platform and updates the ledger appropriately.

    Document access control list (ACL) flow

  20. The doctor and patient components are connected with the Redis APIs that invoke methods to manage document-level access control across hospitals.

  21. The Redis APIs talk to a Node.js server deployed in a Docker container in a Kubernetes cluster on the IBM Cloud.
  22. The server talks to two Redis databases that hold the access-per-document and access-per-user permissions.

Instructions

Ready to get started? Please see the README for detailed instructions.

Ashutosh Nath Agarwal