A smart contract-driven access control scheme with integrity checking for electronic health records

The application of healthcare systems has led to an explosive growth in personal electronic health records (EHRs). These EHRs are generated from different healthcare institutions and stored in cloud data centers, respectively. However, data owners lose the authority to control and track their private and sensitive EHRs. In fact, data owners cannot establish rules for EHRs exchanging and sharing, nor can they verify the integrity of EHRs stored in semi-trusted clouds. Hence, an individual-centric access control framework is required to realize data access control. In this study, we construct a data access control framework, which integrates decentralized smart contracts and role-based access control (RBAC) to provide fine-grained data access control services. The key ideas of this schme includes: (1) a fine-grained access control framework for EHRs is proposed to achieve trusted access control; (2) a personalized policies definition mechanism is adopted to achieve patient-centric data access control; (3) a integrity checking mechanism for the shared EHRs is implemented to ensure the availability of medical records. Finally, we analyze the security properties of this scheme and develop a prototype system to evaluate its performance. Both theoretical analysis and experiment results demonstrate that this scheme can provide fine-grained access control and efficient integrity checking services for EHRs.