Protecting the integrity and confidentiality of healthcare data with blockchain-enabled secure and scalable access control systems

Abstract

Objective

This research work is designed to solve the problem of patient-centric control, security, and transparency of the healthcare data management. The suggested framework will not only improve patient privacy but also guarantee the data sharing process is in accordance with the regulatory standards.

Methods

The access controls are implemented in the form of programmable smart contracts. Real-life healthcare datasets are evaluated empirically, under varying load conditions, in order to evaluate the system performance characteristics.

Results

Based on the encryption benchmark findings, AES-128 exhibited the least overhead (encryption: 1.3 ms, decryption: 1.1 ms, key generation: 2.1 ms), followed by AES-256 (1.9 ms/1.6 ms/2.9 ms), with RSA-1024 trailing behind as the highest overhead at 2.6 ms, 2.3 ms, and 4.1 ms respectively. Additionally, private and consortium blockchains surpassed public ones in terms of throughput (1,000 TPS and 800 TPS) and latency. In terms of integrity validation, the findings indicated that the Merkle Tree approach was the most efficient (hashing: 0.4 ms, verification: 0.9 ms, energy: 8 mJ).

Conclusion

The results show that the combination of cryptographic protection, scalable storage, and blockchain-based access control is a viable and secure solution to healthcare data management.

Keywords

smart contracts scalable data management healthcare data security HIPAA privacy-preserving computation GDPR compliance

1. Introduction

The digitization of healthcare systems has advanced at a rapid pace, which has led to an increase in the quantity of sensitive patient data that is being kept and communicated on a variety of electronic health record (EHR) systems, cloud platforms, and telemedicine services. Improving access to treatment, improving economy, and assuring interoperability in health care all come at a cost, and that cost is the major security and privacy challenges that come along with digital transformation implementation. Common cyberattacks,^1,2 illegal access, and data breaches frequently pose a threat to the integrity and confidentiality of healthcare data. This can result in compromised patient privacy, financial losses,^3,4 and failure to comply with regulatory requirements. Centralized access control systems are typically incapable of appropriately addressing these challenges due to the fact that they are prone to single points of failure, do not give transparency, and do not offer a great deal of scalability. Blockchain technology may improve healthcare data management system security, integrity, and transparency.^5–7 This addresses the blockchain technology issue. Blockchain can improve access control due to its decentralization and immutability.^8–10 Build another access layer. Blockchain-based systems^11,12 use cryptographic primitives like public-key encryption, smart contracts, and zero-knowledge proofs to implement secure and verifiable access controls, overcoming traditional access control model restrictions. These properties make blockchain suitable for healthcare security challenges and allow stakeholders to transfer data securely and without tampering.

This paper introduces a blockchain-enabled, safe, and scalable access control system. This technology safeguards critical healthcare data. It uses several safeguards to manage continuing hazards. It provides dynamic and fine-grained access control by combining RBAC and ABAC models with smart contract-based enforcement techniques. To improve scalability and regulatory compliance, off-chain storage solutions store huge health care records. We can process improved data clones with homomorphic encryption and zero-knowledge proofs. It eliminates risks and facilitates encrypted computing data sharing. The healthcare data protection system fulfills US and EU HIPAA and GDPR laws. Create audit trails that cannot be modified, track access, and perform forensic analysis and accountability to support data governance compliance.

The suggested model is tested against earlier models in real-world healthcare datasets. Transaction throughput, latency, access control enforcement time, and scalability were assessed across various workloads during the investigation. Blockchain-based access control improves security, eliminates unwanted access, and maintains interoperability between healthcare providers and industry partners. This paper proposes digital healthcare data protection using blockchain-based access control, advanced cryptography, and scalable data management. The findings strengthen, interoperable, and privacy-protecting healthcare information systems, enhancing patient, provider, and regulatory agency confidence.

The healthcare systems are becoming more dependent on the methodical gathering and analytical processing of delicate information, which include a wide spectrum of information, which comprise Electronic Health Records (EHRs), diagnostic imaging, prescriptions, and insurance data. These factors are just a subset of the large amount of medical data collected on a regular basis, such as histories and other patient records. With the introduction of cloud computing and the adoption of telemedicine, accessibility and efficiency in the provision of healthcare services have significantly increased, and professionals have the opportunity to deliver quality and timely care. However, with these developments, a new generation of challenges has arisen especially in regard to the safety and privacy of personal data.

The healthcare industry has become one of the best targets of cyberattacks, and the insider threat, the lack of access control measures, and the opportunities which the centralized data storage presents are the main weaknesses of the industry. There has therefore been an alarming increase in data breach incidence (Table 1).

Table 1.

The architectural design comparison.

Architectural feature	Proposed model	BBAS	Patient centric	Guo et al.	BPDS	Others
Single Unified Architecture	Yes	No	No	No	No	Mostly fragmented
Dynamic Policy Enforcement	Smart contract-based	Yes	Time-bounded	Yes	Yes	Varied
Edge Computing Integration	(Compatible)	No	No	Hybrid edge-blockchain	No	Limited
Layer-2 Scaling	(Future enhancement)	No	Yes	No	No	Rare
Cross-Provider Interoperability	Designed for	No	FHIR-based	No	No	Limited
Modular Design	Yes	Not specified	Yes	Not specified	Not specified	Varied
Emergency Access Protocols	Configurable	Not specified	Not specified	Not specified	Not specified	Limited (DSMAC)
Smart Contract Orchestration	Comprehensive	Yes	Yes	Yes	Yes	Varied

The practical need to have effective data protection systems is occasioned by the prevalence of data breaches in the health care industry. Compliance with strict legislative provisions, especially the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) has the highest priority. Such rules require medical organizations to maintain patient confidentiality, maintain integrity of data, and limit access to data only by the authorized staff.

Although such regulatory mechanisms offer protection to the sector, the sector is faced with serious barriers that deter the management of sensitive information. Lack of interoperability between the different healthcare providers often leads to the failure to keep an integrated patient record, and the security of confidential data is often a threat. Furthermore, the extensive deficiency of personal control over health information makes these issues even more difficult, as it makes patients vulnerable and not involved in managing their medical histories.

The other barriers include the impracticability of performing comprehensive audits of data access, thus hindering the identification of the illegal activities, and the challenges related to scaling centralised data structures. These issues are interrelated, creating a nexus in which healthcare organisations have to operate. As a result, the list of the barriers and challenges that have plagued the sector in the past highlights the importance of having a stable, open, and scalable framework that is clearly guided towards data management in the healthcare sector. This framework should not merely comply with the legal requirements, but it should also focus on privacy and the precision and ease of patient information.

The context of the introduction of the given work offers a backdrop of the analysis of the hidden issues and their corresponding solutions to the complex problems of healthcare data management today. It also highlights the urgent need to eventually ensure sensitive information in a healthcare context is secured in an environment that is becoming more and more digitized.

Collectively, the incorporation of permissioned blockchain, hybrid Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) through the enforcement of smart-contracts, off-chain encrypted data storage and advanced cryptography creates an efficient, transparent, and inter-intersectional paradigm. The paradigm helps to reduce cyber threats, address access-control gaps, interoperability gaps, audit deficiencies, and conform to HIPAA/GDPR requirements and ensure patient-centred data governance.

1.1. Layered architecture of blockchain

A 7-layer architecture supports the design of Blockchain, where each layer plays a distinct function that helps in making Blockchain secure, decentralized and programmable.^13,14

1.1.1. Hardware/infrastructure layer

The Blockchain infrastructure includes all the hardware required in a system, like computing nodes, data storage and the network that allows for replication of the Blockchain distributed across all nodes that allow for participation by any node from any location in the world.¹³

1.1.2. Data layer

Immediately on top of infrastructure layer, Data layer includes the arrangement of all Blockchain transactions into cryptographically linked blocks. This append-only and immutable nature comes from the use of Merkle tree, hash pointers, digital signatures and cryptography.¹⁴

1.1.3. Network layer

Network layer deals with peer-to-peer (P2P) communication using a Blockchain protocol, including nodes discovery and the dissemination of P2P blocks and transactions (for e.g. gossiping a protocol) to all the nodes in the Blockchain network to ensure timely and proper delivery.¹³

1.1.4. Consensus layer

Consensus layer deals with the distributed consensus on Blockchain through distributed agreement consensus protocols like proof of work (PoW), proof of stake (PoS), and practical Byzantine Fault Tolerance (PBFT) which provides consensus on the canonical chain and on what a finalized block is.^13,14

1.1.5. Incentive layer

Consensus layer is further supported by an Incentive layer that includes a reward system, trading fees of transactions or staking/slashing logic to encourage nodes to participate in rational behavior that increases the security of Blockchain.¹³

1.1.6. Contract layer

Contracts are self-executed programmatic contracts which are deployed in the Blockchain in a programmable environment of a virtual sandboxed virtual machine in the Contract Layer, which allows automated contract executions of complicated business policies without intermediaries, for e.g., blockchain-based implementation of Healthcare data access control policy.¹⁴

1.1.7. Application layer

The Blockchain application layer is built on the Blockchain system and includes DApps and Application Programming Interface (API), Blockchain off-chain middleware that can be deployed to use blockchain for the given healthcare use cases, e.g. Healthcare information exchange (HIE) platform or Electronic Health Record (EHR) system.^13,14

1.2. Healthcare data security, data lifecycle, and blockchain fundamentals

In a traditional healthcare setting, data remains vulnerable to breaches, unapproved access, and other data-related problems due to centralization and the presence of single points of failure, putting the privacy of sensitive data, such as EHRs, EMRs, genomics and radiological data, and the integrity of the data at risk.^15,16 During the collection, storage, processing, sharing, archiving, and destruction of EHRs, EMRs, genomics, radiological data and other data elements of PHI, strict data compliance and protection protocols, as defined by HIPAA, GDPR and other local legislations, are necessary to encrypt the data, control access, log audit and request patient consent.¹⁷ The implementation of these data protection protocols within the healthcare industry has lagged significantly, necessitating additional data security measures such as data anonymization or other privacy-preserving protocols.¹⁸

Blockchain technology provides an ideal solution for the storage, access and sharing of private healthcare data.¹⁹ This is due to the features of decentralization, transparency and immutability. The immutability of the blockchain technology can be guaranteed through a transparent, append-only distributed ledger, that is maintained in real-time, distributed throughout various nodes in the blockchain and that is cryptographically linked together to prevent malicious data modification of the stored medical data.¹⁵ Blockchain solutions such as private blockchains or consortium blockchains (blockchains in which the nodes are restricted to a trusted set) can be more appropriately leveraged and applied by a healthcare enterprise. Smart contracts and automated protocols are useful for data access and consent management and provide the means to allow access and sharing of health data securely and in a trusted manner without the presence of trusted third party intermediaries.^15,19

1.3. Research objectives and contributions

Healthcare digitisation requires the establishment of effective data-sharing solutions for future research, medical decision support systems, and improved treatment.²⁰ Yet, this integration creates challenges for privacy and security as well as interoperability.²¹ Centralized healthcare data-sharing is vulnerable to data breaches, while patients are increasingly demanding a greater degree of control over and access to their personal health records.^22,23 There remains an imperative need to develop efficient, secure and transparent mechanisms to address these concerns, particularly to avoid information sharing with potentially compromised entities and to prevent unauthorized parties from altering the records.²³ The primary goal of this study is to create an expandable and secure system that uses blockchain technology to limit who can access medical records.

• The utilization of smart contracts for the purpose of incorporating ABAC and dynamic RBAC models;

• For the purpose of preventing unauthorized access to data, homomorphic encryption and zero-knowledge proofs are utilized.

• Enhancing scalability through the utilization of off-chain storage strategies; and

• Assessing the effectiveness of the system with genuine healthcare workloads.

Previous research examined healthcare blockchain-based access control and hybrid RBAC/ABAC. This approach improves on previous studies since it uses a unified and efficient system architecture. This research uses a single permissioned blockchain architecture with dynamic RBAC-ABAC enforcement, smart contract orchestration, and privacy-preserving cryptographic approaches, unlike previous attempts that addressed scalability, privacy, and access control separately. This differs from prior works. The platform also assesses network scalability, cryptographic overhead, and access control setup time under different healthcare workloads, which has received minimal research. This contrasts with previous study that ignored these factors.

1.4. Organization of the paper

This research paper has been organized as follows. Section 2 illustrates the literature review. Section 3 describes the proposed method of this study. Section 4 renders the detailed experimental results. Section 5 presents the discussion on challenges, solutions and limitations. Finally, Section 6 and 7 concludes the paper and creates a room for future work.

2. Literature review

In recent times, Mobile Edge Computing (MEC) and 5G networks have made it possible to access low-latency healthcare services. However, as a result of distributed processing, new security risks have emerged as a result of these advancements. Another example of this is the Internet of Medical Things (IoMT), which creates enormous amounts of data in real time and, as a result, necessitates the implementation of reliable access management. For the purpose of medical picture analysis, machine learning is an additional requirement for secure data transfer. Utilizing blockchain technology, which enables the transfer of trustworthy data and decentralized governance, is one potential approach that may be taken to enhance the safety of these expanding healthcare ecosystems.

One of the most significant advantages that blockchain technology brings to the healthcare industry is the ability to offer immutable and auditable access control methods. A blockchain-based healthcare data management system called MedRec was described by Azaria et al.²⁴ This system gives patients more control over who may access their electronic health records and helps them to better manage their healthcare data. But, MedRec had limited scalability because of high computational overhead of keeping all transactions on-chain. Later, researchers have tried to reduce the blockchain bloat and improve efficiency by going for off-chain solutions like a combination of IPFS with the blockchain by Fan et al.²⁵ Despite such advances data retrieval latency and effective query execution in off-chain storage systems still concern by Ren et al.²⁶ The concept of smart contracts has been widely investigated as a means of implementing automated access control policies in healthcare systems based on blockchain technology. A study by Sharma et al.²⁷ proposed a RBAC model based on smart contracts that enabled real time permission enforcement along with data integrity. However, one major drawback was the risk of contract exploitation, and static role definitions were seen as not being susceptible to adaptation. Kumar et al.²⁸ in a recent study, introduced a dynamic ABAC model integrated with blockchain to address sensitive data privacy in EHR, where the access control is based on contextual attributes, such as patient consent and emergency. Although this model newly enhanced security and flexibility, the existing key management overhead was a challenge and thus required the integration of cryptographic techniques like proxy re-encryption for efficient permission delegation by Gupta et al.²⁹

According to Fan et al, public blockchains have high security, but they have transaction delay and higher computational cost, which is not suitable for real-time healthcare.²⁵ Li et al. suggested hybrid blockchain architectures that maintain a certain level of security as the hybrid blockchain architectures integrate both of the permissioned blockchain network and the permission less blockchain network.³⁰ Retaining a layered storage approach by Ren et al.²⁶ which stored metadata on-chain but kept the actual sensitive healthcare data in off-chain repositories to significantly lower storage costs. Nevertheless, this strategy introduced new dangers, such as the authenticity of off-chain data and the latency of retrieval, which necessitated additional research into the development of efficient cryptographic hashing techniques in order to enable smooth verification of data integrity. In accordance with the findings of Liu et al, homomorphic encryption makes it possible to carry out calculations on encrypted data, which enables healthcare analytics to be carried out without compromising the confidentiality of patients.³¹ In similar perspective, multi-party computation (MPC) has been utilized for multiple healthcare entities to jointly analyze patient’s data without revealing the raw data by Wang et al.³² The use of zero-knowledge proofs (ZKPs) has been advocated by Yang et al. in recent times as a means of facilitating secure access without revealing personal patient information. This would result in an improvement in privacy while still maintaining access control measures.³³

One of the factors that affect the acceptability of blockchain-based healthcare systems is regulatory compliance. GDPR imposes the right to be forgotten (RTBF) which is contradictory with the immutability ledger of the block chain Chen et al.³⁴ Researchers like Sharma et al have also proposed hybrid blockchain models that enforce selective mutability through cryptographic mechanisms like chameleon hashing and time-limited access revocation.²⁷ Keeping the latter challenge at ensuring that the access controls that are on the blockchain are auditable by regulatory bodies but that patients also retain a level of privacy which Zhang et al.³⁵ Blockchain-integrated logging mechanisms produce an open access history, which allows healthcare providers to track and validate access to patient data, thus enhancing regulatory compliance as well as patient trust.^36–38 When compared with other methods, blockchain technology does have the potential to secure healthcare data; however, minor challenges, such as scalability, privacy preservation, and regulatory compliance, have been highlighted in the literature reviewed. Although it creates a huge improvement in the security of verifying data integrity and controlling access, blockchain alone is not able to address all the challenges in cloud storage, such as an optimum hybrid storage architecture/solution, computational cost of many of the security techniques preserving the requirements of privacy established by the users in businesses through access control policies, etc.

As a part of this design, the choice of consensus algorithm plays a significant role in determining the performance/fault-tolerance/decentralization trade-off that will be achieved in a healthcare consortium. Algorithms like proof of authority or federated consensus are commonly used in private blockchains for healthcare because they are lightweight and fit the characteristics of trusted, identified nodes, allowing the system to optimize its performance, as well as ensuring data integrity and complying with regulatory requirements.²¹

Smart contracts also enable this governance structure because access rules and data-sharing agreements can be encoded in the smart contract and then automatically enforced, which is critical for compliance with the complex set of regulations in the healthcare domain.³⁹ Because these contracts are programmable, policy-based access control decisions can be flexible and adaptive, taking into account a defined set of rules, context-specific conditions, and even outside oracle data for access control decisions that would be difficult to implement using more traditional approaches.⁴⁰

Finally, the blockchain ledger records all access requests, changes to access control rules, and any data transfer on a tamper-proof history, creating audit trails needed to meet compliance and accountability requirements of the healthcare industry.³⁹

Blockchain technology improves data security and access control in several healthcare contexts. Technology differences include blockchain design, encryption, access control granularity, and scalability. Newer research reduces storage overhead using hybrid designs, while older systems store data on-chain. Recent frameworks have computational cost, latency, smart contract security problems, and interoperability difficulties. Comparisons show that no single solution can provide good security, scalability, privacy, and regulatory compliance, stressing the necessity for integrated frameworks.

2.1. Traditional healthcare data sharing methods

RBAC, which stands for role-based access control, and ACLs, which stands for access control lists, are both examples of centralized access control solutions that are the foundation of traditional healthcare systems. Despite the fact that these methods are effective for basic authorization, they have a restricted visibility, inflexible role definitions, and are susceptible to insider attacks, among other problems. When it comes to cloud-based healthcare data management systems, concerns around data breaches, trust management, and regulatory compliance are amplified. This is because of the increased dependence on third-party service providers. Accountability and data governance that is patient-centric are both hindered when there are no persistent audit trails and thorough patient consent procedures in place.

Blockchain technology has advanced, yet current healthcare systems have problems. This category includes real-time restrictions, computational burden, inefficient key management, scale challenges, and poor interoperability among healthcare organizations. Access approval methods don’t always include privacy protections. This solution solves these issues by combining modern encryption techniques, dynamic access control, and scalable storage in a blockchain architecture. This research advances health informatics by offering a blockchain-based access control architecture that balances privacy, scalability, regulatory compliance, and security. This holistic system design and experimental assessment provide practical insights for secure healthcare data management. By designing the entire system, this research differs from past component-focused research.

2.2. Blockchain in healthcare systems and access control mechanisms

In healthcare, blockchain can address the critical issues of security, privacy, and interoperability inherent to the existing systems, for example those for electronic health record systems or patient-driven applications.³⁹ In many cases, this has mainly been driven by its secure immutability of medical transactions and its ability to manage fine-grained access with smart contracts.³⁹ Smart contract enables more transparent and precise control for patients on their data as they choose, for example, who can access what part of the data and under what condition to ensure greater agency and control over data.⁴⁰

Several reports show that blockchain is an innovative means for decentralized, secure, and privacy-oriented management of health care data, especially with respect to access control and data integrity.⁴¹ This means a decentralized architecture that mitigates the threats of single-point of failure for centralized databases; it provides better protection against hacking and tampering of records. Recent developments highlight the integration of Role-Based Access Control with blockchain to create stronger, more transparent, and decentralized security frameworks. This hybrid approach simplifies complex healthcare processes while strengthening data accessibility.⁴²

2.3. Key vulnerability areas in healthcare blockchain systems

There are policy provenance and audit log security considerations in health information systems using blockchain that may impact transparency and audit trail for data access and sharing decisions.³⁵ These issues can only be solved with new technologies that can secure patient data, support health services and technology, and create strong security for complex systems.³⁶ This is especially beneficial because of the risk to the single point of failure which is often seen in traditional centralized EHR systems.³⁷

Fully homomorphic encryption for the preservation of data privacy during analysis however has a higher computational overhead that poses a limitation in its practical application.³⁷ Additionally, the implementation and integration of the homomorphic encryption schemes into current health system structures, and the limited analytics that could be done on the encrypted data are also barriers for their adoption.^39,40

There are a lot of research works that have considered the use of blockchain to solve security and privacy issues of healthcare informatics.³⁹

• IoMT Device Vulnerabilities: Insecure IoT-based medical systems and devices can easily be affected with Denial-of-Service (DoS) attacks, malware, and intrusions, leading to data leakage of patients.⁴⁰

• Consensus Mechanism Risk: It is possible to compromise the consensus mechanism of a blockchain, in which the private blockchain is a preferred option to be deployed for healthcare industry.⁴⁰

• Data Privacy of Medical Data: Medical systems possess sensitive patient’s data that must be protected (e.g., electronic patient’s health record, patient’s biometrics and personal identity). This can be achieved using data protection methods like data encryption.⁴⁰

• False Data Injection Attack: It is a security concern in many modern critical infrastructures, particularly smart grid and healthcare monitoring. This is a security threat where an adversary inserts false data into the system with the hope of misleading the operator and inducing abnormal system behaviors.⁴¹

By leveraging the immutable nature of the blockchain ledger, healthcare systems can ensure that records remain untampered, maintaining a high level of confidentiality and trust across the network.^22,43

3. Proposed model

3.1. System architecture overview

The components that make up the proposed system are as follows: smart contracts, blockchain technology, off-chain storage, patients, and smart contracts themselves. Before allowing access to patient data, smart contracts evaluate the patient’s authorization, as well as their responsibilities and features. The decision to take this action was motivated by the intention to impose access control boundaries on purpose. In order to guarantee scalability and maintain data integrity, large healthcare files are stored off-chain in a secure location. When compared to other technologies, blockchain technology is accountable for the storage of metadata and access records.

A successful completion of the process of putting identity management into action is attainable through the utilization of cryptographic public-private key pairs. Prior to issuing each user with a digital identity, an impartial registration authority will first proceed to authenticate the user’s identification. It is necessary to perform this verification before the digital identity may be officially provided. Digital signatures are utilized for the purpose of authentication, whereas smart contracts are utilized to verify the characteristics and obligations of the identity prior to allowing access. Two of these procedures are components that contribute to the authentication process. Both of these procedures are components.

Based on blockchain technology, state-of-the-art encryption, and dynamically adaptive access-control models, this study addresses such issues as copyright violation, questionable access to data, regulatory intrigues, and scaling challenges. Our mathematical equations are now filled in with the technical analysis of the system - following the rate of encryption, decryption, adhering to access control, the integrity of data, and the overall performance of the network.

3.2. Study setting and design

The study used publicly available health-care data to design a strict experimental test using a system-oriented approach. The main task was to reach a comprehensive evaluation of the capabilities of the suggested system. The experimentation and application activities were carried out in a well regulated laboratory environment and the experimental environments were closely monitored to maintain integrity. During the predetermined period of evaluation, focus was made on the scrutiny of the system performance, scalability as well as the security. The experimental evaluation was conducted at the simulated work load conditions that most closely replicated the real world conditions, including both the situations of the heterogeneous range of access conditions. This was a strategy that could not be done without in estimating the resilience and adaptation of the system to various demands. The study aimed to provide a comprehensive insight into the limitations of operation of the system and the stress sustainability of the system by simulating the possible interactions between users and the system and the workload fluctuations.

3.3. Evaluation methodology

The analysis was based on various quantitative performance metrics to evaluate the suggested architecture. The main criteria included transaction throughput, scale with respect to increasing workloads, the latencies of cryptographic operations and delays to access-enforcement. These measurements played a crucial role in providing a discrete description of the level of system efficiency and responsiveness. In addition to these quantitative indicators, the research compared the performance and security features of the proposed system with those of the traditional centralized systems of access-control. It was meant to be an analysis of the advantages and possible constraints of the new architecture and hence create a reference point about its effectiveness. With careful testing and evaluation, it was proved that the model did not only meet the necessary requirements of performance but also provided significant security and efficiency benefits. The results highlight the effectiveness of the system, which proves its position as a viable representative of the sphere of healthcare access control. The results indicate that a blockchain-access-control system is a promising system that can be used to enhance patient privacy and security in health-care data management. In addition, blockchain technology integration addresses the major issues of preserving sensitive patient data and conditions of regulatory quality, which contributes to a safe health-care environment in the end.

3.4. Decryption & encryption time

Let T_E and T_D represent encryption and decryption time, respectively. For an encryption algorithm with key size k and data size D, the encryption time can be approximated as:

T_{E} = f (k, D

(1)

where f is a complexity function dependent on the encryption method. The decryption time follows a similar relationship:

T_{D} = g (k, D)

(2)

where g is another complexity function.

3.5. The performance of blockchain access control

The CPU utilization U, response time R, and memory usage M can be modeled as:

U = h (A, S)

(3)

R = p (A, S)

(4)

M = q (A, S)

(5)

where A represents the access control model, and S is the system complexity.

3.6. Verification of data integrity

Given a hash function H, the time to compute a hash T_H can be approximated as:

T_{H} = O (n)

(7)

where n is the input size.

3.7. Performance in network

For a blockchain network with latency L, throughput T, and bandwidth B:

L = O (n)

(8)

T = O (1 / n)

(9)

B = O (n \log n)

(10)

where n is the number of nodes in the network. The analysis of the data presented in Figure 1 describes a blockchain-based infrastructure for secure access and processing of health information. The flowchart begins with user authentication and identity verification to authorize access to medical data. After successful authentication, healthcare data access is requested and authenticated using blockchain. Blockchain technology offers an incorruptible method for managing user access, reducing the risk of data breaches from illegal access. Healthcare data encryption and secure retrieval procedures safeguard sensitive medical information from cyber-attacks after access control verification. Data becomes unreadable without a decryption key during encryption. KYC data is encrypted and processed as a blockchain transaction. This provides the integrity of access logs and provides a fully auditable and transparent data exchange.

Figure 1.

The framework for a blockchain-based infrastructure for secure access and processing of health information.

The data is saved and logged after the transaction and the past records can be looked into in future. The practice ensures that the information can be rebuilt in case it is necessary, based on previous records. At the same time, anomaly-detection algorithms and real-time oversight mechanisms have been implemented in order to identify possible security violations and banned behavior. These systems can be used to detect potential threats or criminal activities in time. As a result, the end user is guaranteed of the reception of authenticated data hence a safe and trouble free experience. Logs need to be periodically updated, and the transactions must be completed so that they can be considered complete. To ensure the distributed ledger is honest and accountable, this is necessary. This step-by-step methodology shows how blockchain technology can protect healthcare data, improve privacy, access control, and transparency, and reduce the risks of traditional centralized data management systems. Blockchain technology has several benefits.

3.8. Dynamic RBAC–ABAC smart contract workflow

Smart contracts are able to dynamically coordinate RBAC and ABAC selections since they execute themselves as separate policy enforcers. The credentials of the user, their role, and any pertinent contextual information, such as the current status of consent or crisis indicators, are checked by a smart contract as soon as it receives a request for access. Additionally, it examines any additional background information that may be relevant. Before beginning to implement context-aware, fine-grained access restrictions, it is essential to conduct an analysis of RBAC rules in order to establish baseline permission. Policy modifications and revocations are maintained on the blockchain in an immutable manner, which enables real-time adaptability and traceability. Blockchain technology was developed by Bitcoin foundation.

3.9. Blockchain architecture in healthcare

Healthcare applications can use private, consortium, public, and hybrid blockchain infrastructures. Additionally, public blockchains are distinguished by their transparency, whilst private and consortium blockchains are distinguished by their decreased latency and increased control. Public blockchains are characterized by their transparency. The hybrid architectures that strike a balance between decentralization and performance are the way to go for healthcare settings that are required to comply with legislation regarding the privacy of patients and the security of their data.

3.10. Acknowledgements

The authors acknowledge the developers and maintainers of the publicly available healthcare datasets used in this study. No external funding was received for this research.

3.11. Dataset permission and ethical clarification

The datasets used in this study were obtained from publicly available repositories that permit academic and research use. No personally identifiable information was accessed or disclosed. As the study involved secondary data analysis of anonymized datasets, formal ethical approval was not required.

4. Results

The performance parameters for encryption and decryption shown in Table 2.

Table 2.

The encryption time for data access control.

Encryption algorithm	AES-128	AES-256	RSA-1024
Encryption time (ms)	1.3	1.9	2.6
Decryption time (ms)	1.1	1.6	2.3
Key generation (ms)	2.1	2.9	4.1
Data size (MB)	1	2	3

The Figure 2. Compares AES-128 vs AES-256 vs RSA-1024 by four metrics: Encryption time, Decryption time, Key generation time, and Data Size. In the charts, the coloured lines (green = AES-128, purple = AES-256, red = RSA-1024) help identify their relative performance in these criteria. Asymmetric encryption algorithms, including RSA-1024, show much longer encryption time due to excessive computational load of pairing key. Finally, the time taken to decrypt also follows the same pattern, where AES-128 is the fastest, AES-256 takes slightly more time, and RSA-1024 has the slowest decryption due to the complexity of its decryption process. Key generation time is also an important metric in this regard, and symmetric encryption algorithms significantly outperform asymmetric encryption algorithms. According to the graph, RSA-1024 took the longest time to create a key than any of the AESs. RSA creates large prime numbers and requires a lot of complex math in comparison; thus, RSA takes longer. AES-128 and AES-256, on the other hand, have much lower key generation times, because they do not have as extensive key expansion processes. The data size metric (x-axis) in the graph indicates that AES algorithms (AES-128 and AES-256) can handle larger data sizes than RSA-1024. To clarify, RSA is not used to encrypt large amounts of data, but rather to secure smaller amounts of data like a symmetric key. The analysis overall shows that RSA-1024 security comes with a high-performance overhead. In contrast, AES-128 and AES-256 provide a favourable balance of speed and security, with less overhead, which is especially crucial for faster applications, e.g. secure file transfers or real-time traffic encryption (Table 2).

Figure 2.

The encryption time for data access control.

The study provides some analysis in Figure 3, to assess the efficiency of multiple blockchain-based access control models, summarizes the key performance metrics in terms of CPU utilization (%), response time (ms), and memory usage (MB). We examine four access control models which are Role-based access control (RBAC), Attribute based access control (ABAC), Smart contract-based access control and Proxy Re-encryption. In our color-based outline the metrics are defined in green for CPU utilization, purple for response time and red for memory performance. As seen in the graph Smart Contract-Based Access Control and Proxy Re-Encryption has the top response time and memory usage, showing much needed compute overhead is required by these model in contrast to RBAC and ABAC. If we consider the values of CPU utilization, in the models the values are relatively equal with minor differences. To highlight the data, an advanced security mechanism that may be optimized for processing is Proxy Re-Encryption and Smart Contract Based Access Control as the CPU utilization of these two mechanisms is lower than that of Role Based Access Control and Attribute Based Access Control. Indeed, Smart Contract-Based Access Control and Proxy Re-Encryption have much higher response times compared to RBAC and ABAC, which is possibly the most important parameter if we consider the rapid speed in which requests come in. This additive response time is most likely attributed to the operations of a cryptographical nature and execution of smart algorithms in a blockchain-based model.

Figure 3.

The Blockchain based access control efficiency.

It is evident from the trends that the ACE, ABAC and RBAC show the lowest consumption of memory. Besides, Smart contracts and Proxy re-encryption are the ones with the highest memory usage. The reason why Memory use of Smart Contracts and Proxy Re-Encryption is high is because of the complexity of the cryptographic computations, the need to execute it in a decentralized manner and general consumption of the resource. The higher security capabilities provided by these advanced models are bound to introduce a latency and increased cost of resources, even though they offer better security features. Comparison shows that Smart Contract Based and Proxy Re-Encryption configurations are better in terms of security and flexibility, whereas RBAC and ABAC configurations are found to be more time and memory efficient, which makes them a better fit in online application (Table 3).

Table 3.

The Blockchain based access control efficiency.

Access control model	CPU utilization (%)	Response time (ms)	Memory usage (MB)
Role based (RBAC)	50	120	100
Attribute based (ABAC)	60	150	120
Smart contract based	55	130	110
Proxy re-encryption	58	140	115

As illustrated in Figure 4, discussed the data verification methods are paramount for corruption in block chaining. The following graph represents four verification methods (SHA-256, SHA-3, Merkle Tree, and Bloom Filter) against the performance indicators: hashing time (ms), verification time (ms), and energy consumption (mJ) The color-coded visual shows green for hashing time, purple for verification time, and red for energy usage. It can also be observed that Bloom Filter is the most energy-consuming among these methods, while SHA-256, SHA-3, and Merkle Tree keep relatively low energy consumption. This shows that even though Bloom Filter is a good probabilistic data structure, it consumes a lot of resources for integrity verification. Hashing time and verification time are fairly lower and stable for SHA-256, SHA-3 and Merkle Tree, only marginally varying. As cryptographic hash functions, SHA-256 and SHA-3 should abstract the always same hashing and verification speed due to their well-optimized algorithms. For large data sets, it is common to use the Merkle Tree structure for verification in the blockchain, where the proof was relatively lower, which indicates the capability of it in computational overhead reduction for integrity checksum. Bloom Filter, on the other hand, known for its space-efficient probabilistic verification, does exhibit an increase in its hashing time and the time required for verification, leading to its increased energy use. For resource-constraint environments like IoT and mobile devices, energy consumption is one of the critical factors for the blockchain-based integrity verification of data. It suggests that Merkle Tree provides an efficient trade-off between hashing time, verification time, and energy consumption and remains the best option for assuring integrity on blockchain-based systems. Although Bloom Filter is beneficial for storing massive data, the increased computational cost (in terms of time and energy) will restrict its application in the real-time transactions of blockchain. In conclusion, this research analyze various proof techniques and propose a proof model that is more efficient, accurate and energy consumption oriented in blockchain environment (Table 4).

Figure 4.

The data integrity verification in Blockchain.

Table 4.

The data integrity verification in Blockchain.

Verification method	Hashing time (ms)	Verification time (ms)	Energy consumption (mJ)
SHA-256	0.5	1.0	10
SHA-3	0.6	1.2	12
Merkie tree	0.4	0.9	8
Bloom filter	0.7	1.5	15

The research analysis in Figure 5 discusses the storage overhead of different data storage models in a blockchain-based healthcare system. The introduced graph classifies data storage as On-chain (green), Off-chain (purple), and Hybrid (red), along with the storage needs (in MB) of four healthcare-related data types — Patient Records, Prescription Data, Imaging Data, and Lab Results. Imaging Data is recognized for its high storage overhead, followed by On-chain storage, Hybrid and finally On-chain storage. This is natural, given that medical imaging files — MRIs, CTs, etc. — are much larger than health data. Storage cost overhead is maximal for chain data of any types because any blockchain transactions have to store them permanently inside blocks. This process makes On-chain storage very secure, however is inefficient in storing large amounts of data, especially for high-volume records such as medical datasets. Conversely, off-chain storage needs far less space, as sensitive healthcare data is saved off-chain with only metadata or cryptographic proofs are retained on the blockchain. Hybrid storage combines both approaches, storing data on-chain that is mission-critical and leaving bulk storage off-chain, where the security versus performance trade-off comes into play. They reason that the suitable storage model to be employed relies on the nature of the health data involved. It is not very feasible to implement this on the datasets that are very large like Imaging Data, while On-chain storage gives us Immutability and Transparency. Off chain storage mitigates bloat of the blockchain and enhances scalability however, there could be a risk in terms of integrity and security of data. The Hybrid model can provide this benefit by distributing storage load across the nodes of a blockchain-based healthcare system while achieving a balance between security and cost, and performance. The problem-solving this study undertakes proves the urgent necessity to deal with data management conceiving cautious approaches, especially in the provision of blockchain-based solutions for healthcare (Table 5).

Figure 5.

The storage overhead in Blockchain-based healthcare system.

Table 5.

The storage overhead in Blockchain-based healthcare system.

Storage type	On-chain (MB)	Off-chain (MB)	Hybrid (MB)
Patient records	100	50	75
Prescription data	80	40	60
Imaging data	500	250	375
Lab results	90	45	68

The research analysis shown in Figure 6 reviews the network performance use cases for blockchain architecture types in the healthcare systems. The four types of blockchains considered in the study include Private Blockchain, Consortium Blockchain, Public Blockchain, and Hybrid Blockchain. Latency (ms), Throughput (TPS), and Bandwidth Usage (MBps) are the main performance metrics being analyzed that are represented by the colors green, purple, and red respectively. Public Blockchain has the lowest throughput and highest latency due to its decentralized architecture, where transactions need to be validated by many nodes before being accepted as final. However, in Private and Consortium Blockchains, the control over their environment and significant quantity of validators lead to an increase in latency and throughput. The TPS (transactions per second) or throughput is generally higher in Private and Consortium Blockchains while Public and Hybrid Blockchains results in reduced TPS. The Consortium Blockchain belongs to the range of blockchain architectures as the semi-decentralized paradigm, in which multiple accredited organizations collectively perform as validators of transactions; this paradigm is a compromise between the high requirements of security and the practical needs of efficiency and, therefore, the best model to apply to healthcare applications that require collaboration between multiple organizations to exchange their data. While the Hybrid Blockchain model is moderate in performance across all metrics as it has combined features of both the private and public block chains. But its complexity could lead to extra overhead in terms of network coordination. According to the study, while network efficiency and model performance varies across the blockchain various types of snapshot, bandwidth usage remains fairly low which indicates that transfer of data is optimised for healthcare use cases. But there is still a trade-off to make between security, decentralization and performance. But public Blockchain trade-offs have high latency and low throughput in favour of maximum decentralization, private and consortium Blockchains provide better performance however require establishing trust among the participants. However, the Hybrid Blockchain serves as the middle ground for adequate Privacy and also provide public verification. Although primarily discussing four blockchain types, researchers point to their potential in health data management and a need to assess the effectiveness of different types of blockchain alongside the importance of regulatory compliance and performance (Table 6).

Figure 6.

The network performance metrics for Blockchain based healthcare systems.

Table 6.

The network performance metrics for Blockchain based healthcare systems.

Network type	Latency	Throughput	Bandwidth usage
Private Blockchain	50	1000	10
Consortium Blockchain	60	800	12
Public Blockchain	120	300	20
Hybrid Blockchain	70	750	15

For the purpose of conducting the experimental evaluation, a permissioned blockchain network has been utilized to establish multiple validator nodes. By using a Byzantine Fault Tolerant consensus process, we were able to strike a compromise between the two competing priorities of security and performance. The framework drew on real-world healthcare datasets that comprised structured electronic health record records and metadata in order to model access requests under varying loads. One of the performance indicators that has been monitored in order to evaluate the scalability and robustness of the system as the number of transactions increased was throughput. Other performance indicators that have been measured are latency, access enforcement time, cryptographic processing cost, and throughput.

For the purpose of preserving impartiality, the centralized access control systems that were utilized in the comparison were constructed in accordance with the recommendations that were included in the standards for best practices. Through the employment of RBAC and ABAC implementations that were optimized, dedicated access servers, and secure databases, it was possible to accomplish the functionality that these systems were designed to accomplish. The technique that is based on blockchain technology has been recommended because it offers increased auditability and resistance to unwanted access, while also needing a low level of computational overhead. The above statement is confirmed by the additional performance analysis made in comparison with common access control systems accepted in the industry.

5. Discussion

The implementation into real-time applications, especially in the healthcare sector, comes with a number of significant challenges that it would be necessary to overcome in order to implement successfully.

1. Latency Issues: Network latency is a key problem in this scenario. Real-time applications require prompt processing of data and response time that may be slow due to the time it takes to confirm and document transactions on the blockchain. In the medical context, e.g., any delay related to the access to crucial information about patients may have a catastrophic impact on patient care.

2. Smart Contract Management: Network latency is a key problem in this scenario. Real-time applications require prompt processing of data and response time that may be slow due to the time it takes to confirm and document transactions on the blockchain. In the medical context, e.g., any delay related to the access to crucial information about patients may have a catastrophic impact on patient care.

3. Cryptographic Key Management: Cryptographic keys are a crucial component in blockchain systems, and their management should be very accurate. The (often necessary) high access speed of the key can have a bottlenecking effect in real-time applications, particularly when key-management protocols have not been optimised. In addition, the keys can be lost or compromised causing serious security vulnerabilities.

4. Governance Structures: The creation of governance schemes of blockchain networks is quite necessary, but difficult. In real time applications, decisive decision making processes and responsibility are increased. The conflicts between the stakeholders with regards to governance may disintegrate the network and hinder cooperation.

5. Integration with Existing System: A good number of organisations have current medical information systems. Combining blockchain and these old systems may prove to be both cumbersome and expensive. Maintaining the integrity and security of the data and achieving seamless interoperability is a major challenge that should be overcome.

6. Scalability: As the volume of users, as well as the frequency of transactions, grow, it can become quite challenging to maintain the efficacy of a blockchain network operationally. Real-time processing applications usually need high throughput and scalability, and some blockchain designs may not be able to deliver these qualities.

In order to make sure that the suggested framework is best applicable to implementation in the healthcare sector, defining three key components, which are data security, transparency, and trust of clinicians is vital. The implementation of these elements has a substantial amount of benefits to the traditional healthcare organizations as they provide them with an effective base of infrastructures that enable the creation of safer and more efficient systems.

The auditability, and consequently, a full spectrum of regulatory compliance is significantly improved by the implementation of the blockchain technology. This is one of the key abilities that cannot be ignored in health-care environments since it will allow tracing and verifying all operations and data transfers. Furthermore, the need to have off-chain storage services is realized when one ponders on the medical data which is being produced by the day in volumes. Through dual-storage paradigm, health care organizations are able to not only stay within the confines of the law but also increase their operational capacity to meet the increasing data demands.

The asymmetric encryption forms the basis of the asset exchanges and the symmetric encryption secures the storage of data, thus ensuring information security. The integration of homomorphic encryption and zero-knowledge proofs also allows carrying out safe computations and verifications without the exposure of sensitive information, which would be made possible through homomorphic encryption. Scalability is ensured by a hybrid architecture that uses both on- and off-chain storage, and interoperability is ensured by blockchain-based data formats and access APIs. Therefore, blockchain technology achieves the two goals.

In terms of data security, the framework encrypts the cryptographic keys in an asymmetrical way and decrypts data in an asymmetrical way, and stores data asymmetrical with symmetric encryption, hence making sure that the confidential information will not be available to the wrong people. The developed methodologies, that is, homomorphic encryption and zero-knowledge proofs, provide a means of secure computation and verification without revealing confidential information. It is also worth noting that homomorphic encryption allows performing operations with encrypted information and so, privacy is maintained at every level.

Lastly, on-chain and off-chain storage solutions allow the integration that enhances scalability and supports the efficient management of the data. Interoperability of the health-IT ecosystem is also ensured by blockchain-based information formats and access interfaces which allow homogenous systems to communicate seamlessly with their heterogeneous counterparts.

5.1. Regulatory compliance with HIPAA and GDPR

The proposed solution helps HIPAA and GDPR compliance with immutable audit trails, fine-grained consent management, off-chain data minimization, and cryptographic access tracking. Smart contracts provide dynamic consent policy enforcement, and blockchain-based logging helps identify and punish breaches. The hybrid storage technology removes sensitive data from off-chain repositories while keeping cryptographic proofs on-chain, meeting GDPR requirements.

5.2. Threat model and security analysis

In the threat model, hostile outsiders, hostile insiders, players in collusion, and weaknesses in smart contracts are all taken into consideration along with other factors. The use of cryptographic authentication and storage encryption helps to lower the level of vulnerability to attacks from the outside. When dealing with insider threats, it is helpful to make use of role-based accountability and audit logs that cannot be altered. Within permissioned networks, the possibility of collusion is reduced through the implementation of consensus mechanisms and distributed governance. The use of a modular contract design and the implementation of execution privilege limits are two means by which smart contracts might reduce the number of vulnerabilities.

Data Integrity Verification: The Merkle Tree offers integrity assurance through cryptographic hashing and Blockchain technology. It achieves the lowest overhead (hash: 0.4ms, verify: 0.9ms, energy: 8mJ) among all methods (SHA-256 (0.5ms/1.0ms/10mJ), SHA-3 (0.6ms/1.2ms/12mJ) and Bloom Filter (0.7ms/1.5ms/15mJ)). On-chain and off-chain data storage consumes 375MB against 500MB (on-chain only), proving that the system delivers integrity without excessive storage requirements.

Confidentiality Techniques: Data confidentiality is provided through cryptographic methods: AES-128 (encrypt: 1.3ms, decrypt: 1.1ms, keyGen: 2.1ms); AES-256 (encrypt: 1.9ms, decrypt: 1.6ms, keyGen: 2.9ms); and RSA-1024 (encrypt: 2.6ms, decrypt: 2.3ms, keyGen: 4.1ms) for user authentication and authorization. Smart contracts for access control (RBAC + ABAC) require 55% CPU, 130ms RT and 110MB memory. Homomorphic encryption and ZK-proofs also enable analytics and credential validation without exposing sensitive data.

Attacks Prevention: The network uses verified node identities and permissioned Blockchain to resist Sybil and falsification data. BFT consensus prevents Byzantine node misbehavior. The private blockchain can attain 1000 TPS with 50ms RT versus public Blockchain at 300 TPS with 120ms RT (allowing real-time and secure Healthcare usage). Blockchain also prevents fraud in access control and provides complete traceability of access history (Audit Logging).

Regulatory Requirements and Compliance (HIPAA/GDPR): HIPAA Technical and Security requirements are satisfied through AES-256 and audit trails (immutable log) to ensure data confidentiality and audit access. For data privacy (GDPR, ePrivacy), “crypto-shredding” of private Blockchain data is enabled through hybrid data storage: off-chain patient data is deletable upon erasure requests while on-chain hash proofs remain intact. This achieves “right to be forgotten” (Article 17 GDPR) without modifying the Blockchain’s content integrity. Furthermore, Smart Contracts and RBAC+ABAC support the “purpose limitation” and “data minimization” principles (GDPR).

5.3. Evaluation of the proposed access control system against contemporary blockchain healthcare frameworks

The proposed blockchain-secured and scalable access control framework improves on existing healthcare blockchain designs by incorporating dynamic role-based/attribute-based access control, Merkle-tree integrity verification, privacy-enhancing cryptography, and HIPAA/GDPR compliance into a single unified system.

In contrast, MedRec and its variants focus on patient-controlled access and use full on-chain or IPFS-based off-chain data storage, leading to excessive on-chain overhead or efficiency without integrity assurance. Prior work that applies smart-contract-based RBAC and ABAC schemes provides more flexible access policies, but these systems lack static-role updates, incur excessive key management costs, and do not offer an overall compliance and auditability mechanism.

The proposed framework processes 1,000 TPS with 50 ms latency on a private blockchain and offers low-cost integrity verification (0.4 ms hashing, 0.9 ms verification, and 8 mJ energy consumption) and efficient AES-128 encryption (1.3 ms encryption, 1.1 ms decryption, and 2.1 ms key generation time). It either achieves lower or equal performance values reported in hybrid hashing and access-control systems, which typically do not conduct an end-to-end performance test or do not consider the system performance metrics, integrity verification, and key management simultaneously.

Previous HIPAA/GDPR-compliant access-control systems provide only consent-based access control and auditing/verification features, and do not provide privacy-enhancing data analytics or authentication techniques on encrypted data. By leveraging homomorphic encryption and zero-knowledge proof, we demonstrate that data analytics and authentication could be performed on encrypted data with strong confidentiality assurance (Table 7).

Table 7.

Comparative summary with recent blockchain-based healthcare security models.

Feature	Proposed method: Blockchain-enabled secure and scalable access control system	Sharma²⁷	Li³⁰	Chakravarthy²¹	Tawfik²²	Ullah²³
Access Control	RBAC + ABAC (dynamic)	RBAC only	RBAC	RBAC + Hash	ABAC	ABE
Integrity Verification	Merkle Tree (0.4/0.9 ms, 8 mJ)	Basic hash	Hash	SHA-based	Not Specified	Hash
Encryption	AES-128/256 + RSA-1024	AES	AES	Hybrid	AES	ABE
Storage Model	Hybrid (375 MB imaging)	On-chain	Hybrid	Hybrid	IPFS	Decentralized
Throughput	1,000 TPS	Not Reported	Moderate	Not Reported	Not Reported	Not Reported
Latency	50 ms	Not Reported	Moderate	Not Reported	Not Reported	Not Reported
ZKP + Homomorphic Enc.	Yes (both)	No	No	No	No	No
HIPAA/GDPR Compliance	Yes (both)	Partial	Partial	Yes	Yes	Partial

5.4. Study limitations

Although promising, this study has several drawbacks. Because it was done in a controlled experimental setting, the evaluation may not have accurately reflected healthcare deployment complexity. There is a possibility that time-sensitive algorithms will complete their tasks more slowly due to the computational expense of cryptographic operations. Due to the fact that it solely examines permissioned blockchains, the research endeavor does not take into consideration public blockchains. The next steps include doing more extensive testing of the interoperability of healthcare systems and deploying pilot programs in the real world.

6. Conclusions

The experimental findings demonstrate that the proposed access control architecture uses blockchain technology to achieve a satisfactory balance between scalability, velocity, and security. Despite smart contract-based access control providing increased auditability with an acceptable latency overhead, the results show that symmetric encryption approaches perform far better than asymmetric solutions in real-time data access scenarios. To keep on-chain storage costs down while yet protecting data integrity through cryptographic verification, the hybrid storage architecture is a great choice. As an added bonus, the proposed method outperforms centralized access control options in terms of transparency and security against unwanted access. Taken as a whole, the results show that blockchain technology, in conjunction with scalable storage systems and dynamic access control, could provide significant performance limits for the safe management of healthcare data.

7. Limitations and future directions

Real-time applications that are subject to latency constraints are able to be accommodated by the framework through the deployment of selective transaction execution. What is determined to be relevant for access control is the only metadata that is handled on-chain. This is the only metadata that is handled. Taking computations that are not critical and executing them off-chain or at the edge provides for a reduction in the amount of time needed for a reaction. Possible future upgrades that could be done in order to better serve time-sensitive healthcare tasks include integration with edge computing, the employment of lightweight consensus protocols, and the batching of access requests. All of these upgrades have the potential to be implemented in the future.

In spite of the positive results, the platform is confronted with a number of problems, including the complexity of upgrading smart contracts, the cost of cryptographic computation overhead, and the difficulty of compatibility with traditional healthcare information technology systems. Future study will look into a number of different areas, including the implementation of cryptographic operations across inter-institutional health information exchanges, the optimization of cryptographic operations, the integration of AI-driven analytics, and the interoperability of developing healthcare data standards.

Footnotes

ORCID iD

Nyagong Santino David Ladu

Ethical considerations

This publication excludes any information about the authors’ training with humanoids or animals.

Consent to participate

This page contains no studies the authors have done with humans or animals.

Author contributions

N.Gopinath: Methodology, Conceptualization, Writing - original draft preparation, Formal analysis and investigation, curation. S.Raguvaran: Conceptualization, Formal analysis and investigation. Nyagong Santino David Ladu: Methodology, Writing - original draft preparation, overall review. Vishnu Kumar Kaliappan: overall review, curation, design. Ravi Samikannu: Writing - review, and editing, investigation, overall review.

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data Availability Statement

Any of the authors’ experiments involving human or animal participants are not included in this article. Publicly available datasets were analyzed in this study. This data can be found here:.

References

Kumar

Khan

Alharbe

, et al. Code of silence: cyber security strategies for combating deepfake disinformation. Comput Fraud Secur 2024; 2024(4): 1–6.

Sahu

Kumar

. Telemedicine: how to achieve interoperability without compromising data security. Br J Healthc Manag 2025; 31(1): 1–5.

Sahu

Kumar

. A secure decentralised finance framework. Comput Fraud Secur 2024; 2024(3): 1–6.

Sahu

Srivastava

. Needs and importance of reliability prediction: an industrial perspective. Inf Sci Lett 2020; 9(1), Article. 5.

Sahu

Srivastava

. Predicting software bugs of newly and large datasets through a unified neuro-fuzzy approach: reliability perspective. Adv Math Sci J 2021; 10(1): 543–555.

Sahu

Srivastava

. Soft computing approach for prediction of software reliability. ICIC Express Lett 2018; 12(12): 1213–1222.

Kumar

Khan

. Software durability concepts and practices. Boca Raton, FL: CRC Press, 2020.

Kumar

Baz

Alhakami

, et al. A hybrid model of hesitant fuzzy decision-making analysis for estimating usable-security of software. IEEE Access 2020; 8: 72694–72712.

Kumar

Khan

Abushark

, et al. A knowledge-based integrated system of hesitant fuzzy set, AHP and TOPSIS for evaluating security-durability of web applications. IEEE Access 2020; 8: 48870–48885.

10.

Kumar

Mishra

. Assessing the impact of heat vulnerability on urban public spaces using a fuzzy-based unified computational technique. AI Soc 2025; 40(2): 787–804.

11.

Kumar

Khan

. Securing communication protocols in military computing. Netw Secur 2024; 2024(3): 1–6.

12.

Kumar

Khan

. Securing military computing with the blockchain. Comput Fraud Secur 2024; 2024: 1–6.

13.

Tran

. Application of blockchain technology in sustainable energy systems: an overview. Sustainability 2018; 10(9): 3067.

14.

Tasca

Tessone

. A taxonomy of blockchain technologies: principles of identification and classification. Ledger 2019; 4. https://doi.org/10.5195/ledger.2019.140

15.

Chenthara

Ahmed

Wang

, et al. Healthchain: a novel framework on privacy preservation of electronic health records using blockchain technology. PLoS One 2020; 15(12): e0243043. https://doi.org/10.1371/journal.pone.0243043

16.

Adeoye

Adams

. Blockchain for secure and interoperable electronic health records (EHR): challenges and opportunities in decentralized healthcare data management. Cognizance J 2024; 4(11): 340–356.

17.

Magyar

. Blockchain: solving the privacy and research availability tradeoff for EHR data: a new disruptive technology in health data management. In: IEEE 30th Neumann Colloquium (NC), Budapest, Hungary,New York, 24–25 November 2017, pp.135–140. IEEE.

18.

Tertulino

Vidal

Ivaki

. A decentralized architecture for electronic health records to enhanced security and privacy. In: 20th European Dependable Computing Conference (EDCC 2025), Lisbon, Portugal,New York, 2025, pp.174–179. IEEE.

19.

Archana

Jayalakshmi

. Implementing blockchain for secure health data management, 2025.

20.

Kumarswamy

Sampigerayappa

. A review of blockchain applications and healthcare informatics. Int J Saf Secur Eng 2024; 14(1): 267.

21.

Chakravarthy

Gopi

Murugan

, et al. Enhancing confidentiality and access control in electronic health record systems using a hybrid hashing blockchain framework. Sci Rep 2025; 15(1): 30379.

22.

Tawfik

Al-Ahwal

Eldien

AST

, et al. ACHealthChain blockchain framework for access control and privacy preservation in healthcare. Sci Rep 2025; 15(1): 16696.

23.

Ullah

Rizvi

, et al. Toward blockchain based electronic health record management with fine grained attribute based encryption and decentralized storage mechanisms. Sci Rep 2025; 15(1): 34542.

24.

Azaria

Ekblaw

Vieira

, et al. MedRec: using blockchain for medical data access and permission management. In: 2016 2nd International Conference on Open and Big Data (OBD), Vienna, Austria,New York, 22–24 August 2016, pp.25–30. IEEE.

25.

Fan

Wang

Ren

, et al. MedBlock: efficient and secure medical data sharing via blockchain. J Med Syst 2018; 42(8): 136.

26.

Ren

Liu

Zhang

. A hybrid storage approach for blockchain healthcare data management. J Healthc Eng 2022; 2022, Article. 9697545.

27.

Sharma

Kumar

Bharti

. Blockchain-based electronic health record management: challenges and solutions. Health Inform J 2019; 25(4): 1612–1628.

28.

Kumar

Malviya

Singh

. Secure blockchain-based framework for healthcare data management. Comput Secur 2022; 114: 102578.

29.

Gupta

Sharma

Patel

. Blockchain-enabled proxy re-encryption for healthcare interoperability. IEEE J Biomed Health Inform 2022; 26(1): 206–215.

30.

Xue

Tian

, et al. Blockchain-based access control for secure personal health record systems. IEEE Trans Ind Inform 2020; 16(8): 5565–5574.

31.

Liu

Tang

Zhang

. Homomorphic encryption for secure healthcare data processing. Future Gener Comput Syst 2023; 135: 456–467.

32.

Wang

Zhang

. Secure multi-party computation in healthcare analytics. ACM Comput Surv 2020; 53(4), Article. 82.

33.

Yang

Zhang

. Privacy-preserving healthcare data analytics using blockchain and homomorphic encryption. Future Gener Comput Syst 2023; 140: 181–194.

34.

Chen

Zhu

Zhang

, et al. Blockchain and data privacy: a systematic review. J Netw Comput Appl 2020; 170: 102807.

35.

Zhang

Xue

Liu

. Security and privacy on blockchain-based EHR systems: a survey. J Biomed Inform 2021; 118: 103777.

36.

Ali

Singh

Kapoor

. Enhancing role-based access control with blockchain technology. Comput Secur 2022; 112: 102499.

37.

Patel

Sharma

Verma

. A survey on blockchain interoperability for healthcare data management. IEEE Access 2021; 9: 13775–13788.

38.

Yang

Feng

Liu

. Zero-knowledge proofs for secure authentication in healthcare blockchain systems. Inf Sci 2023; 612: 567–580.

39.

Ghadi

Shah

SFA

Mazhar

, et al. Enhancing patient healthcare with mobile edge computing and 5G: challenges and solutions for secure online health tools. J Cloud Comput 2024; 13(1): 93.

40.

Ghadi

Mazhar

Shahzad

, et al. The role of blockchain to secure internet of medical things. Sci Rep 2024; 14(1): 18422.

41.

Mazhar

Irfan

Khan

, et al. Analysis of cyber security attacks and its solutions for the smart grid using machine learning and blockchain methods. Future Internet 2023; 15(2): 83.

42.

Dubey

Krishan

Mishra

, et al. Blockchain enabled RBAC system for enhancing security and privacy in healthcare. In: International Conference on Mathematics and Logics in Computer Science, Cham, Switzerland,Cham, 2025, pp.391–401. Springer Nature Switzerland.

43.

Tawfik

Al-Ahwal

Eldien

AST

, et al. Blockchain-based access control and privacy preservation in healthcare: a comprehensive survey. Cluster Comput 2025; 28(8). https://doi.org/10.1007/s10586-025-04965-0