Fully Decentralized Multi-Party Consent Management for Secure Sharing of Patient Health Records

Patients are becoming aware of the importance of taking secure control and managing access over their medical data, thereby leading to the rise in the adoption of personal health record (PHR) systems. However, today's PHR systems fall short in providing secure and trustable data sharing and access facilities to patients when they are in emergency situations or temporarily incapacitated. Also, the existing PHR systems are centralized and vulnerable to the single point of failure problem. Integrating PHR systems with blockchain technology can help to overcome such limitations. In this paper, we propose a blockchain-based PHR architecture that employs smart contracts to implement multi-party authorization (MPA) and threshold cryptographic schemes to automate secure and trustable medical data sharing and access in PHR systems. Moreover, we mitigate the limited storage and computation capabilities of blockchain by using InterPlanetary File System (IPFS) storage and reputation-governed trusted oracles into the proposed architecture. MPA and threshold cryptographic schemes allow the patient to split and share a secret key with a set of trusted parties, such as the healthcare regulatory agency, guardians, and hospitals, in such a way that they can collectively decide on sharing medical data on behalf of patients. We present algorithms along with their full smart contract function implementation details. We evaluate the robustness and performance of our solution by performing correctness verification and cost analysis. Furthermore, we evaluate the proposed approach in terms of security, generalization, and limitation aspects to find out its feasibility and practicality. We make our smart contract code publicly available on GitHub.