{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T09:10:52Z","timestamp":1769159452318,"version":"3.49.0"},"reference-count":31,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2024,12,18]],"date-time":"2024-12-18T00:00:00Z","timestamp":1734480000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Research Council of Norway","award":["288106"],"award-info":[{"award-number":["288106"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"Healthcare institutions and health registries often store patients\u2019 health data. In order to ensure privacy, sensitive medical information is stored separately from the identifying information of the patient. Generally, institutions anonymize medical information while sharing it for external use. However, internal users may also use it for identifying inaccuracies or missing information. Even though internal users may be legally permitted to access sensitive medical information, such access may lead to the identification of the patient, which can be vulnerable to patient privacy. Ensuring the accountability and responsibility of the internal users may lead to tractability in case of adversarial access with malicious intentions. Therefore, a secure system must be developed for the storage and retrieval of health data. To this end, in this paper, we propose a ledger-based system that cryptographically ensures that all access to health data must be logged into a ledger. Nevertheless, the ledger entries must be protected against adversarial access, too. At the same time, the ledger must be traversable by the patients as well as internal users. To address these needs, we propose techniques for the construction of a ledger to permit both internal users and patients to securely traverse and view only the entries to which they are linked.<\/jats:p>","DOI":"10.3390\/info15120815","type":"journal-article","created":{"date-parts":[[2024,12,18]],"date-time":"2024-12-18T09:43:03Z","timestamp":1734514983000},"page":"815","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Traversable Ledger for Responsible Data Sharing and Access Control in Health Research"],"prefix":"10.3390","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6484-9682","authenticated-orcid":false,"given":"Sunanda","family":"Bose","sequence":"first","affiliation":[{"name":"Simula Research Laboratory, 0164 Oslo, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9345-5431","authenticated-orcid":false,"given":"Dusica","family":"Marijan","sequence":"additional","affiliation":[{"name":"Simula Research Laboratory, 0164 Oslo, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2024,12,18]]},"reference":[{"key":"ref_1","first-page":"3687","article-title":"Cancer registration in India\u2014Current scenario and future perspectives","volume":"17","author":"Chatterjee","year":"2016","journal-title":"Asian Pac. J. Cancer Prev."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"533","DOI":"10.2147\/CLEP.S314959","article-title":"Nordic health registry-based research: A review of health care systems and key registries","volume":"13","author":"Laugesen","year":"2021","journal-title":"Clin. Epidemiol."},{"key":"ref_3","first-page":"413","article-title":"Cancer registries can provide evidence-based data to improve quality of care and prevent cancer deaths","volume":"8","author":"Bouchardy","year":"2014","journal-title":"Ecancermedicalscience"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"440","DOI":"10.1080\/0284186X.2017.1407039","article-title":"Nordic Cancer Registries\u2013an overview of their procedures and data comparability","volume":"57","author":"Pukkala","year":"2018","journal-title":"Acta Oncol."},{"key":"ref_5","unstructured":"Chaudhry, K., and Luthra, U.K. (2002). Cancer Registration in India. Cancer, 14\u201326. Available online: https:\/\/mohfw.gov.in\/sites\/default\/files\/Cancer%20Registration%20In%20India.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Bose, S., and Marijan, D. (2023, January 1\u20133). Secure Traversable Event logging for Responsible Identification of Vertically Partitioned Health Data. Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Exeter, UK.","DOI":"10.1109\/TrustCom60117.2023.00213"},{"key":"ref_7","unstructured":"Bose, S., and Marijan, D. (2023). A Survey on Privacy of Health Data Lifecycle: A Taxonomy, Review, and Future Directions. arXiv."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"14757","DOI":"10.1109\/ACCESS.2017.2730843","article-title":"MeDShare: Trust-less Medical Data Sharing Among","volume":"5","author":"Xia","year":"2017","journal-title":"IEEE Access"},{"key":"ref_9","first-page":"e15","article-title":"Privacy oriented access control for electronic health records","volume":"8","author":"Gajanayake","year":"2014","journal-title":"Electron. J. Health Inform."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Thummavet, P., and Vasupongayya, S. (2013, January 4\u20136). A novel personal health record system for handling emergency situations. Proceedings of the 2013 International Computer Science and Engineering Conference, ICSEC 2013, Nakhonpathom, Thailand.","DOI":"10.1109\/ICSEC.2013.6694791"},{"key":"ref_11","first-page":"457","article-title":"Threshold Cryptography Based Secure Access Control for Electronic Medical Record in an Intensive Care Unit","volume":"2","author":"Jose","year":"2013","journal-title":"Int. J. Eng. Res. Technol. (IJERT)"},{"key":"ref_12","unstructured":"Eskeland, S., and Oleshchuk, V.A. (2007). EPR Access Authorization of Medical Teams Based on Patient Consent, Gesellschaft f\u00fcr Informatik e. V. Available online: https:\/\/subs.emis.de\/LNI\/Proceedings\/Proceedings118\/article1928.html."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1145\/359168.359176","article-title":"How to share a secret","volume":"22","author":"Shamir","year":"1979","journal-title":"Commun. ACM"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Yuliana, M., Darwito, H.A., Sudarsono, A., and Yofie, G. (2016, January 26\u201327). Privacy and security of sharing referral medical record for health care system. Proceedings of the Proceeding\u20142016 2nd International Conference on Science in Information Technology, ICSITech 2016: Information Science for Green Society and Environment, Balikpapan, Indonesia.","DOI":"10.1109\/ICSITech.2016.7852639"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Sudarsono, A., Yuliana, M., and Darwito, H.A. (2017, January 25\u201326). A secure data sharing using identity-based encryption scheme for e-healthcare system. Proceedings of the Proceeding\u20142017 3rd International Conference on Science in Information Technology: Theory and Application of IT for Education, Industry and Society in Big Data Era, ICSITech 2017, Bandung, Indonesia.","DOI":"10.1109\/ICSITech.2017.8257151"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Liu, J., Li, X., Ye, L., Zhang, H., Du, X., and Guizani, M. (2018, January 9\u201313). BPDS: A Blockchain Based Privacy-Preserving Data Sharing for Electronic Medical Records. Proceedings of the 2018 IEEE Global Communications Conference, GLOBECOM 2018\u2014Proceedings, Abu Dhabi, United Arab Emirates.","DOI":"10.1109\/GLOCOM.2018.8647713"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"101887","DOI":"10.1016\/j.cose.2020.101887","article-title":"A privacy preserve big data analysis system for wearable wireless sensor network","volume":"96","author":"Ge","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1016\/j.future.2014.06.004","article-title":"A hybrid solution for privacy preserving medical data sharing in the cloud environment","volume":"43\u201344","author":"Yang","year":"2015","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1007\/s00607-020-00847-0","article-title":"Improving healthcare services using source anonymous scheme with privacy preserving distributed healthcare data collection and mining scheme with privacy preserving distributed healthcare data","volume":"103","author":"Domadiya","year":"2021","journal-title":"Computing"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1007\/s10916-018-0896-7","article-title":"(a,k)-Anonymous Scheme for Privacy-Preserving Data Collection in IoT-based Healthcare Services Systems","volume":"42","author":"Li","year":"2018","journal-title":"J. Med. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Machanavajjhala, A., Gehrke, J., Kifer, D., and Venkitasubramaniam, M. (2006, January 3\u20137). L-diversity: Privacy beyond k-anonymity. Proceedings of the 22nd International Conference on Data Engineering (ICDE\u201906), Atlanta, GA, USA.","DOI":"10.1109\/ICDE.2006.1"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Li, N. (2006\u201320, January 15). t-Closeness: Privacy Beyond k-Anonymity and l-Diversity. Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering, Istanbul, Turkey. Available online: https:\/\/ieeexplore.ieee.org\/document\/4221659.","DOI":"10.1109\/ICDE.2007.367856"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Oh, S.R., Seo, Y.D., Lee, E., and Kim, Y.G. (2021). A comprehensive survey on security and privacy for electronic health data. Int. J. Environ. Res. Public Health, 18.","DOI":"10.3390\/ijerph18189668"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"102010","DOI":"10.1016\/j.cose.2020.102010","article-title":"A blockchain-based scheme for privacy-preserving and secure sharing of medical data","volume":"99","author":"Huang","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/s10916-018-1144-x","article-title":"Medical Data Management on Blockchain with Privacy","volume":"43","author":"Tian","year":"2019","journal-title":"J. Med. Syst."},{"key":"ref_26","unstructured":"Panko, R. (2024, December 08). Mobile App Usage Statistics 2018. Available online: https:\/\/themanifest.com\/app-development\/blog\/mobile-app-usage-statistics."},{"key":"ref_27","unstructured":"Yang, X.S., Sherratt, S., Dey, N., and Joshi, A. An Analysis into the Scalability of Bitcoin and Ethereum. Proceedings of the Third International Congress on Information and Communication Technology."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"22","author":"Diffie","year":"1976","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/S0020-0190(99)00047-2","article-title":"Breaking generalized Diffie-Hellman modulo a composite is no easier than factoring","volume":"70","author":"Biham","year":"1999","journal-title":"Inf. Process. Lett."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Bresson, E., Chevassut, O., and Pointcheval, D. (2001). Provably Authenticated Group Diffie-Hellman Key Exchange\u2014The Dynamic Case. Advances in Cryptology\u2014ASIACRYPT 2001, Springer.","DOI":"10.1007\/3-540-45682-1_18"},{"key":"ref_31","unstructured":"Al-Kuwari, S., Davenport, J.H., and Bradford, R.J. (2024, December 08). Cryptographic Hash Functions: Recent Design Trends and Security Notions. Cryptol. ePrint Arch., Available online: https:\/\/eprint.iacr.org\/2011\/565."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/12\/815\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:54:50Z","timestamp":1760115290000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/12\/815"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,18]]},"references-count":31,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["info15120815"],"URL":"https:\/\/doi.org\/10.3390\/info15120815","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,18]]}}}