MedShare: A Privacy-Preserving Medical Data Sharing System by Using Blockchain

Electronic Health Record (EHR) and its privacy have attracted widespread attention with the development of the healthcare industry in recent years. As locking medical data in a single healthcare center causes information isolation, healthcare centers are motivated to build medical data sharing systems. However, existing systems highly rely on the trusted centralized servers, which are vulnerable to distributed denial of service (DDoS) attacks and the single point of failure. Moreover, it is a non-trivial matter to authorize multiple users to search and access EHR in a privacy-preserving manner. In this article, we propose MedShare, a decentralized framework for secure EHR sharing. Our design utilizes the smart contract technique of blockchain to establish a trusted platform for healthcare centers to share their encrypted EHR. Considering that fine-grained access control is essential in practical EHR sharing service, we devise a constant-size attribute-based encryption (ABE) scheme, where the access policy is embedded in search result on the blockchain. Besides, we propose an efficient scheme that enables authorized MedShare users to perform multi-keyword boolean search operations over encrypted EHR. We formally analyze the security strengths and implement the system prototype on Ethereum. Evaluation results demonstrate that MedShare is efficient for EHR sharing.

Automated summary

Electronic Health Record (EHR) and its privacy have gained significant attention. Existing systems for EHR sharing are vulnerable to DDoS attacks and single point of failure. In this article, we propose MedShare, a decentralized framework that utilizes blockchain technology to establish a trusted platform for secure EHR sharing. Our system incorporates a constant-size attribute-based encryption scheme for fine-grained access control and supports efficient multi-keyword boolean search operations. Evaluation results on Ethereum demonstrate the efficiency of MedShare.