Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment, and personal wellness, as they offer the ability to continuously monitor aspects of individuals’ health as they go about their everyday activities. Combining the data produced by these mHealth devices may give healthcare providers a more holistic view of a patient’s health, increase the level of patient care, and reduce operating costs. Creating a trusted and secure data sharing ecosystem for mHealth devices is difficult, however, as devices are implemented with different technologies and managed by different organizations. To address these issues, we present Amanuensis: a concept for a secure, integrated healthcare data system that leverages Blockchain and Trusted Execution Environment (TEE) technologies to achieve information provenance for mHealth data. By using a blockchain to record and enforce data-access policies, we remove the need to trust a single entity with gate-keeping the health data. Instead, participating organizations form a consortium to share responsibility for verifying data integrity and enforcing access policies for data stored in private data silos. Data accesses and computations take place inside of TEEs to preserve data confidentiality and to provide a verifiable attestation report that can be stored on the blockchain for the purpose of information provenance. We evaluate a prototype implementation of Amanuensis – built using Intel SGX trusted execution hardware and the VeChain Thor blockchain platform – which shows that Amanuensis is capable of supporting up to 14,256,000 mHealth data sources at $0.07 per data source per day.

移动健康（mHealth）应用程序和设备在健康研究，临床治疗和个人健康方面正变得越来越流行，因为它们提供了在进行日常活动时能够连续监控个人健康状况的能力。结合这些mHealth设备产生的数据，可以使医疗保健提供者更全面地了解患者的健康状况，提高患者护理水平，并降低运营成本。但是，由于设备使用不同的技术实现并由不同的组织进行管理，因此很难为mHealth设备创建可信赖的安全数据共享生态系统。为了解决这些问题，我们介绍了Amanuensis：一种安全，集成的医疗数据系统的概念，该系统利用了区块链和可信执行环境（TEE）技术来实现mHealth数据的信息来源。通过使用区块链记录和执行数据访问策略，我们无需信任单个实体并保管健康数据。相反，参与组织组成一个财团，共同承担验证数据完整性和对存储在私有数据仓库中的数据实施访问策略的责任。数据访问和计算在TEE内部进行，以保护数据机密性，并提供可验证的证明报告，该报告可存储在区块链中以用于信息来源。