Cloud-assisted secure eHealth systems for tamper-proofing EHR via blockchain

The wide deployment of cloud-assisted electronic health (eHealth) systems has already shown great benefits in managing electronic health records (EHRs) for both medical institutions and patients. However, it also causes critical security concerns. Since once a medical institution generates and outsources the patients' EHRs to cloud servers, patients would not physically own their EHRs but the medical institution can access the EHRs as needed for diagnosing, it makes the EHRs integrity protection a formidable task, especially in the case that a medical malpractice occurs, where the medical institution may collude with the cloud server to tamper with the outsourced EHRs to hide the medical malpractice. Traditional cryptographic primitives for the purpose of data integrity protection cannot be directly adopted because they cannot ensure the security in the case of collusion between the cloud server and medical institution. In this paper, a secure cloud-assisted eHealth system is proposed to protect outsourced EHRs from illegal modification by using the blockchain technology (blockchain-based currencies, e.g., Ethereum). The key idea is that the EHRs only can be outsourced by authenticated participants and each operation on outsourcing EHRs is integrated into the public blockchain as a transaction. Since the blockchain-based currencies provide a tamper-proofing way to conduct transactions without a central authority, the EHRs cannot be modified after the corresponding transaction is recorded into the blockchain. Therefore, given outsourced EHRs, any participant can check their integrity by checking the corresponding transaction. Security analysis and performance evaluation demonstrate that the proposed system can provide a strong security guarantee with a high efficiency. (C) 2019 Elsevier Inc. All rights reserved.