Next Article in Journal
A Short-Circuit Current Calculation Model for Renewable Power Plants Considering Internal Topology
Previous Article in Journal
FEA-Based Design Procedure for IPMSM and IM for a Hybrid Electric Vehicle
Previous Article in Special Issue
Digital Content Management Using Non-Fungible Tokens and the Interplanetary File System
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 14
Issue 22
10.3390/app142210744
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

PHR-NFT: Decentralized Blockchain Framework with Hyperledger and NFTs for Secure and Transparent Patient Health Records

Appl. Sci. 2024, 14(22), 10744; https://doi.org/10.3390/app142210744
by Huwida E. Said 1,*, Nedaa B. Al Barghuthi 2,*, Sulafa M. Badi 3, Faiza Hashim 4 and Shini Girija 1
Reviewer 1:
Mohamed Baza
Reviewer 2:
Zhengying Cai
Reviewer 3:
Gongfan Chen
Appl. Sci. 2024, 14(22), 10744; https://doi.org/10.3390/app142210744
Submission received: 3 October 2024 / Revised: 3 November 2024 / Accepted: 4 November 2024 / Published: 20 November 2024
(This article belongs to the Special Issue Future Security of NFT-Blockchain)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This research addresses the security and privacy challenges of centralized storage systems for Patient Health Records (PHRs) in healthcare, which often lead to data breaches and erode trust between organizations. The study introduces **PHR-NFT**, a blockchain-based solution utilizing **Hyperledger Fabric** and **Non-Fungible Tokens (NFTs)** to create a secure and transparent framework for PHR management. This system enables medical professionals to temporarily access patient records through NFTs, empowering patients with greater control over their data. A performance evaluation demonstrates the system’s effectiveness in terms of transaction latency, throughput, and resilience to DoS attacks, showcasing its potential to enhance healthcare data management.

 

**However, several issues should be addressed**:

- The paper lacks a detailed attack and threat model, which is critical for identifying potential attackers and their capabilities.

- Regarding novelty, while blockchain applications in healthcare exist, the authors must clearly differentiate their work from existing literature.

- The manuscript needs proofreading to correct minor issues, such as missing articles ("a" or "an").

- **Figure 2** is difficult to read and should be improved for better clarity.

- The statement that "The adoption of NFTs may be costly and inefficient" raises concerns about scalability. The authors should explain how their approach ensures efficiency and scalability.

- The subsection on the "fail rate" is not directly related to security. It should be merged with the previous section, and the "Security analysis" subsection should be removed.

Comments on the Quality of English Language

The manuscript needs proofreading to correct minor issues, such as missing articles ("a" or "an").

Author Response

Reviewer #1 Comments

Comment #1: "The paper lacks a detailed attack and threat model, which is critical for identifying potential attackers and their capabilities."

Response #1: We appreciate this important observation. In response, we have included a detailed attack and threat model in Section 4.1 of the revised manuscript. This model outlines potential attackers, their capabilities, and specific threats to the PHR-NFT framework. We believe this addition significantly enhances the understanding of security risks associated with our approach and provides a clearer context for our proposed solutions.

4.1 Threat Model

Security analysis is crucial for assessing the robustness of the proposed network. This research primarily addresses Denial of Service (DoS) attacks, which represent a significant and prevalent threat to distributed networks. In the context of a DoS attack, a malicious actor seeks to flood the network with unauthorized transactions, thereby exhausting system resources and rendering services unavailable to legitimate users, ultimately disrupting network operations.

Our threat model assumes that the attacker is capable of generating a substantial volume of transactions at a rapid pace, effectively overwhelming the ordering service within the blockchain network. The attacker aims to induce service degradation by imposing sufficient load to provoke transaction delays, high failure rates, or even a total cessation of network functionality. The failure rate is defined as

Comment #2: "Regarding novelty, while blockchain applications in healthcare exist, the authors must clearly differentiate their work from existing literature."

Response #2: Thank you for highlighting the need for clarity in our contributions. We have revised the introduction and added a new subsection that explicitly outlines how our PHR-NFT framework differs from existing blockchain applications in healthcare. This includes a comparison of our unique features and benefits, which we believe strengthens the manuscript's claims of novelty. This clarification can be found in Section 1 and 2.

Section 1. Introduction:-

This research addresses critical gaps in existing Blockchain-based Personal Health Record Systems (BPHRS) by proposing PHR-NFT, a novel solution that leverages Non-Fungible Tokens (NFTs) and Hyperledger Fabric to enhance the security, privacy, and interoperability of healthcare data management. One of the major issues with current BPHRS is the high cost and complexity of maintaining blockchain infrastructure, which significantly limits their scalability [27][28][29]. Additionally, these systems often struggle with seamless integration into existing healthcare infrastructures, making interoperability a substantial challenge [29][30]. Privacy concerns are also prevalent, as many blockchain platforms provide limited control to patients once their health data is stored, largely due to the immutable nature of the blockchain [31][32][33]. Moreover, scalability remains a concern as the volume of healthcare data grows, leading to inefficiencies in existing systems [32] [34] [35]. Current solutions, like Ethereum-based frameworks [36] [37], face challenges such as high energy consumption [38], while other platforms, like BlockMedCare, encounter difficulties in deployment and ensuring compatibility with healthcare systems [27][28][29] [39]. PHR-NFT directly addresses these shortcomings by leveraging the scalable and modular architecture of Hyperledger Fabric, which reduces operational costs and simplifies deployment. By integrating NFTs, PHR-NFT enhances interoperability, enabling seamless data sharing between blockchain platforms and legacy healthcare systems. This facilitates more effective collaboration between healthcare providers. Furthermore, the use of NFTs helps to address scalability issues by linking each health record to a unique, easily trackable token, thus avoiding bottlenecks as data volumes increase. Privacy concerns are mitigated by giving patients full ownership and control over their health data through NFTs, offering flexible and temporary access to healthcare records as needed, all while ensuring compliance with privacy regulations like GDPR [25].

Key benefits of PHR-NFT include enhanced data integrity through unique NFTs that create an immutable distributed ledger, ensuring unauthorized updates are difficult. The system addresses confidentiality by empowering patients to control access to their personal health information, allowing only authorized users to view their electronic health records. PHR-NFT ensures availability by distributing data across decentralized nodes, eliminating reliance on single points of failure and maintaining uninterrupted access even during node failures. Its design promotes effective interoperability by facilitating seamless communication between healthcare professionals across various systems while allowing patients to access their authorized medical records globally via NFTs issued by the Ministry of Health (MoH). NFT integration further improves data security and privacy by limiting access to critical patient data to authorized parties only, hence optimizing data security, privacy, and confidentiality throughout the healthcare ecosystem. Overall, by offering a thorough method for safe and effective patient health record administration, PHR-NFT not only addresses important gaps in the literature but also improves already-existing BPHRS frameworks

The following are the key contributions of this research: 

  • Proposing PHR-NFT, a blockchain-based patient tracking system that uses Non-Fungible Tokens (NFTs) to securely store patient data, enhancing the privacy and security of health records. Our framework adopts a patient-centric approach, allowing patients to maintain complete control over their NFTs. This enables them to grant access permissions to authorized stakeholders, based on the collaborators set, within the network.
  • Implementing patient NFTs on the Hyperledger Fabric blockchain platform. Smart contracts are utilized to automate the sharing of health data, ensuring that data is only shared with authorized parties after explicit patient consent.
  • Conducting a comprehensive analysis of network performance, evaluating key metrics, including throughput, latency, success rate, failure rate, and security.

Section 2. Related Works:-

     Bodur & Yaseen [34] suggested a blockchain-based strategy for the safe sharing, access, and storage of PHR. They used consensus techniques including PoW, PoS, and PoA to guarantee data confidentiality, integrity, and resilience to different types of cyberattacks. However, its emphasis on consensus techniques like PoW can lead to scalability problems and increased energy consumption. Jakhar et al. [35] proposed a BPHRS system that helps to manage healthcare data by utilizing Hyperledger Fabric for permissioned, safe, and efficient access control. This improves privacy, security, and data integrity while granting patients authority over access rules. However, it does not adequately address the interoperability and scalability challenges over individual health records. Swetha et al. [36] developed SecureMed framework which helps to manage healthcare data by using IPFS and Ethereum's blockchain to handle Electronic Health Records (EHRs) in a decentralized and secure manner. It provides a trustless platform and smart contracts for scalability and access control. It does not, however, have the ability to protect privacy or provide individualized control over personal records. Venkatesh & Hanumantha [37] proposed quantum blockchain-based privacy-preserving method which lowers communication and computation costs during the exchange of electronic medical records while preventing a variety of attacks, including quantum threats like collective and coherent attacks. But it lacks the strategy for patient-centered ownership and control of medical records, and it has issues with interoperability and scalability. Haddad et al [38] proposed the patient-centered blockchain-based EHR management system using Ethereum and IPFS which provides a decentralized and patient-centered approach to EHR management, giving patients complete control over their records and guaranteeing safe and scalable data sharing amongst various stakeholders without the need for centralized infrastructure. This solution may not be as effective in complying with stringent data privacy regulations like GDPR since it lacks the sophisticated privacy capabilities necessary for fine-grained, adaptable access control and ownership management. Chinnasamy et al [39] presented a scalable EHR-sharing mechanism for cloud-based IoT in e-health that makes use of Ethereum and IPFS. It offers a strong access control system via smart contracts that improves data security and facilitates the effective exchange of medical records. Although the system guarantees secure data sharing and scalability, it mostly concentrates on cloud-based solutions, which may pose difficulties with regard to patient ownership of data and decentralization in contrast to more patient-centered frameworks.

Most of the existing BPHRS lack patient-centric solutions and the capacity to trace and track PHRs in a transparent and tamper-proof manner [31] [35] [39]. When third parties try to access patient data, current BPHRS can jeopardize patient privacy. Furthermore, patients frequently have little control over their health data under the present systems, which makes it difficult for them to access records and communicate with medical professionals [32] [33] [37]. Additionally, BPHRS are vulnerable to cybersecurity threats and data breaches, particularly when patient data is shared among networks [29] [30]. There is serious privacy risks associated with these breaches since they may expose PHR to hackers [36] [38]. Furthermore, current blockchain-based solutions have a significant cost and energy consumption [27][28] [29]. Lack of procedures to enable patients to modify or delete their information is another limitation in existing systems, which runs against privacy laws like the GDPR that uphold the right to be forgotten [25] [34]. Furthermore, the confidentiality of patient information may be compromised by the usage of public blockchain networks in certain BPHRS since health data, even when encrypted, may be accessible or traceable [19] [36]. Finally, sensitive data is visible to parties not directly involved in patient care since many present systems lack efficient access control methods [27][42].

Although current solutions offer blockchain-based security and transparency, they frequently lack thorough validation in real healthcare settings, pose difficulties with scalability, interoperability, privacy and patient data control, and may still leave vulnerabilities open to unauthorized access. PHR-NFT bridges these gaps by empowering patients with ownership of their health data while providing temporary access to authorized medical providers through the use of Hyperledger Fabric and NFTs. This system guarantees the integrity and traceability of patient records while improving privacy, scalability, and interoperability. Additionally, PHR-NFT uses a decentralized framework to facilitate smooth data transmission across various healthcare platforms, addressing the problem of healthcare system integration and offering a strong solution for enhancing global healthcare data management.

Comment #3: "The manuscript needs proofreading to correct minor issues, such as missing articles ('a' or 'an')."

Response #3: We appreciate the reviewer's attention to detail regarding language quality. We have conducted a thorough proofreading of the manuscript by MDPI English proofreading services, correcting the identified minor issues, including missing articles.

Comment #4: "Figure 2 is difficult to read and should be improved for better clarity."

Response #4: Thank you for your feedback regarding Figure 2. We have improved the clarity of this figure by enhancing the font size, adjusting the color contrast, and providing a clearer layout. The revised figure now presents the information more effectively, making it easier for readers to interpret the workflow of our proposed framework. The updated Figure 2 can be found in Section 3.

Figure 2: is attached in the Manuscript since it is too big to incert to this reply note.

-Comment #5: "The statement that 'The adoption of NFTs may be costly and inefficient' raises concerns about scalability. The authors should explain how their approach ensures efficiency and scalability."

Response #5: We appreciate this constructive comment. In the revised manuscript, we have expanded our discussion regarding the efficiency and scalability of our approach in Section 5.2.1. We provided a detailed explanation of how our framework addresses these concerns, including the implementation of cost-effective strategies and technical optimizations that enhance scalability while utilizing NFTs. This clarification emphasizes our commitment to ensuring a practical and viable solution.

In this section, we investigated the scalability performance of our test network with increasing  transaction load, ranging from 100 to 1100 transactions per round, using the Hyperledger Caliper analysis tool. Scalability refers to the network's ability to handle the growing number of transactions without significant performance degradation. The experiments ran five rounds of tests for each transaction load setting, and the latency metrics (maximum, minimum, and average) were recorded and analyzed. Figure 4 represents the maximum, minimum, and average latency observed across different transaction loads (100 to 1100). The plot illustrates how latency metrics change with increasing transaction volumes. Analyzing maximum, minimum, and average latencies helps identify performance trends and informs optimization strategies such as capacity planning, resource allocation, and workload distribution. The maximum latency metric indicates the peak response time observed during a round of transactions. It represents the upper bound of transaction execution times and is crucial for identifying potential performance bottlenecks or outliers. Minimum Latency conversely represents the fastest response time achieved during a round of transactions. It provides insights into the best-case performance scenario and highlights the efficiency of the blockchain network under optimal conditions. The average latency metric summarizes the network's overall performance by calculating the mean response time across all transactions in a round. It serves as a baseline indicator of transaction processing efficiency and system responsiveness. As transaction loads increase, latency metrics typically exhibit non-linear behavior. Initially, latency may remain relatively stable but can increase sharply beyond a certain threshold due to resource saturation or contention.

Comment #6: "The subsection on the 'fail rate' is not directly related to security. It should be merged with the previous section, and the 'Security analysis' subsection should be removed."

Response #6: Thank you for this insightful suggestion. We have merged the "fail rate" subsection with the previous section, as recommended, to enhance the manuscript's coherence. Additionally, we have removed the "Security analysis" subsection since it overlapped with the newly integrated content. The adjustments made have resulted in a more streamlined and focused discussion in Section 4.1.

Comment #7 on the Quality of English Language: "The manuscript needs proofreading to correct minor issues, such as missing articles ('a' or 'an')."

Response #7: As noted in Response #3, we have undertaken a thorough proofreading of the entire manuscript. This process included addressing minor grammatical issues and ensuring overall clarity and readability.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

Please refer to the attachment

Comments for author File: Comments.pdf

Comments on the Quality of English Language

Please refer to the attachment

Author Response

Reviewer#2

Dear authors,  Thank you for submitting your research work to our journal. This manuscript investigated secure and transparent patient health records, and proposed a PHR-NFT- decentralized blockchain framework with hyperledger and NFTS. This manuscript is interesting, but its quality can be further improved before publication.

Comment #1: "The abstract can be improved. The current abstract is too shaky and covers too much background technology. After reading the abstract, it is difficult for the readers to grasp the special contributions of this manuscript, which greatly reduces its publication value, such as what problem this manuscript is solving and what specific technical features it has. The authors claim to have proposed a novel solution called PHR-NFT, but readers find it difficult to understand how these concepts differ from traditional techniques from the abstract."

Response #1: We appreciate the reviewer's feedback regarding the abstract. In response, we revised the abstract to enhance clarity and focus on the manuscript's key contributions. We clearly articulated the problem addressed by our proposed PHR-NFT framework and highlighted its unique features compared to traditional techniques. The revised abstract now succinctly presents the primary objectives and significance of our research, providing readers with a better understanding of the innovations introduced. This modification can be found in the Abstract Section of the revised manuscript as follows:

Abstract:- Blockchain technology holds significant promise for healthcare by enhancing the security and integrity of Patient Health Records (PHRs) through decentralized storage and transparent access. However, it has significant limitations, including problems with scalability, high transaction costs, privacy concerns, and intricate stakeholder access management. This study presents PHR-NFT, a novel framework that strengthens PHR privacy by utilizing Hyperledger Fabric and Non-Fungible Tokens (NFTs) in order to address these issues. PHR-NFT improves privacy and communication by letting patients keep control of their medical records while permitting temporary, permission-based access by medical professionals. PHR-NFT offers a transparent solution that increases trust among healthcare stakeholders by robust and decentralized architecture of Hyperledger fabric. This study demonstrates the viability and effectiveness of the PHR-NFT framework through performance evaluations focused on transaction latency, throughput and security. This research gives useful implications for enhancing data privacy and security in healthcare practices as well as insightful information about blockchain based healthcare systems

Comment #2: "The introduction can be improved. The introduction, like the abstract, also has the same shortcomings. The introduction introduces a large amount of knowledge known to the public. Since everyone can obtain corresponding knowledge from other resources, why do we have to republish another one? What is the publishing value of this manuscript? The introduction claims to have four contributions, but apart from a few concepts, readers cannot discern the technical features of this manuscript's contributions or how it addresses the problem."

Response #2: Thank you for this insightful comment. We have restructured the introduction to eliminate excessive background information and focus more on the manuscript's contributions. We clearly outlined the three contributions in a dedicated paragragh, detailing how each addresses specific challenges in the field. By emphasizing the novelty and significance of our research, we have strengthened the justification for its publication. These changes can be found in the Introduction Section of the revised manuscript as follows.

This research addresses critical gaps in existing Blockchain-based Personal Health Record Systems (BPHRS) by proposing PHR-NFT, a novel solution that leverages Non-Fungible Tokens (NFTs) and Hyperledger Fabric to enhance the security, privacy, and interoperability of healthcare data management. One of the major issues with current BPHRS is the high cost and complexity of maintaining blockchain infrastructure, which significantly limits their scalability [27][28][29]. Additionally, these systems often struggle with seamless integration into existing healthcare infrastructures, making interoperability a substantial challenge [29][30]. Privacy concerns are also prevalent, as many blockchain platforms provide limited control to patients once their health data is stored, largely due to the immutable nature of the blockchain [31][32][33]. Moreover, scalability remains a concern as the volume of healthcare data grows, leading to inefficiencies in existing systems [32] [34] [35]. Current solutions, like Ethereum-based frameworks [36] [37], face challenges such as high energy consumption [38], while other platforms, like BlockMedCare, encounter difficulties in deployment and ensuring compatibility with healthcare systems [27][28][29] [39]. PHR-NFT directly addresses these shortcomings by leveraging the scalable and modular architecture of Hyperledger Fabric, which reduces operational costs and simplifies deployment. By integrating NFTs, PHR-NFT enhances interoperability, enabling seamless data sharing between blockchain platforms and legacy healthcare systems. This facilitates more effective collaboration between healthcare providers. Furthermore, the use of NFTs helps to address scalability issues by linking each health record to a unique, easily trackable token, thus avoiding bottlenecks as data volumes increase. Privacy concerns are mitigated by giving patients full ownership and control over their health data through NFTs, offering flexible and temporary access to healthcare records as needed, all while ensuring compliance with privacy regulations like GDPR [25].

Key benefits of PHR-NFT include enhanced data integrity through unique NFTs that create an immutable distributed ledger, ensuring unauthorized updates are difficult. The system addresses confidentiality by empowering patients to control access to their personal health information, allowing only authorized users to view their electronic health records. PHR-NFT ensures availability by distributing data across decentralized nodes, eliminating reliance on single points of failure and maintaining uninterrupted access even during node failures. Its design promotes effective interoperability by facilitating seamless communication between healthcare professionals across various systems while allowing patients to access their authorized medical records globally via NFTs issued by the Ministry of Health (MoH). NFT integration further improves data security and privacy by limiting access to critical patient data to authorized parties only, hence optimizing data security, privacy, and confidentiality throughout the healthcare ecosystem. Overall, by offering a thorough method for safe and effective patient health record administration, PHR-NFT not only addresses important gaps in the literature but also improves already-existing BPHRS frameworks

The following are the key contributions of this research: 

  • Proposing PHR-NFT, a blockchain-based patient tracking system that uses Non-Fungible Tokens (NFTs) to securely store patient data, enhancing the privacy and security of health records. Our framework adopts a patient-centric approach, allowing patients to maintain complete control over their NFTs. This enables them to grant access permissions to authorized stakeholders, based on the collaborators set, within the network.
  • Implementing patient NFTs on the Hyperledger Fabric blockchain platform. Smart contracts are utilized to automate the sharing of health data, ensuring that data is only shared with authorized parties after explicit patient consent.
  • Conducting a comprehensive analysis of network performance, evaluating key metrics, including throughput, latency, success rate, failure rate, and security.

Comment #3: "Chapter 2 can be improved. This chapter introduces a large number of achievements related to blockchain and medical record systems, but lacks organization. The problem that this manuscript aims to solve, how international peers have solved it, what progress has been made, what shortcomings exist, and where the difficulties lie, are unknown to readers."

Response #3: We appreciate the feedback regarding the organization of Chapter 2. In response, we have reorganized this chapter to provide a clearer narrative structure. We introduced subsections that explicitly outline the specific problems our research addresses, how peers have attempted to resolve these issues, the progress made, and the limitations of existing solutions. This restructuring allows readers to better understand the context of our work and its relevance to current challenges in the field. The updated organization can be found in Section 2 of the revised manuscript.

Bodur & Yaseen [34] suggested a blockchain-based strategy for the safe sharing, access, and storage of PHR. They used consensus techniques including PoW, PoS, and PoA to guarantee data confidentiality, integrity, and resilience to different types of cyberattacks. However, its emphasis on consensus techniques like PoW can lead to scalability problems and increased energy consumption. Jakhar et al. [35] proposed a BPHRS system that helps to manage healthcare data by utilizing Hyperledger Fabric for permissioned, safe, and efficient access control. This improves privacy, security, and data integrity while granting patients authority over access rules. However, it does not adequately address the interoperability and scalability challenges over individual health records. Swetha et al. [36] developed SecureMed framework which helps to manage healthcare data by using IPFS and Ethereum's blockchain to handle Electronic Health Records (EHRs) in a decentralized and secure manner. It provides a trustless platform and smart contracts for scalability and access control. It does not, however, have the ability to protect privacy or provide individualized control over personal records. Venkatesh & Hanumantha [37] proposed quantum blockchain-based privacy-preserving method which lowers communication and computation costs during the exchange of electronic medical records while preventing a variety of attacks, including quantum threats like collective and coherent attacks. But it lacks the strategy for patient-centered ownership and control of medical records, and it has issues with interoperability and scalability. Haddad et al [38] proposed the patient-centered blockchain-based EHR management system using Ethereum and IPFS which provides a decentralized and patient-centered approach to EHR management, giving patients complete control over their records and guaranteeing safe and scalable data sharing amongst various stakeholders without the need for centralized infrastructure. This solution may not be as effective in complying with stringent data privacy regulations like GDPR since it lacks the sophisticated privacy capabilities necessary for fine-grained, adaptable access control and ownership management. Chinnasamy et al [39] presented a scalable EHR-sharing mechanism for cloud-based IoT in e-health that makes use of Ethereum and IPFS. It offers a strong access control system via smart contracts that improves data security and facilitates the effective exchange of medical records. Although the system guarantees secure data sharing and scalability, it mostly concentrates on cloud-based solutions, which may pose difficulties with regard to patient ownership of data and decentralization in contrast to more patient-centered frameworks.

Most of the existing BPHRS lack patient-centric solutions and the capacity to trace and track PHRs in a transparent and tamper-proof manner [31] [35] [39]. When third parties try to access patient data, current BPHRS can jeopardize patient privacy. Furthermore, patients frequently have little control over their health data under the present systems, which makes it difficult for them to access records and communicate with medical professionals [32] [33] [37]. Additionally, BPHRS are vulnerable to cybersecurity threats and data breaches, particularly when patient data is shared among networks [29] [30]. There is serious privacy risks associated with these breaches since they may expose PHR to hackers [36] [38]. Furthermore, current blockchain-based solutions have a significant cost and energy consumption [27][28] [29]. Lack of procedures to enable patients to modify or delete their information is another limitation in existing systems, which runs against privacy laws like the GDPR that uphold the right to be forgotten [25] [34]. Furthermore, the confidentiality of patient information may be compromised by the usage of public blockchain networks in certain BPHRS since health data, even when encrypted, may be accessible or traceable [19] [36]. Finally, sensitive data is visible to parties not directly involved in patient care since many present systems lack efficient access control methods [27][42].

Although current solutions offer blockchain-based security and transparency, they frequently lack thorough validation in real healthcare settings, pose difficulties with scalability, interoperability, privacy and patient data control, and may still leave vulnerabilities open to unauthorized access. PHR-NFT bridges these gaps by empowering patients with ownership of their health data while providing temporary access to authorized medical providers through the use of Hyperledger Fabric and NFTs. This system guarantees the integrity and traceability of patient records while improving privacy, scalability, and interoperability. Additionally, PHR-NFT uses a decentralized framework to facilitate smooth data transmission across various healthcare platforms, addressing the problem of healthcare system integration and offering a strong solution for enhancing global healthcare data management.

Comment #4: "Chapters 3 can be improved. The system introduced in this chapter, apart from adding some concepts, readers cannot know what improvements have been made in solving problems. The architecture of Figure 1 and the workflow of Figure 2, apart from some conceptual abbreviations, make it difficult to see the efforts made by the authors in solving the problem, or the authors themselves do not know what technical problem they are trying to solve."

Response #4: Thank you for highlighting these concerns. We have enhanced Chapter 3 by providing a more comprehensive explanation of the system architecture and the workflow. We clarified how our PHR-NFT framework improves upon existing solutions and explicitly outlined the technical problems it addresses. Additionally, we added annotations to Figures 1 and 2 to make the diagrams more informative and illustrative of our contributions. These improvements can be found in Section 3 of the revised manuscript.

3.1 Usecase Scenario

In this section, we present our usecase scenario consists of Patient A, who registers at Hospital X, which has been approved by the MoH, and asks Insurance Company I1 for access to their medical information. After the request has been verified by the insurance provider, Hospital X authorizes it by processing Patient A's Emirates ID. Lab tests are ordered during a consultation, and the additional requests are reviewed and approved by Insurance Company I1. Prescriptions, lab data, and consultation reports are all stored on the blockchain by Hospital X. The validity and integrity of the saved data are then ensured by the Ministry of Health (MoH), which uses Patient A's Emirates ID as the key to validate the information. Following validation, MoH provides a NFT as a digitally authenticated certificate that certifies Patient A's verified medical records. This NFT can be securely accessed by authorized healthcare providers during the patient's visit and for a limited time afterward, ensuring patient-centric control over data access. With the approval of Patient A, the patient's information can also be safely accessed by other healthcare facilities across the globe that accept the MoH-approved NFT, ensuring data integrity, privacy, and interoperability.

Figure 1. PHR-NFT System Workflow.

Please refer to the word file that contains the Reviews reponse with the Diagrams. As this figure can not copied here.

Figure 2. PHR-NFT System Architecture.

Please refer to the word file that contains the Reviews reponse with the Diagrams. As this figure can not copied here

Comment #5: "Chapters 4 can be improved. This chapter lists five evaluation indicators such as throughput, latency, transaction failure, and security performance against DoS attacks. The reasons for listing these indicators, how international peers do them, why there is no reference citation, and how the problems to be solved are related to these indicators are not well explained."

Response #5: We appreciate the reviewer’s comments regarding the evaluation indicators presented in Chapter 4. In the revised manuscript, we have added a thorough explanation of each indicator and its relevance to our research objectives. We also provided citations from relevant literature to support our choice of indicators and included a discussion on how these metrics relate to the problems we aim to solve. These revisions enhance the clarity and rigor of our evaluation framework, and they can be found in Section 4 of the revised manuscript.

In this section, we evaluate the performance of our proposed framework based on standards key metrics used in the literature [48] [49] such as throughput, latency, transaction failure, and security performance. The performance analysis provides valuable insights into the scalability and reliability of our framework under different workload conditions.

Table 2: Performance Matrix

Performance Matrix

Explanation

Throughput

Throughout indicates the overall transaction processing capacity (in TPS) considering successful transactions per second. Higher throughput values reflect higher transaction processing efficiency.

Latency

Latency measures the time it takes for a transaction to be processed and confirmed. Lower latency values are preferable as they indicate quicker transaction confirmations in the network.

Scalability

Scalability tests the network performance with an increasing number of transactions.

Fail Transaction

This denotes the number of failed transactions during processing. It's essential to minimize failed transactions for a robust blockchain network.

Security Analysis

Security analysis of the deployed network based on the threat model.

 

4.1 Threat Model

Security analysis is crucial for assessing the robustness of the proposed network. This research primarily addresses Denial of Service (DoS) attacks, which represent a significant and prevalent threat to distributed networks. In the context of a DoS attack, a malicious actor seeks to flood the network with unauthorized transactions, thereby exhausting system resources and rendering services unavailable to legitimate users, ultimately disrupting network operations.

Our threat model assumes that the attacker is capable of generating a substantial volume of transactions at a rapid pace, effectively overwhelming the ordering service within the blockchain network. The attacker aims to induce service degradation by imposing sufficient load to provoke transaction delays, high failure rates, or even a total cessation of network functionality. The failure rate is defined as

Comment #6: "Chapters 5 can be improved. The experimental results lack credibility. How can international peers reproduce the experimental results, and what environmental parameters and configurations are needed? Some experimental results are too perfect, such as Figure 7, and I am not sure how the authors obtained them. If international peers cannot reproduce the results of Figure 7, should the published manuscript be retracted? The negative impact caused by this will accompany the authors for life, and of course, this journal will also be troubled by it."

Response #6: Thank you for bringing this important concern to our attention. We have significantly revised Chapter 5 to enhance the reproducibility and credibility of our experimental results. We included a detailed description of the experimental setup, including environmental parameters, configurations, and the methodology used to obtain results, particularly for Figure 7. Figure 7 shows a general trend in the blockchain network i.e. as the number of transactions increases, the execution time increases. We replaced Figure 7 with bar charts to enhance the presentation. We also addressed the reviewer's concerns regarding the perceived perfection of the results by discussing the factors contributing to these outcomes and acknowledging the limitations of our experiments. These changes can be found in Section 5.1 page no. 15 of the revised manuscript.

Figure 7 illustrates the relationship between total transaction execution time and the number of invoked transactions (ranging from 100 to 1100).  As the number of invoked transactions increases from 100 to 1100, there is a linear growth in the total transaction execution time. This suggests that transaction processing time scales proportionally with transaction volume, reflecting the network's ability to handle larger workloads. The linear increase in execution time indicates that the blockchain network's processing capacity is influenced by transaction volume. Higher transaction loads require more computational resources and time to process transactions, leading to longer execution times.

Comment #7: "The conclusion can be improved. The conclusion should summarize the technical problems solved in this manuscript, but so far, the problems solved in this manuscript are still unclear, and the contribution cannot be highlighted. In addition, the shortcomings of this manuscript and future research directions need to be more clearly defined."

Response #7: We appreciate the reviewer’s feedback on the conclusion. We have revised this section to succinctly summarize the technical problems addressed in our research and clearly highlight our contributions. We also discussed the limitations of our study and provided specific directions for future research, which enhances the overall clarity and impact of the conclusion. These revisions can be found in Section 6 of the revised manuscript.

This study provides a decentralized, safe, and user-friendly approach to BPHRS by utilizing NFT and Hyperledger blockchain in patient record tracking systems. The limitations of the existing BPHRS were addressed by PHR-NFT, which used NFTs to track all patient record-related activities and verify ownership in order to ensure patient data ownership, improve privacy, and maintain data integrity. Furthermore, the system addresses issues related to confidentiality, privacy, security, and interoperability that have been constraints in  current BPHRS. Patients can use a permission-based system, which ensures data ownership and control, to temporarily provide others access to their data. Data accountability and integrity are ensured with NFTs by monitoring all activity related to patient records and verifying ownership. Data privacy, security, availability, efficient interoperability, data integrity, and confidentiality are significant aspects in which the PHR-NFT outperforms other blockchain-based implementations discussed in related work. The performance evaluation demonstrates the practicality and efficiency of PHR-NFT in terms of throughput, latency, transaction failure rates, and security against DoS attacks. The non-linear behavior of transaction delay with increasing transaction loads highlights the significance of effective resource allocation and transaction rate management. Performance varies throughout healthcare organizations due to network bandwidth, chain code configuration, and peer node dispersion. Furthermore, the system's ability to withstand denial-of-service (DoS) attacks is critical, underscoring the necessity of strong security protocols. There is a scaling constraint, too, because as the number of workers rises, the network becomes more susceptible to attacks.

However, the research also has certain shortcomings, especially with regard to scalability. Peer node distribution and resource management become more difficult as the number of network users rises, potentially increasing a system's susceptibility to attacks. Also, the adoption of NFTs may be costly and inefficient, and there may be a shortage of technical experts knowledgeable in NFT technology in the healthcare industry. Subsequent research endeavors may focus on integrating artificial intelligence and machine learning components to automate healthcare diagnosis determinations. The widespread adoption of NFTs and blockchain technology in the healthcare sector will need the development of comprehensive industry standards and regulations, ultimately supporting the creation of an effective and compliant healthcare data ecosystem. Further, more study is required to solve scaling issues and improve system performance, even if PHR-NFT offers potential ways to improve PHR security and privacy. Future work should strengthen system resilience, network scalability, and resource allocation techniques to reduce possible security threats. Future PHR-NFT enhancements will concentrate on applying modern penetration testing methods to strengthen security and privacy and guarantee resistance to cyberattacks. More detailed NFT-based access controls will be one of the improvements, providing accurate patient data management while maximizing blockchain scalability. Furthermore, the use of privacy-preserving algorithms will be researched in order to guarantee adherence to laws like the GDPR, thereby enhancing patient privacy and maintaining data integrity. PHR-NFT will become a more reliable and flexible solution for safe patient health record management as a result of these enhancements.

Comment #8: "The references can be improved. This manuscript lists slightly more references, but lacks the latest STOA works. On the contrary, there are too many conference articles listed. And unfortunately, there have been some related research findings in this journal that the authors have turned a blind eye to."

Response #8: Thank you for your constructive feedback on our references. We conducted a thorough review of the literature and updated our reference list to include the six latest works in the field, specifically those from the State of the Art (STOA) and two recent findings published in this journal. We reduced the number of conference articles cited and ensured that our references comprehensively reflect the current state of research. The updated reference list can be found in Section 8 of the revised manuscript.

  1. Bodur, H., & Al Yaseen, I. F. T. (2024). An Improved blockchain-based secure medical record sharing scheme. Cluster Computing, 1-20.
  2. Jakhar, A. K., Singh, M., Sharma, R., Viriyasitavat, W., Dhiman, G., & Goel, S. (2024). A blockchain-based privacy-preserving and access-control framework for electronic health records management. Multimedia Tools and Applications, 1-35.
  3. Swetha, M. S., Muneshwara, M. S., Madihalli, A. T., Bhardwaj, A., Ananya, & Solanki, V. K. (2024, March). A Novel Approach on Medical Health Record Management System Using Blockchain. In The International Conference on Intelligent Systems & Networks(pp. 678-687). Singapore: Springer Nature Singapore.
  4. Venkatesh, R., & Savadatti Hanumantha, B. (2024). Electronic medical records protection framework based on quantum blockchain for multiple hospitals. Multimedia Tools and Applications83(14), 42721-42734.
  5. Haddad, A., Habaebi, M. H., Suliman, F. E. M., Elsheikh, E. A., Islam, M. R., & Zabidi, S. A. (2023). Generic patient-centered blockchain-based EHR management system. Applied Sciences13(3), 1761.
  6. Chinnasamy, P., Albakri, A., Khan, M., Raja, A. A., Kiran, A., & Babu, J. C. (2023). Smart contract-enabled secure sharing of health data for a mobile cloud-based e-health system. Applied Sciences13(6), 3970.

Comment #9: "Overall, the authors have conducted some research in this field, but the exploration and summary of the research work are insufficient. I admire the research spirit of the authors and support your research work. However, as a long-term reviewer of this journal, I also have the responsibility to ensure the quality of the papers and intercept manuscripts that do not meet the publishing requirements. This journal is a high-level international publication in the field of application, dedicated to publishing original and high-quality papers. It is obvious that this manuscript currently does not meet the publishing requirements, so I am sorry, I have no choice but to reject this manuscript."

Response#9: We sincerely appreciate the reviewer’s overall assessment and the acknowledgment of our research efforts. We have taken this feedback to heart and made significant revisions throughout the manuscript to enhance both the exploration and summary of our research work.

  • Exploration of previous research work: We have expanded our literature review to provide a more comprehensive exploration of existing research related to secure patient health records and blockchain technologies. We included recent studies and advancements in the field to contextualize our work better. This enhancement can be found in the revised Section 2, which now includes an in-depth analysis of relevant literature.
  • Summary of contributions: To clearly summarize our contributions, we have delineated the specific technical features of the PHR-NFT framework in a dedicated subsection of the Section 2. We emphasized how our framework addresses existing gaps in the literature and improves upon traditional methods. This revised summary is included in Section 1 and 2 and is designed to communicate the significance of our work more effectively.
  • Enhanced clarity and structure: We carefully organized the manuscript to ensure that each chapter logically flows and directly supports our research objectives. Each section has been reviewed to ensure clarity and coherence, with clear headings and subsections that guide the reader through our findings and contributions.
  • Addressing specific concerns: We took the reviewer's specific comments into account and addressed them individually, as detailed in our previous responses. Each chapter has been revised to improve its content, organization, and clarity.

We understand the importance of meeting the high standards of this journal and are committed to ensuring that our work aligns with its publication requirements. We hope that the revisions made to the manuscript will satisfactorily address the reviewer’s concerns and demonstrate the quality and originality of our research. Thank you for your time and consideration, and we look forward to the possibility of our revised manuscript being reconsidered for publication.

Thank you once again for your valuable input and support throughout the review process.

Best regards,

Authors

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

Introduction

1. Spell out the GDPR when it first occurred.

 2. Starting from "PHR-NFT offers an efficient...." to "Simulate DoS attacks to assess..", I would suggest putting them in the Conclusion section because readers might be lost to understand the benefits before they actually read the research design.

5.2.1 When the authors said test 100 to 1100 transactions per round, what does this round, what does it mean to have 100/1100 transactions in real-world cases?

5.2.2. Why "create patient" has such low success rate? Does that mean the developed codes sometimes can not well execute the "Create Patient" function?

Table 5, there is no need to keep such many decimals and use "exponent" in the Table. Simply keeping two decimals number should be fine.

5.2.3 Correlation Matrix:

When the authors measured latency, what scenario did the author actually measure? I guessed when a request was sent (let's say query patient data), who actually confirmed that this party (person) could access the data? And who confirmed the transactions would correlate with the latency, I guess?

Similar to the other situations, it is recommended that the authors bring in real-world scenarios when mentioning different measures; the current writing is a bit fragmented. How the health industry can benefit from these analyses is vague.

 

Comments on the Quality of English Language

English is fine.

Author Response

Reviewer #3 Comments

 Comment #1: "Spell out the GDPR when it first occurred."

Response #1: We appreciate the suggestion to clarify the acronym. In the revised manuscript, we have spelled out "GDPR" as the General Data Protection Regulation the first time it appears in the introduction. This addition ensures that all readers understand the term's significance in the context of our research.

Comment #2: "Starting from 'PHR-NFT offers an efficient....' to 'Simulate DoS attacks to assess..', I would suggest putting them in the Conclusion section because readers might be lost to understand the benefits before they actually read the research design.

Response #2: Thank you for your valuable suggestion. We have moved the specified sentences from the introduction to the conclusion section. This change improves the flow of information, allowing readers to first engage with the research design before understanding the benefits and implications of the PHR-NFT framework. The relevant adjustments can be found in the revised Conclusion section.

This study provides a decentralized, safe, and user-friendly approach to BPHRS by utilizing NFT and Hyperledger blockchain in patient record tracking systems. The limitations of the existing BPHRS were addressed by PHR-NFT, which used NFTs to track all patient record-related activities and verify ownership in order to ensure patient data ownership, improve privacy, and maintain data integrity. Furthermore, the system addresses issues related to confidentiality, privacy, security, and interoperability that have been constraints in  current BPHRS. Patients can use a permission-based system, which ensures data ownership and control, to temporarily provide others access to their data. Data accountability and integrity are ensured with NFTs by monitoring all activity related to patient records and verifying ownership. Data privacy, security, availability, efficient interoperability, data integrity, and confidentiality are significant aspects in which the PHR-NFT outperforms other blockchain-based implementations discussed in related work. The performance evaluation demonstrates the practicality and efficiency of PHR-NFT in terms of throughput, latency, transaction failure rates, and security against DoS attacks. The non-linear behavior of transaction delay with increasing transaction loads highlights the significance of effective resource allocation and transaction rate management. Performance varies throughout healthcare organizations due to network bandwidth, chain code configuration, and peer node dispersion. Furthermore, the system's ability to withstand denial-of-service (DoS) attacks is critical, underscoring the necessity of strong security protocols. There is a scaling constraint, too, because as the number of workers rises, the network becomes more susceptible to attacks.

However, the research also has certain shortcomings, especially with regard to scalability. Peer node distribution and resource management become more difficult as the number of network users rises, potentially increasing a system's susceptibility to attacks. Also, the adoption of NFTs may be costly and inefficient, and there may be a shortage of technical experts knowledgeable in NFT technology in the healthcare industry. Subsequent research endeavors may focus on integrating artificial intelligence and machine learning components to automate healthcare diagnosis determinations. The widespread adoption of NFTs and blockchain technology in the healthcare sector will need the development of comprehensive industry standards and regulations, ultimately supporting the creation of an effective and compliant healthcare data ecosystem. Further, more study is required to solve scaling issues and improve system performance, even if PHR-NFT offers potential ways to improve PHR security and privacy.

Future PHR-NFT enhancements will concentrate on applying modern penetration testing methods to strengthen security and privacy and guarantee resistance to cyberattacks. More detailed NFT-based access controls will be one of the improvements, providing accurate patient data management while maximizing blockchain scalability. Furthermore, the use of privacy-preserving algorithms will be researched in order to guarantee adherence to laws like the GDPR, thereby enhancing patient privacy and maintaining data integrity. PHR-NFT will become a more reliable and flexible solution for safe patient health record management as a result of these enhancements.

Comment #3: "When the authors said test 100 to 1100 transactions per round, what does this round, what does it mean to have 100/1100 transactions in real-world cases?"

Response #3: We appreciate this clarification request. In the revised manuscript, we have elaborated on what is meant by "round" in Section 5.2.1. We have clarified that a "round" refers to a single iteration of testing, during the network performance is evaluated by varying the transactions load (100, 200,300,400,……1100) per iteration to simulate real-world conditions.

In this section, we investigated the scalability performance of our test network with increasing transaction load, ranging from 100 to 1100 transactions per round (i.e. a single iteration of testing), using the Hyperledger Caliper analysis tool. Scalability refers to the network's ability to handle the growing number of transactions without significant performance degradation. The experiments ran five rounds of tests for each transaction load setting, and the latency metrics (maximum, minimum, and average) were recorded and analyzed. Figure 4 represents the maximum, minimum, and average latency observed across different transaction loads (100 to 1100). The plot illustrates how latency metrics change with increasing transaction volumes. Analyzing maximum, minimum, and average latencies helps identify performance trends and informs optimization strategies such as capacity planning, resource allocation, and workload distribution. The maximum latency metric indicates the peak response time observed during a round of transactions. It represents the upper bound of transaction execution times and is crucial for identifying potential performance bottlenecks or outliers. Minimum Latency conversely represents the fastest response time achieved during a round of transactions. It provides insights into the best-case performance scenario and highlights the efficiency of the blockchain network under optimal conditions. The average latency metric summarizes the network's overall performance by calculating the mean response time across all transactions in a round. It serves as a baseline indicator of transaction processing efficiency and system responsiveness. As transaction loads increase, latency metrics typically exhibit non-linear behavior. Initially, latency may remain relatively stable but can increase sharply beyond a certain threshold due to resource saturation or contention.

Comment #4: "Why 'create patient' has such a low success rate? Does that mean the developed codes sometimes cannot well execute the 'Create Patient' function?"

Response #4: Thank you for highlighting this concern. In the revised manuscript, we have provided a detailed analysis of the low success rate of the "create patient" function in Section 5.2.2.

We examined the potential reasons for this issue, including edge cases and specific conditions under which the code might fail to execute correctly. We have also included examples of scenarios that may contribute to these failures, thereby enhancing the understanding of this challenge.

5.2.2. Creating a new patient record typically involves multiple data fields and more validation steps compared to updating or querying. This increases the chances of failure during the process due to incorrect or incomplete data submissions.

Comment #5: "Table 5, there is no need to keep such many decimals and use 'exponent' in the Table. Simply keeping two decimals number should be fine."

Response #5: We appreciate this practical suggestion. We have revised Table 5 to present numerical data with only two decimal places, as recommended. This change simplifies the presentation and enhances readability without compromising the precision of the data.

Table 5. Correlation matrix.

 

Workers

Total Transactions

Send Rate

Latency

Throughput

Fail Transactions

Failure Rate (%)

Workers

1.00

-0.00

-0.49

-0.13

-0.32

0.28

0.30

Total Transactions

-0.00

1.00

-0.37

0.34

-0.17

-0.17

0.88

Send Rate

-0.49

-0.37

1.00

-0.50

0.46

0.46

-0.47

Latency

-0.13

0.34

-0.50

1.00

-0.51

-0.51

0.21

Throughput

-0.32

-0.17

0.46

-0.51

1.00

-0.2

-0.33

Fail Transactions

0.28

0.89

-0.44

0.20

-0.28

1.00

1.00

Failure Rate (%)

0.30

0.88

-0.47

0.21

-0.33

1.00

1.00

 

Comment #6: "When the authors measured latency, what scenario did the author actually measure? I guessed when a request was sent (let's say query patient data), who actually confirmed that this party (person) could access the data? And who confirmed the transactions would correlate with the latency, I guess?"

Response #6: Thank you for this insightful comment. In the revised manuscript, we have clarified the scenario in which latency was measured in Section 5.2.3. We specified that latency measurements were taken during actual patient data queries, detailing the steps involved in the process, including how access permissions were verified. Additionally, we explained the role of network latency in the confirmation of transactions and how these measurements were directly correlated with the overall latency. This context provides a clearer understanding of how our analyses can benefit the healthcare industry.

Latency refers to the time a transaction is initiated/submitted until the transaction is confirmed. In the current experiments, latency for the Query chaincode refers to the time a request is initiated by the network node until the node accesses the patient record after the patient confirms the access to his/her NFT. Latency for Create Patient chaincode referes to the time a request is initiated for creating patient NFT, preceeded with database writes, and validation steps.

Comment #7: "Similar to the other situations, it is recommended that the authors bring in real-world scenarios when mentioning different measures; the current writing is a bit fragmented. How the health industry can benefit from these analyses is vague."

Response #7: We appreciate this suggestion for improvement. In response, we have integrated more real-world scenarios throughout the relevant sections of the manuscript. We explicitly linked our findings and analyses to practical applications in the healthcare industry, illustrating how the PHR-NFT framework can enhance patient data management, security, and transparency. These adjustments aim to create a more cohesive narrative that demonstrates the practical significance of our research.

3.1 Usecase Scenario

In this section, we present our usecase scenario consists of Patient A, who registers at Hospital X, which has been approved by the MoH, and asks Insurance Company I1 for access to their medical information. After the request has been verified by the insurance provider, Hospital X authorizes it by processing Patient A's Emirates ID. Lab tests are ordered during a consultation, and the additional requests are reviewed and approved by Insurance Company I1. Prescriptions, lab data, and consultation reports are all stored on the blockchain by Hospital X. The validity and integrity of the saved data are then ensured by the Ministry of Health (MoH), which uses Patient A's Emirates ID as the key to validate the information. Following validation, MoH provides a NFT as a digitally authenticated certificate that certifies Patient A's verified medical records. This NFT can be securely accessed by authorized healthcare providers during the patient's visit and for a limited time afterward, ensuring patient-centric control over data access. With the approval of Patient A, the patient's information can also be safely accessed by other healthcare facilities across the globe that accept the MoH-approved NFT, ensuring data integrity, privacy, and interoperability.

Comment#8: on the Quality of English Language: "English is fine."

Response #8: on Language Quality: We appreciate the positive feedback regarding the quality of the English language used in the manuscript. We have continued to ensure clarity and precision throughout our revisions.

Thank you once again for your valuable input and support throughout the review process.

Best regards,

Authors

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

I was a reviewer and all my comments have been addressed 

Comments on the Quality of English Language

English is good

Author Response

Reviewer #1:

No Response is needed

Reviewer 2 Report

Comments and Suggestions for Authors

Please refer to the attachment

Comments for author File: Comments.pdf

Comments on the Quality of English Language

Please refer to the attachment

Author Response

Reviewer#2

Comment #1: English Proofreading

Response #1: We appreciate the reviewer's attention to detail regarding language quality. We have conducted a thorough proofreading of the manuscript by MDPI English proofreading services, correcting the identified minor issues, including missing articles.

Comment #2: The entire text needs to be carefully proofread. The fifth paragraph in the introduction needs to be greatly streamlined, and the first paragraph in the conclusion must be greatly compressed, as they are too cumbersome.

Response 2:-Thank you for your feedback. We streamlined the fifth paragraph in the introduction to make it more concise, focusing only on the essential points. Additionally, We compressed the first paragraph in the conclusion to ensure it is clear and impactful without unnecessary detail.

Introduction:-

The following are the key contributions of this research: 

  • Proposing PHR-NFT, a blockchain-based patient tracking system that uses NFTs to securely store patient data, enhancing the privacy and security of health records. Our framework adopts a patient-centric approach, allowing patients to control their NFTs and grant access permissions to authorized stakeholders based on collaborators set, within the network.
  • Implementing patient NFTs on the Hyperledger Fabric blockchain platform. Smart contracts are utilized to automate the sharing of health data, ensuring that data is only shared with authorized parties after explicit patient consent.

Conducting a comprehensive analysis of network performance, evaluating key metrics, including throughput, latency, success rate, failure rate, and security.

Conclusion:-

This study provides a decentralized, safe, and user-friendly approach to BPHRS by utilizing NFT and Hyperledger blockchain in patient record tracking systems. The PHR-NFT system outperforms existing BPHRS by using NFTs to enhance patient data ownership, privacy, security, integrity, and interoperability, effectively addressing confidentiality and data management constraints. Patients can use a permission-based system, which ensures data ownership and control, to temporarily provide others access to their data. Data accountability and integrity are ensured with NFTs by monitoring all activity related to patient records and verifying ownership. The performance evaluation demonstrates the practicality and efficiency of PHR-NFT in terms of throughput, latency, transaction failure rates, and security against DoS attacks. The non-linear behavior of transaction delay with increasing transaction loads highlights the significance of effective resource allocation and transaction rate management. Performance varies throughout healthcare organizations due to network bandwidth, chain code configuration, and peer node dispersion. Furthermore, the system's ability to withstand DoS attacks is critical, underscoring the necessity of strong security protocols.

Comment #3: Equations and variables need to be carefully examined. For example, the form of Moh in Equation 1 is inconsistent with that of MoH in the fourth row below; the  in Equation 1 and the  in the 9th line below is also inconsistent….

Response 3:- Thank you for highlighting this. We have carefully reviewed and corrected the equations and variables throughout the manuscript to ensure consistency. Specifically, we have adjusted the form of Moh to MoH in Equation 1 and aligned the notation in the 9th line below, addressing the inconsistencies you noted.

Comment #4: The charts in the entire text also need further examination. For example, in the blockchain network layer in Figure 2, the smart contract is in singular form, but the medical transactions are in plural form. It is different from the smart contracts in the internal processes of the NFT blockchain flow chart in Figure 2. The several blue columns in Figure 8 are too similar, it is better to use different patterns to distinguish them….

Response 4:- Thank you for your valuable feedback. We have thoroughly reviewed and updated the charts to improve clarity and consistency.

Thank you once again for your valuable input and support throughout the review process.

Best regards,

Authors

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The authors have well addressed my comments. Therefore, I recommend its publication in the current format.

Author Response

Review #3:

No Response

Back to TopTop