Secure and Trustable Electronic Medical Records Sharing using Blockchain

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost

💡 Research Summary

**
The paper addresses the pressing need for secure, efficient, and patient‑centric sharing of electronic medical records (EMRs) in modern healthcare, focusing on oncology patients who often require long‑term, multi‑institutional care. Recognizing the limitations of existing centralized health‑information‑exchange (HIE) solutions—single points of failure, scalability bottlenecks, and inadequate privacy guarantees—the authors propose a blockchain‑based framework that leverages a permissioned ledger (Hyperledger Fabric) together with encrypted cloud storage to manage EMR metadata, access‑control policies, and consent records.

Key design choices are justified in depth. A permissioned blockchain is selected because medical data demand strong identity verification, low latency, and cost‑free transaction execution—features not offered by permissionless systems that rely on pseudonymous accounts and mining‑based consensus. Hyperledger’s modular architecture allows the use of PBFT‑style consensus, providing deterministic finality and throughput suitable for clinical environments (demonstrated at ~45 TPS with sub‑200 ms response times). The system separates the immutable ledger (holding only hashes, pointers, and policy rules) from the actual EMR files, which are stored encrypted (AES‑256) in a cloud object store. This design preserves data integrity while avoiding blockchain bloat.

The framework comprises four layers: (1) client applications for patients, physicians, and researchers; (2) a membership service that issues X.509 certificates and per‑transaction TCerts to ensure unlinkability; (3) chaincode (smart contracts) that encode fine‑grained consent (read/write, time‑bound, role‑based) and enforce it on every access request; and (4) the encrypted data repository. Patients can dynamically grant, modify, or revoke permissions through a mobile UI, and each change is instantly recorded on the ledger, guaranteeing auditability and real‑time propagation across all peer nodes. If a peer goes offline, other peers continue to serve requests, ensuring high availability.

Three illustrative scenarios are presented: (i) primary patient care across multiple hospitals, where the ledger acts as a shared source of truth for the latest treatment data; (ii) data aggregation for research, where consent‑driven, anonymized hash lists enable trustworthy data collection without exposing identifiable information; and (iii) connected health involving insurers and pharmacies, which benefits from transparent prescription and cost data. The authors implement a prototype in the radiation oncology department of Stony Brook University Hospital. In this use‑case, oncologists can instantly retrieve prior radiation doses, lab results, and imaging studies from any participating institution, reducing duplicate testing and accelerating treatment decisions.

Performance evaluation shows that the prototype achieves sub‑second latency for permission checks and data retrieval, and the system scales linearly with the number of peers. Security analysis confirms resistance to tampering (immutability of the ledger), confidentiality (encryption of data at rest and in transit), and unauthorized access (policy enforcement by chaincode). The authors also discuss compliance with regulations such as HIPAA and GDPR, noting that the immutable audit trail and patient‑controlled consent satisfy many legal requirements.

Limitations are acknowledged: the need for dedicated infrastructure and expertise to operate a Hyperledger network, the current reliance on an older Fabric version lacking advanced channel‑level privacy, and the nascent state of the patient UI, which requires extensive usability testing before wide clinical adoption. Future work includes integrating zero‑knowledge proofs for privacy‑preserving consent verification, employing multi‑channel architectures for inter‑organizational data isolation, and extending the model to other chronic‑care domains.

In summary, the paper delivers a concrete, technically sound blueprint for blockchain‑enabled EMR sharing. By combining a permissioned ledger for immutable metadata and policy management with encrypted cloud storage for the actual records, the proposed system achieves the trifecta of security, privacy, and availability. The prototype’s successful deployment in a real oncology setting demonstrates the feasibility of the approach and its potential to streamline clinical workflows, accelerate research data collection, and ultimately improve patient outcomes while maintaining rigorous data protection standards.