Security and Privacy of Electronic Health Records: Decentralized and Hierarchical Data Sharing using Smart Contracts

Over the last fifty years, medical treatment has seen remarkable advancement, however, the data management and storage systems of medical records has lagged in comparison. In addition, these systems are often inharmonious across platforms and do not put the privacy desires of patients first. While HIPAA and other laws are put in place to protect patient medical record security and privacy, these antiquated systems inherently hinder patient security and privacy. In this paper, we propose a novel data sharing and management scheme that empowers patients over their records by leveraging the security and privacy benefits of blockchain and smart contracts. In comparison to current methods for healthcare records management, our proposed scheme empower patients over their records and minimizes the dependencies on recordgenerating institutions. It also allows the patients to selectively share their records and disclose certain parts with specific data users based on the privacy preferences desired. In our security and privacy analysis, we show that patients can protect against potential threats to securely and privately share their records. Moreover, in our performance discussions, we show that smart contract design and development is key.