Oldenburg explores how to deliver a GDPR compliant remote patient monitoring solution
Ali Amin Rezaei – University of Oldenburg, Germany
Oldenburg University is developing a proof of concept that explores how blockchain can be used to solve the privacy problems that are endemic to the sharing of remotely collected patient data. The Oldenburg Clinic (Klinikum Oldenburg) – the largest acute care hospital in Lower Saxony – is cooperating as a consultant and observer as the solution is developed.
From surveys to smart solutions
Over the last 20 years there have been a wide range of projects looking to formalise ways to collect information from patients about their clinical outcomes (i.e. Patient Reported Outcome Measures – PROMS) and experiences (Patient Reported Experience Measures – PREMS).
Most of these have used questionnaire-based approaches that provide a framework for somewhat-regular collection of data from patients – though these questionnaires may be patient, disease, or intervention specific.
The value and challenge of remote patient monitoring
The development of wearable technologies, Bluetooth and the Internet of Things (IoT) has opened up a range of new ways to remotely capture data about patients – broadly described as RPM – Remote Patient Monitoring. Using these devices for RPM could potentially provide new streams of patient information to clinicians and potentially reduce the administrative and technical burdens implicit in data collection from patients.
Oldenburg’s Remote Patient Monitoring (RPM) proof of concept was developed as a strategic response to the need to use new tools to monitor patients to reduce the load of hospitals during the pandemic. RPM could be enabled through a range of medical IOT gadgets, such as smart wearable devices and sensors. These sensors could enable medical staff and systems to continuously monitor the symptoms of the patients – even though they are not in the hospital – and medical centres could be able to respond to changes in symptoms and intervene when necessary or in case of emergency.
The most significant practical challenge raised by this however is that these devices often store patient data in the cloud in ways that may not be privacy compliant – or accessible to healthcare providers. RPM data is some of the most personal information imaginable – so solutions that enable data-sharing clearly need to be both ZGDPR compliant and privacy centric. In current practice, data from IoT style devices
is usually stored on a proprietary cloud-based platform, and therefore patients have limited ability to manage access to their data – and to share it with healthcare providers.
Distributed storage of RPM data
To address these concerns, Oldenburg is developing a proof of concept for the distributed storage of RPM data using a combination of peer-to-peer storage with access control managed via an IOTA distributed
Oldenburg will test using peer to peer local storage based on IPFS. Since IPFS is an open access network, the data should be encrypted first; and the decryption key should be delivered to the authorized peers to see the data – which in our use-case is the Oldenburg Clinic. In this solution architecture Oldenburg will use IOTA Streams to manage access control.
To access patient data, we first need to know where to find the data (in this case the IPFS channel ID) and we need the key to decrypt and read data. These both can be obtained through the IOTA channel. Each patient has a channel and therefore an ID on the IOTA network. Each channel contains many branches. The access data for each sensor will be stored in a branch with an IPFS address and decryption key. Each channel can have many subscribers (e.g. clinicians, clinics, hospitals), and the channel owner (in this case the patient) can grant subscribers access to each branch and thus access to their sensor data. Once branch access is granted, the subscriber can obtain the address where the sensor data is stored, as well as a key to decrypt the data.
This solution provides a flexible privacy compliant approach to store remote patients monitoring (RPM) data, and gives patients control over who accesses their data.
University of Oldenburg is going to build a prototype based on this solution in 2023 and will then evaluate how their solution meets their original goals. The prototype will use leading edge technologies like IOTA and Orbitdb (a new serverless, distributed, peer-to- peer database) in our solution, so Oldenburg will really be exploring the art of the possible!