Ehr management evolution through purpose-based access control and blockchain smart contracts

The management of Electronic Health Records (EHR) presents challenges in terms of access control and data management. Traditional access control methods often lack the granularity required to effectively manage sensitive EHR data as lack of the context or purpose behind each request. Moreover, EHR data is usually located in centralized cloud servers, which poses a significant risk of a single point of failure. Purpose-Based Access Control (PBAC) with blockchain allows for more fine-grained control over access to EHR by taking into account the purpose of the access request which allows for a more tailored approach to the access control of EHR data. This study presents PBAC with blockchain as a solution to address the shortcomings of EHR management. We formulated access policies in between Medical Data Owner (MDO) and Medical Data Requester (MDR) within the framework of PBAC and implemented it through smart contracts to streamline the processes of EHR user registration and verification, EHR access requests, and access revocation. These smart contracts enforce access control policies, grant and facilitate payment transfers effectively in case of necessary tradeoffs or revocation. EHR data is stored on IPFS, and only corresponding hashes are recorded on the blockchain for better EHR management and scalability. The performance evaluation shows better efficiency of the proposed framework.