Personal health records (PHRs) are valuable assets to individuals
because they enable them to integrate and manage their medical data. A
PHR is an electronic application through which patients can manage their
health information. Giving patients control over their medical data
offers an advantageous realignment of the doctor-patient dynamic.
However, today’s PHR management systems fall short of giving reliable,
traceable, trustful, and secure patients control over their medical
data, which poses serious threats to their authenticity and accuracy.
Moreover, most of the current approaches and systems leveraged for
managing PHR are centralized that not only make medical data sharing
difficult but also poses a risk of single point of failure problem. In
this paper, we propose Ethereum blockchain-based smart contracts to give
patients control over their data in a manner that is decentralized,
immutable, transparent, traceable, trustful, and secure. The proposed
system employs decentralized storage of interplanetary file systems
(IPFS), proxy re-encryption, and trusted reputation-based oracles to
securely fetch, store, and share patients’ medical data. We present
algorithms along with their full implementation details. We evaluate the
proposed smart contracts using two important performance metrics, such
as cost and correctness. Furthermore, we provide security analysis and
discuss the generalization aspects of our solution. We outline the
limitations of the proposed approach. We make the smart contract source
code publicly available on Github.