Personal health records (PHRs) are valuable assets to individuals because they enable them to integrate and manage their medical data. A PHR is an electronic application through which patients can manage their health information. Giving patients control over their medical data offers an advantageous realignment of the doctor-patient dynamic. However, today’s PHR management systems fall short of giving reliable, traceable, trustful, and secure patients control over their medical data, which poses serious threats to their authenticity and accuracy. Moreover, most of the current approaches and systems leveraged for managing PHR are centralized that not only make medical data sharing difficult but also poses a risk of single point of failure problem. In this paper, we propose Ethereum blockchain-based smart contracts to give patients control over their data in a manner that is decentralized, immutable, transparent, traceable, trustful, and secure. The proposed system employs decentralized storage of interplanetary file systems (IPFS), proxy re-encryption, and trusted reputation-based oracles to securely fetch, store, and share patients’ medical data. We present algorithms along with their full implementation details. We evaluate the proposed smart contracts using two important performance metrics, such as cost and correctness. Furthermore, we provide security analysis and discuss the generalization aspects of our solution. We outline the limitations of the proposed approach. We make the smart contract source code publicly available on Github.

Multi-party authorization (MPA) typically involves multiple parties to control and grant access to shared data. MPA is used to solve the insider’s attack problem by ensuring that a single authority or party is not acting alone. Currently, almost all existing implementations of MPA are centralized and fall short in providing logs and events related to provenance of granting permissions in a trusted, secure, immutable, auditable, and decentralized manner. Moreover, for sharing data, proxy re-encryption algorithms are often used to give secure access to encrypted shared data. These schemes and algorithms are also centralized and cannot be trusted. In this paper, we propose a fully decentralized blockchain-based solution in which MPA is implemented using Ethereum smart contracts, and proxy re-encryption algorithms (which are computationally expensive) are implemented using multiple oracles to give access to encrypted shared data stored on a public and decentralized storage platform, such as the Interplanetary File Systems (IPFS). The smart contracts help to validate results based on the majority of encrypted results determined by the oracles. For this, we incorporate reputation mechanisms in the proposed smart contracts to rate the oracles based on their malicious and non-malicious behaviors. We present algorithms along with their full implementation, testing, and validation details. We evaluate the proposed system in terms of security, cost, and generalization to show its reliability and practicality. We make the smart contract source code publicly available on Github.