Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records
Electronic health record transmission and storage involve sensitive information, requiring robust security measures to ensure access is limited to authorized personnel. In the existing state of the art, there is a growing need for efficient access control approaches for the secure accessibility of p...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
PeerJ Inc.
2025-01-01
|
| Series: | PeerJ Computer Science |
| Subjects: | |
| Online Access: | https://peerj.com/articles/cs-2647.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832586430838210560 |
|---|---|
| author | Nadeem Yaqub Jianbiao Zhang Muhammad Irfan Khalid Weiru Wang Markus Helfert Mansoor Ahmed Jungsuk Kim |
| author_facet | Nadeem Yaqub Jianbiao Zhang Muhammad Irfan Khalid Weiru Wang Markus Helfert Mansoor Ahmed Jungsuk Kim |
| author_sort | Nadeem Yaqub |
| collection | DOAJ |
| description | Electronic health record transmission and storage involve sensitive information, requiring robust security measures to ensure access is limited to authorized personnel. In the existing state of the art, there is a growing need for efficient access control approaches for the secure accessibility of patient health data by sustainable electronic health records. Locking medical data in a healthcare center forms information isolation; thus, setting up healthcare data exchange platforms is a driving force behind electronic healthcare centers. The healthcare entities access rights like subject, controller, and requester are defined and regulated by access control policies as defined by the General Data Protection Regulation (GDPR). In this work, we have introduced a blend of policy-based access control (PBAC) system backed by blockchain technology, where smart contracts govern the intrinsic part of security and privacy. As a result, any Subject can know at any time who currently has the right to access his data. The PBAC grants access to electronic health records based on predefined policies. Our proposed PBAC approach employs policies in which the subject, controller, and requester can grant access, revoke access, and check logs and actions made in a particular healthcare system. Smart contracts dynamically enforce access control policies and manage access permissions, ensuring that sensitive data is available only to authorized users. Delineating the proposed access control system and comparing it to other systems demonstrates that our approach is more adaptable to various healthcare data protection scenarios where there is a need to share sensitive data simultaneously and a robust need to safeguard the rights of the involved entities. |
| format | Article |
| id | doaj-art-9f6fe2c7e263436c8c2675d21ecced83 |
| institution | Kabale University |
| issn | 2376-5992 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | PeerJ Inc. |
| record_format | Article |
| series | PeerJ Computer Science |
| spelling | doaj-art-9f6fe2c7e263436c8c2675d21ecced832025-01-25T15:05:10ZengPeerJ Inc.PeerJ Computer Science2376-59922025-01-0111e264710.7717/peerj-cs.2647Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health recordsNadeem Yaqub0Jianbiao Zhang1Muhammad Irfan Khalid2Weiru Wang3Markus Helfert4Mansoor Ahmed5Jungsuk Kim6Department of Computer Science and Technology, Beijing University of Technology, Beijing, ChinaDepartment of Computer Science and Technology, Beijing University of Technology, Beijing, ChinaDepartment of Information Technology, University of Sialkot, Sialkot, Punjab, PakistanDepartment of Computer Science and Technology, Beijing University of Technology, Beijing, ChinaADAPT Centre, Innovative Value Institute, Maynooth University, Maynooth, IrelandADAPT Centre, Innovative Value Institute, Maynooth University, Maynooth, IrelandDepartment of Biomedical Engineering, Gachon University, Seongnam-si, Gyeonggi-do, Republic of South KoreaElectronic health record transmission and storage involve sensitive information, requiring robust security measures to ensure access is limited to authorized personnel. In the existing state of the art, there is a growing need for efficient access control approaches for the secure accessibility of patient health data by sustainable electronic health records. Locking medical data in a healthcare center forms information isolation; thus, setting up healthcare data exchange platforms is a driving force behind electronic healthcare centers. The healthcare entities access rights like subject, controller, and requester are defined and regulated by access control policies as defined by the General Data Protection Regulation (GDPR). In this work, we have introduced a blend of policy-based access control (PBAC) system backed by blockchain technology, where smart contracts govern the intrinsic part of security and privacy. As a result, any Subject can know at any time who currently has the right to access his data. The PBAC grants access to electronic health records based on predefined policies. Our proposed PBAC approach employs policies in which the subject, controller, and requester can grant access, revoke access, and check logs and actions made in a particular healthcare system. Smart contracts dynamically enforce access control policies and manage access permissions, ensuring that sensitive data is available only to authorized users. Delineating the proposed access control system and comparing it to other systems demonstrates that our approach is more adaptable to various healthcare data protection scenarios where there is a need to share sensitive data simultaneously and a robust need to safeguard the rights of the involved entities.https://peerj.com/articles/cs-2647.pdfAccess controlHealthcare data sharingPolicy based access controlConsent managementSecurity and privacySmart contract |
| spellingShingle | Nadeem Yaqub Jianbiao Zhang Muhammad Irfan Khalid Weiru Wang Markus Helfert Mansoor Ahmed Jungsuk Kim Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records PeerJ Computer Science Access control Healthcare data sharing Policy based access control Consent management Security and privacy Smart contract |
| title | Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records |
| title_full | Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records |
| title_fullStr | Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records |
| title_full_unstemmed | Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records |
| title_short | Blockchain enabled policy-based access control mechanism to restrict unauthorized access to electronic health records |
| title_sort | blockchain enabled policy based access control mechanism to restrict unauthorized access to electronic health records |
| topic | Access control Healthcare data sharing Policy based access control Consent management Security and privacy Smart contract |
| url | https://peerj.com/articles/cs-2647.pdf |
| work_keys_str_mv | AT nadeemyaqub blockchainenabledpolicybasedaccesscontrolmechanismtorestrictunauthorizedaccesstoelectronichealthrecords AT jianbiaozhang blockchainenabledpolicybasedaccesscontrolmechanismtorestrictunauthorizedaccesstoelectronichealthrecords AT muhammadirfankhalid blockchainenabledpolicybasedaccesscontrolmechanismtorestrictunauthorizedaccesstoelectronichealthrecords AT weiruwang blockchainenabledpolicybasedaccesscontrolmechanismtorestrictunauthorizedaccesstoelectronichealthrecords AT markushelfert blockchainenabledpolicybasedaccesscontrolmechanismtorestrictunauthorizedaccesstoelectronichealthrecords AT mansoorahmed blockchainenabledpolicybasedaccesscontrolmechanismtorestrictunauthorizedaccesstoelectronichealthrecords AT jungsukkim blockchainenabledpolicybasedaccesscontrolmechanismtorestrictunauthorizedaccesstoelectronichealthrecords |