Effective Method for Accessing

Medical Records using Blockchain

Technology
Mohan Dholvan 1 ✯, R.Rajavignesh 2 ,Phani Kumar Solleti 3
1
Department of Electronic and Computer Engineering, Sreenidhi
Institute of Science and Technology, Yamnampet, Hyderabad ,
Telangana, India.
2
Department of Computer Science and Engineering, K.S.K College of
Engineering and Technology, Kumbakonam, Tamil Nadu, India.
3
Department of Information Technology , Sasi Institute of Technology
& Engineering,Tadepalligudem, West Godavari (District), Andhra
Pradesh, India.

Received: 06.03.2023 ❼ Accepted: 18.03.2023 ❼ Published Online: 31.03.2023

Abstract: Research and innovative medical practises are constantly advancing and revolutionising the medical
industry. The success of healthcare reform depends on a number of variables, one of the most important of
which is the safeguarding of patients’ right to privacy about their own medical information. Important patient
information should be transmitted only to those who need to see it, hence using encrypted channels for data
transfer is crucial. As this is the case, the article’s author suggests using a system called distributed block
chains to protect healthcare institutions’ data. The results of this study suggest that a healthcare system based
on blockchain technology could provide patients and healthcare providers with a trustworthy and safe way to
store sensitive data. My stance has been to push for a middle ground that will ensure patient privacy. It has
✯ Correspondence: Professor and Head of the Department, Department of Electronic and Computer En-
gineering, Sreenidhi Institute of Science and Technology, Yamnampet, Hyderabad , Telangana, India.
Email:mohan.aryan19@sreenidhi.edu.in
https://doi.org/10.58599/IJSMIEN.2023.1305
Volume-1, Issue-3, PP:52-60 (2023)

52
This work is licensed under a Creative Commons Attribution 4.0 International License CC BY-NC-ND 4.0.
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

been rigorously examined, and the outcomes confirm that it is resistant to standard attacks. Furthermore, an
Ethereum-based implementation has been used to assess the proposed system’s viability.

Key words: SmartHealthcare, Block chain,DataAccessibility, Smart Contracts, Privacy, Security.

1. INTRODUCTION

Bitcoin and other digital currencies have helped spread awareness about block networks. There is
a lot of interest in this product because of its promising commercial potential and wide range of
potential uses in fields including transportation, supply chain management, and healthcare, among
others. Timeliness and safety are two of the most crucial factors in the administration of medical
and health care, and the provision of medication and care are fundamental to both. Blockchain
technology has enormous unrealized promise in the field of decentralised and distributed healthcare.
The healthcare sector is one that Blockchain technology has the potential to revolutionise by increasing
productivity. Several methods exist for achieving this goal, such as the safekeeping and distribution
of data to different users, the international compatibility of papers, the quickening of payments, and
the shortening of transaction times[1].
Awareness of patients’ needs, status, condition, and behaviour is aided by the IoT, detection abilities,
and 5G. In addition, people, businesses, and governments are growing more reliant on these services
to raise their standard of living. As modern hospital computer systems rely so heavily on centralised
servers, they are especially vulnerable to multiple-entity exploitation. This is due to the fact that
once a patient has been accepted to the facility, many objects within the complex have access to
their medical records. One possible outcome is postponing medical care, and another is that sensitive
information is leaked. Most of the time, in these types of adversarial systems, patients have no idea
who has access to their medical records or what they are doing with that information. Limited access
to patients’ medical records, which are housed by different healthcare organisations, is a major issue
plaguing today’s healthcare systems. Through the use of blockchain technology, patients can reliably
and safely access their medical records. Knowing this, we can keep pushing to make data easier to
access, which is our primary objective[2].
Motivation:Because of their centrality in electronic health records (EHR), information sharing, and
data preservation, computers are indispensable to the practise of modern medicine. But, the method
has some serious flaws, the most glaring of which is its propensity to leak. With the current methods
of data management, patients, for example, may have a hard time knowing who has accessed their
medical records and why. When numerous nodes in a network need access to the same data, a
distributed ledger like the one provided by blockchain technology could be useful. The patient can
verify that only authorised people have access to his or her information by listening in on the system.
The potential benefits and risks of implementing blockchain technology in healthcare systems will be
evaluated in this study.

53
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

2. RELATED WORK
Health information must be treated with strict confidentiality to protect its authenticity. Thus, it is
essential to safely keep, track, and exchange patient data [3][4]. Many alternatives have been proposed
as possible replacements that would meet these standards. For instance, to promote and maintain safe
access to medical data without the need for strong encryption, a number of solutions have already been
published [5][6][7]. The following choices offer different levels of security for various budgets. Existing
healthcare practises victimise the patient in these and many more ways, frequently at the hands of
third parties and often without the patient’s awareness or consent. Numerous academics are excited
by the potential of using blockchain-based healthcare solutions in this context[8].
There isn’t a tonne of literature on blockchain’s potential in the healthcare industry, but what there
is implies the technology might dramatically alter current medical and administrative procedures
with regards lot data security and privacy. This is so even though there isn’t a lot written about
using blockchain for medical purposes. There are many different approaches proposed for utilising
EHR inside the MedRec paradigm, but ultimately it is MedRec that decides which decentralised
application of blockchain technology would be the most beneficial. The authors provide not just an
EHR/EMR proof of concept, but also a possible application of blockchain technology in the medical
field. Several service providers can now exchange non-trusted health data with one another thanks
to the programme described in [9]. Experts in the blockchain space have responded by developing
a number of safeguards to ensure the integrity of patient data stored on the distributed ledger.
By utilising private or proprietary blockchains, which are both faster and more secure than public
blockchains, this endeavour makes significant progress towards increasing the accessibility of healthcare
data. So, the goal of this research was to detail a patient-controlled data-processing approach that
leverages existing infrastructures and services. P2P transaction databases use a public distributed
ledger system to store sensitive data like medical information. The system’s nodes are all authorised
with the same set of credentials. Depending on the intended use of the data, different patients may be
given different levels of access to it[10].
The Ethereum platform’s accessibility to anyone keen on leveraging blockchain technology is a major
plus. One of the benefits of the platform is how easy it is to access. Notwithstanding this change, a
smart contract remains a computer-based protocol that has been agreed upon by all parties and has
an Architecture that protects patient information[11]. The word ”smart contract” can apply to either
a contract that interacts with a blockchain or a contract that governs a user’s healthcare, although
it can be used to describe either[12]. In addition to electronic health records (EHRs), there are a
number of healthcare systems currently under investigation that can permit the interchange of patient
data in a secure manner. Hence, there is currently no published literature that makes reference to the
patient and doctor inclusion technique[13]. Most healthcare scenarios call for an append-and-retrieve
procedure, such as when doctors need to check a patient’s health records and must first get relevant
information from the patients’ medical files. Our recommendation is for use when both the patient
and the accompanying physician are able to perform append and retrieve procedures[14].

54
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

3. PRELIMINARIES
A. Problem Setting
We have put up the following to show how HIPAA compliance could be achieved in a hospital, where
patient medical records would be safer as a result of HIPAA law. As an example of how a hospital might
execute HIPAA compliance, this is provided. Blockchain technology has been implemented to ensure
the integrity and veracity of the data at all times. It is anticipated that the blockchain would not only
keep track of the location of each record, but also the facts of the patient’s medical history. Important
medical information, such as the following, can be retrieved and used by the treating physician and
the patient. The required information can be retrieved by using the address, which remains stored in
the blockchain. There is a plethora of data, including prescriptions from various doctors, lab results,
patient histories, and bills. Medical records are confidential and can only be accessed by the patient
and their treating physician. Hence, protecting the honesty and security of data saved via blockchain
is the major goal of our project.
B. Network Setting
Within this system, there are recognised to be a total of five distinct entities: the patient (P), the
stationary doctor (D), the mobile doctor (D), and the central registration entity (C) (BC). An RC
needs to employ biometrics to confirm the identities of both the patient and the doctor before a doctor
can use a public key. This must happen before a doctor can use a public key.

Figure 1. Organization model of the suggested healthcare scenario

The patient record is updated to include the clinician’s public key (s). This list not only contains
the names of all of the physicians, but it also contains their public keys. Figure 1 demonstrates that
the Blockchain receives newly created material in relation to the permanent data. This content is
delivered to the Blockchain. The next stage is for the patient to actually undergo the treatment that
has been prescribed. When a user accesses patient-specific applications on a mobile device, the device
will produce a private-public key pair, also known as a PK/SK-pair, in order to authenticate the user.
This is done in order to prevent unauthorised access to the patient-specific applications. In the event
that it is necessary, the doctor can use their own key to send an email to the BC containing the most
recent information. After the software has been brought up to date, it will perform a check of the
doctor’s credentials; then, if the patient has given their consent, it will move on to the next stage of the

55
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

procedure, which is the processing of the data; this will take place only if the patient has given their
permission. If everything seems good after the inspection, the upgrade will be finished. A method for
gathering information from patients has also been conceived of and developed by the medical staff.

4. THE SYSTEM MODEL

This is an example of a phase diagram, which may be found illustrated in Figure 1 below. The phases
include registration, [2] the operation leading to appending data, [15] the operation leading to retriev-
ing data, and [16] retrieval operations. [16][17] By going thoroughly into the specifics of each of these
topics, we are able to cover a large amount of ground.
A. Registration Phase
Patients in a hospital are required to check in first before they may receive any kind of treatment
there. To register, patients will require the public key of their treating physician(s), their mobile de-
vice’s identification (idp), and their private key (keyp). Because this is a one-time registration, patients
will also need their mobile device’s identifier (idp). In addition, users are only allowed to register once,
and they are required to supply the one-of-a-kind identifier that is created by their mobile device. For
the benefit of efficiency, we exclusively collaborate with a single medical professional.

Figure 2. Representation for suggested scheme

B .Invitation used for Data Appending

Once the physician has obtained the patient’s authorization to add M-related information to the BC,

56
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

this portion of the process will be finished. Regarding the patient health record, our working theory
is based on the idea that both patients and doctors have their very own medical director. In order
to encrypt patient data, the first step is for the doctor to extract a common key from the patient’s
information. The next thing that needs to happen is that the patient needs to perform a validation
check to determine whether or not the encryption is accurate. If it is, then the patient needs to verify
its signature and encrypt the data. After what seems like an eternity, the patient eventually signs,
and after that, we are able to submit the information to the BC. In point of fact, if you carry out the
steps outlined below in their entirety, you will achieve the outcomes that are detailed below:
To see the time that is now being displayed, use the letter T as your pointer. By applying the formula
H, the physician is able to determine the patient’s R %. (SKD,T). After that, the physician will make
use of the symmetric key k = rk to convert the plaintext Ek of the initial message into the ciphertext
C1, and then the ciphertext will be produced (M, T ). When the patient has received the value C1,
the next value, R, will be delivered to them.
Also, the person is able to compute and decrypt the encrypted key k = skR, which is necessary in
order to release C1. The most recent data from the attending physician, as well as the current date,
are presented next to the observations.

5. SECURITY ANALYSIS
A. Confidentiality
This feature will be considered patient-restricted so long as the data may only be accessed during the
hours that are outlined in the agreement and by a physician that has been predetermined. until at
least the 10th of December 2043, it will be possible to retrieve the information. The entirety of it is
(IDP, PKD, T, R, K, C1, C2). The ECDHP and the ELP were the ones who initially gathered this
information, and the patient and the doctor were the only ones who knew what it contained. So, the
answer to the patient’s question may be represented by the letter H. (SKD, T). Because the doctor
does not have all of the different patients’ particular principles documented, the H(skd, T) will need
to be recycled rather than a random charge r being applied. This is because the doctor does not have
all of the patients’ particular principles documented. The person specified in the contract to be the
one who writes the message is actually the one who writes it. Because the ciphertext contained the
patient’s signature, which was taken from the medical record, it would be difficult to construct a copy
of the doctor’s request at a later time.

B. Integrity
When activated, this feature limits the patient’s access to only the data that has been modified since
they last viewed it. An assurance is obtained when the patient signs the encoded message. This is the
first thing the BC looks at before moving on to the signature. Public verifiability refers to the fact
that the signature may be checked by anybody who knows the patient’s public key. Schnorr signature
is proposed as signing technique [2].

57
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

C. Authentication
It is necessary for a claimant to be genuine in order for an authentication technique to be considered
reliable. This feature has always been ingrained inside a signature that takes considerable inspiration
from the well-known Schnorr signature method. This is something that has never changed. Because
neither side could rationally think the other was acting as a third party, any attempt to commit a
”man in the middle” assault would be fruitless.

6. IMPLEMENTATION
The smart contract is a crucial part of the healthcare system since it is responsible for enforcing the
agreement or putting it into effect. Constructing a smart contract via programming is one option.
Coding creates the mutually accepted codes used by all involved parties, such as patients and doctors.
Healthcare-related data can be encrypted before being sent over a network. If you want to use a
contract that refers to another contract, no matter how knowledgeable that contract may be, you
need permission to use that other contract. This allows the system to be trustworthy, traceable, and
reusable. A developer can build a smart contract by writing code in a specialised language like Solidity
or by employing a tool like Truffleary.
Retrieval of patient information is a major focus of our blockchain for healthcare implementation. We
have faith that the information will be readily available to both the patient and the doctor. In order for
the doctor to make any adjustments to the patient’s medical file, the patient must give their consent.
As stated in the patient registration contract, this is mandatory. A clearance and authorization are
required before the person can see the patient. Except from the doctor and one other person, no
one else will have access to the information the doctor has entered. Next, the user’s information is
encrypted, and once that’s done, the user’s address and the algorithm’s parameters are delivered to
them.

7. PERFORMANCE EVALUATION
The process, when taken as a whole, is quicker than it would be if it were carried out on a public
blockchain. What is meant by the term ”reaction time” is the amount of time needed to respond
to each individual transaction. According to the data, the amount of time needed to manufacture a
new block is approximately thirteen seconds. The time it takes for the transaction to be confirmed
can range anywhere from a few seconds to several minutes, depending on the cost of the gas and the
number of blocks that are generated. A data distribution control is utilised in order to manage the
pull and write times. The owner of the token is the one who decides whether or not to allow entry
to a protected area. In the event that any unidentified third parties attempt to log into the system,
access will be refused to them, and the system will be disabled.

8. CONCLUSION
The healthcare industry has benefited greatly from the advent of safe data storage, as well as secure
data sharing and access among a wide range of parties, and this trend promises the development

58
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

Figure 3. Algorithm for proposed system

Table 1. Comparison of various features of proposed system through the existing organizations
Feature [14] [16] [17] [23] [24] Our System
Access Control Y Y Y Y Y Y
Confidentiality N Y Y N Y Y
Integrity N Y Y N Y Y
Patient/Doctor Authentication N N Y Y Y Y
Scalability Y N Y Y N Y

of entirely new companies within the healthcare sector. Establishing a blockchain infrastructure for
today’s healthcare systems with data privacy and safety as its major focus is of the utmost necessity. In
this accumulation study, we conducted a security analysis, which confirmed that our proposed approach
meets privacy needs along with reliability and verification norms. Similarly, we’re considering how to
implement a technology called a smart contract into the delivery of healthcare.

References

[1] Roman Beck. Beyond bitcoin: The rise of blockchain world. Computer, 51(2):54–58, 2018.
[2] Tomaso Aste, Paolo Tasca, and Tiziana Di Matteo. Blockchain technologies: The foreseeable impact on
society and industry. 2017.
[3] Mamta Puppala, Tiancheng He, Xiaohui Yu, Shenyi Chen, Richard Ogunti, and Stephen TC Wong. Data
security and privacy management in healthcare applications and clinical data warehouse environment.
In 2016 IEEE-EMBS International Conference on Biomedical and Health Informatics (BHI), pages 5–8.
IEEE, 2016.

59
 International Journal of Scientific Methods in Intelligence Engineering Networks (IJSMIEN)

[4] Karim Abouelmehdi, Abderrahim Beni-Hssane, Hayat Khaloufi, and Mostafa Saadi. Big data security
and privacy in healthcare: A review. Procedia Computer Science, 113:73–80, 2017.
[5] Nafiseh Kahani, Khalid Elgazzar, and James R Cordy. Authentication and access control in e-health
systems in the cloud. In 2016 IEEE 2nd international conference on big data security on cloud (Big-
DataSecurity), IEEE international conference on high performance and smart computing (HPSC), and
IEEE international conference on intelligent data and security (IDS), pages 13–23. IEEE, 2016.
[6] Ambrose A Azeta, Da-Omiete A Iboroma, Victor I Azeta, Emmanuel O Igbekele, Deborah O Fatinikun,
and Ebuka Ekpunobi. Implementing a medical record system with biometrics authentication in e-health.
In 2017 IEEE AFRICON, pages 979–983. IEEE, 2017.
[7] Tanesh Kumar, An Braeken, Madhusanka Liyanage, and Mika Ylianttila. Identity privacy preserving
biometric based authentication scheme for naked healthcare environment. In 2017 IEEE international
conference on communications (ICC), pages 1–7. IEEE, 2017.

[8] Buket Yüksel, Alptekin Küpçü, and Öznur Özkasap. Research issues for privacy and security of electronic
health services. Future Generation Computer Systems, 68:1–13, 2017.
[9] QI Xia, Emmanuel Boateng Sifah, Kwame Omono Asamoah, Jianbin Gao, Xiaojiang Du, and Mohsen
Guizani. Medshare: Trust-less medical data sharing among cloud service providers via blockchain. IEEE
access, 5:14757–14767, 2017.
[10] Christian Esposito, Alfredo De Santis, Genny Tortora, Henry Chang, and Kim-Kwang Raymond Choo.
Blockchain: A panacea for healthcare cloud-based data security and privacy? IEEE Cloud Computing, 5
(1):31–37, 2018.
[11] W Liu, SS Zhu, T Mundie, and U Krieger. Advanced block-chain architecture for e-health systems. In
2017 IEEE 19th International Conference on e-Health Networking, Applications and Services (Healthcom),
pages 1–6. IEEE, 2017.
[12] Farhana Jabeen, Zara Hamid, Adnan Akhunzada, Wadood Abdul, and Sanaa Ghouzali. Trust and
reputation management in healthcare systems: taxonomy, requirements and open issues. IEEE Access, 6:
17246–17263, 2018.
[13] Peng Zhang, Michael A Walker, Jules White, Douglas C Schmidt, and Gunther Lenz. Metrics for assessing
blockchain-based healthcare decentralized apps. In 2017 IEEE 19th international conference on e-health
networking, applications and services (Healthcom), pages 1–4. IEEE, 2017.
[14] Asaph Azaria, Ariel Ekblaw, Thiago Vieira, and Andrew Lippman. Medrec: Using blockchain for medical
data access and permission management. In 2016 2nd international conference on open and big data
(OBD), pages 25–30. IEEE, 2016.
[15] Yining Hu, Ahsan Manzoor, Parinya Ekparinya, Madhusanka Liyanage, Kanchana Thilakarathna, Guil-
laume Jourjon, and Aruna Seneviratne. A delay-tolerant payment scheme based on the ethereum
blockchain. IEEE Access, 7:33159–33172, 2019.
[16] Matthias Mettler. Blockchain technology in healthcare: The revolution starts here. In 2016 IEEE 18th
international conference on e-health networking, applications and services (Healthcom), pages 1–3. IEEE,
2016.
[17] Stephanie B Baker, Wei Xiang, and Ian Atkinson. Internet of things for smart healthcare: Technologies,
challenges, and opportunities. Ieee Access, 5:26521–26544, 2017.

60