Flexible access control mechanism for cloud stored EHR using consortium blockchain

Abstract

The implementation of cloud computing to store and access electronic health records has shown substantial benefits for both clinical organizations and patients in managing electronic health records. The prime security issue of cloud-based electronic health records is that the patient is physically unable to own a medical record whereas a clinical organization can maintain one for them. The latter may collude with centralized cloud servers. So, there is a vulnerability of such records being tampered with in order to hide the medical malpractices. So, maintaining data integrity and data privacy becomes a significant challenge when deploying cloud computing. Therefore, in this paper, a consortium blockchain-based cloud-stored electronic health record is proposed which provides data integrity, data privacy, storage scalability, and fine-grained access control. Each process in outsourcing electronic health records to the cloud is incorporated as a transaction in a consortium ethereum blockchain through smart contracts. Through smart contracts, an attribute-based contract key is generated for the users that can decrypt the encrypted data stored in the cloud. The attribute-based contract key allows only users who are authorized to access the information ensuring data privacy and fine-grained access control. Moreover, the proposed scheme is proved to provide tamper-proof although the medical records are controlled by a group of clinical organizations.