Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records.

Electronic health record transmission and storage involve sensitive information, requiring robust security measures to ensure access is limited to authorized personnel. In the existing state of the art, there is a growing need for efficient access control approaches for the secure accessibility of patient health data by sustainable electronic health records. Locking medical data in a healthcare center forms information isolation; thus, setting up healthcare data exchange platforms is a driving force behind electronic healthcare centers. The healthcare entities access rights like subject, controller, and requester are defined and regulated by access control policies as defined by the General Data Protection Regulation (GDPR). In this work, we have introduced a blend of policy-based access control (PBAC) system backed by blockchain technology, where smart contracts govern the intrinsic part of security and privacy. As a result, any Subject can know at any time who currently has the right to access his data. The PBAC grants access to electronic health records based on predefined policies. Our proposed PBAC approach employs policies in which the subject, controller, and requester can grant access, revoke access, and check logs and actions made in a particular healthcare system. Smart contracts dynamically enforce access control policies and manage access permissions, ensuring that sensitive data is available only to authorized users. Delineating the proposed access control system and comparing it to other systems demonstrates that our approach is more adaptable to various healthcare data protection scenarios where there is a need to share sensitive data simultaneously and a robust need to safeguard the rights of the involved entities.