Blockchain-Enabled EMR Protection: A Smart Contract and IPFS-Based Architecture

Abstract

The exponential growth in digital healthcare infrastructure has resulted in an overwhelming increase in sensitive medical data generation. However, traditional centralized Electronic Medical Records (EMR) systems continue to face critical security and privacy challenges. These include single points of failure, limited interoperability, data tampering, and unauthorized access. This paper introduces a robust and scalable blockchain-based framework for secure EMR management. Leveraging Ethereum blockchain, IPFS decentralized storage, and smart contracts, the framework ensures tamper-proof data logging and fine-grained access control. The system stores encrypted patient health records on IPFS and logs the corresponding content identifier (CID) on the Ethereum blockchain, eliminating the risk of data exposure. The architecture is designed for future compatibility with Mobile Edge Computing (MEC), allowing for faster data processing closer to the point of care. By offering immutable audit trails, decentralized access governance, and high availability, the proposed framework ensures transparency, security, and data ownership for all healthcare stakeholders.

Introduction

The text outlines a blockchain-based system for managing Electronic Medical Records (EMRs) that ensures security, privacy, and decentralized control. Traditional centralized healthcare data systems are prone to breaches, downtime, and lack of transparency, but this new architecture integrates Ethereum blockchain, IPFS (InterPlanetary File System), and smart contracts to overcome these issues.

Core Components & Contributions:

1. Blockchain Integration:

   • Ethereum smart contracts manage access control—granting, revoking, and logging permissions.

   • All transactions (uploads, views, access changes) are immutably logged for transparency and auditability.

2. Decentralized Storage:

   • IPFS is used to store encrypted medical records in a distributed manner, minimizing reliance on a central server.

   • Each file generates a unique Content Identifier (CID), which is stored on the blockchain.

3. Access Control:

   • Patients manage who can access their records using role-based, time-bound, and revocable permissions through smart contracts.

   • Only authorized users can retrieve records, and all access is logged on-chain.

System Architecture:

1. Data Storage Layer – EMRs stored on IPFS with optional encryption.

2. Blockchain Access Layer – Ethereum logs CIDs and metadata (who uploaded, when, etc.).

3. Access Control Layer – Smart contracts enforce viewing rights and allow patient-controlled permissions.

Workflow Overview:

• Users authenticate via MetaMask (a secure Ethereum wallet).

• Patients upload EMRs, which are sent to IPFS and return a CID.

• CID + metadata are recorded in a blockchain transaction.

• Smart contracts enforce permissions, allowing or denying access.

• Doctors can request access, and all interactions are transparently visible on-chain.

Methodology:

• Follows a structured development cycle:

  1. Requirement analysis

  2. System design

  3. Smart contract development (Solidity, Ganache for testing)

  4. IPFS integration

  5. Backend (Flask) and frontend (React.js) development

  6. MetaMask integration

  7. Testing & validation

  8. Result evaluation (latency, correctness, UI functionality)

Tools Used:

• Frontend: React.js, Bootstrap

• Backend: Flask (Python), Web3.py

• Blockchain: Ethereum (Ganache), Solidity, Truffle Suite

• Storage: IPFS

• Wallet: MetaMask

Results & Analysis:

• All transactions were successfully logged on the Ethereum blockchain.

• Access controls worked correctly based on roles and permissions.

• Performance was efficient, with average IPFS latency under 3 seconds.

• The UI was responsive, and MetaMask integration allowed secure interactions.

Conclusion

This analysis presents a decentralized framework for managing electronic medical records using Ethereum blockchain and IPFS. By utilizing smart contracts for role-based access control and IPFS for scalable storage, the system addresses the major challenges of security, transparency, and patient data ownership. The architecture effectively eliminates centralized points of vulnerability and provides immutable logging of all interactions, which enhances accountability and compliance with health data regulations. The modular design also promotes extensibility and ease of integration with existing medical IT infrastructure. By offering real-time visibility, tamper-proof audit trails, and user-controlled access mechanisms, this framework empowers patients while maintaining operational efficiency for healthcare providers. Additionally, its reliance on widely adopted technologies like MetaMask and IPFS ensures user accessibility and cost-effectiveness. In the future, the framework can be expanded to support AI-based anomaly detection for suspicious access patterns, edge computing to handle low-latency medical tasks near the data source, and advanced cryptographic techniques such as zero-knowledge proofs for further privacy assurance. These enhancements will further solidify the system’s position as a next-generation standard for secure and decentralized EMR management.

References

[1] Kuo, T. T., et al. (2017). Blockchain distributed ledger technologies for biomedical and health care applications. Journal of the American Medical Informatics Association. [2] Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. [3] Zheng, Z., et al. (2017). An overview of blockchain technology: Architecture, consensus, and future trends. IEEE BigData Congress. [4] Esposito, C., et al. (2018). Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy?. IEEE Cloud Computing. [5] Omar, A. A., et al. (2019). MedChain: Efficient Healthcare Data Sharing via Blockchain. IEEE Access. [6] Dubovitskaya, A., et al. (2017). Secure and Trustable Electronic Medical Records Sharing using Blockchain. AMIA Proceedings. [7] Azaria, A., et al. (2016). MedRec: Using Blockchain for Medical Data Access and Permission Management. IEEE Open & Big Data. [8] Liang, X., et al. (2017). Integrating blockchain for data security in EHR systems. IEEE SmartHealth. [9] Benet, J. (2014). IPFS - Content Addressed, Versioned, P2P File System. arXiv:1407.3561. [10] Grech, A., et al. (2020). IPFS and Blockchain Integration: Use Cases and Challenges. Journal of Web Engineering. [11] Christidis, K., & Devetsikiotis, M. (2016). Blockchains and smart contracts for the Internet of Things. IEEE Access. [12] Angraal, S., et al. (2017). Blockchain technology: applications in health care. Circulation: Cardiovascular Quality and Outcomes. [13] Roehrs, A., et al. (2017). Personal health records: a systematic literature review. Journal of Medical Internet Research. [14] F. J. Abdullayeva, “Internet of Things-based healthcare system on patient demographic data in health 4.0,” CAAI Trans. Intell. Technol., vol. 7, no. 4, pp. 644–657, 2022. [15] M. Mettler, “Blockchain technology in healthcare: The revolution starts here,” in Proc. 18th Int. Conf. E-Health Netw., Appl. Services (Healthcom), Munich, Germany, 2016, pp. 1–3. [16] J. Chanchaichujit et al., “Blockchain technology in healthcare,” in Healthcare 4.0. Singapore: Palgrave, 2019. [Online]. [17] F. Thalhammer et al., “Blockchain use cases against climate destruction,” Cloud Comput. Data Sci., vol. 3, no. 2, pp. 60–76, 2022.

Copyright

Copyright © 2025 V Manideep. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.