# Access Control Development Within the Framework of an IOTA-Based Electronic Medical Record Management System

**Authors:** Hari Purnama, I Putu Bakta Hari Sudewa, Tazkia Nizami, Bagas Sambega Rosyada, Pradipta Rafa Mahesa, Nur Ahmadi

PMC · DOI: 10.3390/s26051422 · Sensors (Basel, Switzerland) · 2026-02-24

## TL;DR

This paper introduces DecMed, a decentralized electronic medical record system using IOTA technology to improve data security and patient control over medical information.

## Contribution

The novel contribution is a decentralized EMR framework using IOTA DLT with CapBAC, PRE, and IPFS for secure and patient-centric access control.

## Key findings

- DecMed enforces fine-grained access rules through unit testing of unauthorized access scenarios.
- The system preserves data confidentiality and integrity while complying with national healthcare requirements.
- Patients can actively manage access to their medical data using smart contracts on the IOTA ledger.

## Abstract

Electronic Medical Records (EMRs) are mandatory in Indonesia following the Ministry of Health regulation, which raises significant challenges in data security and patient-centric access control. Current implementations rely on centralized healthcare systems or third-party vendors, creating risks of unauthorized access, data leakage, and uncertain data integrity. To address these issues, this study proposes DecMed, a decentralized EMR management framework built on IOTA Distributed Ledger Technology (DLT). DecMed integrates Capability-Based Access Control (CapBAC), Proxy Re-Encryption (PRE), and the InterPlanetary File System (IPFS) to enforce patient ownership of medical data. Patients actively grant or revoke access, define access duration, and selectively share data with healthcare personnel. The system is implemented using smart contracts in the Move programming language on the IOTA ledger, while encrypted clinical data is stored on IPFS. Evaluation through unit testing of various unauthorized access scenarios demonstrates that DecMed effectively enforces fine-grained access rules, preserves data confidentiality and integrity, and ensures compliance with national healthcare requirements.

## Full-text entities

- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12987169/full.md

## Figures

17 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12987169/full.md

## References

39 references — full list in the complete paper: https://tomesphere.com/paper/PMC12987169/full.md

---
Source: https://tomesphere.com/paper/PMC12987169