A Secure and Interoperable Architecture for Electronic Health Record Access Control and Sharing

TL;DR

This paper presents a blockchain-based architecture utilizing IPFS for secure, interoperable, and patient-controlled access and sharing of electronic health records, ensuring privacy compliance and system scalability.

Contribution

It introduces a novel architecture combining blockchain and IPFS to enhance EHR security, interoperability, and patient autonomy, with a prototype demonstrating practical scalability.

Findings

Prototype implementation on Hyperledger shows effective access control.

System scalable to real-world healthcare scenarios.

Ensures compliance with GDPR and data privacy laws.

Abstract

Electronic Health Records (EHRs) store sensitive patient information, necessitating stringent access control and sharing mechanisms to uphold data security and comply with privacy regulations such as the General Data Protection Regulation (GDPR). In this paper, we propose a comprehensive architecture with a suite of efficient protocols that leverage the synergistic capabilities of the Blockchain and Interplanetary File System (IPFS) technologies to enable secure access control and sharing of EHRs. Our approach is based on a private blockchain, wherein smart contracts are deployed to enforce control exclusively by patients. By granting patients exclusive control over their EHRs, our solution ensures compliance with personal data protection laws and empowers individuals to manage their health information autonomously. Notably, our proposed architecture seamlessly integrates with existing health provider information systems, facilitating interoperability and effectively addressing security and data heterogeneity challenges. To demonstrate the effectiveness of our approach, we developed a prototype based on a private implementation of the Hyperledger platform, enabling the simulation of diverse scenarios involving access control and health data sharing among healthcare practitioners. Our experimental results demonstrate the scalability of our solution, thereby substantiating its efficacy and robustness in real-world healthcare settings.