HealthFort: A Cloud-Based eHealth System With Conditional Forward Transparency and Secure Provenance via Blockchain

In this paper, we propose a servers-aided password-based subsequent-key-locked encryption mechanism to ensure the confidentiality of outsourced electronic health records (EHRs). The encryption mechanism achieves conditional forward transparency: a doctor can only access a patient's EHRs related to the current diagnosis with the patient's delegation. It also achieves portability: to delegate a doctor for accessing a specific part of EHRs, the patient only needs to send one key (at most 256 bits) in addition to the delegation information to the doctor; the patient does not need to maintain any secret in a local device. Then, we propose a blockchain-based secure EHR provenance mechanism, where a data structure of EHR provenance record is designed to precisely reflect the EHRs' provenance information; a smart contract on a public blockchain is deployed to secure both EHRs and the corresponding provenance records. Finally, we develop a cloud-based eHealth system, dubbed HealthFort, based on the two mechanisms. Security analysis and comprehensive performance evaluation are conducted to demonstrate that HealthFort is secure and efficient.