Abstract
Patients are becoming aware of the importance of taking secure control and managing access over their medical data, thereby leading to the rise in the adoption of personal health record (PHR) systems. However, today’s PHR systems fall short in providing secure and trustable data sharing and access facilities to patients when they are in emergency situations or temporarily incapacitated. Also, the existing PHR systems are centralized and vulnerable to the single point of failure problem. Integrating PHR systems with blockchain technology can help to overcome such limitations. In this paper, we propose a blockchain-based PHR architecture that employs smart contracts to implement multi-party authorization (MPA) and threshold cryptographic schemes to automate secure and trustable medical data sharing and access in PHR systems. Moreover, we mitigate the limited storage and computation capabilities of blockchain by using InterPlanetary File System (IPFS) storage and reputation-governed trusted oracles into the proposed architecture. MPA and threshold cryptographic schemes allow the patient to split and share a secret key with a set of trusted parties, such as the healthcare regulatory agency, guardians, and hospitals, in such a way that they can collectively decide on sharing medical data on behalf of patients. We present algorithms along with their full smart contract function implementation details. We evaluate the robustness and performance of our solution by performing correctness verification and cost analysis. Furthermore, we evaluate the proposed approach in terms of security, generalization, and limitation aspects to find out its feasibility and practicality. We make our smart contract code publicly available on GitHub.
Highlights
A personal health record (PHR) is the set of a patient’s medical data, collected from multiple medical institutions (MIs), consumer health devices, and patient-gathered medical data (PGHD)
An approach proposed by Battah et al [23] showcases a blockchain-based architecture for multi-party authorization (MPA) and access control for encrypted data that is stored over distributed storage systems, such as InterPlanetary File System (IPFS)
IPFS can help to overcome the storage limitations posed by blockchain systems by enabling them to store the hash of the file on-chain and using it as a pointer to the file [29]
Summary
A personal health record (PHR) is the set of a patient’s medical data, collected from multiple medical institutions (MIs), consumer health devices, and patient-gathered medical data (PGHD). The proposed scheme, based on individual authorizations to entities and public-key cryptography management, help to preserve the privacy of the patient PHR while allowing multiple users to get full access to the data. The solution cannot provide partial access to some of the patient records, in addition to being dependent on cloud services for storing the PHR data. The study conducted in [15] proposed a more advanced attribute-based access control (ABAC) scheme that uses identity-related policies set by the users to securely share the electronic health records (EHR). The paper does not discuss a solution to emergency cases and incapacitated patients, where the patient data must be secured and shared with the smallest number of entities Another cloud-based access control scheme for EHRs was developed in [17].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
