A Patient-Centric Blockchain Framework for Secure Electronic Health Record Management: Decoupling Data Storage from Access Control

Computer Vision & MultiModal AI
Published: arXiv: 2511.17464v1
Authors

Tanzim Hossain Romel Kawshik Kumar Paul Tanberul Islam Ruhan Maisha Rahman Mim Abu Sayed Md. Latiful Hoque

View on arXiv Download PDF View Graph

Abstract

We present a patient-centric architecture for electronic health record (EHR) sharing that separates content storage from authorization and audit. Encrypted FHIR resources are stored off-chain; a public blockchain records only cryptographic commitments and patient-signed, time-bounded permissions using EIP-712. Keys are distributed via public-key wrapping, enabling storage providers to remain honest-but-curious without risking confidentiality. We formalize security goals (confidentiality, integrity, cryptographically attributable authorization, and auditability of authorization events) and provide a Solidity reference implementation deployed as single-patient contracts. On-chain costs for permission grants average 78,000 gas (L1), and end-to-end access latency for 1 MB records is 0.7--1.4s (mean values for S3 and IPFS respectively), dominated by storage retrieval. Layer-2 deployment reduces gas usage by 10--13x, though data availability charges dominate actual costs. We discuss metadata privacy, key registry requirements, and regulatory considerations (HIPAA/GDPR), demonstrating a practical route to restoring patient control while preserving security properties required for sensitive clinical data.

Paper Summary

Problem
The main problem addressed by this research paper is the issue of electronic health record (EHR) management. Current EHR systems are centralized, making them vulnerable to data breaches and limiting patient control over their medical information. This can lead to duplicated tests, adverse drug interactions, and suboptimal treatment decisions when patients seek care from multiple providers or relocate.
Key Innovation
The key innovation of this paper is a patient-centric blockchain framework that separates content storage from authorization and audit. This framework stores encrypted EHRs off-chain and uses a public blockchain to record only cryptographic commitments and patient-signed, time-bounded permissions. This approach enables secure and efficient EHR sharing while maintaining patient control over their medical data.
Practical Impact
This research has significant practical implications for healthcare data management. By eliminating the need for trusted intermediaries and providing cryptographic access control, this framework can help prevent data breaches and ensure patient agency over their sensitive medical information. Additionally, the framework's use of off-chain storage and blockchain-based authorization can reduce latency and costs associated with EHR sharing.
Analogy / Intuitive Explanation
Think of this framework as a secure, decentralized safe deposit box. Just as you can control who has access to your safe deposit box and when, patients can control who has access to their EHRs and when. The blockchain serves as a public ledger that records the permissions and access history, providing an immutable audit trail and ensuring that patients' medical information is protected.
Paper Information
Categories:
cs.CR cs.SE eess.SY
Published Date:

arXiv ID:

2511.17464v1

Quick Actions
Back to Home