Blockchain-based medical health record access control scheme with efficient protection mechanism and patient control.

The patient's medical health record (PMHR) has always provided a large amount of research data to medical institutions and pharmaceutical companies, etc., and has contributed to the development in medical research. However, such PMHR data contains the patient's personal privacy and should be shared under the control of the patients, not the hospital where this data is acquired. In order to protect the privacy of PMHR data while realizing efficient data sharing, this paper proposes a blockchain-based sharing and protection scheme. In this solution, the PMHR data are encrypted and stored in a cloud server, which is equipped with an access control scheme implemented as a smart contract on a blockchain. Different from previous works, in order to ensure efficient access and reduce the workload of patients, the types of users who can apply for access are limited to hospitals and pharmaceutical companies. In order to resist the potential Man-in-the-middle (MITM) attack, we have introduced an improved proxy re-encryption scheme to ensure the secrecy of PMHR data while reducing the computational complexity. The whole system is implemented using Solidity and tested on 10 nodes for function verification. Experimental result shows that the proposed system is more efficient than previous systems. Security under the MITM attack is also ensured by security analysis.