Implementation of Blockchain-Based Blood Donation Framework

. Existing blood management systems in India function as Information Management systems that lack dynamic updates of blood usage and detailed blood trail information, starting from donation to consumption. There exists no communication platform for surplus blood in one region to be requested from another region where blood is scarce, leading to wastage of blood. Lack of transparency and proper blood quality checks have led to several cases of blood infected with diseases such as HIV being used for transfusion. This paper aims at mitigating these issues using a blockchain-based blood management system. The issue of tracking the blood trail is modelled as a supply-chain management issue. The proposed system, implemented in the Hyperledger Fabric framework, brings more transparency to the blood donation process by tracking the blood trail and also helps to curb unwarranted wastage of blood by providing a uniﬁed platform for the exchange of blood and its derivatives between blood banks. For ease of use, a web application is also built for accessing the system.


Implementation of Blockchain-Based Blood Donation Framework 1 Introduction
Blood is an existential requirement for all living beings.Every few seconds, someone, somewhere needs blood.Since blood cannot be manufactured, the demand for blood to save lives can be satiated only by donations from humans.Millions of lives are saved every year by the transfusion of blood and its derivatives to patients during complex medical and surgical procedures.An adequate supply of blood is also needed for patients suffering from prolonged, life-endangering illnesses such as leukemia.
Based on the data obtained through the WHO Global Database on Blood Safety (GDBS) for the year 2015, for every sample of 1000 people, the blood donation rate is 32.6 in high-income countries, 15.1 in upper-middle-income countries, 8.1 in lower-middle-income countries and 4.4 in low-income countries.Although 112.5 million units of blood are collected every year globally, many patients who require blood transfusion do not have timely access to safe blood, especially in middle-income and upper-income countries [17].

Blood Transfusion Service In India
In India, the National Blood Transfusion Council (NBTC), established in 1996, is the federal body that oversees and manages the Blood Transfusion Service.The NBTC along with the State Blood Transfusion Councils (SBTCs) is tasked with reviewing the status of the blood transfusion services and conducting annual quality checks in blood banks.NBTC and National AIDS Control Organisation (NACO) are the technical bodies that are tasked with framing guidelines to ensure safe blood transfusion, provide infrastructure to blood centres, develop human resources and formulate and implement the blood policy in India [18].
In 2016, it was reported by the Ministry of Health and Family Welfare that only 10.9 million units of blood were donated while the requirement was 12 million units [19].To address the huge gap in the demand and supply for blood in the country, several governmental and non-governmental blood donation organizations were established in different parts of the country.These organizations conduct frequent blood donation camps and also organize several awareness programmes to emphasize on the importance of blood donation.Most of the organizations have an online portal where willing donors register themselves and receive notifications when camps are organized.Realizing the importance of a unified portal, the Indian Government launched eRaktKosh [22], an initiative to connect, digitize and streamline the workflow of blood banks across the nation in 2016.The portal functions as a unified Management Information System (MIS).However, it can not track the blood chain completely.

Issues In Blood Donation
It is ironic to observe that in the country that proclaims a shortage of about 1.1 million (11 lakh) units of blood, over 28 lakh units of blood and its components have been wasted in five years [23].Wastage of blood refers to the discarding of blood or any of its components rather than administering it to a patient.The main reason behind such a disparity is the lack of communication between regions where surplus blood stock is available and those where there is absolute scarcity.Surprisingly, even comparatively more developed states like Maharashtra, Andra Pradesh, Karnataka, and Tamilnadu reported wastage of not just whole blood, but also critical life-saving derivatives of blood such as RBCs and plasma (which have longer shelf-life).It can be observed clearly that India's blood scarcity woes can be reduced by a huge margin with just voluntary blood donations, provided there is an umbrella framework that supports communication and transfer of blood supplies across regions.For this, an efficient blood cold chain [24] management system that monitors the storage and transport of blood from donors to final transfusion sites is required.
It has to be noted that the inter-blood bank transfers have been encouraged by the Government.Despite this, some blood banks refuse to accept units from other banks with the reasoning that they may not be safe.There is also no way to track the flow of information from donation to consumption.This highlights the need for transparency in the blood inspection process.The benefits of this two-fold.Apart from providing a trust mechanism for encouraging blood stock exchange between blood banks, it also helps in preventing accidental transfusion of blood infected with diseases such as HIV, hepatitis, and syphilis.The latter holds extreme importance as over 14,474 cases of HIV contraction through transfusion of infected blood have been reported from 2010-2017 [25].
Under the National Blood Transfusion Services Act 2007, people who are found guilty of donating or selling blood in exchange for money may be imprisoned up to three months with a fine.But there have been many cases of forced blood extraction over the years.Though paid donations were banned by a Supreme Court ruling in 1996, reports of the practice continuing have surfaced.There have also been several cases where patients were forced to find replacement blood donors for stock replenishment even during emergencies despite efforts from the government to insulate patients [19].These are major pitfalls in the Blood Transfusion Service which need attention.
To address these issues, the paper proposes to implement a unified, secure, end-to-end, permissioned blockchain-based blood chain management system that curbs unwarranted wastage of blood, ensures transparency in the donation process and ensures track-ability of donated blood.Such a system would also prevent illegal sales of blood/plasma and ensure that donors do not donate too frequently by monitoring their donation history.

Literature Survey
Most literature related to Blood Donation and Transfusion delved into providing a platform for people in need of blood to contact blood banks and donors in their vicinity ("replacement" donors) to request for blood.[12] proposed an Android mobile application that acts as a portal where users can view details about blood banks, donors and request blood from them.This system also consisted of a reporting mechanism using which the blood bank admins could monitor the inventory.T.Hilda Jenipha and R.Backiyalakshmi [13] implemented a cloud-based Android application that tracks the current location of registered donors and finds potential donors in the vicinity of where the blood request originated.[14] suggested the use of CART Decision Tree to identify whether a registered donor is likely to donate blood in case the need arises.This system is also modelled for "replacement" donations.The aforementioned solutions do not address the issues of blood cold chain management or the wastage of blood and also have no control over the health of the donors and the integrity of the donation process.
Research pertaining to the Blood Supply chain has focused on challenges such as transportation time and ensuring blood supply in the event of disasters.[7] proposed a model that determines optimal locations for setting up blood facilities and blood inventory levels that will satiate the demand.[11] and [10] proposed an RFID-based information management system for the blood issue chain.But the major pitfall of such a system is security, as data could be modified.
Kim, Seungeun, and Dongsoo Kim [2] proposed the high-level design of a blockchain-based blood cold chain management using the shared-ledger concept.The architecture, however, does not track donor details, facilitate donor matching or track the wastage of by-products of blood.[3] proposes the design of KanChain, a new Ethereum-based permissioned framework for blood distribution.The proposal is to track the exchange of tokens, called KanCoins, between stakeholders to trace the blood chain.Peltoniemi, Teijo, and Jarkko Ihalainen, in [1], conducted an exploratory study on how distributed ledger technologies could be used within the supply chain of plasma derivatives.It also elucidates the concept of providing incentives to active donors to encourage more voluntary donation.
This paper aims to implement a unified framework for monitoring and managing donated blood by harnessing the potential of open-source blockchain infrastructure that provides better transparency, end-to-end tracking and reliability when compared to existing solutions.

Blockchain Technology
Blockchain is essentially a decentralized, public ledger in which transactions are accepted only when they are validated by every node in the network, making it immutable.It can be thought of as a time-stamped chain of data records, called blocks, linked together using cryptographic hashes and stored in a cluster of nodes.Each block/record consists of a set of transactions (defined in Smart Contracts) with a pointer to the next block thereby forming a linked-list of blocks [16] [15].Hence the name "blockchain".
Blockchain framework stores a digital footprint of all transactions in a block in a binary tree called "Merkle Tree".Leaf nodes in a Merkle tree are hashes of transactions while interior nodes are hashes of their child nodes [6].Constructed bottom-up, nodes are repeated hashed until only one node is left, called the Merkle Root, which is stored in the Block Header.SHA-2 is used as the default hash function.Since Merkle Root is a hash, it can be used to test if a specific transaction is present in the block or not.
There are three classes of blockchain-based on the access levels of nodes that are allowed in the network -public, private and consortium [6].Public blockchains are open to all with no central authority for control.Nodes do not require permissions to access data or transact i.e. it a permission-less blockchain.Private blockchains on the other hand, place restrictions and access controls on who can join the network and transact.Since users require permissions to join the network, private blockchains are permissioned in nature.Private blockchain frameworks are either shipped with Identity Management tools or allow third-party plug-ins that offer Membership Service Providers.In consortium blockchains, the rights to authorize transactions are held only with specific nodes while other nodes can only initiate transactions and review transaction history.Due to the restricted number of nodes, private and consortium blockchains are more susceptible to data tampering than public blockchains.However, the former is more efficient and scalable.
The nodes in blockchain use Public Key Cryptography for digitally signing transactions.A node wishing to transact executes it and floods it in the network after digitally signing it with its private key.The transaction is validated by other nodes in the network.A consensus algorithm is executed to ensure that the transactions are validated by an adequate number of nodes.Once validated, the block is updated as a part of the shared ledger by all nodes in the network.It is worthy to note that a node in a blockchain may be member node which can only initiate transactions or a validator node, which can initiate and validate transactions.

Proposed System
The Blood Management System is designed as a private, permissioned blockchain allowing access only to specific stakeholders as illustrated in Fig. 1.The main reason for choosing permissioned blockchain is to prevent public access to sensitive information such as donor and donation details.The use of blockchain adds more transparency to the blood trail as it provides a trust-able tracking mechanism.It also enhances the security of the system as the fundamental design of a blockchain prevents unauthorized/illegal data modification.

Entities in the Proposed System
There are two main requirements to ensure that the proposed closed-loop system functions securely as intended, without any scope for malpractice.Firstly, it is assumed that there exists a National Health Records (NHR) Registry which maintains Electronic Health Records (EHRs) [8][9] of all Indian Residents.The EHRs are used to monitor the medical history of every person in the country.The design of EHR is out of the scope of this paper.For implementation, a database consisting of basic details of people along with a flag indicating their eligibility to donate blood was used.Secondly, anyone wishing to donate blood must be registered with the National Blood Donation Registry (NBDR).A unique Blood Donor ID, linked to the EHR ID, is allocated to each donor by this Registry.The advantage of this is two-fold.The donor's medical history can be readily verified while collecting blood samples using the EHR ID.The Blood Donor ID facilitates tracking donors and their donation history.This way, the frequency of donation by every individual can be monitored.This will help in curbing frequent donations for money and forced extractions.Also, donors are notified once their blood has been used to save lives, thereby offering a gratifying experience.If the donated blood is found unfit for usage during an inspection, the framework is designed to notify the donor immediately.This will enable them to take necessary medical action against any possible illnesses they may have contracted.
The other entities in the system are the Blood Camps where blood is collected, Blood Inspection Centres (BICs) where the collected blood is tested, Blood Banks where tested blood is stored, Hospitals, Blood Matching Centres (BMCs) and the Transportation Services.

The workflow of the Proposed System
This section describes the overall work-flow required in a Blood Donation System as illustrated in Fig. 2. The Donor registers with the National Blood Donation Registry using their unique EHR ID.The medical details of the person are verified with the EHR managed by the National Health Records Registry using the EHR ID.If the person is found to be eligible to donate blood, a Donor ID is allocated to them.The Donor must use a valid Donor ID to donate blood.Before donation, the Donor's medical parameters such as temperature, blood pressure, and heart rate are verified.The Donor's eligibility to donate blood is verified using the EHR ID.It is also verified whether the donor's last donation was over 3 months ago.If the donor is found eligible for donation, their blood is collected and a unique Blood ID is allocated to the collected sample.Else, blood is not collected.Blood collection can happen in Blood Camps as illustrated in Fig. 2 or directly in Blood Banks.The collected blood sample is then transported to the Blood Inspection Centre (BIC) by the Transportation Service provider in a vehicle whose details are tagged to the Blood ID in the blockchain.The blood is then inspected at the BIC based on guidelines by NBTC [28] and the report is generated.The proof of inspection along with its HASH is logged into the blockchain.If the blood is found unfit for usage, the donor is notified and the Fig. 2. Conceptual Workflow the proposed Blood Donation System.blood is discarded.If the blood is found fit, it is then transported to the blood bank and stored.In case of any requirement, the hospital posts a request to the Blood Matching Centre (BMC) for blood.The BMC finds the best blood match based on factors such as blood group, request location and expiry date.Once a match is found, the blood is transported from the blood bank to the hospital.For ensuring transparency, the request for blood and its consumption are tagged to the recipient.This is done to ensure the patient's privacy and also prevent requested blood from being used for another patient.Once the blood is consumed, the donor is notified regarding the same.

Privacy and Access Controls
It has to be noted that the EHR, Donor and Blood records hold extremely sensitive information and thus must be privacy protected.For this, access controls are enforced by configuring Access Control List (ACL) files.For instance, the entity collecting blood from Donors can only READ the EHR ID and the flag variable mentioning eligibility to donate blood from the EHR records.Similarly, all Donor information is abstracted from transport service providers; only the Blood IDs and sender and receiver details are made available.Donors are given READ ONLY access to their donation data i.e. blood IDs and dates and statuses of donations.Hospitals are only allowed to do two transactions -requesting blood and updating blood usage post allocation.Donor information is thus completely hidden (DENY ALL ACCESS) from hospitals.In the current deployment, the Network Administrator is given ALLOW ALL access.However, in future deployments, we aim at encrypting information using pluggable cryptographic packages to ensure that only entities with valid keys will be able to decrypt and therefore access the data.

Blockchain Framework
The architecture of the proposed system revolves around "Hyperledger Fabric", an open-source platform for distributed ledger solutions [5] [6].Hyperledger Fabric is preferred over other enterprise-grade blockchain platforms like Ethereum because it is tailor-made for B2B solutions and allows access controls to be enforced for data confidentiality and privacy through the use of membership services.Also, the proposed solution does not require the crypto-currency stack that Ethereum provides.Hyperledger Fabric also allows the different modules and components to be customized as per requirements.It supports the deployment of permissioned blockchains in which the participating entities have known identities.This is well-suited for our use-case as only specific stakeholders must be allowed to access the network.Other permissioned blockchain frameworks like Quorum were designed primarily for financial use-cases.For managing user authentication and authorization, Hyperledger Fabric uses X.509 certificates.It also offers the flexibility of configuring authentication services to suit the requirements [27].The framework supports the concept of Channels for data privacy -data in a Channel is only made available to those entities which subscribe to it.Hyperledger Fabric also supports smart contract logic using the concept of chaincodes.In addition, it provides the option of including access controls as a part of the chaincode to restrict data visibility.Though Hyperledger Fabric itself does not provide data encryption, it supports the use of pluggable cryptographic interfacing packages like the BlockChain Cryptographic Service Provider (BCCSP).However, such additional configurations are not included in the scope of this paper.

Implementation Details
The initial development of the system was done in Hyperledger Composer [20], a toolset used to model the back-end business logic that can be run on the Hyperledger Fabric blockchain infrastructure.The Network module of Hyperledger Composer consists of definitions of Assets, Participants, and Transactions.In our system, Blood, Donor, EHRs, and transport vehicles are considered as Assets while the rest of the stakeholders mentioned in Section 4.1 are considered as Participants.The functional definition or logic of the Transaction is called the Business Logic.The Access Control Lists consist of information regarding access privileges of Assets, Participants and Users.Hyperledger Composer also provides a way to create optional Query files in which SQL-like queries can be defined for the system.These components are packaged into a BNA file (Business Network Archive), which can be used to create the Fabric network and deploy the system.The installation and deployment of the Blood Donation System (Project BloodLine) are shown in Fig 3 .We used Fabric version 1.2 deployed in Ubuntu 18.04 in a machine with Intel Core i7 processor and 8GB RAM.
It is worthy to note that the Business Logic defined in Hyperledger Composer forms the basis of Smart Contracts (termed as Chaincodes) in Hyperleder Fabric.This logic consists of functional definitions of all transactions in the network.Such transactions were identified and developed using Javascript.Some of the core transactions include the procedure for logging donated blood, booking transport vehicle for transferring blood from one place (say a Blood Bank) to another (a Hospital), requesting blood and allocating blood based on the request.
As this is the first attempt at implementing a blockchain-based Blood Donation System, we have developed a baseline algorithm for blood allocation when a request for blood is issued by a hospital.For simplicity, a scenario with two blood banks and ten hospitals within a 5km radius was considered.A priority queue of the blood stock is maintained for blood allocation -the blood of the required blood group, with the earliest expiry date, is allocated first.This algorithm can be extended further to include factors such as distance between hospital and blood bank, transportation time and urgency of the requirement.The design of allocating transport vehicle to transfer blood across locations is a study by itself and shall not be discussed as a part of this paper.
Another important contribution of the proposed system is to notify the donor when donated blood has been used and also alert the donor when the blood is found to carry any reactive disease as a part of the inspection process.The former brings a sense of gratification for the donors and will encourage them to donate regularly as the appreciation of donors' contributions is a vital catalyst for improved donor retention [4].The latter stems out of social and ethical responsibility which would help the donor take timely and appropriate medical care.

Results and Discussion
The implemented system was tested with sample EHR and Donor datasets created using volunteer data.For simplicity, a scenario with two blood banks and ten hospitals within a 5km radius was considered.The blockchain was initialised with the genesis blocks including those for Blood and Donor.The system was configured with a block size of 10 transactions per block.For testing the implementation, 100 blood requests were simulated, some of which are discussed in this Section.Each transaction results in the creation of a new block, which is linked to the previous block as shown in Fig. 4. The average transaction throughput was found to be 80 tps.More stress tests must be conducted on the system with parallel requests and heavier loads in the future.Since the system is based on Hyperledger Fabric, the blood trail (transaction results) are recorded in the Key Value Store (KVS).For ease of use of the proposed system, a web application is designed.The user in the screenshots is logged in as an Admin and has privileges to initiate all transactions.
Fig. 5 illustrates the Donor Registration page.Donors are registered using their EHR Id and are allowed to register only when the isEligibleForDonation flag is set in their EHR.In case they are not eligible, the person is not allowed to register as shown in Fig. 6.Also, donors without a valid EHR Id are not allowed to register with the network as shown in Fig. 7.
For recording the collection of blood, the form in Fig. 8 is used.If the medical parameters such as temperature, blood pressure and pulse rate are abnormal, blood is not collected.Instead, a notification is displayed as shown.If the previous donation by the donor fell within three months, a notification to not collect blood is issued as illustrated in Fig 9 .Also, the EHR of the donor is looked-up again to verify that the donor is still eligible to donate.This is done to ensure     that even the latest medical updates are considered while choosing donors.In the future, we also plan to automatically flag and notify a donor in case the isEligibleForDonation flag in EHR is updated based on medical records.
The web app also contains a portal to record blood inspection results.The HASH of the inspection report helps in verifying its authenticity and increases the trustworthiness of the inspection process -any small modification of the report will lead to a different HASH.A sample report was used to show the generation and storage of the file's HASH.
To help hospitals to request blood on behalf of the patient, the page in Fig. 10 is used.The matched blood details are then shared with the hospital.The proposed blood matching algorithm was successful in allocating blood from the second blood bank even though the first blood bank did not have stock.The advantages of this are two-fold.Firstly, it ensures that blood is available to regions where the stock may not be available.Also, by ensuring that donated blood is put to use irrespective of location constraints, it prevents unnecessary wastage of blood.The proposed solution ensures that donated blood is traced right from the time of donation to the time of consumption.It also provides a mechanism to track the donation eligibility of donors in terms of medical fitness and time elapsed since the previous donation.The proof of quality checks on the blood is also included as a part of the system for increased trust while sharing blood across regions.The blood matching module ensures that the allocation of blood is done fairly and transparently.Overall, the proposed system can be used as an end-to-end blood trail monitoring solution that is capable of increasing the effectiveness of blood utilization and preventing malpractices.

Conclusion
In this paper, we have successfully implemented a Blockchain-based Blood Donation System.To ensure ease of use, we have also implemented a Web Application as the front-end for the system.This App can be used to track donated blood across the entire process of blood transfusion thereby ensuring complete transparency.The proposed system can also be enhanced for similar areas like organ donation on a national and international scale.

Future Work
Since this was the first attempt at implementing the blockchain framework for Blood Donation Management, only tracking of blood was implemented.As a part of the next phase, we intend to add a tracking facility for derivatives of blood for a more rounded framework.This is important as different derivatives of blood have different shelf-life.The proposed framework for blood cold-chain management is in its nascence and there is a need to come up with performance metrics dedicated to it.Bench-marking and design of performance metrics are required for further analysis.Also, blood matching was done based only on the closest stock expiry date.However, additional factors such as location, real-time traffic, the severity of the requirement, stock availability and predicted demand in Blood Banks could be incorporated as a part of the blood matching algorithm to make it more efficient.We intend to implement this as a part of the next phase.

Fig. 1 .
Fig. 1.Conceptual Architecture of the proposed Blood Donation System.

Fig. 3 .
Fig. 3. Installation and deployment of the Blood Donation System in Hyperledger Fabric using the BNA file.

Fig. 6 .
Fig. 6.Donor is not registered when isEligibleForDonation flag in EHR is not set.

Fig. 7 .
Fig. 7. Donor is not registered when EHR Id is not found.

Fig. 8 .
Fig. 8. Example of preventing blood donation when the donor's medical parameters are off-range.

Fig. 9 .
Fig. 9. Example of preventing blood donation when the previous donation by the donor was less than 3 months ago.

Fig. 10 .
Fig. 10.Interface for the hospitals to request blood on behalf of patients.