Edinburgh Napier University

  In recent years, the interest in using wireless communication technologies and mobile devices in the healthcare environment has increased. However, despite increased attention to the security of electronic health records, patient privacy is still at risk for data breaches. Thus, it is quite a challenge to involve an access control system especially if the patient’s medical data are accessible by users who have diverse privileges in different situations. Blockchain is a new technology that can be adopted for decentralized access control management issues. Nevertheless, different scalability, security, and privacy challenges affect this technology. To address these issues, we suggest a novel Decentralized Self-Management of data Access Control (DSMAC) system using a blockchain-based Self-Sovereign Identity (SSI) model for privacy-preserving medical data, empowering patients with mechanisms to preserve control over their personal information and allowing them to self-grant access rights to their medical data. DSMAC leverages smart contracts to conduct Role-based Access Control policies and adopts the implementation of decentralized identifiers and verifiable credentials to describe advanced access control techniques for emergency cases. Finally, by evaluating performance and comparing analyses with other schemes, DSMAC can satisfy the privacy requirements of medical systems in terms of privacy, scalability, and sustainability, and offers a new approach for emergency cases.