Blockchain is a disruptive technology for shaping the next era of a healthcare system striving for efficient and effective patient care. This is thanks to its peer-to-peer, secure, and transparent characteristics. On the other hand, cloud computing made its way into the healthcare system thanks to its elasticity and cost-efficiency nature. However, cloud-based systems fail to provide a secured and private patient-centric cohesive view to multiple healthcare stakeholders. In this situation, blockchain provides solutions to address security and privacy concerns of the cloud because of its decentralization feature combined with data security and privacy, while cloud provides solutions to the blockchain scalability and efficiency challenges. Therefore a novel paradigm of blockchain-cloud integration (BcC) emerges for the domain of healthcare.
1. Introduction
The healthcare domain has been revolutionized over the last century by technological advancement
[1]. This revolution aims to improve the diagnosis of diseases and their causes, quality of medical supplies, medical treatment, and to establish prevention plans on a global scale. The traditional client/server-based healthcare systems
[2,3,4,5,6][2][3][4][5][6] suffer from security and privacy issues and lead to scattered patient’s medical history delaying patient treatment
[7,8][7][8]. Moreover, a patient needs to repeat medical tests when moving to another hospital. This increases the cost and time to the patient, and affects the patient’s health due to repeated exposure to tests, such as X-rays and MRIs, that may develop side effects
[9]. In addition, healthcare organizations are required to install and maintain infrastructure with up-to-date functionalities while complying with healthcare standards and regulations for the management of Electronic Health Records (EHRs). This leads to a high total cost of ownership. To address, these limitations of the client-server-based approach, the on-premise database migrated to cloud where the health records are maintained by a cloud service provider.
Cloud computing
[10] allows convenient and on-demand network access to a shared pool of configurable computing resources. Motivated by the pay-as-use cloud model, medical organizations use cloud computing to manage electronic health records (EHRs), reducing the cost of ownership. The five-year cost of $11 million for an on-premise healthcare system can be reduced to $3.2 million using cloud. This also reduces the infrastructure set-up time from 16-week to 1-week (Healthcare system cost reduction using cloud-based approach:
https://ehrintelligence.com/news/how-cloud-ehr-reduces-operating-costs-increases-computing-power, accessed on 27 May 2021). In addition, cloud provides efficient health records’ access to multiple healthcare providers from a shared storage improving patient care. The number of health records is increasing at a rapid pace with the introduction of smart healthcare and IoT with biosensors for personalized patient-centric healthcare. The scalability and elasticity features of cloud computing aid in health records management, which requires powerful computing and large storage, for near real-time patient care. However, a cloud-based system suffers from the issues of security and privacy. Security issue refers to data integrity where the health records are under a constant threat of being modified. Privacy refers to the problem of unobservability, also known as data leakage, in which the patients’ health records are being used without any track
[11].
Recent years have witnessed the Blockchain revolution paving the way towards its adoption by many application in the health domain, such as health records management
[12,13,14,15[12][13][14][15][16],
16], medical supply chain management
[17[17][18],
18], and medical insurance claims
[19,20][19][20]. The characteristics of blockchain make it a great potential for providing a patient-centric healthcare system, involving health stakeholders such as the patients, health professionals, insurance providers, pharmaceutical firms, and health governmental authorities.
From the technical aspect, blockchain is a peer-to-peer distributed system, which enables users to maintain a ledger of transactions that is replicated over multiple user servers
[21]. The architecture allows all the network participants, i.e., health stakeholders, to verify and process health data transactions without the need for a trusted third party. In addition, the data stored in the blockchain is immutable, i.e., once the data is stored it cannot be modified or deleted, leading to enhanced security. This immutability enables audit trail, bringing in accountability, adding trust to the system, and alleviating privacy concerns
[22,23][22][23]. These distinctive features of blockchain have triggered its wide adoption for health records management to address security and privacy issues, while providing access to patient’s health history to multiple stakeholders for patient-centric health services. However, blockchain poses scalability issues as the network grows
[24] and consequently more hardware and human resources have to be provisioned for the operation and maintenance of the blockchain platform, thus increasing the health organization’s on-site cost. Moreover, blockchain suffers from the issues of high energy consumption (Bitcoin mining consumes more electricity a year than Ireland:
https://www.theguardian.com/technology/2017/nov/27/bitcoin-mining-consumes-electricity-ireland, accessed on 27 May 2021 and Bitcoin energy consumption index:
https://digiconomist.net/bitcoin-energy-consumption, accessed on 27 May 2021) adding to blockchain operational cost.
2. Background and Motivation
2.1. Background
2.1.1. Cloud Computing
Cloud computing technology offers a shared pool of configurable hardware resources and software services over the Internet
[10]. These resources can be speedily allocated and released without the system administrator’s intervention. Cloud computing is mainly characterized by on-demand service, rapid elasticity, pay-per-use model, and multi-tenancy. shows the general overview of the cloud system architecture. The architecture consists of (1) cloud consumers that are individual users (patients and allied healthcare professionals) and/or organizations (hospitals) that uses the cloud services, (2) cloud broker that enables the communication between the cloud consumers and the cloud, and (3) cloud entity that makes the cloud services available to the consumers. The cloud consists of three layers: (1) physical resource layer, (2) resource abstraction and control layer, and (3) service layer. The physical layer consists of the hardware resources for processing, storage, and networking, and the facility resources for cooling, ventilation, power, and supply. The resource abstraction and control layer consists of the system components that enable access to the physical resources through a software abstraction. Abstraction components include virtual computing and virtual storage elements. This layer is also responsible for the efficient allocation and usage monitoring of the physical resources. The service layer consists of the interfaces required to access the cloud services. These services by the cloud are classified into Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). SaaS makes software available remotely to multi-tenant users as a web-based service, google mail for example. PaaS provides the environment and tools required to develop web-based applications, Amazon Web Services for example (Amazon Web Services (AWS) - Cloud computing services:
https://aws.amazon.com/, accessed on 27 May 2021). IaaS offers virtualized hardware hosted in cloud data centers to the end-users for operations. The hardware involves storage, computing servers, and network components. NTT communications (NTT communications:
https://www.ntt.com/en/index.html, accessed on 27 May 2021) is an example of IaaS.
Figure 21. Overview of a cloud system architecture.
The cloud network can be divided into three main categories:
-
Public cloud: Allows public access to systems and services without any restrictions and is less secure.
-
Private cloud: Allows members of the organization that manages the cloud to access the systems and services and is more secure than a public cloud. A private cloud when shared among multiple organizations is known as a community cloud.
-
Hybrid cloud: Combination of a public and private cloud that enables greater flexibility. The critical and confidential activities can be managed using the private cloud while the general activities can be managed using the public cloud.
With the emergence of cloud computing, the healthcare system migrated from client/ server-based to cloud-based. Cloud solves the issues of fragmented health records and the high total cost of ownership existing in the client/server-based healthcare system. This is thanks to the on-demand access, replication, and pay-as-use characteristics of the cloud. A cloud-based healthcare system is implemented using a private cloud to allow only authorized data access based on access control rights. Several cloud-based healthcare systems are proposed in the literature where a patient/allied health professional can obtain a cohesive view of the patient’s medical history stored in third-party cloud storage
[34,35,36][25][26][27]. Although, cloud-based approach improves system scalability and reduces the total cost of ownership, the health records managed by the cloud service provider are under constant security and privacy threats
[37,38][28][29]. The patients’ records can be easily tampered with or can be accessed without his/her knowledge
[11]. Consequently, a more robust healthcare management system is required to address the shortcomings of the cloud-based approach.
2.1.2. Blockchain
Blockchain is a peer-to-peer distributed system that maintains a synchronized ledger of transactions that is replicated over network participants. It was introduced for the exchange of e-currency in a network without the intervention of a third-party
[39][30]. Since then, blockchain has spread in several application domains such as healthcare, education, industry and marketplace, digital media, government, and entertainment. Blockchain has the following properties:
-
Decentralization: Blockchain eliminates the intervention of a third-party entity for the processing of transactions and maintaining the ledger data. The transactions are validated and executed by the agreement of the majority of the participants that maintain the network.
-
Immutability: The blockchain is a continuous chain of blocks where a block is connected to its preceding block by including the hash of the latter while hashing the former. A block is composed of a block header consisting of metadata and a block body consisting of valid transactions
[21]. If a malicious entity attempts to tamper with the data of a block in past, the hash of the block will change leading to a different hash value than the one used to calculate the hash of the succeeding block. Consequently, the malicious entity needs to re-hash all the subsequent blocks in the chain up till the last block. This re-hashing is compute-intensive especially when there are several replicated copies of the ledger in the network. Thus, any data modification attempt is discouraged leading to immutability.
-
Transparency: Each operation performed in the network to access the data stored in the ledger is considered as a transaction in the blockchain. Each node in the network that holds the copy of the ledger can track any unauthorized or malicious data access, making the blockchain secure and transparent.
-
Traceability: The replicated ledger in the blockchain enables efficient tracing of any transaction by the nodes maintaining the ledger. This discourages any malevolent activity, making the network more secure, efficient, and transparent.
-
Consensus: Each transaction in the blockchain is verified and processed by the agreement of most of the participants holding the ledger copy. This enables transactions between participants who do not know and trust each other.
shows how a transaction is processed in the blockchain network. To initiate a new transaction, the transaction data is hashed by the transaction initiator, such as allied health professionals and patients. The digital signature of the transaction is generated by encrypting the hashed data. The encryption is performed using the private key of the transaction initiator. The transaction data and the corresponding digital signature are broadcasted to the network for processing. Each validating node in the network validates the transaction when received. This is by ensuring the authenticity of the transaction initiator and the integrity of the transaction data. The authenticity is verified if the digital signature is successfully decrypted using the transaction initiator’s public key. The integrity is verified if the hashed data obtained from the decryption operation matches the hash of the transaction data. The transaction, if valid, is broadcasted in the network to include it in the block. A miner (node that generates a block) creates a block of the received valid transactions after verifying each transaction for its validity. The selection of a miner that generates a block and the procedure of verifying and appending the generated block to the chain depends on the consensus protocol used by the blockchain network. The consensus protocols in blockchain are classified into compute-intensive-based, capability-based and voting-based
[21]. The selected miner generates the hash of the block, also known as the digital signature, and broadcasts the block in the network. The block’s hash is generated by first hashing the block header and then hashing the obtained hashed value. The version in the block header represents the version of the protocol used and the timestamp represents the block generation time. The Merkle root is a single hash value obtained from iterative pair-wise hashing of the transactions in the block data. Each validating node will update their ledger copy by adding the block if valid
[21].
Figure 32. Processing of a transaction in blockchain.
The blockchain network can be a public, private, consortium, or hybrid. The public network is the one where any entity can join the network with no prior permission and view the transaction data. On the other hand, a private network, organized by a single organization, is the one where the participation is subjected to prior permission and the data can be accessed based on access control rights. A private blockchain is suitable for healthcare as only authorized members can join the network and the ledger is updated/queried using access control rights. A consortium blockchain is the one where a group of predetermined organizations governs the network. A hybrid blockchain lies between the public and the private ones where the ledger can be viewed by any network participant, but the modifications to the ledger are subject to access control. The distinctive features of the blockchain described above promise a great potential of the technology in the healthcare domain. A blockchain-based healthcare system has the following benefits:
-
Provenance: The immutable blockchain ledger enables audit trail increasing the trust in the network. Any fraud in the network along with its source can be easily traced. This discourages malicious activities.
-
Protection against natural disasters: In case of a natural disaster such as forest fires, hurricanes, and floods, a database and its regional replicas might be unavailable. In such a scenario, the globally replicated blockchain ledger can aid in fault tolerance.
-
Real-time data access: Patient’s health records can be accessed in real-time from the local or the nearest copy of the ledger to avoid life-threatening situations.
-
Accurate patient care: The cohesive view of a patient’s health records provided by the blockchain enables allied health professionals in better prognosis/diagnosis.
Several blockchain-based healthcare data management systems have been proposed in the literature
[12,13,14,15,16][12][13][14][15][16]. However, with the increasing amount of health records, the scalability
[24,40][24][31] and energy consumption (Bitcoin mining consumes more electricity a year than Ireland:
https://www.theguardian.com/technology/2017/nov/27/bitcoin-mining-consumes-electricity-ireland, accessed on 27 May 2021 and Bitcoin energy consumption index:
https://digiconomist.net/bitcoin-energy-consumption, accessed on 27 May 2021) of blockchain is an issue. In addition, the on-premise blockchain deployment increases the total cost of ownership for healthcare organizations.
2.2. Motivation of Integrated BcC for Healthcare
Security and privacy are the main requirements for an effective, trustworthy, patient-centric, and accurate healthcare system. The cloud-based system provides scalability and cost-effectiveness for managing ever-growing health records. However, security and privacy threats become a critical issue due to the involvement of a third-party service provider. Consequently, the healthcare domain seeks a more robust solution for the management of health records. Blockchain, a peer-to-peer network allows transactions between multiple network participants eliminating the need for a third party. Every event in the network is recorded on an immutable ledger, which is replicated over multiple network nodes. Blockchain enables transparent auditing, authorized data access, and immutability, thus providing secure and private management of health records. However, the scalability and the total cost of ownership question the implementation of blockchain in the healthcare domain where the number of health records is continuously increasing. The integrated BcC healthcare system enhances the scalability and reduces the cost while maintaining the security and privacy of the health records.
Recently, there has been growing interest in AI-based healthcare where the health records are analyzed using AI and machine learning algorithms to support allied health professionals with better prognosis and diagnosis of diseases. The accuracy of the AI and machine learning can be improved resulting in a more accurate diagnosis and prognosis of a disease when more instances of data are used for training the models. In this context, an integrated BcC healthcare system would certainly revolutionize the way health professionals provide patient care. The blockchain will facilitate private and secure integration of data from multiple hospitals leading to a rich, secure and accurate database for the AI models and the cloud will enhance the scalability of the system. The incorporation of AI within an integrated BcC healthcare system could lead towards a better patient-centric, secure and private healthcare where the high availability of data from multiple sources, thanks to blockchain, can aid in better diagnosis and prognosis of disease using the AI and machine learning techniques in a scalable cloud environment.
3. Taxonomy and Strength/Weaknesses of Integrated BcC Healthcare System Architectures
The individual benefits of cloud and blockchain technologies have led to the emergence of integrated BcC architectures where the limitations of the stand-alone approaches are addressed. In this section, we present an analysis and classification of those architectures. We compare the BcC development platforms and services.
3.1. Encapsulated Architecture
In this architecture, the blockchain platform and its underlying implementation are encapsulated within a cloud environment as shown in . We formulate the encapsulated architecture as stated in Equation (
1). This architecture has been proposed by several works in the literature
[41,42,43,44,45,46,47][32][33][34][35][36][37][38]. The network participants (users) are the different health stakeholders such as allied health professionals, patients, health insurance companies, pharmaceutical firms, and the health governmental authorities. The allied health professionals include doctors, nurses, dietitians, medical technologists, therapists, and pathologists. The users can connect to the platform via Remote Procedure Call (RPC), Representational state transfer (REST) Application Programming Interface (API), web API, or Simple Object Access Protocol (SOAP). The health records can be generated by the allied health professional upon patient’s visit or by the patient using sensors. A gateway device is used to process the sensor data. The cloud platform consists of a certificate authority, security management module, and operation management module, in addition to the blockchain as a service. The security management module involves identity and access management, cloud firewall, and web application firewall, and the operation management module includes bill management, data replication and recovery, resource monitoring (CPU, memory, and storage usage) and logs service. The blockchain encapsulated within the cloud consists of an application layer, distributed computing layer, and storage layer. The blockchain ledger in the cloud database is stored using the InterPlanetary File System (IPFS)
[48][39] or storj (Decentralized cloud storage—Storj:
https://storj.io/, accessed on 27 May 2021). The health transaction execution flow in this architecture is as follows:
Figure 43. Encapsulated BcC architecture for healthcare.
- Step 1:
-
A transaction initiator (network participant) hashes the health record (transaction payload).
-
- Step 2:
-
The digital signature of the payload is generated by encrypting the hashed transaction.
-
- Step 3:
-
The transaction payload along with the digital signature is broadcasted to the blockchain nodes running in the cloud instances.
-
- Step 4:
-
The transaction is validated, and the block is generated based on the consensus mechanism.
-
- Step 5:
-
The block is updated to the ledger.
-
Several cloud service providers such as Microsoft Azure (Azure blockchain service:
https://docs.microsoft.com/en-us/azure/blockchain/service/overview, accessed on 27 May 2021), Amazon (AWS Blockchain:
https://aws.amazon.com/blockchain/, accessed on 27 May 2021), and Oracle (Oracle blockchain platform:
https://www.oracle.com/ae/blockchain/, accessed on 27 May 2021) offer cloud-based solutions to help organizations adopt blockchain with ease. In 2015, Microsoft introduced Ethereum Blockchain as a Service (EBaaS) on its cloud platform Azure (Azure’s Ethereum BaaS:
https://azure.microsoft.com/en-us/blog/ethereum-blockchain-as-a-service-now-on-azure/, accessed on 27 May 2021). With BaaS, the compute and storage-intensive blockchain runs in the cloud and is managed by the cloud service provider. Blockchain is offered as a service, like any other cloud service, to the consumers (healthcare organizations) to develop and host their blockchain solutions, functions, and smart contracts. The organizations are only charged based on what they use, thanks to the pay-as-use cloud model. For instance, BaaS offered by Amazon Web Services charges $0.067/h for a medium instance peer node, $0.10/GB-month for node storage and data written to the network, and $0.05/GB for more than 150 TB/month data transfer (Amazon managed blockchain pricing:
https://aws.amazon.com/managed-blockchain/pricing/, accessed on 27 May 2021). shows the encapsulated architecture-based cloud platforms that offer BaaS. It shows the blockchain development platforms supported by these cloud platforms, the type of blockchain network, the consensus mechanism used. In addition, it states whether or not the platform supports the channel. A channel is a private sub-network of communication between specific network participants to perform private and confidential transactions (Channels—Hyperledger Fabric:
https://hyperledger-fabric.readthedocs.io/en/release-2.2/channels.html, accessed on 27 May 2021). The channel has its ledger which can only be accessed by the channel members. This is in addition to the main blockchain ledger. The concept of channel is important for healthcare applications in situations such as confidential patient treatment, biomedical research, and formulation of government policies and prevention plans.
Table 21. Encapsulated architecture-based development platforms.
Encapsulated BcC Platforms |
Blockchain Network |
Consensus |
Description |
Channel Support |
Cloud |
Blockchain |
Microsoft Azure |
Ethereum, Hyperledger Fabric, Corda, Chain, and Quorum |
Consortium |
Istanbul byzantine fault tolerance |
Azure Blockchain Service is a BaaS with built-in consortium management that enables quick network deployment and operations with smart contract capabilities. It can be deployed using Azure portal/CLI or through Microsoft Visual Studio Code using the Azure blockchain extension. The services are offered in two tiers: (1) basic, for development and testing, and (2) standard, for deployment. |
Yes (Hyperledger Fabric) |
Amazon |
Hyperledger Fabric |
Consortium |
- |
Amazon Managed Blockchain enables easy creation of blockchain networks. The platform uses a voting API, that allows network participants to vote for adding/removing members. |
Yes |
Oracle |
Hyperledger Fabric |
Hybrid |
Raft |
Oracle Blockchain Platform enables blockchain configuration, development and execution of smart contracts, and monitoring through a web console. External applications update/query via client SDKs or REST API calls. |
Yes |
IBM |
Hyperledger Fabric |
Private, public and hybrid |
Pluggable consensus |
IBM Blockchain Platform allows to develop, test and deploy blockchain applications with smart contract capabilities using Visual Studio code extension. The platform supports multiple languages for the development of smart contracts. |
Yes |
Google |
Ethereum |
Hybrid |
Configurable consensus |
Google blockchain enables deployment of blockchain applications with easy API integration. It allows the use of a traditional SQL database for blockchain data update/query. |
No |
SAP |
Multichain, Hyperledger Fabric and Quorum |
- |
- |
SAP Cloud Platform Blockchain Service enables development and deployment of blockchain applications from scratch, allows to link external blockchain nodes to the cloud or to connect an external blockchain to SAP’s powerful memory data platform, HANA. |
Yes (Hyperledger Fabric) |
Hewlett- Packard (HP) |
Ethereum |
- |
- |
HPE Mission Critical Blockchain enables fault tolerant and highly scalable blockchain applications development with smart contract integration. |
No |
Alibaba |
Hyperledger Fabric, Ant and Quorum |
Consortium |
- |
Alibaba Cloud BaaS is developed on top of Alibaba cloud container service for Kubernetes clusters enabling quick development and deployment of blockchain solutions. Alibaba Cloud BaaS API allows users to manage the blockchain objects and cloud resources. |
Yes (Hyperledger Fabric) |
Huawei |
Hyperledger Fabric |
Consortium |
Solo, fast byzantine fault tolerance, and Kafka |
Huawei Blockchain Service based on Huawei containers enables easy creation, deployment, and management of blockchain solutions. |
Yes (Hyperledger Fabric) |
Baidu |
Permissioned Ethereum, Hyperledger Fabric, and Baidu XuperChain |
- |
Pluggable consensus |
Baidu BaaS enables easy development and deployment of blockchain applications with multichain and smart contracts features. |
Yes |