Mobile devices have the potential to assist healthcare professionals and to help increasing the well-being of the people. These devices comprise the Internet of Medical Things but it is generally difficult for healthcare institutions to meet compliance of their systems with new medical solutions efficiently. A technology that promises to overcome the issue is the Distributed Ledger Technology through its properties of decentralization, immutability, and transparency. The work aims at giving an overview of the current state-of-the-art of the blockchain-based systems for the Internet of Medical Things, specifically addressing the challenges of reaching user-centricity for these combined systems, and so, highlighting the future potential directions.
The Internet of Medical Things (IoMT) solutions usually exploit devices like smartphones to increase the well-being of an individual. Nevertheless, what makes IoMT promising for the future is the scientific contribution that it could bring. In fact, while a patient sees a medical device as a solution to its problems, professionals (i.e., doctors, researchers) can use it as a source of data to exploit in order to discover new diseases and treatments. Thus, imagining a world equipped with IoMT solutions, the crowd could build one of the most significant opportunities for healthcare: an interplanetary dataset representing all the clinical stories of the individuals from which to learn. However, without first enable a trusted context in a trust-less scenario would imply to neglect some potential risks: health data of an individual are considered sensitive, and they should be secured in any possible way.
A typical Internet of Things (IoT) infrastructure is made up of several devices connected to the Internet able to communicate with each other. More in general, any electronic device that has the capability of interfacing with and communicating with other nodes of the Internet can be considered part of the IoT network, i.e., smartphones.
The Internet of Medical Things (IoMT) envisions a network of medical devices and people, which use wireless communication to enable the exchange of healthcare data. Thus, this specific context put into place significant issues in terms of privacy and security that need to be considered: health data are sensitive data that must be appropriately protected across the network.
If we consider Europe, all private companies and public bodies have been obliged to comply with the General Data Protection Regulation (GDPR). For what concerns health data handling, sources such as “genetic data”, “biometric data”, and “health data” must be managed carefully since these data are traced back to the sensitive category. Thus, they cannot be used without explicit consent unless for some cases (i.e., occupational medicine, health therapy, public interest). The same applies to data portability which places constraints on how data are shared.
Thus, we just highlighted how much privacy and security risks are vital factors to consider. When devices are, in fact, connected to the network for exchanging information, they represent a perfect target to hit by malicious users. This kind of scenario should be prevented in the healthcare and so, regardless of the security problems related to the device itself (i.e., software and hardware weaknesses), the main threats are represented by the network used for sharing data. As a consequence, most of the implementations are usually forced to anonymize the information, definitely impacting on data exploitability, since anonymization forces the removal of personally identifiable information that has an impact on data integrity and thus quality.
From the analysis we did, we saw that the majority of research papers prefer to use Permissioned solutions instead of Permissionless ones. This interesting fact is probably related to the opportunity represented by a permissioned and private model that offers a more flexible ledger in terms of authority. The reason to implement this model is mainly related to the possibility of keeping control of the Blockchain by a restricted number of participants, usually referred to as a consortium. However, this model is risky and it sacrifices decentralization and immutability: the consortium could have the concrete potential to modify the ledger. This consideration is particularly important for those implementations that try to reach user-centricity because if a ledger could be changed by a restricted group of participants (without considering tampering), it could not be defined as a user-centric system. Thus, this problem posed some questions to researchers that probably encouraged the introduction of decentralized storages combined with Blockchain (as IPFS) not only for scalability reasons but also for security because they constitute two different technologies.
A user-centric system is a system where users have more control and flexibility with respect to ordinary systems. In the healthcare domain, this means that patients could be able to manage and own their data entirely, making it live in their personal devices or their preferred locations.
Table 1. Evaluation of user-centricity in research papers labeled as Applicative. User-centricity is the ability of the user to own its data without the risk of tampering or loose power by consortiums decisions.
The possibility of freely sharing sensitive information between professionals and health institutions would allow a step forward for personalised medicine, taking advantage of the most advanced machine learning techniques that computer science is offering.
We saw that there are different ways of thinking on how to share data on the Blockchain: storing data in its blocks (but very difficult actually due to scalability issues); exploiting data provenance, by basically storing positions of data in the Blockchains instead of data itself; using distributed storages combined with the Blockchain, so using them as off-chain storages. In each of the solution, there is a potential to never move data across the network that could be simply accessed and used.
The review focused on the ability of Blockchain of creating specific solutions able to enable the user to be the true owner of their data. At the moment, what is evident is the increasing interest in user-centric solutions even when it is not the goal of the research. We saw that several solutions are trying to increase the level of ownership by using Permissioned solutions, sometimes owned by healthcare institutions but this is sometimes ambiguous, maybe enabling users on managing their data but finally forcing them to accept consortium rules over data management. The usage of Permissioned solutions as an impact on the usage of decentralised storages too. If the Blockchain risks to be compromised by the participants than the overall system fails to deliver immutability and so, security. Even if the user data is stored in decentralised storages this does not mean it can be considered safe: the blockchain will act as a corrupted data management layer.
In the future we would need to move the architectures from a system-centric perspective, where a user is the consumer of the application, to a user-centric perspective, where the user is more than a consumer but an active participant. We envision a world where each user physically owns data, for example, on a small device in their home or their smartphones. If these devices act as safe, decentralised storages, then every unknown entity could access easily the data stored in it, respecting rules posed by the users that are owners of what they share.
The wellbeing is the foundation for the lifestyle of a healthy individual and managing medical data could help users on better achieving the goal.
In the past the need for a large amount of data and privacy issues was weaker: the traditional method for data collection was through recordings on paper, medical science was not supported by existing technology, and there was no large amount of data available to use, leading to no explanation for several diseases. With mobile devices, it is now possible to collect a massive amount of data that could be used to deliver and discover new solutions and treatments. By introducing the Internet of Medical Things, potentially any data collected by a user could be exploited with a specific goal.
We examined in this work the contributions of the Blockchain to IoMT applications, focusing on the current challenges and vision for the future. The review aimed in particular at summarising surveys and research papers that attempt to understand the state of the industry from a practical point of view and which are the related problems that currently act as barriers for a subsequent step towards user-centricity.