Blockchain for Giving Patients Control over their Medical Records

Personal health records (PHRs) are valuable assets to individuals because they enable them to integrate and manage their medical data. A PHR is an electronic application through which patients can manage their health information. Giving patients control over their medical data offers an advantageous realignment of the doctor-patient dynamic. However, today's PHR management systems fall short of giving reliable, traceable, trustful, and secure patients control over their medical data, which poses serious threats to their authenticity and accuracy. Moreover, most of the current approaches and systems leveraged for managing PHR are centralized that not only make medical data sharing difficult but also poses a risk of single point of failure problem. In this paper, we propose Ethereum blockchain-based smart contracts to give patients control over their data in a manner that is decentralized, immutable, transparent, traceable, trustful, and secure. The proposed system employs decentralized storage of interplanetary file systems (IPFS), proxy re-encryption, and trusted reputation-based oracles to securely fetch, store, and share patients' medical data. We present algorithms along with their full implementation details. We evaluate the proposed smart contracts using two important performance metrics, such as cost and correctness. Furthermore, we provide security analysis and discuss the generalization aspects of our solution. We outline the limitations of the proposed approach. We make the smart contract source code publicly available on Github.