Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Patient-Centric Blockchain Framework for Secure Electronic Health Record Management: Decoupling Data Storage from Access Control

Tanzim Hossain Romel, Kawshik Kumar Paul, Tanberul Islam Ruhan, Maisha Rahman Mim, Abu Sayed Md. Latiful Hoque

TL;DR

The paper addresses fragmentation and privacy challenges in electronic health records by introducing a patient-centric blockchain framework that decouples large data storage from access control. It proposes a per-patient Ethereum contract architecture with off-chain encrypted storage and on-chain cryptographic approvals, using EIP-712 signatures and a content digest $d = ext{SHA-256}(C \,||\, T \,||\, N \,||\, AD)$ to ensure integrity. Key contributions include a formal architectural design, a Solidity reference implementation, HL7 FHIR integration, and empirical performance analyses on Layer-1 and Layer-2 deployments, along with HIPAA and GDPR compliance discussions. The results indicate practical feasibility for restoring patient control while maintaining confidentiality, integrity, and auditability, though deployment barriers, key management, and privacy-utility trade-offs require ongoing work.

Abstract

We present a patient-centric architecture for electronic health record (EHR) sharing that separates content storage from authorization and audit. Encrypted FHIR resources are stored off-chain; a public blockchain records only cryptographic commitments and patient-signed, time-bounded permissions using EIP-712. Keys are distributed via public-key wrapping, enabling storage providers to remain honest-but-curious without risking confidentiality. We formalize security goals (confidentiality, integrity, cryptographically attributable authorization, and auditability of authorization events) and provide a Solidity reference implementation deployed as single-patient contracts. On-chain costs for permission grants average 78,000 gas (L1), and end-to-end access latency for 1 MB records is 0.7--1.4s (mean values for S3 and IPFS respectively), dominated by storage retrieval. Layer-2 deployment reduces gas usage by 10--13x, though data availability charges dominate actual costs. We discuss metadata privacy, key registry requirements, and regulatory considerations (HIPAA/GDPR), demonstrating a practical route to restoring patient control while preserving security properties required for sensitive clinical data.

A Patient-Centric Blockchain Framework for Secure Electronic Health Record Management: Decoupling Data Storage from Access Control

TL;DR

The paper addresses fragmentation and privacy challenges in electronic health records by introducing a patient-centric blockchain framework that decouples large data storage from access control. It proposes a per-patient Ethereum contract architecture with off-chain encrypted storage and on-chain cryptographic approvals, using EIP-712 signatures and a content digest to ensure integrity. Key contributions include a formal architectural design, a Solidity reference implementation, HL7 FHIR integration, and empirical performance analyses on Layer-1 and Layer-2 deployments, along with HIPAA and GDPR compliance discussions. The results indicate practical feasibility for restoring patient control while maintaining confidentiality, integrity, and auditability, though deployment barriers, key management, and privacy-utility trade-offs require ongoing work.

Abstract

We present a patient-centric architecture for electronic health record (EHR) sharing that separates content storage from authorization and audit. Encrypted FHIR resources are stored off-chain; a public blockchain records only cryptographic commitments and patient-signed, time-bounded permissions using EIP-712. Keys are distributed via public-key wrapping, enabling storage providers to remain honest-but-curious without risking confidentiality. We formalize security goals (confidentiality, integrity, cryptographically attributable authorization, and auditability of authorization events) and provide a Solidity reference implementation deployed as single-patient contracts. On-chain costs for permission grants average 78,000 gas (L1), and end-to-end access latency for 1 MB records is 0.7--1.4s (mean values for S3 and IPFS respectively), dominated by storage retrieval. Layer-2 deployment reduces gas usage by 10--13x, though data availability charges dominate actual costs. We discuss metadata privacy, key registry requirements, and regulatory considerations (HIPAA/GDPR), demonstrating a practical route to restoring patient control while preserving security properties required for sensitive clinical data.

Paper Structure

This paper contains 59 sections, 3 theorems, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. The Centralization Problem
  3. Blockchain as an Architectural Primitive
  4. Deployment Model
  5. Contributions
  6. Background
  7. Threat Model
  8. Cryptographic Building Blocks
  9. Blockchain Infrastructure
  10. Healthcare Standards
  11. System Architecture
  12. Overview
  13. Key Management Architecture
  14. Data Model
  15. AEAD Metadata Considerations
  16. ...and 44 more sections

Key Result

Theorem 1

Assuming AES-GCM provides IND-CCA2 security and ECIES (with specified parameters) provides IND-CCA2 security, no honest-but-curious storage provider $\mathcal{S}$ can distinguish encrypted health records from random strings with non-negligible advantage.

Figures (3)

  • Figure 1: System architecture showing separation between on-chain authorization and off-chain encrypted storage. Digest $d = \text{SHA-256}(C || T || N || AD)$.
  • Figure 2: Permission grant workflow using EIP-712 signed messages with explicit nonce management. Each nonce can be used only once.
  • Figure 3: Record access workflow. Contract gates metadata for UX consistency (data also in events). Digest verification: $d = \text{SHA-256}(C || T || N || AD)$.

Theorems & Definitions (6)

  • Theorem 1: Storage Provider Confidentiality
  • proof : Proof Sketch
  • Theorem 2: Tamper Detection
  • proof : Proof Sketch
  • Theorem 3: Cryptographically Attributable Authorization
  • proof : Proof Sketch