Healthcare data is among the most sensitive and frequently targeted information in the digital era. Existing centralised Electronic Health Record (EHR) systems are vulnerable to data breaches, unauthorised access, and single-point failures. This paper introduces a blockchain-based privacy-preserving framework for healthcare data management that integrates smart contracts, attribute-based encryption (ABE), and zero-knowledge proofs (ZKP) to ensure tamper-proof, role-gated data access. Our system is deployed on a permissioned Hyperledger Fabric network with a RESTful API gateway and a React-based patient portal. Experimental evaluations show that the proposed system achieves 99.2% access-control policy enforcement, reduces unauthorised access incidents to near zero, and maintains record retrieval latency under 180 ms at the 95th percentile. The framework also supports HIPAA and GDPR compliance through immutable audit trails and consent lifecycle management.
Introduction
The document proposes a blockchain-based Electronic Health Record (EHR) system designed to improve healthcare data security, privacy, and interoperability.
It highlights that traditional centralized EHR systems are vulnerable to breaches, lack transparency, and offer limited patient control. To address this, the authors introduce a permissioned blockchain framework using Hyperledger Fabric combined with advanced cryptographic techniques.
Key components include:
Role-based smart contracts for fine-grained access control and consent management.
Attribute-Based Encryption (ABE) to ensure only authorized users with specific attributes can decrypt patient data.
Zero-Knowledge Proofs (ZKP) for secure clinician authentication without revealing sensitive identity details.
A HIPAA/GDPR-compliant audit system with immutable logs and real-time consent revocation.
The system is built using a layered architecture involving a React frontend, Node.js API layer, Hyperledger Fabric blockchain, IPFS-based storage, and an audit layer. Smart contracts manage access control, consent states (ACTIVE → RESTRICTED → REVOKED), and data integrity via cryptographic hashing.
Experiments show high accuracy (99.2% policy enforcement) and low latency (sub-200 ms for most requests), making the system suitable for real-world clinical use. Compared to existing systems like MedRec and FHIRChain, the proposed model improves privacy, authentication, and regulatory compliance.
Conclusion
We presented a blockchain-based privacy-preserving healthcare framework combining permissioned distributed ledger technology with attribute-based encryption, zero-knowledge proofs, and a human-in-the-loop consent lifecycle. Our experimental results demonstrate 99.2% access-control enforcement, sub-180 ms p95 retrieval latency, and near-real-time consent revocation.
Cryptographic guarantees are not in tension with usability when the system is designed correctly. ABE makes fine-grained access control automatic; ZKPs move credential verification to the client; and the consent portal gives patients genuine, enforceable control over their data rather than a checkbox in a terms-of-service agreement.
References
[1] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, \"MedRec: Using Blockchain for Medical Data Access and Permission Management,\" in Proc. IEEE DSNW, 2016.
[2] D. Zhang, C. Xue, D. Zhu, and Q. Liu, \"FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data,\" Computational and Structural Biotechnology Journal, 2018.
[3] M. S. Ali et al., \"Applications of Blockchains in the Internet of Things: A Comprehensive Survey,\" IEEE Commun. Surveys Tuts., 2019.
[4] J. Bethencourt, A. Sahai, and B. Waters, \"Ciphertext-Policy Attribute-Based Encryption,\" in Proc. IEEE S&P, 2007.
[5] S. Goldwasser, S. Micali, and C. Rackoff, \"The Knowledge Complexity of Interactive Proof Systems,\" SIAM J. Comput., 1989.
[6] E. Ben-Sasson et al., \"Zerocash: Decentralized Anonymous Payments from Bitcoin,\" in Proc. IEEE S&P, 2014.
[7] Hyperledger Fabric Documentation, \"Hyperledger Fabric v2.4,\" The Linux Foundation, 2022.
[8] M. Liang et al., \"A Blockchain-Based Healthcare Data Management Scheme with Attribute-Based Access Control,\" PLOS ONE, 2021.
[9] X. Liang et al., \"Integrating Blockchain for Data Sharing and Collaboration in Mobile Healthcare Applications,\" in Proc. IEEE PIMRC, 2017.
[10] P. Zhang et al., \"Metrics for Assessing Blockchain-Based Healthcare Decentralized Apps,\" in Proc. IEEE ICHI, 2017.
[11] K. N. Griggs et al., \"Healthcare Blockchain System Using Smart Contracts for Secure Automated Remote Patient Monitoring,\" J. Medical Systems, 2018.