Self-Sovereign Identity for Consented and Content-Based Access to Medical Records using Blockchain
Marie Tcholakian, Karolina Gorna, Maryline Laurent, Hella Kaffel Ben Ayed, Montassar Naghmouchi
TL;DR
The paper tackles secure, privacy-preserving access to Electronic Health Records in a decentralized healthcare setting. It proposes a Self-Sovereign Identity framework built on Decentralized Identifiers, with IPFS off-chain storage and a two-layer encryption scheme combining AES and Ciphertext-Policy Attribute-Based Encryption to enforce content-based access control. Patient consent management is integrated, with auditable access through a blockchain and an accountable emergency procedure to balance privacy with clinical needs. By using pairwise DIDs and verifiable credentials, the approach aims to preserve privacy while ensuring interoperability across healthcare networks, offering a scalable, user-centric solution for modern digital health ecosystems.
Abstract
Electronic Health Records (EHRs) and Medical Data are classified as personal data in every privacy law, meaning that any related service that includes processing such data must come with full security, confidentiality, privacy and accountability. Solutions for health data management, as in storing it, sharing and processing it, are emerging quickly and were significantly boosted by the Covid-19 pandemic that created a need to move things online. EHRs makes a crucial part of digital identity data, and the same digital identity trends -- as in self sovereign identity powered by decentralized ledger technologies like Blockchain, are being researched or implemented in contexts managing digital interactions between health facilities, patients and health professionals. In this paper, we propose a blockchain-based solution enabling secure exchange of EHRs between different parties powered by a self-sovereign identity (SSI) wallet and decentralized identifiers. We also make use of a consortium IPFS network for off-chain storage and attribute-based encryption (ABE) to ensure data confidentiality and integrity. Through our solution, we grant users full control over their medical data, and enable them to securely share it in total confidentiality over secure communication channels between user wallets using encryption. We also use DIDs for better user privacy and limit any possible correlations or identification by using pairwise DIDs. Overall, combining this set of technologies guarantees secure exchange of EHRs, secure storage and management along with by-design features inherited from the technological stack.