Electronic Health Records (EHRs) store sensitive patient information, necessitating stringent access control and sharing mechanisms to uphold data security and comply with privacy regulations such as the General Data Protection Regulation (GDPR). In this paper, we propose a comprehensive architecture with a suite of efficient protocols that leverage the synergistic capabilities of the Blockchain and Interplanetary File System (IPFS) technologies to enable secure access control and sharing of EHRs. Our approach is based on a private blockchain, wherein smart contracts are deployed to enforce control exclusively by patients. By granting patients exclusive control over their EHRs, our solution ensures compliance with personal data protection laws and empowers individuals to manage their health information autonomously. Notably, our proposed architecture seamlessly integrates with existing health provider information systems, facilitating interoperability and effectively addressing security and data heterogeneity challenges. To demonstrate the effectiveness of our approach, we developed a prototype based on a private implementation of the Hyperledger platform, enabling the simulation of diverse scenarios involving access control and health data sharing among healthcare practitioners. Our experimental results demonstrate the scalability of our solution, thereby substantiating its efficacy and robustness in real-world healthcare settings.

翻译：电子健康记录（EHR）存储着敏感的患者信息，需要严格的访问控制与共享机制来保障数据安全，并遵守《通用数据保护条例》（GDPR）等隐私法规。本文提出了一种综合性架构，包含一系列高效协议，该架构利用区块链与星际文件系统（IPFS）技术的协同能力，以实现安全的EHR访问控制与共享。我们的方法基于私有区块链，其中部署智能合约，确保访问控制权完全由患者行使。通过赋予患者对其EHR的专属控制权，我们的解决方案确保了符合个人数据保护法律，并使个人能够自主管理其健康信息。值得注意的是，所提出的架构能够与现有医疗服务提供者的信息系统无缝集成，促进了互操作性，并有效应对了安全性与数据异构性挑战。为了验证我们方法的有效性，我们基于Hyperledger平台的私有实现开发了一个原型系统，能够模拟医疗从业者之间涉及访问控制与健康数据共享的多种场景。我们的实验结果证明了该解决方案的可扩展性，从而证实了其在真实医疗环境中的有效性与鲁棒性。