Blockchain-Based Electronic Health Records Management: A Comprehensive Review and Future Research Direction

Electronic Health Records (EHRs) are electronically-stored health information in a digital format. EHRs are typically shared among healthcare stakeholders and face power failure, data misuse, lack of privacy, security, and audit trail. On the other hand, blockchain is the revolutionary invention of the twentieth century that offers a distributed and decentralized setting to communicate among nodes in a list of networks without a central authority. It can address the limitations of EHRs management and provide a safer, secured, and decentralized environment for exchanging EHRs data. Three categories of blockchain-based potential solutions have been proposed by researchers to handle EHRs: conceptual, prototype, and implemented. This study focused on a Systematic Literature Review (SLR) to find and analyze articles submitted either conceptual or implemented to manage EHRs using blockchain. The study examined 99 papers that were collected from various publication categories. The deep technical analysis focused on evaluating articles based on privacy, security, scalability, accessibility, cost, consensus algorithms, and the type of blockchain used. The SLR found that blockchain technology promises to provide decentralization, security, and privacy that traditional EHRs often lack. Moreover, results obtained from the detailed studies would provide potential researchers with the type of blockchain for future research. Finally, future research directions, in the end, would direct enthusiasm to combine new blockchain-based systems to manage EHRs properly.


I. INTRODUCTION
Blockchain has been a buzzword in Information and Communication Technology industry in recent years. The rise of this new technology has greater potentials to solve data privacy, security, and integrity issues. The word blockchain came in the front line after the publication of the Bitcoin white paper by Satoshi Nakamoto in 2008 [1]. The fundamental mechanism behind Bitcoin is to make financial transactions possible without the intervention of a trusted third party. The technology is mainly considered a distributed Peer to Peer (P2P) network where digital data may publicly or privately be allocated to all users on the web in a secure and verifiable way. In traditional financial transactions, both sender and receiver need to depend on a Trusted Third Party (TTP), e.g., bank. It involves a few security issues and operational difficulties. For instance, a TTP gets access to a user's financial data, which indicates the lack of user privacy. Moreover, the time involved in a TTP transaction is lengthy as there are many steps in between the operation. Furthermore, users need to pay the TTP for their service. Bitcoin solves the above limitations and makes the TTP vanish for a successful transaction between two users.
The practical Bitcoin cryptocurrency came into the market in 2009. However, since the code for Bitcoin was open source, other programmers could edit and improve Bitcoin. The blockchain technology has evolved in different phases. 1 • Blockchain 1.0: The use of Distributed Ledger Technology (DLT) contributed to the first and most noticeable use of the technology: cryptocurrencies. Blockchain 1.0 is the first cryptocurrency that uses a transparent mechanism to monitor bitcoin transactions on a shared ledger.
• Blockchain 2.0: Doing transactions through some legally binding policies, also called Smart Contracts, which are generated from a set of small computer programs, is considered blockchain 2.0. The most prominent blockchain in phase 2.0 is Ethereum.
• Blockchain 3.0: The next incarnation in this technology is blockchain 3.0, which focuses on Decentralized Applications (DApps) by avoiding centralized infrastructure. Unlike traditional apps, DApps store and communicate through decentralized storage and decentralized server. The aim of blockchain 3.0 was to popularize blockchain among conventional sectors, government, health, and education.
• Blockchain 4.0: It provides solutions and methods that can meet several business demands of Industry 4.0, which involves automation, resource planning, and integration of various execution programs. It requires enhanced trust and privacy which can be met by blockchain. Many surveys have been published on the application of blockchain in various areas. Among these papers, many were systematic reviews on the application of blockchain in healthcare sectors [2]- [6]. Researchers discussed blockchain technology's limitations, possible applications, and future directions in healthcare, government, supply chain, and many other fields. We have proposed a comprehensive SLR on the application of blockchain to manage EHRs.

A. MOTIVATION AND CONTRIBUTION
Owing to the pandemic situation of COVID-19, an enormous amount of digital healthcare data is 7being generated and stored online worldwide through the Internet of Things (IoT) devices by healthcare providers [7]. Tons of healthcare data would be highly beneficial for healthcare providers if analyzed. These data can help us in fighting the virus through medical assistance, early notification, and recommendation [8]. However, it has become a big challenge for researchers to store and analyze health data because most are incomplete and imperfect. Therefore verification and validation of such data are crucial for reporting, and recommendation [9]. Blockchain technology has great potentials to tackle the pandemic crisis. It can help build a decentralized data tracking system that can be retrieved when necessary.
In addition, this big healthcare data, especially EHRs, is vulnerable to privacy and security breaches. Starting from the COVID-19 outbreak, healthcare providers and academic organizations faced several complex cyberattacks [10]. The International Criminal Police Organization (INTERPOL) published a report about cyber-attacks related to COVID-19 in April 2020. 2 Healthcare industries have been severely affected alongside others by these attacks. On 6 May 2020, INTERPOL released an awareness campaign where various cyber-attacks during pandemic were listed. 3 Therefore, it is crucial to take the necessary steps to tackle these threats.
Many researchers proposed to use blockchain technology to overcome the above issues [11]- [14]. However, blockchain is still in the developing phase, which means the solutions offered with this technology are still not handy to root users. There is still a lot of contributions needed from researchers in this field.
By considering the above scenario, this paper aims to identify the potentiality of blockchain to manage EHRs and show the challenges and future scopes. This systematic review only explores research that offers conceptual solutions, experimental results, prototypes, and blockchain implementations for managing EHRs.
The rest of the paper is outlined as follows. In Section 2, the background technologies are discussed. Research methodology, research questions, and discussion are detailed in Section 3. Then, thoughts on directions for future work are presented in Section 4. Section 5 concluded the paper.

II. BACKGROUND
We discuss blockchain technology, in brief, to help readers understand the rest of the paper. A blockchain can be considered a public ledger that can be shared among peers in a network. Cryptocurrencies like Bitcoin first adopted the blockchain. However, gradually it becomes useful for data storage. We discuss the essential characteristics and types in the following subsections to best understand the survey and blockchain concept.

A. BLOCKCHAIN FRAMEWORKS
Blockchain technology is an association of two technologies, cryptography, and P2P. A blockchain is a series of timestamped blocks connected through a cryptographic hash. Typically each block contains transaction records verified by the peers, called miners. The chain is increased continuously, and each new block is added to the end. However, each new block contains a reference, basically a cryptographic hash (e.g., SHA-256), of the previous block's header. The creation of each block ensures anonymity, transparency, and immutability [15]. The whole operation of blockchain is held in a P2P network. The basic structure of a blockchain is shown in Fig. 1. Each block except the genesis block (first block of the network) has the hash value of data from the previous hash. Besides, each block has a difficulty value called Nonce, a Timestamp, and other attributes (e.g., the list of transactions).

1) P2P NETWORK
A P2P network works more or less like a BitTorrent network, 4 where a peer, commonly known as a node, not only deploys the system for its benefit but also contributes to the whole system with its resources like storage, bandwidth, and processing power. Depending on the blockchain network type (discussed in a later section), the network node is restricted to fewer people or open for all. The bright side for nodes in the blockchain is that their identity is kept safe, as only the user's public key is shown to the other peers of the network. Nodes also work as miners, who validate a transaction to be added to the chain.

2) ROLE OF MINERS
Blockchain follows the structure of a linked list, where a new block is added and connected to the previous block in the list. However, to be added to the blockchain, a block must first be verified by a miner. Mining here doesn't mean checking the transaction's eligibility; it means doing some extra work after that, also called Proof-of-Work (PoW). All miners in the network compete in computing the targeted nonce value. The nonce, short for ''number used once,'' is a random or pseudo-random number used for authentication protocols and makes sure that old communications never happen again [16]. To produce a hash value below a target difficulty level, the Nonce refers to a number (32-bit unsigned integer) generated by PoW operation on mining nodes. The difficulty level is set to be solved within the given time limit; Bitcoin takes around ten minutes to add a new block. As soon as a miner reaches a value less than the given target, he becomes eligible to get some rewards. However, as long as the nonce value is higher than the target value, the block won't be eligible to be added to the blockchain.

B. TYPES OF BLOCKCHAIN
This section contains a description of different types of blockchain. Depending on the network size, application, and kind of consensus algorithms (seen below), blockchain has various kinds. Commonly, three types of blockchain exist in the market, mentioned below.
Anyone can join the network in a public blockchain and access the block data. It uses public DLT, where anyone with internet connectivity can join to become an authorized miner to mine a block. However, the users' identity address is generated using a pseudo-anonymous hash value even in the public blockchain network. Anyone can only know that someone with that address exists but does not know exactly who. After joining the network, a user can check transactions and mine a block to be added to the network. This kind of public blockchain normally offers financial incentives to the successful miner for helping to solve PoW. Example of this type of blockchain includes Bitcoin [1], Ethereum (public) [17], and Litecoin [18]. Public blockchains impose some interaction costs (i.e., transaction fees), so whenever someone wants to upload or download a document such as EHRs, they will be charged for it. Besides, public blockchain is designed in a way that any anonymous user can join the chain anytime, and it is slow in adding blocks, which is not ideal for EHRs management. Hence, this type of blockchain is not recommended for managing EHRs.

2) PRIVATE BLOCKCHAIN
Private blockchain has several similarities with a public one in terms of operation and algorithms. However, it differs in purpose. In simple terms, a private blockchain is a restrictive or permissioned blockchain. It is operated based on some access control rules in a closed network, which is distributed yet centralized. This type of blockchain is usually used within an organization or company where one or more nodes control which node can perform transactions, act as miners or perform smart contracts. The security, accessibility, permissions, and authorization are controlled by a TTP organization. This type of blockchain is used normally for supply chain management, electronic voting, digital asset management, and data preservation. Hyperledger Fabric [19] and Ripple [20] are excellent examples of private blockchains. Nobody can join a private blockchain network without an invitation from authorized personnel. In addition, it consumes less power than the public blockchain, and it is faster in adding blocks to the chain. As a result, a private blockchain is suggested to manage EHRs.

3) CONSORTIUM BLOCKCHAIN
The consortium blockchain can be best understood by comparing it with public and private blockchains, as the term itself sometimes sounds confusing. We can define this type as partly centralized and partly decentralized. Firstly, it is not used by a single organization; rather, it is expanded in several organizations. On the other hand, it is only accessible to groups of previously registered nodes, so one cannot directly access the network without first being a registered member. A single organization in a consortium blockchain cannot make any illegal activity, as, without the consent of other organizations, one cannot perform any operation. The whole concept of consortium blockchain came in to help enterprises collaborate to improve their business. The example of consortium blockchain are Hyperledger Fabric [19], Quorum [21], and Corda [22].

C. CONSENSUS ALGORITHMS FOR BLOCKCHAIN
The consensus algorithm is a decision-making process in a group of nodes in the blockchain which needs to be followed by the rest of the nodes. To understand this in detail, let us consider the following example. Suppose there are 20 people in a business meeting to decide on an upcoming project. Everyone can suggest their own opinion regarding the project, but the thought that benefits most people will get a higher preference. Similarly, if we consider a cryptocurrency, e.g., Bitcoin, the miners need to solve mathematical puzzles to meet PoW consensus and get some rewards in the form of Bitcoin. In most blockchains, consensus algorithms are the vote of majority participants. The primary purpose of a consensus algorithm is to allow nodes to communicate among them and provide valid transactions to be added to the blockchain. Some of the standard consensus algorithms are discussed below:

1) PoW (PROOF-OF-WORK)
PoW [1] is the first, currently most popular, and highly robust consensus algorithm. A miner must find a hash value that is less than the difficulty target and then share it with other miners before the block is added to the blockchain. However, PoW has certain limitations. The algorithm is resource hungry, and as the blockchain grows more prominent with time, the algorithm needs lots of computational power [1].

2) PoS (PROOF-OF-STAKE)
PoS [23] is the substitute for PoW as it deals with the main drawback of PoW, i.e., consumption of lots of CPU power. Unlike PoW, where any node can mine a transaction, in PoS, a miner is chosen based on its wealth, also called stake. Generally, a pseudorandom selection process is used to select the node allocation. In PoS, there is no incentive for mining; alternatively, the chosen miner collects the transaction fee [24]. Blockchains that use PoS are NEO 5 and Polkadot [25].

3) DPoS (DELEGATED PROOF-OF-STAKE)
In DPoS [26], tokens or stakeholders don't work to validate blocks. Instead, they elect delegates to validate blocks. The selection process works so that the stakeholders are always in control, as they lose a lot if the network doesn't function properly. Stakeholders can vote to remove a delegate and add another if they find any anomaly in block creation. Delegates can work together to validate a block and get the transaction reward accordingly [27]. Bitshre [28], Steem [26], Tezos 6 are some examples of blockchain projects that use DPoS.

4) PoA (PROOF-OF-AUTHORITY)
PoA 7 is an amalgamation of PoW and PoS. It values the reputation of the identity of a stakeholder. Hence, a stakeholder is not directly supported with a stake but their reputation. Therefore, the building blocks in the blockchain are secured by authentic and trustworthy participants. Decred [29] is an example using this algorithm.

5) PoV (PROOF OF VOTE)
The PoV [30] algorithm is a bit different from all other consensus algorithms. In a group of enterprises, they need to mutually share business data, to create transaction blocks in the blockchain. As a result, they elect a third-party team to work for them. The team will forward the block to each company under the network for verification through voting, which ensures the decentralized property of blockchain. The work of the hired team is supersized from time to time by the owners of enterprises. This algorithm was developed to be used in consortium blockchains [30].

6) PBFT (PRACTICAL BYZANTINE FAULT TOLERANCE)
PBFT [31] is the first proposed consensus algorithm to handle Byzantine fault tolerance, where a distributed network can achieve even if some node is malicious. It can be highly effective where non-deterministic chain-codes are executed [30]. Stellar [32], Hyperledger Fabric [19], and Ripple [20] are examples of PBFT.

7) PoI (PROOF-OF-IMPORTANCE)
In PoI 8 the miner is decided not based on the amount of work nor the amount of stake he carries, but he is chosen depending on the productivity. The reward is not given to users with a high balance but brings the number of transactions into the account. Each user in the PoI network is given a trust score. The higher the value, the higher the chance of getting a reward. NEM 9 blockchain platform use this algorithm.

D. SMART CONTRACTS
Smart contracts make our daily life contracts in a digital form. These are small computer programs written for different blockchains to be implemented automatically for healthcare, government organizations, and so on, based on some previous agreements [33]. The need for smart contracts is to eradicate trust problems, third parties, and fraud in financial transactions. One may find the difference between a smart contract and a standard business agreement. Theoretically, both are the same, but smart contracts support automatic execution of the predefined agreement, and this can be done for multiple business organizations at a time.

E. DIGITAL SIGNATURES
A digital signature brings authenticity and integrity to digital assets like messages, software, documents, etc. Asymmetric cryptography enables to authenticate transactions in an untrustworthy environment [34]. Blockchain uses asymmetric cryptography to sign digital transactions-the user's private key signs the transaction before being shared with the distributed network. Once the transaction is signed, it is then sent to all other peers in the network for verification. Peers then verify it with the available public key of the transaction initiator. If the transaction signature is valid from maximum nodes, it is added in a new block in the blockchain; otherwise, the transaction is discarded.

F. ELECTRONIC HEALTH RECORDS
The EHR collects patients' medical diagnostic reports in electronic form (e.g., JPEG, PDF). Electronic Medical Record (EMR) can serve as a collection of data sources for EHR in different medical organizations. It also contains personal health information collected from wearable devices (e.g., smartwatches, smart bands), which patients manage. EHRs are real-time, patient-centered records available to authorized users (e.g., doctors, health providers) as required. EHRs may comprise a wide range of data, including the diagnosis reports, immunity level of patients, medication history, age, weight, and demographic history.
EHR should comply with three essential attributes: confidentiality, integrity, and availability. EHR must only be accessible by authorized users (e.g., medical practitioners and nurses) with proper access control mechanisms. Implementation of EHR systems can reduce the loss of medical history, data malfunction, etc. However, ensuring the privacy and security of these critical data is challenging. In addition, cyber-attacks on smart healthcare devices [35] are increasingly a concern because they could pose severe life-threatening implications for patient safety. For instance, malicious users will target patients' wearable devices that are connected to EHR servers. Afterward, hackers can install some malicious program in those devices and acquire control over them. 10

1) BENEFIT OF EHR
About the benefit of EHR, the New England Journal of Medicine published a study report in 2011, where the study found that the use of EHR provides better care [36]. Moreover, EHR ensures the availability of many medical records at a single point, which can be used to design machine learning algorithms and predict better medical advice for patients. Since with EHR, anyone with access rights can have access to a patient's entire chart, reducing the probability of guessing medical history and consulting with multiple specialists. Emergency care can be provided to any patients more efficiently by consulting EHRs from anywhere. 11

III. MANAGING EHR USING BLOCKCHAIN
EHR contains sensitive personal data (e.g., medical history of patients). Therefore, the security and privacy of such data are crucial. In developing countries, medical institutions are bound to obey the rules set by the government. As a result, storing and distributing EHR data are challenging. On the other hand, EHR management faces lots of technical difficulties. For instance, central medical servers are low in capacity, susceptible to single-point failure, and vulnerable to insider attacks. Even patients do not know exactly where their sensitive data is being stored and how it is shared. However, this has become important as people nowadays are mobile, so inseparability among various healthcare providers can provide better health suggestions. By considering the above scenario, Health Insurance Portability and Accountability Act (HIPAA) 12 was built in the USA. HIPAA created five sections of the act to guarantee electronic protected health information [37]. Along with ensuring confidentiality, integrity, and availability of health information, it makes sure that healthcare providers and other authorized individuals can have access to it. Besides, a framework (and relevant standards) for the sharing, synchronization, distribution, and retrieval of electronic health information is provided by Health Level Seven (HL7) 13 and its members. This is committed to offering a comprehensive structure and associated criteria for exchanging, synchronizing, transmitting, and retrieving electronic health information to facilitate clinical practice, health care administration, implementation, and assessment. The vision of HL7 is to make an environment where everybody can access and use the best health data safely when they need to.
On the other hand, the standard ISO 18308:2011 14 specifies the collection of specifications to be fulfilled by the processing, maintenance, and communication of EHR information architecture for systems and services. This standard is made to ensure the trustworthiness of EHR for healthcare delivery, clinically valid and reliable, ethically sound, and to support data analysis for various purposes. The EHR is defined according to this standard as: ''one or more repositories, physically or virtually integrated, of information in computer processable form, relevant to the wellness, health, and healthcare of an individual, capable of being stored and communicated securely and of being accessible by multiple authorized users, represented according to a standardized or commonly agreed logical information model. Similarly, the standard ISO 27789:2013 15 provides a joint audit trails framework for EHR. In summary, specific requirements should be met for the next-generation EHR systems. Those requirements include accuracy, integrity, privacy, security, user accessibility, availability, auditability, and accountability.
The above properties can be achieved through blockchain, thanks to its properties like immutability, transparency, security, auditability, and incentive mechanisms.

A. RESEARCH METHODOLOGY
We adopt SLR guidelines [38], and the Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines [39] in conducting this review. An SLR refers to a methodology for discovering, analyzing, and assessing all recent literature related to a research issue or subject field.
All review papers were selected by searching for relevant and reliable academic repositories like PubMed, Google Scholar, IEEE, ACM, Science Open, Science Direct, Springer, Hindawi, Wiley Online Library, and MDPI in December 2020.

B. RESEARCH QUESTIONS
The objective of the study was to address the following research questions: 1) RQ1: To what extent is the blockchain developed for managing EHRs and how has it changed over time? 2) RQ2: What standardization is followed for storing EHRs in the blockchain? 3) RQ3: How big data related to EHRs were handled? 4) RQ4: What platforms/mechanisms of blockchain were used to handle EHRs Management?

C. SCREENING THE ARTICLES
Selected papers are presented in this segment after screening from various categories. The selection query for articles was purposely long enough to consider as many research questions as possible as described in Section III-B. Using the searching mechanism, we were able to retrieve 1282 research articles from the scientific repositories, as shown in Fig. 4. After the first screening step, we removed duplicates and retrieved 139 papers. Using the second and third screening VOLUME 10, 2022 methods (here, exclusion was based on title and abstract), a total of 24 articles were deleted accordingly, leaving 115 papers for further processing. We uploaded the remaining papers to the Mendeley software 16 for thorough reading. Finally, all articles that did not serve the purpose of the SLR were deducted, and a total of 99 articles was there. Table 1 includes a complete list of selected papers and some essential details on those articles. Necessary details include authors' initials, year of publication, number of citations per paper up to 05 June 2021, type of publication, a blockchain platform, blockchain type, class (1 = Conceptual, 2 = Prototype or Experimental, 3 = Implementation), and the consensus algorithm. The number of articles from several publishers has been shown in Fig. 3. It is mentionable from the Fig. 3 that IEEE and Springer published a maximum number of articles related to EHRs, whereas MDPI and Wiley Online Library equally published a fewer number of papers. Several publications per year have been shown in Fig. 2. The publication has increased gradually over five years. In 2020, the highest number of papers had been published, 41% to be precise.
Further analysis for the selected papers are shown in essential properties. These properties are really crucial for EHRs. The properties are discussed below:

1) PRIVACY
Privacy refers to the right that someone can decide when, how and at which levels accessing the personal EHRs, transforming them and sharing them with others are given. [40]. Privacy can be breached in various situations; for example, a healthcare provider may either intentionally or by mistake abuse EHRs [41]. In a survey paper, Win [42] mentioned that around two-thirds of patients pay attention to their personal EHRs. In another survey, Ancker et al. [43] mentioned that close to fifty percent of the participants believe that exchanging health data would worsen their data privacy. Thus, privacy is a great factor to consider when comparing blockchain-based solutions that claim to maintain the privacy of EHRs.

2) SECURITY
Security, on the other hand, defines the level at which someone's EHRs are restricted and allowed only to authorized personnel. Perera et al. [44], in their study, mentioned that around fifty percent of the patients are worried about the security of their EHRs as these need to travel through the Internet. Wikina [45] mentioned that physicians are more interested in the security of EHRs than patients, and a majority portion of doctors prefer paper-based records than EHRs as they think they are more secure. Indeed, to support doctors' preference, digital forms of health records are exposed to security breaches [46]. That is why Liu et al. [47] suggested that methods of providing security that is related to EHRs need to be well understood first. These factors indicate that we should consider security related to EHRs seriously.

3) STORAGE SCALABILITY
As blockchain technology has grown over the last few years, it has raised scalability issues. When Nakamoto [1] started the Bitcoin blockchain, the data storage for a single block was limited to 1MB only. However, since then, the blockchain has grown in popularity & participants and its blocks. A participant has to download all the chains to learn and validate a transaction that requires huge memory and time. However, general blockchain applications have two solutions to mitigate storage scalability: on-chain and off-chain. The on-chain storage means all data a user uploads will be directly stored in the blockchain. On the other hand, off-chain storage means the real data is stored somewhere other than the blockchain such that it is linked to the main chain. However, off-chain storage has weaker security. While storing EHRs on-chain requires a large data space. Therefore, hosting data outside the blockchain and maintaining high-level security is a concern to look at.

4) ACCESSIBILITY
Accessibility requires to control and manage access to critical or sensitive data [48]. It provides the technique for restrictive access to data. Commonly known techniques for healthcare systems are role-based, attribute-based, and identity-based access control [49]. Since EHRs deal with patients' health data containing very sensitive information, access control is a significant factor to consider.

5) COST ANALYSIS
Apart from the legal and ethical aspects, the cost for EHRs is one of the most significant factors for which the widespread adoption is still failing. A major issue is that who pays for the implementation of EHRs is still unresolved [50]. The cost for five-person practice to implement an EHR system is close to $162,000 in the first year and an annual maintenance cost of around $85,000. These can touch millions or even more for an individual hospital. 17

D. DISCUSSION
From the selected articles, this section provides a discussion about how the papers answer the research questions from Section III-B.

RQ1:
To what extent is the blockchain developed for managing EHRs, and how has it changed over time?
The study reviewed the current extent of blockchain technology and the transition for managing EHRs, over five years (2016-2020). Among all papers reviewed, more than half are prototype or experimental, around one-third are conceptual, and the rest are implemented as shown in Fig. 5. The highest proportion of articles in this review is published after 2018, which indicates that blockchain technology is still emerging. As blockchain technology is going through the development phases and the usability in real-time is still under development, most articles focused on designing a prototype for managing EHRs. Researchers highly focused on managing EHRs using the blockchain, mainly after 2018, and the research trend skyrocketed during the pandemic situation of COVID-19 in 2020. For managing EHRs, the authors tried to propose solutions from various perspectives. While most authors focused on the access control mechanism using Certificate Authority (CA) in storing and managing EHRs using blockchain, others focused only on EHRs data encryption mechanisms before uploading EHRs into the blockchain. Many followed symmetric encryption schemes for data encryption, while others used asymmetric encryption schemes. A few authors provided solutions for the scalability of the blockchain when managing EHRs. Some people came with smart contracts, but some used chain-code for EHR preserving mechanisms.
Regarding the storage of EHRs, two types of solutions were found, such as on-chain storage and off-chain storage. While an on-chain storage scheme focused on storing data over the blockchain, an off-chain storage scheme stored data either over the cloud or in the local database and linked the data's address to the blockchain. Current development for storing data in blockchain involves a high cost, and the solutions need more research as it is not yet up to the mark.
From 2016, which was the starting year for providing the blockchain-based solutions for managing EHRs, until 2020, there has been an enormous development. In 2016, two articles [51], [52] started the idea of using blockchain as a platform to manage health data. Later in 2017, two articles [53], [54] mentioned about the applicability of private blockchain for EHRs. Afterward, researchers tried to prove the applicability of blockchain for handling EHRs. In the rest of the paper, most papers proposed using either Ethereum or Hyperledger Fabric, those are private blockchains. The practical implementation with blockchain started with Ethereum blockchain in 2018 [55], [56]. Between 2019 and 2020 more 9 papers proposed implemented solutions [57]- [64]. The authors proved that the blockchain is a better solution for managing EHR data by this time. While there were only two papers in 2016, the number was 40 in 2020. Though most publications focused on prototype designing, a few articles tried to implement the ideas. As time passed, the interest has grown in blockchain technology for EHR management.

RQ2: What standardization is followed for storing EHRs in the blockchain?
The standards related to the data format and interoperability principle remain an issue for sharing and storing EHRs. While most authors did not even consider any of the standards provided by HIPAA, Fast Health Interoperability Resources (FHIR), and HL7, some authors either discussed or applied the standards in their proposed solutions. Most authors consider FHIR and HL7 when they defined standard for EHRs data format [51], [55], [103], [107], [145]. A significant number of authors followed HIPAA standard for their proposed framework [81]- [83], [120], [122], [134]. However, only a few authors followed the standard of HL7 [12], [77], [97], [144], whereas a small number considered the standard of FHIR [95], [96], [128]. A standard from NeHA (National eHealth Authority) that works as a promotional, regulatory and standard-setting organization in the health sector in India applied in [116]. vMR (Virtual Medical Record) found in [59] is a simplified, standardized EHR data model designed to support interfacing to the clinical decision support system. Among the rest of the papers, authors in [61] described the standard of ISO 18308: 2011, HL7 and HIPAA, but did not implement those principles. Finally, researchers in [62] followed the openEHR standard. By contrast, the remaining papers did not follow or describe the EHRs standards.
Having mentioned the above references, the expected standard for EHRs exchanging, uploading, storing, authenticity checking, and formatting remain a crucial issue for blockchain-enabled EHRs solutions until now. It may be because of the evolving nature of blockchain and the lack of standardized developing platforms. While blockchain is a promising technology for EHR management, it still needs to go on a long run to reach a stable position to maintain a standardized framework.

RQ3: How big data related to EHRs were handled?
EHRs generate big data continuously as the number of people, hospitals, and healthcare centers is countless. Every moment, thousands of patients are taking medical care from hospitals worldwide, and EHRs are generated for diagnosis purposes. Handling these large amounts of data itself is a big challenge. When it comes to handling this big data through blockchain, it becomes more challenging as storing data over the blockchain is expensive. The blockchain was initially developed to keep data tiny in size, basically the financial transaction information. However, to enjoy the merits of blockchain and overcome the limitations of data storing capacity, researchers came with several ideas. While many haven't considered the scalability issue of blockchain for data storage, others focused on storing data either over the cloud or in local databases and linking the address from that storage to the blockchain.
Among the papers we have analyzed for the review, slightly less than 50% of papers haven't considered the big data storage issue. Authors in 5 papers [105], [107], [113], [124], [135] have considered the issue, but they haven't mentioned about the data storage services. In addition, there were seven papers where authors have chosen the Interplanetary File System (IPFS) as a medium of data storage and then linked the address with the blockchain [72], [79], [85], [87], [116], [117], [120], [144]. Among all the papers, only three proposed to use Amazon Cloud services before uploading data into the blockchain network [59], [96], [100]. Around one-fourth of the total papers suggested using the local database for storing EHRs data before blockchain. The rest of the papers proposed using private blockchain or off-chain storage to handle scalability issues.
The solutions provided above to overcome the big data issues are significant, but it needs more research to handle a considerable amount of EHRs data. VOLUME 10, 2022

RQ4: What platforms/mechanisms of blockchain were used to handle EHRs management?
Various platforms/mechanisms exist now to offer blockchain-based solutions. Different categories of existing blockchains are explained in Section 11 II-B. Among all the various types, Ehtereum (public and private), Hyperledger Fabric [19], and consortium blockchains [21], [22] is by far the most popular for EHR data management. Due to the nature of EHRs, which contain sensitive personal information, a private blockchain resides on top of the popularity index. Moreover, a private blockchain can provide access control rules, so only specific people can join the network by following good security policies. By contrast, a public blockchain does not provide strict access control rules, so anybody can join the web and get access to the data. Apart from that, a consortium blockchain also provides a private network and limits access to network data. Therefore, these three types are found appealing among researchers.
RQ5: How Privacy, Security, Storage Scalibility, Accessibility, and Cost analysis were handled?
We intended to find how researchers handled privacy, Security, Storage Scalability, Accessibility, and Cost analysis properties in blockchain-enabled EHR solutions. These five unique characteristics are very crucial when it comes to providing a solution for EHRs using blockchain. The mindmap for the details of these characteristics is shown in Fig. 6. privacy is the primary concern for blockchain-based solutions as the EHRs involve sensitive personal information that patients may or may not wish to share in public. We found that authors in the list of papers used three properties to ensure privacy, such as Pseudo-anonymity, Smart Contract, and Audit trail. Pseudo-anonymity is a property of blockchain transactions where an alphanumeric number represents every user. Whenever a user opens a Bitcoin wallet, an automatic alphanumeric number is assigned to her to conceal his real identity and to allow him to send and receive Bitcoins. Anyone with the public key can know the history of transactions in the blockchain, but not the identity of the person behind it. 20 Similarly, it ensures the identity of a patient not to be directly exposed to the public from his EHRs [13], [89]. Smart contracts are another privacy mechanism that authors   used for safe EHR sharing in blockchain-based applications [72], [102]. These are simple computer programs installed on a blockchain that run when some preconditions are met. Using predefined smart contracts, a patient can determine who will access his EHRs and who will be restricted from them. Audit trail is another significant privacy property for blockchain-based EHR solutions. It provides information about who, when, and from where users access EHRs. Therefore, the privacy of patients' records is maintained using this property. Nevertheless, among the articles we analysed, five papers [98], [103], [70], [80], [143] have not considered privacy in their proposed solutions.
Security is the second most important property to consider for EHR-based applications using blockchain. It has three sub-categories: confidentiality, integrity, and availability. Confidentiality means the EHR data will only be accessible by authorized users. It is highly significant for EHRs as patients' information with doctors and other medical practitioners is highly sensitive, and exposing those can hamper the security and lead to data misuse or modification.
In most blockchain-based solutions, confidentiality is maintained using cryptographic tools to ensure that data is not readable by unauthorized users [99], [108], [135]. We found that most popular encryption algorithms are Attribute-based Encryption (ABE) [88], Proxy Re-Encryption (PRE) [87], and symmetric encryption (e.g., AES) [11]. Integrity of EHR data is all about accuracy, consistency, and completeness and also refers to their safety. Data integrity can be broken due to human errors, bugs, and hardware failure, leading to the loss of critical health records and sensitive personal information. Blockchain ensures the integrity of information found in blocks using hash functions (e.g., SHA-256). Besides, every node in the blockchain network has either a copy of EHRs when they are stored on the blockchain [53], [143], or a copy of the pointer to EHRs when stored externally (e.g., cloud) [11], [71]. Availability means that EHRs are available when and where the user needs them. If the data is not known when the user wants it, there is no use in storing it; moreover, the user may face tragic consequences such as wrong medication or incomplete medical consultation. As blockchain is a distributed ledger, there is a slight chance of losing data or accessing it. However, Even though offchain data storage does not ensure data availability, it can ensure that if the data is missing from the host database, digital data forensic can be done using the data pointers. Most blockchain-based applications for EHRs focused on the system being fault-tolerant during any system failure [65], [98]. All papers, except one [76], considered security when proposing their blockchain-based solutions.
Storage scalability is a big concern for blockchain-based solutions. A blockchain is a distributed ledger that increases in size each time a block is created. The literature review considers three main challenges: block creation time, block size, and ample data storage. Block creation time corresponds to the time needed to store either EHRs directly or some auxiliary data linking EHRs stored externally from the blockchain. It is crucial as EHRs data are generated continuously across the world. If the time taken for storing these data is long (e.g., When EHRs are developed every minute, blocks creation time needs to be shorter than that), it will cause problems for both patients and doctors. Similarly, block size refers to the capacity limit of data in a block. This is also important as EHR data vary in size. Various blockchainbased solutions have been proposed with these issues in mind but different results. For instance, Bitcoin takes around ten minutes to create a new block, and the maximum block size is 1 MB [1], whereas Ethereum takes about 10-20 seconds to create a new block 21 and the average block size is about 50-60 KB. 22 Finally, big data storage refers to storing huge EHR data generated all around the globe. It is mandatory to analyze the capacity and the scalability of the data storage options of a blockchain to handle these big data by storing 21  a large set of dummy data 23 before deploying. Failing to do so will not be fruitful for patients worldwide. Authors such as [100], [108], decided to put the EHRs in external databases, such as local or cloud databases, in order to cope with the limited storage of blockchains. However, when storing data outside the blockchain network, it is crucial to consider the security of the storage options (e.g., encryption, access control). For storage scalability, several authors [105], [108] proposed solutions that are costly but easy data access.
Accessibility is another important property related to the EHR data access policies in the blockchain. We found three major sub-properties to ensure the proper accessibility of EHRs: access control, authorization, and platform independence. Access control verifies EHR access rights. It has two aspects: patients accessing their own EHRs [37] and other users accessing those same EHRs [12], [98]. The former case is pretty simple as the patients should have all the rights to access their own EHRs, but the latter requires careful investigation. Often, a third party who requests access to the owner of EHRs, follows a public-key encryption process [98]. For instance, ABE [88] allows third parties to get access rights from some attributes such as ''doctor'' and ''hospital.'' Authorization is the process where a patient or hospital authorizes someone to get access to his EHRs. It is sometimes (depending on the country's legislation) illegal to access someone's EHRs without his consent [37], as this may then expose the data to malicious users. Furthermore, platform independence is the property of a blockchain-based solution that makes sure it runs on all platforms for smartphones and computers, such as Android, Windows, and MAC. Failing to do so will create accessibility problems not only for patients but also for physicians. All papers except five, [98], [123], [129]- [132] considered accessibility carefully when designing their blockchain-based solutions.
Finally, cost analysis is a significant feature to offer in blockchain-based EHRs solutions. Costs are involved in adding a block to the blockchain, rewarding miners, and uploading and maintaining a database when EHRs are stored externally. Data storage cost is higher when directly stored in blockchains [85], so authors [100], [108] came with off-chain data storage. However, even if EHRs are stored in external databases, it is pretty expensive to store huge amounts of EHR data generated every day worldwide. 24 Data Maintenance in local or cloud databases involves a huge cost such as workforce, computing resources, and resources for data sharing. This is a significant issue when making EHR management using blockchain. Finally, miners' rewards are the expense for people who mine a block before accepting and uploading it to the blockchain. Miners are there to ensure that they will upload only the eligible and authentic data to the blockchain. If we consider a large-scale blockchain-based solution for EHRs, these costs (e.g., transaction fees, miners' reward, and database maintenance) are significant to consider. However, only 24 papers [56], [59], [68], [71], [75], [77], [81], [84], [86], [87], [91], [99], [108], [110], [112], [115], [117], [118], [124], [126], [127], [130], [131], [137] discussed or analyzed the cost induced by their solutions using blockchain. The remaining 75 papers did not focus on the cost issue.

IV. FUTURE RESEARCH DIRECTION
This section discusses about directions for designer of blockchain applications to handle EHRs.

A. ARTIFICIAL INTELLIGENCE
When blockchain systems are integrated with Artificial Intelligence (AI) in different real-world healthcare solutions, they will become more efficient and stable [146]. Machine learning (ML) and deep learning (DL) are two main domains of AI which are helping to automate real-world applications. ML could be a potential technology in combination with blockchain to handle EHRs in the near future. Despite the challenges like storing, sharing, and training critical EHR data for designing practical applications, interest is growing among researchers to develop ML, and blockchain-based EHR applications [147], [148]. IBM has recently announced plans to deploy intelligent blockchain, where some AI agent performs various tasks like legislation, improved records, suspicious activities and make suggestions for updating smart contracts in a large network. 25 AI is used to develop a next-generation blockchain in the MATRIX project [149], which facilitates the automated generation of intelligent contacts, improves the protection against malicious threats, and enables highly scalable operations.
Using various ML algorithms, one can find fraudulent EHRs data, and only valid EHRs will be stored in the blockchain. Using DL, previous damaged medical records can be recovered and stored in blockchain for knowledge improvement (e.g., for drug analysis and prediction) [150]. Deep Learning as-a-Service (DaaS) is also used on stored EHRs to precisely predict future diseases based on current diagnosis reports of patients [151]. Finally, ML algorithms can be used to prevent major attacks in blockchain networks [152]. There are some existing projects where AI and blockchain are combined. For instance, Singulari-tyNET [153], which focuses on creating networking with AI and blockchain for the robot brain, and DeepBrain Chain, 26 which focuses on creating a platform to develop AI algorithms. Besides, some ML and DL based works related to health are underway, such as Gamalon project, 27 TraneAI [154], Neureal [155], etc.

B. EDGE COMPUTING
Sharing large amounts of EHRs among various health care organizations is challenging because of network loads and data size. Recent solutions for EHR management, in particular, have poor scalability, high computational cost, and extended response times. Edge computing could be a solution for the issues mentioned above. It can process a large amount of data from diverse locations, as edge computing consists of a group of servers/computers for its operations [156]. Gai et al. [157] suggest edge computing to expand cloud services to the network's edge, providing processing capacity and enhancing device Quality of Operation.
Edge Computing has the advantage of big data storing, long networking, and high computing power, and it supports the scalability for distributed applications in a secure and controlled manner. Even though edge computing has several flaws such as security, vulnerability to various attacks during message transmission, and integrity, blockchain-based solutions face numerous problems such as storage, scalability, constraints of block size, and block creation time that can be solved using edge computing. Similar mechanisms for decentralized technologies can enhance privacy, security, and automatic resource handling [158]. Combining both can have several merits. Firstly, we can build distributed controls at various edge nodes using blockchain. The mining process of blockchain confirms data accuracy, consistency, and reliability. Secondly, user privacy can even become higher as users control the data using cryptographic keys. Finally, edge computing involves resource sharing among other nodes, which can be achieved securely using smart contracts on blockchain [159].

C. IoMT
Internet of Medical Things (IoMT) is a series of medical equipment and software that use online computing networks to link to various healthcare providers. The basis of IoMT is the Machine-to-Machine (M2M) communication among wireless medical devices. Through the IoMT, medical care providers & authorities can get the real-time health update of patients from remote locations through wearable devices.
However, besides the advantages of IoMT, there are several downsides to it, as IoMT devices are vulnerable to security threats. During the pandemic situation of Covid-19, not only the demand for innovative medical devices has increased enormously, but the cyber threats related to them also increased significantly [160].
Blockchain can be considered a savior for the threats related to IoMT devices. The decentralized key management, inseparability, and integrity properties of blockchain can ensure secure communications among smart Medical devices.

V. LIMITATIONS
The SLR solely focused on applying blockchain for EHR management and did not include any other potential blockchain applications related to other healthcare sectors (e.g., supply chain management for medicine) or any other fields (e.g., transaction handling). The review was strictly limited to articles that only addressed EHR and blockchain ideas.
We identified several limitations of blockchain-based EHR solutions. Limitations include common standard, scalability in terms of storage, block creation time, data storage, user adaptation, and storing and maintaining EHR data costs. Most of the solutions are still in either a theoretical or prototype state. Blockchain technology is still in a developing state that lacks user-friendliness and has limitations regarding EHR privacy and security of EHR data. No solutions have been found to either delete fraud EHR data from the blockchain or for dead patients.
Besides, no acceptable solutions were found for the scenario where a patient is in a coma, unconscious, or illiterate, and his EHRs need to be accessed by the doctors or physician. One possibility is that the patient has an ID card with a unique identification number, and the doctor can read the EHRs using it. Finally, aggregation of technologies like ML, AI, and Edge Computing may help overcome problems like scalability, fraud EHRs detection, and many more.

VI. CONCLUSION
This study answers the question of the current state of the art in blockchain-based EHR management research and future directions. We showed the distribution of blockchain types and platforms adopted by the reviewed articles. The potential benefits of blockchain to manage EHRs have met stakeholders' expectations in the healthcare sectors, while we also found that several challenges require further research. For instance, cross-border sharing of EHR data may be hampered by varying and often conflicting legislation. Besides, the privacy policies also vary based on the specific government regulation. Hence, further investigation on regulation, standardization, and cross-border accessibility of EHRs is crucial.
However, After thorough scrutiny of selected articles, we concluded that the most prominent blockchain platform for EHR management is Ethereum (private) and Hyperledger Fabric because these two platforms meet almost all the requirements. We also found that handling big EHR data on a large scale with blockchain has limitations such as limited storage capacity, computation cost, and communication cost. However, there are potential solutions to overcome these limitations, such as artificial intelligence, IoMT, and edge computing.
The study may serve as a reference for future research in this field. The accumulation of all related papers, their contributions, and limitations will help the potential researchers to design a new architecture or model. Moreover, future research directions to combine blockchain could help propose more exciting solutions for the existing problems.

DECLARATION OF COMPETING INTEREST
The authors declare that they have no known competing financial interests or personal relationships that could have influenced the work reported in this paper.
[158] R. Yang She previously worked on several research projects dealing with information security and privacy for electronic health and electronic voting. Her current research interests include design and evaluation of public-key cryptographic protocols for security and privacy in various environments, such as cloud computing, the Internet of Things, and blockchain. She has been a Program Chair Member for security conferences, such as the Australasian Conference on Information Security and Privacy and International Conference on Cryptology in India. She has been a Reviewer for various journals, such as IEEE ACCESS, the IEEE INTERNET OF THINGS, and Computers and Security (Elsevier). VOLUME 10, 2022