High-Confidence Computing (Mar 2023)
d-EMR: Secure and distributed Electronic Medical Record management
Abstract
As more and more data is produced, finding a secure and efficient data access structure has become a major research issue. The centralized systems used by medical institutions for the management and transfer of Electronic Medical Records (EMRs) can be vulnerable to security and privacy threats, often lack interoperability, and give patients limited or no access to their own EMRs. In this paper, we first propose a privilege-based data access structure and incorporates it into an attribute-based encryption mechanism to handle the management and sharing of big data sets. Our proposed privilege-based data access structure makes managing healthcare records using mobile healthcare devices efficient and feasible for large numbers of users. We then propose a novel distributed multilevel EMR (d-EMR) management scheme, which uses blockchain to address security concerns and enables selective sharing of medical records among staff members that belong to different levels of a hierarchical institution. We deploy smart contracts on Ethereum blockchain and utilize a distributed storage system to alleviate the dependence on the record-generating institutions to manage and share patient records. To preserve privacy of patient records, our smart contract is designed to allow patients to verify attributes prior to granting access rights. We provide extensive security, privacy, and evaluation analyses to show that our proposed scheme is both efficient and practical.
