The digitalization of healthcare-related information service systems has become a trend across the world. However, several crucial services are still provided manually due to a lack of trust in digital solutions. One such service is keeping records of children’s vaccination, which still relies on a paper-based file system in most parts of the world. This approach causes serious data integrity problems. Recently, healthcare has become a potential application area of the blockchain, as it can preserve and protect highly sensitive private medical records while sharing these records in a decentralized manner without losing personal ownership. Therefore, we propose a new digital model to track a child’s vaccination records using blockchain. In particular, this proposed application helps improve the vaccination record-keeping process by ensuring the integrity of the preserved data in a more secure way. In an emerging pandemic situation, our approach can be extended to manage the overall vaccination process effectively.
Using blockchain technology to build immutable and decentralized systems has become a new trend in the last decade. Initially, blockchain was developed to support various transactions in the finance and business domain, and then later was introduced into other domains. Bitcoin [
Typically, the blockchain is a chain of blocks that verifies and stores transactions. These transactions could be publicly or privately distributed to all participants on the network to modify the ledger securely. All the transactions are grouped in blocks and stored in a blockchain database. Each block is timestamped and linked by a hash. The hash of a block connected with a hash of the previous block effectively makes the entire blockchain history immutable [
In this paper, we focus on the possible use of the blockchain to improve the vaccination record-keeping process. In general, the vaccination process starts within the first months of a child’s birth and continues until the age of six. To track the vaccination process, health providers create a file (mostly paper-based) and record related information of each shot. Usually, the file is owned by the child’s family. Many organizations, like schools and insurers, ask for proof of vaccination before a child enters their respective system to receive any service. This whole process is done manually in many countries (e.g., Saudi Arabia), which creates problems such as inaccuracy due to human error, intentional tampering, and untraceable access to vaccination records. Consequently, the proposed VacChain system aims to use the blockchain Hyperledger Fabric network to improve this process by securely tracking the children’s vaccination process and creating a convenient information-sharing scheme without losing integrity and privacy.
The rest of this paper is organized as follows. Section 2 presents background information on blockchain technology and its use in the healthcare system. Section 3 details the requirements and system design for the VacChain. Section 4 discusses implementation details. Section 5 presents our tests of the system and relevant results, while Section 6 discusses these results. Finally, in Section 8, we conclude the paper and suggest future plans for VacChain.
In recent years, the use of blockchain technology in various fields has increased dramatically. Healthcare is one of the most attractive domains for the blockchain because it can be employed to improve the accuracy of EHRs [
Seebacher et al. [
A blockchain contains a chain of blocks connected linearly [
The blockchain uses a peer-to-peer network structure where each peer can interact through a private and public key. A peer uses their private key to sign a transaction, and they are addressable on the network by their public key. An asymmetric cryptography concept is used to ensure network integrity, authentication, and nonrepudiation [
Zheng et al. [
A transaction in a blockchain is a sequence of operations applied to some states, which is similar to what is observed in traditional databases. The key difference lies in failure and modification mechanisms [
For several years, healthcare has been considered an area with high potential for blockchain application. Potential uses include storing, sharing, and exchanging medical data using various access control strategies [
In the following subsections, we discuss some key benefits and challenges that emerged in this domain. We also discuss some contemporary blockchain-based healthcare systems.
According to Agbo et al. [
Furthermore, Witchey [
Conceptually, the blockchain is secure by design [
Additionally, patients have more control over their medical records in blockchain platforms, and thus data sovereignty is a possibility [
According to Hölbl et al. [
Kassab et al. [
The size of healthcare data like imaging and treatment plans is large, but the blockchain was designed to handle transitional data, which are trivial in size. Hence, scaling up is a challenging issue [
In general, data in a blockchain are immutable. However, in many countries, healthcare-related privacy laws support the permanent deletion of patient records, which challenges the immutability notion of blockchain [
The interoperability of healthcare systems is a priority in many countries [
According to Ribitzky et al. [
In a recent study, Kassab et al. [
Healthcare Data Gateways (HDG) is an app architecture proposed by Yue et al. [
Azaria et al. [
BlocHIE is a blockchain-based platform used to exchange healthcare information; it was developed by Jiang et al. [
Griggs et al. [
In the present study, we developed an EMR system based on a private blockchain to manage child vaccination records. Thus, we keep vaccination records as simple transactional records, and there is no need for off-chain data management supports, which is problematic in many blockchain-based EMR systems.
We developed a VacChain system to track children’s vaccination records. The objective of this system is to secure children’s vaccination records from tampering and share relevant information conveniently without losing integrity and privacy. In our proposed system, whenever a family visits the hospital with their child for vaccination, related information is added to the child’s vaccination record. This record is implemented through a blockchain mechanism. By using our system, a family can permit different parties to authorize and see the vaccination history of their children for confirmation purposes (e.g., for registration at school).
In this section, we discuss the requirements and system design of VacChain. First, we highlight existing vaccination record-keeping systems and their limitations. We then present user and system requirements collected through interviews with various stakeholders; finally, we present a detailed system design of VacChain.
To understand how the existing vaccination system works, we communicated and collaborated with local healthcare providers to learn their needs and identify potential opportunities to introduce and elaborate blockchain services. We also visited several local medical centers and interviewed local pediatricians to understand how they preserve and track vaccination records, and discussed the issues and challenges of the existing paper-based system. Through all this, we identified a need for a digitized vaccination record-keeping system. Transparent ownership and immutability support for digital records in blockchain encouraged us to propose a blockchain-based system for this purpose.
We identified two major problems: (1) losing a vaccination file and (2) corrupting information in the vaccination file. Paper-based files (known as vaccination cards) can be lost or damaged. In the case of losing a vaccination card, a family can obtain a replacement vaccination file only by requesting the exact hospital where their child was born and vaccinated. This is a lengthy process and especially hard for those families who moved to a new area. Regarding the second issue, some families decline to vaccinate their children for some superficial reasons but still want to have a vaccination card to access various government or private facilities. They try to manipulate and manage a vaccination card without taking the vaccines. These malpractices can be hazardous to overall public health.
After visiting different health centers and interviewing local doctors, we came up with multiple requirements for the proposed vaccination record-keeping system. In this section, we list the user and system requirements with their details. We used the “User Story” format to write the user requirements, which is a popular agile practice [
In
Requirement ID | Requirement |
---|---|
R1 | As a health admin, I want to create a new vaccination record for a newborn baby. Health admin adds child information, including the name and birth date. The child must be linked with his family ID. |
R2 | As a health admin, I want to register a new participant to the system. Each participant should be assigned to a specific type (ex. hospital, family, doctor, physician, school, or insurance). Their access privilege depends on their type. Each participant has a username and password. |
R3 | As a health admin or a hospital reception, I want to see the history of the vaccination record. Health admin can see all modification that occurs in the records. |
R4 | As a family, I own all my children’s records. Child vaccination record is private and only sharable with other participants after getting consent from the family. |
R5 | As a family, I want to see all details of previous visits. The family can see the physician’s signature. The family can see the next visit date. |
R6 | As a family, I like to allow other service providers to access my child’s vaccination record. The family gives access permission to hospital, school, or insurance. |
R7 | As a hospital receptionist, I want to create a vaccine detail and add the child’s information for each visit. A new vaccine detail is added to the child’s record. The child’s information is the child’s name, age, weight, height, vaccine name, doctor name, and physician name. |
R8 | As a doctor, I want to see the child’s information. A child’s weight, height, and body temperature are needed for diagnosis. |
R9 | As a doctor, I like to write notes about the child’s status. A doctor can edit the note if he/she enters the wrong data. |
R10 | As a physician, I like to sign child vaccination records digitally. The physician must read the doctor’s note before he vaccinates the child. The physician could write which vaccines still need to be administered if the child did not take all vaccines. The physician can write the date of the next visit. |
R11 | As a school, I want to see a child’s vaccination record for registration. Schools can see the signature of the physician for all vaccines. The school can see the details of each vaccination visit, such as the date. |
R12 | As an insurance company, we have to see a child’s vaccination record to provide services. A designated agent can see the signature of the physician for all vaccines. A designated agent can see the details of each visit, such as the date. |
In
Requirement ID | Requirement |
---|---|
R13 | Individual authentication using a username and password. The username is unique. |
R14 | Accommodate different types of participants. Each type has different system permissions and privileges. |
R15 | Registering a new doctor or a physician should be linked with the hospital they work in. Permission access for the hospital includes the doctor and the physician. |
R16 | Permission access only for a specific child’s record if a family has more than one child. Permission access only for a selected record. |
R17 | Hospitals, schools, and insurance companies can find a specific record by searching by family username. Search results should show only the records to which they have permission access from the family. |
R18 | A doctor can edit or delete his note without creating a security loophole. Each modification is stored in a new block. All modifications are stored in blockchain history. |
R19 | Family can change access permission (as a form of shared ownership) to a hospital. One record should not be accessible by two different hospitals at the same time. |
In this section, we present the architecture of VacChain.
There are two components in the ledger: a world state, and a blockchain [
In this subsection, we present various process models based on the user and system requirements of VacChain. We present sequence diagrams to show important scenarios related to the vaccination process; for instance,
To clarify internal transactions within VacChain, we present an example using a sequence diagram in
The blockchain has many platforms, but the most commonly used ones are Hyperledger Fabric and Ethereum [
We implemented our system with two Hyperledger Fabrics: Hyperledger Fabrics Composer and Hyperledger Fabrics Convector. Initially, we worked on the Hyperledger Composer framework for three months; however, on August 30, 2018, the IBM team announced that they stopped working on any new features for Composer [
In the following sections, we discuss how we implemented our application in both Composer and Convector.
In Hyperledger, the assets, participants, and transactions are created in the model file. Then, in the access control file, we define the different participants’ permission rules in the business network.
Once the model files, access control files, and JavaScript files are defined, we package all these files as one "business network archive" file. This archive file can be deployed or updated on Hyperledger Fabric. We then run the business network archive file on REST API, which provides a useful layer of language-neutral abstraction. The REST API creates and explores business network cards and their authentications. Finally, Angular connects to REST API to run it.
For each vaccination appointment, the hospital searches for the child record to which they have permission access; then the hospital can create a new vaccine detail for that record. Moreover, when a hospital has permission access, any designated doctor or physician in the hospital can read all vaccine details of that child’s records. After providing vaccination service, the doctor writes his notes on the vaccine detail, and the physician writes further notes and signs on that vaccine detail. If the family grants permission, then these records can be viewed by a specific school, insurance company, or other institute. Meanwhile, the health admin and the hospital can see the history of all modified transactions.
In VacChain, we used model view controller patterns. After creating models and a controller, we ran the necessary command to install and execute codes, and then generated the rest of the APIs. A new vaccine-app file was created in the package folder. In the API layer (vaccine-app), a number of files were created to support interaction between front-end and Chaincode layers. In the controller, we added some authentication functions. To design our application web pages, we used HTML, CSS, and JavaScript languages. Finally, we uploaded our application to Amazon Web Server (AWS).
Here, we explore our Child Vaccines website. This website contains seven main pages for each type of participant, and a
The health admin page contains three forms under three different tabs. These forms are “Participant,” “Record,” and “History”. These forms can be filled in by the health admin only. The "Participant” tab is for creating a new participant. In this tab, the health admin fills in the required information of the participant, which are participant type, username, full name, and ID number. If the participant is a doctor or a physician, there is an additional field for their hospital name.
The second form, “Record” is for creating a new vaccination record by entering the child’s family username and the child information, such as their name, gender, birth date, and family’s file number.
Lastly, the “History” tab is where the health admin can see the history of all modifications in a specific record. After searching by the family username, this specific record is selected so that the admin can view all vaccination records for each child of that family. For example, we searched for the “Ali” family to display the family’s children’s records. Ahmad is a child of the Ali family; by clicking on Ahmad, the admin can see all of Ahmad’s vaccination records and related details, such as vaccine names and his age when he received a given vaccine.
The hospital page has two main tabs: one for creating a new detail, and the other for displaying the history of a specific record. For each vaccine visit, the family gives permission for the hospital to access the child’s vaccination record. After obtaining access permission, the hospital can access the child’s record by searching for the family’s username. All children’s records of this family will be shown with the child’s name. Clicking on the child’s name will open a form to collect the required information for each visit. The following information needs to be provided: vaccine name, doctor name, physician name, and some information about the child (such as weight, height, and body temperature). Now a new vaccine detail is created and added to the child’s record. Moreover, the hospital displays hospital forms for viewing all modifications in a specific record of the child’s vaccine details.
After creating a child’s vaccine detail, the doctor will have permission to access the child’s record. That is, he can now search by the child’s family username to find the record of the child and see all vaccine details. Then, the doctor adds his notes about whether the child can take a vaccine, depending on the child’s status.
The family goes to a physician after the doctor decides the child’s status. Like the doctor, the physician can also access the child’s record by searching the family’s username, and can see all vaccine details of that particular child. The physician reads all of the child’s information and the doctor’s notes, gives the child the recommended vaccine, and then signs on the vaccine detail. In the case where vaccines are not available, the physician will write them in the remaining vaccine field; during the child’s next visit, the physician will read this last vaccine detail and know which vaccines have not yet been given.
Our application allows the child’s family to see all their children’s records and vaccine details. The family page consists of two tabs: one for viewing their children’s records and their vaccine details, and the other for giving access permission to other providers. Moreover, selecting one of the vaccine details will show a dialog box that contains all the information related to a particular record, such as the physician signature. In the
Schools and insurance companies have similar privileges. The school (or insurance company) can find the child’s record by searching by the family’s username after getting permission to access the child’s record from the family. The school and insurance company can check vaccine details for the specific child and see all detailed vaccine information in a dialog box (
To ensure the quality of the vaccination record system, we proceed with some validation and verification processes. In this section, we discuss the testing process and present relevant results.
In general, performance testing is a practice performed to determine how a system performs under a particular workload in terms of responsiveness and stability. In particular, load testing is a simple form of performance testing used to understand the behavior of the system at a specific expected load. We used load testing to measure our system’s server and render response time via DevTools [
To test render response time, we recorded the runtime performance of the register function. The result of this test shows frames per second (FPS), a CPU chart, and time rendering [
According to our various testing, the system works efficiently, as shown during the performance testing (with a good response time). We tested all the user and system requirements thoroughly, and we obtained an acceptable result.
VacChain can help families keep their children’s vaccination records in a secure and convenient way. Based on the testing result, the system seems accessible and credible. Moreover, a family can share vaccination information with multiple providers (e.g., schools and insurance). Furthermore, the proposed system supports the privacy and confidentiality of vaccination data by implementing specific authorization mechanisms. In VacChain, a family is aware of their children’s vaccination records, unlike in other health information systems where the families are not participants. Furthermore, VacChain relies on many participating entities to avoid a single point of failure. The vaccination record information is stored locally at variant provider servers, and each node in the network stores copies of authorization data.
We worked in two different fabrics, Hyperledger Composer and Hyperledger Convector, which made our development effort more challenging. In Hyperledger Composer, a business network model was defined by three components: assets, participants, and transactions [
Blockchain technology has been adopted in many areas to improve system quality and functionality. Immutability is one of the major characteristics of blockchain that can protect highly sensitive private data and ensure integrity. Healthcare is one of the potential domains for blockchain-based applications due to its support for data privacy and ownership. Many healthcare services still depend on paper-based systems; one of these services is preserving children’s vaccination records in a paper file. Such files are unsecured because they can be easily lost or damaged. Losing a child’s vaccine file creates many problems for the child, as the file is required for receiving essential services such as registration at school, getting insurance, and medical care. Therefore, in this paper, we presented the VacChain system to improve the traditional vaccination process by preserving and tracking related information in a more secure and integrated way. The developed system was tested, and the results showed that it works efficiently and effectively. Furthermore, our system preserves vaccination information securely from malicious attackers by having decentralized blockchain ledgers. However, Hyperledger Convector is a new, quickly developing framework, and therefore many defects make it challenging to implement sophisticated features.
In the future, we are planning to enhance the usability and performance of VacChain through additional features. An emerging pandemic situation, like COVID19 [
The authors gratefully acknowledge Qassim University, represented by the Deanship of Scientific Research, on the material support for this research under the number (5455-coc-2019-2-2-I) during the academic year 1441 AH/2020 AD. The authors would also like to thank Muntasir Mamun Joarder of Ipswich City Council, Australia, for his technical suggestions on blockchain technology.