Abstract
Blockchain technologies (BT) promise to offer exciting research directions for improving various aspects of business processes, in particular in cross-organizational settings where participants do not fully trust each other. However, while blockchain may readily provide transparency and immutability for the processes recorded on a shared ledger, these very characteristics can be problematic in regard to privacy and data protection requirements. In this paper, we address the challenges and opportunities of using BT to secure distributed processes where participants may have an incentive to make false claims or subvert pre-agreed compliance rules in their private processes. Specifically, our analysis is based on a real-world use case, namely how BT can secure (privacy preserving) commitments to processing steps that facilitate federated machine learning (FL) in the healthcare sector. Thereby, an immutable audit trail is created that can be used to detect deviations in retrospect. Hereby, we place a particular focus on the management of patient consent for accessing their data in FL. Our approach draws inspiration from the domain of Self-Sovereign Identity (SSI) where BT is also relied upon to enable the creation and management of decentralized identifiers while focusing on data minimization. The results of our work are not constrained to the particular use case and can be applicable to other emerging research areas of BPM, such as federated process mining.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Referred to by Weber et al. in [26] as a trigger.
- 2.
Cf. Art. 17 GDPR Right to erasure https://gdpr-info.eu/art-17-gdpr/.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
The source code will be released on gitlab. The code is still in review as it may fall under a temporary NDA agreement.
References
Akhtar, A., Shafiq, B., Vaidya, J., Afzal, A., Shamail, S., Rana, O.: Blockchain based auditable access control for distributed business processes. In: International Conference on Distributed Computing Systems (ICDCS). pp. 12–22 (2020)
Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. J. Cryptol. 23(2), 281–343 (2010)
Benchoufi, M., Ravaud, P.: Blockchain technology for improving clinical research quality. Trials 18(1), 1–5 (2017)
Bonyuet, D.: Overview and impact of blockchain on auditing. Int. J. Digit. Account. Res. 20, 31–43 (2020)
Carminati, B., Rondanini, C., Ferrari, E.: Confidential business process execution on blockchain. In: International Conference on Web Services (ICWS), pp. 58–65 (2018)
Christopher, A., et al.: Decentralized public key infrastructure. https://danubetech.com/download/dpki.pdf
Corradini, F., Marcelletti, A., Morichetta, A., Polini, A., Re, B., Tiezzi, F.: Engineering trustable and auditable choreography-based systems using blockchain. Trans. Manag. Inf. Syst. 13(3), 1–53 (2022)
Duchmann, F., Koschmider, A.: Validation of smart contracts using process mining. In: ZEUS. CEUR Workshop Proceedings. vol. 2339, pp. 13–16 (2019)
Evgenia, N., Viktor, P., Marnix, D.: Leveraging the self-sovereign identity (SSI) concept to build trust. Tech. Rep. 10.2824/8646, The European Union Agency for Cybersecurity (ENISA) (2022)
Fdhila, W., Stifter, N., Kostal, K., Saglam, C., Sabadello, M.: Methods for decentralized identities: evaluation and insights. In: González Enríquez, J., Debois, S., Fettke, P., Plebani, P., van de Weerd, I., Weber, I. (eds.) BPM 2021. LNBIP, vol. 428, pp. 119–135. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85867-4_9
Fenghong, Z., Aljosha, J., Walid, F., Nicholas, S.: D6.2: “model for defining user rights in federated machine learning". Tech. rep., EU H2020 FeatureCloud (2021)
Garcia-Garcia, J.A., Sánchez-Gómez, N., Lizcano, D., Escalona, M.J., Wojdyński, T.: Using blockchain to improve collaborative business process management: systematic literature review. IEEE Access 8, 142312–142336 (2020)
He, L., Karimireddy, S.P., Jaggi, M.: Secure byzantine-robust machine learning. arXiv preprint arXiv:2006.04747 (2020)
Hobeck, R., Klinkmüller, C., Bandara, H.M.N.D., Weber, I., van der Aalst, W.M.P.: Process mining on blockchain data: a case study of augur. In: Polyvyanyy, A., Wynn, M.T., Van Looy, A., Reichert, M. (eds.) BPM 2021. LNCS, vol. 12875, pp. 306–323. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85469-0_20
Klinkmüller, C., Ponomarev, A., Tran, A.B., Weber, I., Aalst, W.v.d.: Mining blockchain processes: extracting process mining data from blockchain applications. In: International Conference on Business Process Management, pp. 71–86 (2019)
Knuplesch, D., Reichert, M., Pryss, R., Fdhila, W., Rinderle-Ma, S.: Ensuring compliance of distributed and collaborative workflows. In: 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 133–142. IEEE (2013)
McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282. PMLR (2017)
Mendling, I., et al.: Blockchains for business process management-challenges and opportunities. ACM Trans. Manag. Inf. Syst. 9(1), 1–16 (2018)
Mugunthan, V., Rahman, R., Kagal, L.: Blockflow: an accountable and privacy-preserving solution for federated learning. arXiv preprint arXiv:2007.03856 (2020)
Mühlberger, R., Bachhofner, S., Di Ciccio, C., García-Bañuelos, L., López-Pintado, O.: Extracting event logs for process mining from data stored on the blockchain. In: Di Francescomarino, C., Dijkman, R., Zdun, U. (eds.) BPM 2019. LNBIP, vol. 362, pp. 690–703. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-37453-2_55
Passerat-Palmbach, J., Farnan, T., Miller, R., Gross, M.S., Flannery, H.L., Gleim, B.: A blockchain-orchestrated federated learning architecture for healthcare consortia. arXiv preprint arXiv:1910.12603 (2019)
Ploder, C., Spiess, T., Bernsteiner, R., Dilger, T., Weichelt, R.: A risk analysis on blockchain technology usage for electronic health records. Cloud Comput. Data Sci. 20–35 (2021)
Preukschat, A., Reed, D.: Self-sovereign Identity. Manning Publications (2021)
Schüler, P., Buckley, B.: Re-Engineering Clinical Trials: Best Practices for Streamlining the Development Process. Academic Press (2014)
Snow, P., et al.: Business Processes Secured by Immutable Audit Trails on the Blockchain. Brave New Coin (2014)
Weber, I., Xu, X., Riveret, R., Governatori, G., Ponomarev, A., Mendling, J.: Untrusted business process monitoring and execution using blockchain. In: La Rosa, M., Loos, P., Pastor, O. (eds.) BPM 2016. LNCS, vol. 9850, pp. 329–347. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45348-4_19
Weng, J., Weng, J., Zhang, J., Li, M., Zhang, Y., Luo, W.: Deepchain: auditable and privacy-preserving deep learning with blockchain-based incentive. IEEE Trans. Depend. Secure Comput. 18(5), 2438–2455 (2021)
Acknowledgments
This research is based upon work partially supported by (1) SBA Research (SBA-K1); SBA Research is a COMET Center within the COMET – Competence Centers for Excellent Technologies Programme and funded by BMK, BMDW, and the federal state of Vienna. The COMET Programme is managed by FFG. (2) the European Union’s Horizon 2020 research and innovation programme under grant agreement No 826078 (FeatureCloud) (3) the FFG ICT of the Future project 874019 dIdentity & dApps. (4) the FFG Industrial PhD project 878835 SmartDLP. (5) the Christian-Doppler-Laboratory for Security and Quality Improvement in the Production System Lifecycle; We would also like to thank Fenghong Zhang for her valuable contributions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Fdhila, W., Stifter, N., Judmayer, A. (2022). Challenges and Opportunities of Blockchain for Auditable Processes in the Healthcare Sector. In: Marrella, A., et al. Business Process Management: Blockchain, Robotic Process Automation, and Central and Eastern Europe Forum. BPM 2022. Lecture Notes in Business Information Processing, vol 459. Springer, Cham. https://doi.org/10.1007/978-3-031-16168-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-16168-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16167-4
Online ISBN: 978-3-031-16168-1
eBook Packages: Computer ScienceComputer Science (R0)