Skip to main content
QUICK REVIEW

[Paper Review] BPDS: A Blockchain based Privacy-Preserving Data Sharing for Electronic Medical Records

Jingwei Liu, Xiaolu Li|arXiv (Cornell University)|Nov 8, 2018
Blockchain Technology Applications and Security17 references36 citations
TL;DR

BPDS proposes a blockchain-based system for privacy-preserving electronic medical record (EMR) sharing, where original EMRs are encrypted and stored in the cloud while their indexes are recorded on a tamper-proof consortium blockchain. By integrating CP-ABE access control and content extraction signatures (CES), BPDS enables fine-grained, privacy-preserving data sharing with strong security guarantees through smart contracts and improved delegated proof-of-stake consensus.

ABSTRACT

Electronic medical record (EMR) is a crucial form of healthcare data, currently drawing a lot of attention. Sharing health data is considered to be a critical approach to improve the quality of healthcare service and reduce medical costs. However, EMRs are fragmented across decentralized hospitals, which hinders data sharing and puts patients' privacy at risks. To address these issues, we propose a blockchain based privacy-preserving data sharing for EMRs, called BPDS. In BPDS, the original EMRs are stored securely in the cloud and the indexes are reserved in a tamper-proof consortium blockchain. By this means, the risk of the medical data leakage could be greatly reduced, and at the same time, the indexes in blockchain ensure that the EMRs can not be modified arbitrarily. Secure data sharing can be accomplished automatically according to the predefined access permissions of patients through the smart contracts of blockchain. Besides, the joint-design of the CP-ABE-based access control mechanism and the content extraction signature scheme provides strong privacy preservation in data sharing. Security analysis shows that BPDS is a secure and effective way to realize data sharing for EMRs.

Motivation & Objective

  • Address the fragmentation and privacy risks of decentralized electronic medical records (EMRs) across hospitals.
  • Overcome the limitations of centralized EMR systems, including single points of failure and arbitrary data modification.
  • Enable secure, auditable, and patient-controlled data sharing while preserving patient privacy at the data level.
  • Integrate blockchain with cryptographic techniques to ensure data integrity, access control, and non-repudiation in healthcare data sharing.
  • Design a scalable and efficient system that supports interoperability among healthcare institutions without compromising privacy.

Proposed method

  • Store original EMRs in encrypted form in cloud storage to avoid blockchain's storage limitations and reduce data leakage risks.
  • Record only EMR metadata (indexes) on a consortium blockchain to ensure immutability and auditability of data access and ownership.
  • Implement an improved delegated proof-of-stake (DPoS) consensus mechanism to enhance performance and trust among preselected medical institutions.
  • Use CP-ABE (Ciphertext-Policy Attribute-Based Encryption) to enforce fine-grained access control based on user attributes and predefined policies.
  • Integrate a content extraction signature (CES) scheme that allows patients to selectively disclose non-sensitive portions of EMRs while preserving verifiability and preventing forgery.
  • Leverage smart contracts on the blockchain to automate and enforce access permissions, ensuring only authorized users can retrieve data based on policy rules.

Experimental results

Research questions

  • RQ1How can EMR data be securely shared across decentralized healthcare institutions while preserving patient privacy?
  • RQ2What mechanisms can ensure data integrity and prevent tampering in a distributed EMR system?
  • RQ3How can access control be enforced in a fine-grained, policy-based manner without exposing sensitive data?
  • RQ4Can content extraction signatures effectively protect patient privacy at the data level, independent of access control mechanisms?
  • RQ5How can blockchain-based systems achieve scalability and performance in healthcare data sharing without compromising security?

Key findings

  • BPDS ensures tamper-proof data integrity by storing EMR indexes on a blockchain, where each block is cryptographically linked to the previous one, making modification infeasible without 51% attack.
  • The system achieves strong privacy preservation through anonymized transactions, encrypted cloud storage, and content extraction signatures (CES), which allow selective disclosure of non-sensitive data.
  • The integration of CP-ABE and CES enables fine-grained access control and data-level privacy protection, reducing the risk of unintended data leakage.
  • Smart contracts automate access control based on predefined policies, ensuring that only authorized users can access EMRs, with all access actions recorded on the blockchain for auditability.
  • The improved DPoS consensus mechanism enhances system performance and scalability while maintaining trust among a limited set of reputable medical institutions.
  • The architecture effectively decouples data storage from indexing, solving the scalability and storage cost issues of public blockchains while maintaining security and privacy.

Better researchstarts right now

From paper design to paper writing, dramatically reduce your research time.

No credit card · Free plan available

This review was created by AI and reviewed by human editors.