Fine-grained Access Control for a Blockchain-based Healthcare System

Abstract

Large volumes of medical data (MD) are continuously generated by the healthcare domain. When sharing these data, issues arise regarding privacy and security. To solve these issues, a permissioned blockchain (BC) can be used, but since blockchains do not have access control (AC) as a default feature, the integration of an access control system (ACS) is necessary to ensure the confidentiality of the medical data. The main question that we aim to answer is: How can access control techniques (ACT) be incorporated into a BC-based medical data sharing system (MDSS)? To answer this question, we created an access control system (ACS), based on HyperLedger Fabric, after evaluating existing techniques, with the use of a set of questions, that were chosen specifically for this purpose. Our ACS uses a smart contract, called the Access Contract to restrict access, based on access levels and permission queries, which are stored in the state ledgers of HyperLedger Fabric's world state. The Access Contract defines the necessary transactions for an ACS, in which these variables are used. Our ACS satisfies more metric questions than the related works's average and is thus optimal. We found that AC can be incorporated into a BC-based MDSS, by utilizing smart contracts to define the needed transactions that use access levels and permission queries to restrict the access of users.