Blockchain and Healthcare: Opportunities and Prospects for the EHR

: Health protection has always been a primary concern for mankind. Despite its important social role, current systems for managing the health records are slow, complicated, sometimes expensive and exposed to human errors and misunderstandings. In the health sector, the Medicalchain project seems to have the potential to become a new standard for managing health records using blockchain technology as a platform. In this paper, we propose a new model consisting of a permissioned blockchain to manage and store the electronic health records (EHR) of registered patients. This system guarantees transparency and especially immutability, which are essential for secure management and storage, ensuring a system that is e ﬃ cient both for doctors and patients and, hopefully, bringing about renewed trust in the public health system. Our aim is that our work may contribute to gain momentum on the application of the blockchain technology to EHR and stimulate further discussion with health institutions to fully exploit the potential of the technology. o ﬀ ers ﬂexibility scalability.


Introduction
Public health is the science and art of preventing disease, prolonging life and promoting health through the organized efforts of society. In this field, as a subset, we can find health protection: the protection of individuals, groups and populations through the effective collaboration of experts in identifying, preventing and mitigating the impacts of diseases and of environmental, chemical and radiological threats.
Public health is one of the sectors which has been graduating most towards a digital transformation in recent years. Public opinion has underlined the need for a radical change in the workings of the Italian public health system (Sistema Sanitario Nazionale, SSN), which is still plagued by inefficiency and shortcomings, ranging from the antiquated management or frequent mismanagement of patients' healthcare records to the interminable waiting periods for medical appointments. With regard to the management of clinical records, thanks to the digital revolution, at least the traditional paper files are being slowly substituted by electronic records containing the same information in a digital format.
According to the Observatory of Digital Innovation of the Polytechnic of Milan, the Italian State is investing more resources (58 million euro) in the process of digitalizing SSN clinical records than in any other digital innovation [1].
The concept of digitalized clinical records should be clearly defined, as there is a commonly misunderstood distinction between the electronic patient records, also referred to as electronic medical records, which refers to a patient's clinical record from one given medical structure (and hence contains a limited amount of information) and the electronic health records (EHRs), which refers to a complete healthcare record including some degree of integration of a patient's clinical records from various medical structures combined with access to the patient's data on the Internet. refers to a complete healthcare record including some degree of integration of a patient's clinical records from various medical structures combined with access to the patient's data on the Internet.

The Blockchain Technology
blockchain technology allows the creation and maintenance of large distributed databases, mainly for managing transactions (operations of data records), in a secure and permanent manner. The main concepts of blockchain technology are outlined below and will be dealt with in further detail in Sections 1.2 and 1. 3.
A blockchain is a sequence of encrypted blocks that are validated by nodes of the network and record a set of transactions. Events or transactions are validated in the block thanks to its timestamp (a time marker that provides a reference to the specific time and date that the block was made), guaranteeing its authenticity. A fundamental part of blockchain technology, both with regard to its encryption and its irreversibility, is the hashing algorithm, which is a unidirectional algorithmic function (i.e., the algorithm cannot be performed in reverse to retrieve the input data). Completed transactions in a blockchain are represented chronologically in a block, which is connected to the preceding block through its hash (the output of the hashing algorithm, which points to the preceding block in the chain). Thus, once the block is completed, it becomes an inextricable part of an immutable chain of blocks called the ledger (or master record) and hence is securely stored. Each user has a copy of the blockchain and can easily check to ensure that it has not been tampered with. It is thanks to this encrypted, timestamped, irreversible, immutable chain of blocks that information can be kept secure, and anonymity can be guaranteed, regardless of how the technology is utilized [2]. For instance, two users who are carrying out a transaction together using a blockchain have no need to meet, trust or know anything about each other. The blocks may contain sensitive information securely, such as transactions regarding sums of money, historical information, personal details, property rights, digital rights or contracts.
In order to add a new block to the blockchain, it must be checked, validated and encrypted, i.e., a new unique hash must be created using the hashing algorithm, which hides all of the information inside the block so as to protect it. The people who actually carry out the operation of adding blocks to the chain or mining as this process is called are known as miners. In order to better understand how blockchain technology works, a representation of it is shown in Figure 1.  As can be seen from the above, it is rather difficult to provide a single definition for the blockchain due to the variety of ways and sectors in which it can be implemented; it may be considered in several different ways. Clearly, it can be seen as a database of transactions which is secure, thanks to the reallocation of information into encrypted blocks. The blockchain may also be viewed as an evolution of the concept of a ledger, a master record that is continuously updated. Lastly, blockchain could be interpreted as a public record, which is open for everyone to scrutinize, transparency being one of the fundamental properties of this technology [3].

Structure
The blockchain originated from the so-called distributed ledger; that is the evolution of the centralized ledger, passing through that of a decentralized ledger and arriving at the concept of a distributed ledger.
Initially, with centralized logic, the ledger was represented as a one-to-many relationship, whereby the whole network was controlled by a single authority to which each node referred. This ledger model placed trust in a single management authority at the center of the network. The first important change came about with the move from a centralized to a decentralized ledger model in which centralized logic was expanded to a local level: while in the centralized model, there was only one authority which organized the network, in the decentralized model, many central authorities are formed, each of, which replicate the one-to-many relationship. Similar to the old centralized ledger, trust is placed in the nearest central authority; thus, the decentralized ledger model is simply another centralized ledger model but on a more local scale. The real evolution occurs with the distributed ledger model, which embraces distributed logic in that there is no central figure, and the organization of the network is built around the new concept of reciprocal trust between all of the participants; no one has more authority than anyone else. In conclusion, blockchain technology is nothing other than a securely encrypted, decentralized ledger of transactions, which are carried out in a peer-to-peer network.

Types of Blockchain
Identifying and classifying the various types of blockchain is paramount since, in doing so, the most suitable type of blockchain can be chosen for the sector and application in question. The various blockchains can be divided into two main types: permissionless and permissioned blockchains.
Permissionless blockchains, the most famous of which being Bitcoin, are those which do not require any type of permission to access the network, to perform transactions, or to create a new block. The absence of restrictions and access conditions allow these blockchains to be perfectly decentralized; the structure is characterized by the fact that there is no authority regulating access. All the nodes in the network are informed about any changes to the blockchain simultaneously, which is why this type of blockchain is defined as a public blockchain. However, even if all of the nodes are able to access and check any changes to the blockchain, the information contained within each block is encrypted to provide a sufficient level of security/privacy.
Lastly, permissionless blockchains are also utilized as global databases for information that needs to be consulted but must remain unchanged over time; for example, they may be used as a database for storing contracts or wills.
Permissioned blockchains, on the other hand, are based on a completely different rationale and have a central body to determine who may access the network and the role that a user can have within the network. Rather than allow anyone to participate in checking the transaction process, only a few trusted nodes, who are deemed trustworthy by the central body, are allowed to perform this job. For this reason, permissioned blockchains are utilized to ensure the concept of governance and centralization of the network [4].
Private blockchains, which share many characteristics with permissioned blockchains, are private networks that are not visible and which are run by organizations that have the power to decide who Sustainability 2020, 12, 9693 4 of 17 may or may not access the information on the network. In recent years, there has been a preference in the use of private rather than public blockchains for the following five reasons [5]: • The operational regulations may be modified if the company managing the blockchain desires; • A 51% attack (a group of miners controlling more than 50% of the network's mining hash rate or computing power) can be excluded as the miners are known; • The transactions are cheaper; • The links between nodes are better; • Access permissions are limited, making the network more secure.
The above blockchain types may be combined as follows: 1. permissionless public blockchain: there are no conditions of access to read data or to perform transactions. The miners are anonymous and consequently considered untrustworthy. 2.
permissioned public blockchain: the conditions of access are at the discretion of the organization running the blockchain. The miners are a limited number of known individuals. 3.
permissioned private blockchain: only authorized, authenticated persons can access the network since this type of blockchain works with a restricted number of individuals who are all known to each other. Consequently, the miners are considered trustworthy.

Blockchain over Bitcoin
Once the technology is consolidated, the obvious question is whether it should be applicable in other contexts equally complex and crucial, such as education. Indeed, although the technology of blockchain is notably linked to Bitcoin, in the past two years, its utilization is extending.
Today all the business players-from banks to insurance companies, from manufacturing companies to the media-are taking an interest in blockchain technology, and there are 579 projects (started or only announced) internationally registered from January 2016 to today, of which 46 are being tested or operative. These are the numbers of the blockchain Observatory and Distributed Ledger of the School of Management of the Polytechnic of Milan [1].
As a consequence of the rise of initiatives in the utilization of blockchain technology, there are also ongoing studies that challenge the sustainability of Bitcoin, considering the environmental impacts, social issues and economic aspects of the blockchain-based infrastructure [6,7].
As expected, the financial world has been the first to adopt the approach. Examples of this are hybrid systems such as the Bank of England [8], Visa [9] Santander, UBS, BNY Mellon and Deutsche Bank [10], streamlining and improving the safety of real estate transactions. Another example is the Swedish property registry [11] or the blockchain utilization for improving transparency in public accounts [12]. Despite the failure to identify clear business models and the absence of a globally defined standard, the blockchain is booming: the trials initiated or in the "Proof of concept" phase in 2017 grew by 73% compared to the previous year, while the announcements, which often do not lead to concrete results, were even 273% more. The vast majority of projects, equal to 59% of those surveyed to date, have been developed in the financial sector, but from 2017 we note a gradual expansion of the application areas that also affect the government activity (9%), logistics (7.2%), utilities (3.9%), agri-food (3%), insurance (2.7%), health care (2.4%) and air transport (2, 4%), the media (1.8%) and telecommunications (1.2%). The blockchain today is mainly used for processes in payment systems (94 projects), for tracking and supply chain (67 projects), for data and document management (64 projects) and for the capital market (51 projects).
There are various applications of blockchain to certify the authenticity of diverse kinds of objects and events. Legal acts, including marriage in Estonia (although the first legalized marriage under Ethereum was formalized in Williamsburg, Brooklyn [13]. The alliance between Everledger and Allianz to combat fraud [14]. The province aims to control the history of its wines to allow the consumer to know all the way up to their table [15]. The case of Ujo Music seeks to ensure the management of music copyrights [16]. Moreover, blockchain can be used to manage the life cycle of a hospital bill and to manage the life cycle of a patient's medical history. Blockchain can allow organizations to share access to their network without compromising data security and integrity. Patient records can be created, shared and linked to multiple parties, introducing efficiency and transparency into different parts of the industry and increasing the reliability of medical records [17]. According to several leaders of large healthcare companies, blockchain could be the ultimate solution to fully maintain privacy in the medical history of each person while facilitating the process of communication and exchange of documents between health providers and insurers. In other words: this system could automatically return all documents and protect the identity and personal data of the patient from cyberattacks in an incredibly effective way [18]. The blockchain technology is being used to provide a non-counterfeited digital identity to immigrants [19] or refugees [18] who have lost their documentation or those whose documentation has been stolen, at the same time that the United Nations (UN) is using the blockchain of Ethereum to send money to refugees in Syria [20].
In the town of Tsukuba, in Japan, the voting project with the blockchain was adopted to validate public consultations on social projects. The system requires the voter to be recognized through his "my number" (a 12-digit security identification code offered to all Japanese residents), and once logged, he can send his vote from the display. Blockchain technology is used to prevent falsification and third party reading of voting data [21,22]. A similar initiative was put in place in the United States by West Virginia in view of the midterm elections, to allow soldiers who perform their role away from their place of residence to cast their vote. In this case, the recognition is done through facial analysis software, and the preference is saved anonymously inside the blockchain.
The multifaceted e-commerce giant Alibaba is investing many efforts in the area of blockchain innovation. Of the 406 patent applications related to blockchain in 2017, Alibaba had 43, second only to People's Bank of China (PBOC), who filed 68. Alibaba's blockchain patents covered areas of invention, design and utility. Alibaba, through its subsidiary Lynx International, integrated blockchain technology to track information in its cross-border logistics services. With the successful application of blockchain, Lynx can all keep an immutable record of shipment information such as production, transportation, customs, inspection and any third-party verification. More recently, another of Alibaba's subsidiaries, T-Mall, in partnership with Cainiao, adopted blockchain technology for its cross-border supply chain. Similar to the Lynx project, blockchain is being used to track information about shipments from over 50 countries.
Other key technologies for certain blockchain utilizations are smart contracts. These are implemented in automatic mode when the specified conditions are met and agreed to the contract. In general, the opportunities grow exponentially if they are linked to the Internet of things (IoT). For example, if we buy a product, payment will only be carried out automatically when the package arrives at home or when it is installed and functioning, saving time, paperwork and costs. The same is being applied to the car rental or leasing business, where the control of the car is automatically linked to payment, which at the same time reduces the flexibility and customization of those contracts to arguably recommended levels.
Blockchains are designed to be immutable. Once a block is written to a blockchain, it cannot be changed. The trusted nature of blockchain is one of its great potentials to be exploited. You can also believe that data on the blockchain is legitimate, having been validated by multiple participants in the network. The main element influencing the possible successful proliferation and utilization of such credentials is that people can trust that they are immutable and easily verifiable. Trust indeed plays a key role in many social and economic interactions involving uncertainty and dependency [23][24][25] and, therefore, in educational credentials.

Literature Review
The blockchain is polarizing high scientific and media attention, besides peoples' enthusiasm about its potential uses and role in driving decentralization of society [26] and freedom from central authorities. Much attention has been devoted to the positive or disruptive changes that the broad adoption of this technology will bring to our societies. Despite all this consideration, little literature has been dedicated to the challenges it may poses, apart from the technological ones. Beck and Muller-Bloch [27] stated that the advent of blockchain could be compared to the invention of the Internet, showing the potential for radical transformations within a number of industries. However, according to Yermack [28], a first analogical example of this technology was given by Haber and Stornetta's work [29], which proposed a distributed ledger published in public media (e.g., newspaper) for timestamping the creation of intellectual property, Nakamoto's paper in 2008 [2] put the basis of modern blockchain-based cryptocurrency innovation. Nakamoto's effort was the first to provide a trusted non-territorial digital currency, not depending on centralized and financial institutions, as affirmed by Catalini and Gans [30]. In fact, the majority of research was conducted in the Bitcoin environment, considering that Bitcoin is currently the most commonly used and important technology using blockchain, with the largest user base. A decade later, Nakamoto's white paper, the blockchain technology, has moved beyond cryptocurrencies, but still little is known about its promised disruptive potential that goes beyond IT [27]. Security was one of the major research topics in blockchain-related to challenges and limitations such as trends and impacts of security incidents, 51% attack, data malleability problems and authentication and cryptography issues. Although several solutions to address these issues have been presented, many of them are just brief idea suggestions, lacking concrete evaluation of their effectiveness. Furthermore, the applications of this technology are almost foreseen in every human field and in this light, the blockchain possible utilizations have attracted high expectations. The literature review done underlined that much attention must be posted on those aspects which, to date, could be identified as the most uncertain or problematic in relation to blockchain and its features (i.e., a distributed ledger, consensus and smart contracts) and its applications on a large scale: trust, law and regulation, decentralized government and governance because blockchain promises to deeply transform them and the correlated institutions because its potential applications are much broader than currency [31] and well beyond financial services [32].

The Italian National Health System (SSN) and Electric Health Records (EHRs)
Public health is one of the sectors which was graduating most towards a digital transformation in recent years. Public opinion has underlined the need for a radical change in the workings of the Italian public health system, which is still plagued by inefficiency and shortcomings, ranging from the antiquated management/frequent mismanagement of patients' healthcare records to the interminable waiting periods for medical appointments. With regard to the management of clinical records, thanks to the digital revolution, at least the traditional paper files are being slowly substituted by electronic records containing the same information in a digital format. In Italy, the time lapse between the receipt of the request for a clinical record and the delivery of it is on average from 7 to 30 labor days, which cannot be negligible when dealing with something as precious and crucial as health is.
The concept of digitalized clinical records should be clearly defined, as there is a commonly misunderstood distinction between the Electronic Patient Records, also referred to as Electronic Medical Records, which refers to a patient's clinical record from one given medical structure (and hence contains a limited amount of information) and the electronic health records (EHRs), which refers to a complete healthcare record including some degree of integration of a patient's clinical records from various medical structures combined with access to the patient's data on the Internet.
EHR is defined as a tool that collates "the set of data and digital documents concerning the patient's health and social health, generated by past and present clinical events" [33]. According to the Joint Commission International standards, EHRs have the following key characteristics [34]:

1.
They assist with the planning and evaluation of therapies; 2.
They constitute a data source for scientific and clinical research, which in turn help to keep medical staff up to date; 3.
They meet the needs of cost accounting; 4.
They defend the legal interests of patients, medical staff and medical institutions.
Perhaps the most fundamental objective for EHRs is to standardize information; hence the terms, definitions, classifications and codes that will be used in EHRs must be both homogeneous and coherent so as to guarantee their correct interpretation, no matter which refers to them.
A second objective for EHRs is to create a functional, relational database. According to Italian Law 675/1996, in agreement with the European Council resolutions, clinical records must not be exclusively medical, rather they should be compiled using any available input from all of the various professionals who participate in the healthcare of the patient. The aim is to include contributions from all of the people who will be accessing the patient's record to enter, consult or extrapolate data, according to their role in the patient's healthcare and to the authorization given to them by the patient, so as produce a clinical record which is as complete as possible.
At an institutional level, the main aims of EHRs are to facilitate the healthcare of the patient while improving the various healthcare services, such as prevention, diagnosis, treatment and rehabilitation.
The digitalization process is well underway in Italy, and EHRs are currently present in 19 of the 20 Italian Regions (all except Calabria): 11,450,600 EHRs have been activated from a total of 238,864,921 digitalized records [35].
Clearly, personal data must be protected as securely as possible, especially in the case of medical information. One of the greatest problems with the original paper clinical records is preserving them safely in archives. Being physical entities, they require physical storage space and are at risk of damage from possible floods, fire or simply from deterioration due to inadequate storage conditions. Physical storage of medical files also comes with responsibility for those in charge of the archives.
The above problems can be solved through the use of digital archives, with the additional benefit of allowing rapid access to data, which, due to its extremely sensitive nature, must, of course, be protected through systems of user authentication. Switching to digital archives would also be considerably more advantageous in economic terms. Savings would be made in paper and printing costs. According to an estimate from the Politecnico di Milano, the cost of printing information on an A4 sheet of paper is approximately 10 cents, and, after adding the cost of archiving and storage, the cost rises to about 30 cents per sheet [36].
The use of EHRs would reduce the problem of doctors having patients repeat the same medical tests that have already been performed in other institutions. On consulting the EHRs, medics would see exactly which tests have been carried out and their results, as well as any tests scheduled for the future, and consequently stopping the SSN from incurring doubled costs due to duplicated medical tests. Consulting EHRs would be quicker and easier, thus reducing the length of appointments and consequently limiting waiting times in which medical conditions often become worse.
The use of this technology will also benefit the patients as they will not be forced to bring a paper copy of their entire medical history whenever they visit a doctor; all of this information will be available to them in digital form wherever they are at all times.

The Application of Blockchain for EHRs
Patients would not need to pay for copies of their clinical records, whose costs currently vary according to the format: on average for a copy downloaded from the Internet the cost is €22; a hard paper copy collected from the hospital costs €25; whereas a hard paper copy delivered by post costs €28. If the EHRs were archived in blockchain, these costs would all vanish while providing the additional benefit of allowing whoever has the appropriate authorization to visualize a patient's health records on their personal electronic devices wherever and whenever required. Furthermore, if blockchain were used to archive EHRs, hospitals would no longer need to sustain any of the costs of archiving physical clinical records. Generally, a hospital archives its clinical records in the hospital itself, often occupying large areas of the building, or, worse still, when there is a lack of space, the hospital may be forced to sustain the considerable extra costs of leasing a suitable storage area for their archives. Using blockchain to store the clinical records contained in the EHRs, would not only increase the data security exponentially, but it would go towards eliminating all the archiving costs that the SSN has sunk into leases for external storage facilities; or at the very least, it would free up space in hospitals which could be reutilized more efficiently, such as to create a new ward or to enlarge an existing one.
The potential of using blockchain technology in the health service sector is becoming ever clearer, especially with regard to its use in conjunction with EHRs. It is believed that EHR systems can be vastly improved thanks to the following qualities of blockchain technology: immutability through file integrity, IT security through data access management and interoperability through collaborative version control:

•
File integrity: since the hash of an event is unique to the contents of the record, the integrity of the data is guaranteed. When the hash is recorded, it allows future users to verify that the contents have not been modified. Should a document have been modified, it would produce a different hash, which would not correspond to the original hash code. • Data access management: when a file is recorded in blockchain, its hash can include more than the contents of the event. The hash can also include extra information such as the lists of authorized users, which functions as instructions for the blockchain applications. Through the storage of this information on the platform, doctors, nurses, patients or any other authorized user or device can control access to the data. When a user requests access to the personal information on a patient's file, the application checks their credentials and then either grants or refuses access to the data accordingly. It is important to note that the management of access to the data is based on a set of transparent public rules, which does not, however, disclose any private information to unauthorized users. In conclusion, the use of blockchain technology to manage access to data ensures that authorized persons can access information when needed; every type of interaction with the data is recorded while guaranteeing that private information cannot fall into the hands of unauthorized people. • Collaborative version control: blockchain can eliminate the burden and costs of reconciliation of data. Rather than having each party keep a version of the EHR in their local memory (which would need to be reconciled with all of the other versions), every record stored in the blockchain is linked to the original so as to allow access to this continuum (chain) of information according to a user's level of authorization. The advantage resides in the fact that establishing a record which all of the authorized users can access and add information considerably reduces the quantity of duplicate or inconsistent records stored on the platform. Every interaction with the record is stored on the blockchain, guaranteeing a record of each person who adds anything by changing the data [37].
One example of blockchain used in conjunction with EHRs, called Medicalchain, is outlined in the following section, in which the functionality is discussed through an analysis of its strengths and weaknesses. A variant is then developed in which the weaknesses of Medicalchain are dealt with, and the variant is subsequently applied to the context of interest to this paper: the organization of the SSN.

Medicalchain
At present, the fact that health organizations store numerous, fragmented medical records for their patients is one of the major problems of the sector. Medicalchain deals with this problem by storing medical records on a blockchain to create an intelligent healthcare ecosystem. Medicalchain enables Sustainability 2020, 12, 9693 9 of 17 users to give healthcare professionals access to their personal health data. Medicalchain then records interactions with these data in an auditable, transparent and secure way on Medicalchain's distributed ledger. Moreover, the Medicalchain platform can be used to build applications that complement and improve user experience. Users will be able to leverage their medical data to power a plethora of applications and services. Medicalchain activates a smart contract that allows the patient unlimited access to their electronic medical records. Doctors then add notes, scans and laboratory results, which are all recorded as transactions, the pharmacist supplying the patient's medicine also records any transactions on the blockchain. Patients can grant limited access to whomever, they decide needs to see their files, for example, to their medical insurance company to verify which treatment is being undergone and that healthcare payments are up to date. Through the use of smart contracts, patients can allow doctors to see their files remotely for a consultation or a second opinion.
Medicalchain has a payment system using tokens (MedTokens), which the platform issues to patients. Patients earn or spend tokens on the platform; tokens enable patients to perform certain tasks such as record their data onto the blockchain (thus supporting the nodes of the blockchain), and they may also be used to pay for various services on the platform, including the use of third party applications. When a patient allows an insurance company to access their medical records to monitor their physical progress, he or she is rewarded in tokens, or perhaps with cheaper insurance; the patient also receives tokens for allowing research institutes limited access to their data for medical research. Patients may be rewarded in tokens for providing data from wearable devices for physical exercise or else for allowing a pharmaceutical company a limited timeframe to study their test results.
The Medicalchain healthcare ecosystem is a platform that allows developers to create smart applications to analyze patients' medical data and give them advice, such as what diet to follow. The first phase of Medicalchain is already active in various hospitals in the United Kingdom. The diagram below illustrates how the platform works (see Figure 1).
The model illustrated in Figure 2 is constructed using a double blockchain structure: the first is built with Hyperledger Fabric infrastructure, controlling the access to health records, while the second is driven by Token ERC-20 on Ethereum and is the basis of all of the applications and services of the platform. The Hyperledger blockchain is a permissioned infrastructure and requires users to register. The Hyperledger Fabric is a platform for distributed ledger systems with a modular architecture that offers high levels of security, flexibility and scalability. Medicalchain has a payment system using tokens (MedTokens), which the platform issues to patients. Patients earn or spend tokens on the platform; tokens enable patients to perform certain tasks such as record their data onto the blockchain (thus supporting the nodes of the blockchain), and they may also be used to pay for various services on the platform, including the use of third party applications. When a patient allows an insurance company to access their medical records to monitor their physical progress, he or she is rewarded in tokens, or perhaps with cheaper insurance; the patient also receives tokens for allowing research institutes limited access to their data for medical research. Patients may be rewarded in tokens for providing data from wearable devices for physical exercise or else for allowing a pharmaceutical company a limited timeframe to study their test results.
The Medicalchain healthcare ecosystem is a platform that allows developers to create smart applications to analyze patients' medical data and give them advice, such as what diet to follow. The first phase of Medicalchain is already active in various hospitals in the United Kingdom. The diagram below illustrates how the platform works (see Figure 1).
The model illustrated in Figure 2 is constructed using a double blockchain structure: the first is built with Hyperledger Fabric infrastructure, controlling the access to health records, while the second is driven by Token ERC-20 on Ethereum and is the basis of all of the applications and services of the platform. The Hyperledger blockchain is a permissioned infrastructure and requires users to register. The Hyperledger Fabric is a platform for distributed ledger systems with a modular architecture that offers high levels of security, flexibility and scalability.
Once patients have accessed their EHR, they will be allowed to use the key functions of the Medicalchain platform. One of these functions is telemedicine: an online consultation service whereby patients may consult a doctor through a webcam interface. Patients can allow doctors access to their medical records during a telemedicine consultation, enabling the doctors to have a broader, in-depth view of the patient's situation, which is advantageous to both patient and doctor. From the patient's point of view, using Medicalchain would considerably reduce the time needed for a consultation since they would not necessarily need to be physically present at the doctor's surgery. For example, in order to attend a doctor's appointment, work commitments often need to be canceled, then time is wasted in the doctor's waiting room, maybe all in order to ask the doctor a simple question. Telemedicine, on the other hand, offers patients the opportunity to choose a particular doctor to consult, at a time that suits them, from their own homes, thus overcoming the above logistical problems.  Once patients have accessed their EHR, they will be allowed to use the key functions of the Medicalchain platform. One of these functions is telemedicine: an online consultation service whereby patients may consult a doctor through a webcam interface. Patients can allow doctors access to their medical records during a telemedicine consultation, enabling the doctors to have a broader, in-depth view of the patient's situation, which is advantageous to both patient and doctor. From the patient's point of view, using Medicalchain would considerably reduce the time needed for a consultation since they would not necessarily need to be physically present at the doctor's surgery. For example, in order to attend a doctor's appointment, work commitments often need to be canceled, then time is wasted in the doctor's waiting room, maybe all in order to ask the doctor a simple question. Telemedicine, on the other hand, offers patients the opportunity to choose a particular doctor to consult, at a time that suits them, from their own homes, thus overcoming the above logistical problems.
From the doctors' point of view, Medicalchain allows them to hold consultations wherever they please with nothing but a device that has an Internet connection: the platform provides access to the patient's medical records, with the patient's permission, during the consultation [38].

Application of Our Architecture
At this point, having defined and explained the workings of Medicalchain, the aim of this section is to exploit the advantages of this technology in their application to the SSN while changing the original English model to turn its weaknesses into strengths. In order to manage electronic health records (EHRs), a permissioned type of blockchain is required. To recapitulate the concept explained in Section 1, a permissioned blockchain is subject to a central body, which determines who can access the network and who cannot. Moreover, this body also defines which roles the users may play in the network and specifies rules regarding the visibility of the recorded data. A permissioned blockchain is different from other types of blockchain in that, for the first time, it introduces the concept of governance, centralizing a network that was designed to be decentralized and distributed. In the architecture presented here, the permissioned blockchain consists of a consortium of ten Italian cardiology departments that become the nodes of the network. We choose proof of authority (PoA) blockchain, in which transactions and blocks are validated by approved accounts, known as validators: in our case, the cardiology departments. The algorithm delivers fast transactions through a consensus mechanism based on identity as a stake. The reputation of the cardiology departments acts as their identity to become nodes of the network and, therefore, validators.
Cardiology was chosen since cardiovascular disease is the primary cause of death in Italy: in 2016, there were 221,914 deaths from circulatory system diseases, a considerable number given that the total number of deaths for the year amounted to 615,261.
The structure of this blockchain is divided into two levels: 1. Blockchain level, the first level comprises data input and management in the platform through the hashing processes. Thanks to this process, the system codifies alphanumeric strings of various lengths into a single code with a prefix of a predetermined number of bits, called a hash. Blocks that have each with their own hash are then created, which will be linked together to form a chain. The hash of any given block contains part of the previous block in the chain, and thanks to this mechanism, there is a high level of data security, making fraudulent attacks from outside impossible.

2.
Data storage level in the second level, the data from the hashes are recorded. This may seem to be simply another database that already exists; however, at this level, the information contained in the blocks is decoded through asymmetric cryptography (see Section 1), which only allows access to authorized persons with the cryptographic key to read the data.
A third level can be added, called the application level, in which the information gathered in the previous levels could be exploited for other applications, such as creating an off-chain database to be accessed by pharmaceutical companies to plan the production of a given drug according to the spread of the relevant disease over the period in question. The model in this paper is limited to the first two levels since the focus here is on how EHRs are recorded and managed on the platform. The players of the system are the patients, the doctors and other healthcare personnel within the hospital, each with different functions.
For this reason, the nodes of the network are divided into three categories: a.
Master nodes: these must be external people or else the doctors themselves, who input the records into the blocks and the blocks into the chain. Furthermore, they must always be in possession of an up-to-date copy of the ledger. Their main job is to validate the input of EHRs into the blockchain, thus participating in the so-called consensus mechanism; b.
Light nodes: these are people who simply input the medical records into the block, who must also possess an up-to-date copy of the ledger. They cannot participate in the consensus mechanism; c.
Simple nodes: These are identifiable patients who have an up-to-date copy of the ledger. They cannot input data nor participate in the consensus mechanism; however, only they have the power to grant or deny authorization to access the data stored on the platform.
The simplified diagram below (see Figure 3) illustrates how the structure works.
Sustainability 2020, 12, x FOR PEER REVIEW 15 of 17 c. Simple nodes: These are identifiable patients who have an up-to-date copy of the ledger. They cannot input data nor participate in the consensus mechanism; however, only they have the power to grant or deny authorization to access the data stored on the platform.
The simplified diagram below (see Figure 3) illustrates how the structure works. The model in Figure 2 assumes that a generic patient, after being admitted to one of the ten cardiology wards, undergoes the same procedures as are currently in place. During their stay in the ward, the patients undergo all of the analyses and receive all of the necessary treatments to restore them to health; meanwhile, their electronic medical records are progressively updated accordingly. When the patient is discharged, which is normally planned according to both the patient's needs and those of the hospital department, there is a final examination of the state of the patient's health. This is normally documented in the discharge summary, which also includes a description of the treatment undergone, any problems during treatment, any unresolved problems, the initial and final diagnoses and the patient's state of health at the time of discharge [39].
The patient's EHR is then compiled and linked to the patient's entire medical history by storing it in the blockchain, thus rendering the data secure. The process of storing the record must occur after the patient's EHR has been completed and checked for errors, since once it has been entered into the blockchain, it can no longer be modified. At this point, the healthy/discharged patient, being a Simple Node of the network, can consult their EHR at any time from any electronic device they choose, such as their smartphone or tablet, dispensing with the need to carry a physical copy of their entire clinical The model in Figure 2 assumes that a generic patient, after being admitted to one of the ten cardiology wards, undergoes the same procedures as are currently in place. During their stay in the ward, the patients undergo all of the analyses and receive all of the necessary treatments to restore them to health; meanwhile, their electronic medical records are progressively updated accordingly. When the patient is discharged, which is normally planned according to both the patient's needs and those of the hospital department, there is a final examination of the state of the patient's health. This is normally documented in the discharge summary, which also includes a description of the treatment undergone, any problems during treatment, any unresolved problems, the initial and final diagnoses and the patient's state of health at the time of discharge [39].
The patient's EHR is then compiled and linked to the patient's entire medical history by storing it in the blockchain, thus rendering the data secure. The process of storing the record must occur after the patient's EHR has been completed and checked for errors, since once it has been entered into the blockchain, it can no longer be modified. At this point, the healthy/discharged patient, being a Simple Node of the network, can consult their EHR at any time from any electronic device they choose, such as their smartphone or tablet, dispensing with the need to carry a physical copy of their entire clinical history with them whenever they visit a doctor.
The real advantage of using this technology is that patients manage the access key to the decentralized platform whenever they please: authorization is controlled through the use of smart contracts. A patient may grant access to their personal data to a doctor through a smart contract, which decrypts the data for the doctor to consult for a predefined timeframe, after which the data return to their encrypted state. Once the patient's EHR is securely locked in the blockchain, the patient's identity is encrypted, while their data remains unencrypted and accessible/usable. Consequently, each patient's privacy is ensured while guaranteeing that the data are readable. Since the data remain unencrypted, they can be used as a database by the other cardiology departments in the hospitals, which are part of the project, allowing the data to be used for anonymous statistical tests and analyses. Consequently, it will be possible to treat or prevent similar or identical cardiovascular diseases quicker, which may affect people at the other hospitals; this will also allow patients to ask a cardiologist from one of the other hospitals for a second opinion. As a result, simply authorizing the other doctor to see the data which is strictly necessary will circumvent the usual logistical obstacles regarding sharing data of this sensitive nature.

Analogies and Differences between the Models
The model created here is similar to that of Medicalchain, while differing on some points. Medicalchain was implemented for freelance doctors, whereby any doctor may be contacted by any patient through the telemedicine function, provide consultation and receive MedTokens in payment. The proposed model, on the other hand, is implemented in the Italian National Health System (SSN-Sistema Sanitario Nazionale). While in Medicalchain, patients' medical records are checked and stored on the platform by the doctors themselves; this would not necessarily happen when the technology is applied to the SSN. It may be necessary to employ intermediary personnel to enter the data onto the platform.
First, a decision must be made as to whether doctors should accept the additional responsibility of recording the data onto the platform since once the data becomes part of the blockchain, it is rendered immutable. Second, it must be decided whether intermediary personnel between doctors and the blockchain to carry out data entry are really required: more intermediaries result in more probability of human error in recording the data. The choice of whether or not to employ intermediaries is outside the scope of this paper, and its evaluation in economic terms is a subject for further study.
The choice to apply the blockchain technology to the SSN is also justified by the considerable increase in spending on private healthcare in Italy: according to the Censis-Rbm health insurance report presented on "Welfare Day 2018", private health expenditure has reached 40 billion euros. During 2018, 44 million Italians (approximately two-thirds of the population) spent some of their money on healthcare. The management of medical data on blockchain technology will result in great savings financially, but above all, it will save time, which is the primary reason that Italians turn to private healthcare.
The two models share the same type of blockchain: both models believe a permissioned blockchain to be the most suitable. Due to the sensitive nature of the medical data being managed, this type of blockchain gives the individual patients the power of authorization to decide who can access their data and for how long. Both models manage authorization through smart contracts between the patients and whoever needs access to the data, such as doctors, hospitals, pharmaceutical companies or insurance companies. At the end of the predetermined access timeframe, the smart contract expires, and the data are re-encrypted.
The models are also similar in the structure of the blockchain: both are structured on two levels, with the difference that the proposed model does not include the payment of services with ERC-20 Tokens in the second blockchain structure. The first level is for the storage and management of the data on the platform through the hashing processes, while the second is where the data from the hash codes are stored.
The model presented here is implemented for a consortium of ten hospitals, narrowing the scope to ten wards. The cardiology department was chosen simply because it is the most interesting due to the high number of deaths from cardiovascular diseases, but the model could equally well be used for any department. Clearly, being the first attempt at modeling the use of blockchain technology in the SSN, these assumptions have oversimplified the situation, although the hope is that one day it really will be applied across all of the Italian hospitals.

Discussion and Limitations
In the last two years, blockchain-based projects have become a hot topic. It would be a mistake to think that we are dealing with a technology of immediate application or that changes can be implemented easily because the blockchain is a very novel and complex technology. We are rather in an initial exploratory period. The blockchain is not the solution that will fix everything that is wrong with today's management of health records. However, it does offer some possibilities for improving the system we have today, and that is the reason why it is so interesting and challenging to explore.
Blockchain is a disruptive technology that, after a few years of implementation as the basis of digital currency, is showing itself to be an open resource with possibilities in different fields. The key to the interest in this technology lies in its ability to move from a system of centralized data logging to a distributed system that ensures no alteration of the information and the maintenance of privacy. The blockchain represents an unprecedented opportunity for the enterprise and the public sector.
Every institution capable of exploiting these technologies will have a chance to radically streamline and enhance existing processes, create entirely new business models and develop innovative products and services for a new generation of consumers. However, this is not a vision of a utopian, tech-enabled future: the technology capabilities are available today to keep an unalterable record of every exchange, removing the need for trusted, third-party intermediaries in digital transactions. The consequences are faster processes, real-time transaction visibility and reduced costs across every industrial, social and economic sector. Gartner estimates that blockchain could create US$176 billion of value-added revenue by 2025, revolutionizing the supply chain, enabling new business models and disrupting existing ones. This paper focuses on the application of blockchain technology in the health sector. Blockchain is examined through a study of its main characteristics and categorizing the various types of blockchain available. The health sector was chosen precisely because it is one of those leading the field in the process of digitalization, although still rather heterogeneously. For this reason, the paper analyses the apparent inability of IT systems (lacking completely in some cases) to support the process of the management and storage of EHR of patients in the SSN, the Italian National Health Service.
Patients frequently forget which tests they have undergone, or cannot access certain clinical data when they need to, or forgo asking for a second opinion simply because doing so would be logistically impossible. This paper proposes a solution to address these problems in order to improve the SSN, which is now so inefficient that it appears to have lost the trust of the people since Italians are increasingly turning towards private healthcare.
Another objective is to create a model of a decentralized database to archive personal medical data, which can easily be accessed from one's smartphone anywhere at any time. However, it is essential to understand the complexities of this innovative solution, which, being still under development, causes a marked divergence of opinions over whether to adopt it or not. Revolutionizing a system like the SSN with the introduction of a highly innovative and complex IT system may have two effects: on one hand, adopting this technology would bring numerous advantages. On the other hand, users may show adversity towards a radical change, which is always difficult to accept for some.
The solution proposed in this paper consists of a permissioned PoA blockchain to manage and store the EHR of registered patients. The permissioned type of blockchain was chosen since the data to be handled is of a personal nature. This system guarantees transparency and especially immutability, which are essential for secure management and storage, ensuring a system that is efficient both for doctors and patients, and, hopefully, bringing about renewed trust in the SSN.
Realizing the full potential of such a system would require collaboration and standardization between parties, which probably have divergent needs and interests. Moreover, the use of blockchain technology to address these problems in the SSN and the considerable costs they would entail may make one wonder if blockchain is not just another example of inadequate healthcare innovation.
It is thought that the best strategy would be to introduce this technology gradually: tests and analysis will determine the path to follow to ensure sufficient returns on the technological investment step-by-step. It should therefore be emphasized that the aim of this paper is to lay the groundwork for more in-depth study in the future, which would include cost-benefit analysis and an evaluation of indicators such as ROI to determine the feasibility of the project. This paper simply proposes a basic model in which all the implications of its IT implementation should be the subject for further study.
Should such an ambitious project seem daunting, one needs only to think about the world before blockchain when no one would have ever thought of using interoperable trust architecture in the health sector. Blockchain technology offers hope for the realization of this system, precisely because it differs from past solutions in its capacity to simplify the exchange of medical data through an unalterable, decentralized architecture, creating a secure, immutable, shared ledger of healthcare data.
Blockchain technology can actually act as a catalyst for the innovation of services offered to citizens. Politics must have an active role that fully understands the fundamental role of innovation also in the public sector and in the health sector, encouraging the digital culture and related infrastructures. In fact, when several actors are involved in a transaction, as in the case of the services offered by the public health sector, the implied requests of transparency, speed, accuracy and security increase. Meet those demands while maintaining high levels of quality is a key factor for governments in order to create value for citizens as well as to increase the trust of the latter. In a historical moment in which trust in public institutions is reduced to minimum terms, a system like blockchain, built to ensure the reliability and transparency of transactions, as well as the safe management and storage of information, undoubtedly has all the requirements to be considered a priority in the indispensable processes of rethinking of administrative procedures and of territorial governance.
The attention of national governments will be directed to the implementation of a development and growth strategy involving multiple decision-making levels (companies, universities, citizens, startups, research centers, etc.) and which places a more participatory style of governance of local systems at the center. Therefore, solid digital foundations are needed in order to take advantage of the opportunities offered by new technologies such as blockchain, Artificial intelligence or the "Internet of things" to build a solid "computer-based" culture on continuous and reliable interaction with citizens, businesses and national public administrations.
The application of the blockchain technology to the health sector is clearly a complex and gradual process, which must also face obstacles of various types, such as people's low digital level and pre-existing paper-based processes, where all the involved stakeholders (including citizens) expect to receive a physical document as a result of the process. One of the reasons for the delay in the technological transformation is also of a psychological nature, as both employees and citizens often find it difficult to deal with a change, even if necessary or helpful. It is not unusual to feel discomfort and raise uncertainty in the management of an innovation, which differs from what is usual and familiar; nevertheless, the aversion to changes should not hinder the inevitable process of digitization and innovation of the processes.
We can affirm that blockchain technology has the capacity to greatly expand the possible boundaries and scenarios of development of public functions: once a sufficient level of technological maturity is reached, decentralization in the public administration will be one natural, inevitable and revolutionary consequence of the application of this technology. Therefore, it is crucial to start acquiring the necessary awareness to push governments to take action in this direction and to carry out the fundamental changes all citizens need.
In conclusion, the potential of blockchain technology is huge, and the potential benefits are too important not to be taken into consideration. In fact, although the study of the application of the blockchain is still in an embryonic stage, this technology can be used to strengthen public integrity and restore or increase citizens' trust in public institutions.
This study is at a preliminary stage, and for this reason, has some limitations. It has a more qualitative than quantitative approach, but we are in an initial and exploratory analysis, and we aim at continuing our studies of the application of blockchain in the health sector, trying to contribute to the exploitation of a standard and open-source framework for monitoring and auditing electronic health records. Blockchain is undoubtedly transformative, and, for this reason, much of its impact has yet to be explored, even on a theoretical level. In our future research, we aim to evaluate how the SSN could accommodate such innovation in terms of the digital divide, and we also aim to implement a cost model suitable for the public health sector. Our goal is not mere economic savings but the efficiency and scalability of the process in terms of time, which would affect not only the process itself but also other processes that could gain more time and resources. Moreover, the time has also a crucial role when dealing with peoples' health.
Author Contributions: G.C. and F.L. conceived the presented idea. F.L. developed the Blockchain model and its application supervised by G.C, which has provided various and notable insights, as well as the continuous monitoring and coordination of the various aspects of the project. Both the authors discussed the results and cntributed to the writing of the manuscript.