1 Introduction

The use of blockchain technology is gaining momentum in the field of health information technology systems. This innovative and distributed ledger technology is immutable and serves as a decentralized solution for data transactions. Blockchain technology was initially introduced and implemented through the Bitcoin cryptocurrency in 2008. Electronic medical records are an essential component of health care industry and its health information technology (HIT) systems, which play a critical role in modern-day life. However, the collection and sharing of medical data between various HIT systems pose significant security challenges due to the volume and sensitivity of the information. Storing such data in a conventional or traditional database is particularly difficult and not a trivial solution [1].

Blockchain technology, architected and designed to be secure, has the potential to address these security challenges. A key feature of a blockchain is that it is decentralized and distributed, meaning it is not controlled by a single entity and does not have a central point of failure. This makes it difficult for a single party to alter the data stored on the blockchain without the consensus of the network.

However, it is important to note that no technology is completely secure, and blockchains can still be vulnerable to attacks or other security breaches. The security of a blockchain depends on how it is implemented and used. It is important to carefully evaluate the security measures in place for any given blockchain and to use best practices when using and interacting with a blockchain.

In this paper, we present a novel and comprehensive approach to storing electronic medical records in the cloud using Amazon's blockchain technology. This approach offers a more secure and efficient storage solution that makes it easier for healthcare providers to access and retrieve patient records when needed in a secure manner. We opted to use the Hyperledger Fabric framework for our implementation. Additionally, our proposed solution introduces a simplified method for adding new network members and provides an extra layer of security through an abstracted layer.

The paper is structured to provide a comprehensive exploration of a cloud-based solution for secure and shareable healthcare data management using blockchain technology. It begins with an introduction that highlights the importance of addressing security challenges in healthcare data storage. The paper then proceeds to discuss the proposed system architecture, detailing the backend infrastructure components such as the Hyperledger blockchain network and AWS services. It also covers the role of various clients within the network. To complement the discussion of the backend, the paper includes a dedicated section on the front-end layer, focusing on how the system is presented to users and emphasizing the significance of user experience and interface design.

Responding to reviewer feedback, the paper incorporates a section dedicated to potential future enhancements and features. This section highlights the system's ability to evolve and adapt to future needs, providing a sense of direction for further development. It considers potential improvements and additional functionality that can be integrated into the system, enabling it to stay up-to-date and meet evolving requirements.

In the conclusion, the paper summarizes the key findings and contributions, emphasizing the significance of blockchain technology in addressing security and shareability concerns in healthcare data management. It reinforces the importance of the proposed solution and its potential impact on the healthcare industry. Finally, the paper concludes with a brief discussion of future enhancements and features, showcasing the forward-thinking approach of the research and the potential for continuous improvement and innovation in the system.

1.1 Overview of blockchain technology

Blockchain technology possesses four primary characteristics, namely decentralization, immutability, auditability & traceability, and data integrity. Unlike centralized systems, blockchain technology does not require a central authority to govern the data that is transmitted through it. Instead, it employs a range of consensus algorithms to determine whether the data is valid within a peer-to-peer network. Another key feature of blockchain technology is its inherent immutability, which ensures that once a record is accepted and stored on the blockchain, it cannot be removed because it is distributed across multiple nodes in the network. Lineage is facilitated by linking new blocks to previous ones using a hash of the previous block, forming a chain of blocks. Finally, every transaction on the blockchain is verified to the known root using a Merkle tree, enabling the data integrity of the blockchain to be validated [2].

There are three main types of blockchains: public, consortium, and private [2]. They vary based on the use case and the stored data in the network. Public blockchains are accessible to any member who wants to contribute to the consensus protocol [3]. Public blockchain networks are primarily used for cryptocurrencies like Bitcoin and Ethereum. Consortium blockchains, on the other hand, are partially centralized and limited to a selected group of members who have permission to access the data and contribute to the consensus protocol. Private blockchains are decentralized and distributed throughout the network, but they are managed by a central authority that determines which nodes can participate in the network [2]. Because blockchain technology can be used in various applications and domains, there is a lack of agreement regarding the distribution qualities and consensus mechanisms that must be present to classify the use of technology as a blockchain. There are many different blockchain frameworks and platforms that can be used on as standalone or integrated with each other to create decentralized systems. Some of the most well-known ones include Ethereum and Hyperledger, which can be leveraged to build new systems or establish new protocols.

2 Current applications and challenges

Blockchain technology has the potential to revolutionize the way we store, share, and use data in general and in medical data particularly. Blockchain technology has shown promising potential in healthcare, particularly in electronic medical records (EMR). By leveraging the secure and efficient nature of blockchain, EMRs can be easily shared among healthcare providers. Additionally, the use of smart contracts can automate various processes in healthcare. However, there are challenges in using blockchain, such as ensuring security, standardizing protocols, and addressing regulatory and legal issues.

There is a significant increase in the number of security breaches that impact millions of records daily, with medical records being a primary target due to their sensitivity and confidentiality. Using a permission blockchain for sharing electronic medical records can mitigate data privacy and security concerns [4].

In the past few years, numerous authors have delved into the potential of utilizing blockchain technology in the healthcare industry. By addressing the current challenges with electronic medical records such as growth of the data, shareability, accessibility and security, blockchain technology can bring significant value to the treatment process, provide remote access to patients' medical information in a secure manner, and ensure the protection of healthcare data privacy and sensitivity. Our research has focused on the use of blockchain technology for electronic medical records management in healthcare. While most research in this field is still theoretical, a few studies have discussed actual implementations of blockchain-based medical record systems. While blockchain technology holds great promise for healthcare, there are several challenges that must be addressed to realize its full potential. These challenges include interoperability, data privacy and security, scalability, adoption, and cost. Addressing these challenges will require collaboration between stakeholders, including healthcare providers, patients, regulators, and technology providers.

2.1 Related work

Sukhpal Gill [5] has suggested a conceptual model that combines emerging paradigms like edge computing, Serverless computing, quantum computing, and blockchain to deliver cloud services. This model provides a computational platform that covers devices at the IoT, management, and service layers. The management layer oversees resources and interacts with IoT devices, while the service layer performs raw computational functions under the Serverless Function as a Service (FaaS) abstraction.

Asma Khatoon [6] explores the use of blockchain-based smart contracts in healthcare management. She presents a healthcare management system that utilizes smart contracts and blockchain technology, showcasing the potential of decentralization in the medical field. The system offers additional benefits such as lower transaction costs, decreased administrative workloads, and the removal of intermediaries, in addition to utilizing blockchain technology.

Bhati et al. [7] have proposed utilizing blockchain technology in the medical industry, particularly for the management of electronic health records (EHR). The main of the analysis is to make EHR more accessible and relevant to consumers by leveraging blockchain technology. The proposed system ensures the security of electronic health records by implementing granular access rules. Additionally, the proposed solution offers a secure and adaptable blockchain-based architecture for EHR by utilizing an off-chain repository of records to tackle the scalability challenges frequently encountered by blockchain technology. This approach effectively resolves the scalability issue and enables the system to be versatile and necessary.

Gordon and Catalini [8] categorized the different elements of blockchain-based healthcare advancements into several layers, such as data sources, blockchain technology, healthcare applications, and stakeholders. Their study evaluated the use of blockchain in healthcare and found that it has the potential to transfer control of healthcare data sharing from institutions to patients by providing digital access rights, enabling patient identification across the network, managing vast amounts of healthcare data, and ensuring data immutability.

Daraghmi and colleagues [9] created a blockchain platform to manage medical data and enhance existing systems by offering reliable and secure access to health records for patients, healthcare providers, and individuals who prioritize patient confidentiality. This platform implemented time-based smart contracts to oversee transactions and regulate electronic medical data, while utilizing advanced encryption techniques to enhance security measures. Moreover, the authors suggested an incentive mechanism that would encourage healthcare providers to maintain medical records and generate new blocks. This platform is named MedChain.

Daisuke et al. [10] concentrated on utilizing the Hyperledger Fabric blockchain platform to manage medical records. Their objective was to transfer the accumulated medical data, obtained via smartphones, to the Hyperledger blockchain network to ensure that healthcare data was securely recorded on the blockchain.

Houtan et al. [11] explored the potential of blockchain-based self-sovereignty and advanced inpatient data records in the healthcare industry. Their goal was to evaluate the viability of implementing blockchain technology for managing patient data and identity. By recognizing blockchain as a decentralized distribution technology, the authors explored the possibility of giving patients power over their data and self-determination as a means of empowering them to access it. The focus was on developing solutions that aimed to digitize electronic health records (EHR) and patient health records (PHR), which store critical patient information such as notes from doctors and radiologists.

Rouhani et al. [12] presented a solution to overcome the shortcomings of permission-based and permissionless blockchain systems. They employed the Hyperledger platform to govern healthcare information under the patient's control.

In [13], Anuraag et al. explored the potential of blockchain for effectively managing healthcare information. They conducted a comprehensive literature review of various studies and primarily discussed the advantages and disadvantages of implementing blockchain technology in healthcare, without presenting any empirical evidence or evaluating any system. They inferred that blockchain could be an appropriate solution for securely and privately managing health records on cloud-based systems.

Shi et al. [14] conducted research by reviewing literature on suggested blockchain approaches for electronic health record (EHR) systems. In the process, they acquired knowledge about the fundamental principles of EHR systems and blockchain technology and assessed the feasibility of implementing blockchain in EHR systems. Furthermore, they recognized dissimilarities in the difficulties and prospects associated with this endeavor.

Vora et al. [15] has investigated the recurring problem of personal information breaches, such as name and address, in the healthcare sector. They put forward the idea of utilizing blockchain technology to handle electronic health records and conducted an assessment of the system's effectiveness in meeting the requirements of patients, medical facilities, and other health care providers.

Litchfield et al. [16] addressed the challenges related to healthcare data security and privacy and suggested blockchain as a viable solution. Additionally, they conducted a survey to gain insights into healthcare-related concerns.

Philippe et al. [17] proposed blockchain technology as a secure and dependable option for managing healthcare data in e-health domain, effectively tackling concerns surrounding data privacy and security. They explored the difficulties associated with handling personal data in the digital realm, where healthcare information must conform to multiple regulations while remaining accessible to authorized healthcare personnel. Despite being commonly associated with Bitcoin, the author highlighted the potential of blockchain technology and its capabilities for managing patents’ consent in the healthcare sector, as evidenced by a case study.

Zhang et al. [18] conducted an analysis of the potential of blockchain and smart contracts in resolving various healthcare problems. Their study delved into the application of blockchain technology in addressing different healthcare needs and identified the challenges that come with implementing blockchain technology. The researchers emphasized that developing solutions based on blockchain technology can lead to more efficient resolutions of healthcare issues.

Jamil et al. [19] explored the challenges related to drug regulation and recommended the use of blockchain to standardize drugs. They highlighted the issue of detecting counterfeit drugs and proposed that blockchain could be a possible solution to address this problem.

Lee et al. [20] explored the potential of combining blockchain technology and microscopic sensors to develop a fingernail analysis management system. The microscopic sensors were utilized to capture distinct nail images, and a deep neural network was applied to analyze the images. To ensure user data security and privacy, the researchers implemented blockchain technology, which allowed for the tracking and recording of any modifications made to the system using the ledger.

Kumar et al. [21] explored the various applications of blockchain technology in healthcare systems. While acknowledging the challenges and obstacles that come with integrating this technology. They also proposed the use of smart contracts in a blockchain-based medical system as a potential solution to address some of these challenges.

Agbo et al. [22] conducted an extensive study of existing research on the use of blockchain technology in healthcare. By analyzing 65 papers, they aimed to answer their research question and concluded that blockchain has potential in various healthcare applications, including drug supply chain management, biomedical research, and electronic health record management. However, the researchers also highlighted the need for a deeper understanding of how blockchain technology can address the challenges faced by the healthcare industry.

In [23], Sharma et al. developed an Electronic Health Record (EHR) upgrade framework that utilizes blockchain technology to ensure the security and confidentiality of EHRs. By implementing blockchain technology, the framework enabled control over data access through its cryptographic methods and decentralized structure, while also balancing information security and openness. The authors aimed to tackle the issues related to security and privacy and data sensitivity in the realm of electronic health.

Siyal et al. [24] explored the benefits of utilizing blockchain technology and smart contracts in the healthcare industry, with the goal of streamlining the process. They emphasized the significance of effectively managing healthcare records with the argument put forth that blockchain technology could potentially decrease losses and prevent data fabrication through secure storage of information on the ledger.

Khezr et al. [25] explored the difficulties faced by the healthcare management system and examined how blockchain technology could address these challenges. They conducted a thorough analysis of previous studies on healthcare using distributed ledger technology and suggested potential applications for blockchain in the medical field. Additionally, they put forward a plan for an IoMT delivery system that utilizes networking protocols.

Jaiman et al. [26] presented a consent model that utilizes blockchain technology for exchanging health information. The proposed model employs smart contracts to obtain individual consent for accessing health data, enabling data seekers to view and access the information. To facilitate this, the authors devised a dynamic correspondence model that comprises two ontologies: the DUO data usage ontology, which models individual user consent, and the Access and Automatic Recognition Matrix (ADA-M), which deals with data requester queries. The model was implemented on the Ethereum blockchain and evaluated in multiple data exchange scenarios. The authors contend that this personalized consent model for health data exchange platforms takes into account individual preferences.

Zhang et al. [27] presented a proposal for a book chapter that aims to examine the different applications of blockchain in the field of healthcare. They highlight the importance of blockchain technology in healthcare and how it can potentially lead to the development of more effective healthcare solutions.

Wu et al. [28] conducted a literature review on healthcare management systems, proposed two algorithms to improve network security, recommended the implementation of a distributed system for managing healthcare data, and stressed the importance of regulations governing the handling of such data.

Shen et al. [29] introduced a system called MedChain, which utilizes blockchain and peer-to-peer networks to facilitate the sharing of medical data. MedChain was specifically designed to manage healthcare data generated from medical exams, as well as patient data collected from IoT sensors and mobile applications.

2.2 Blockchain technology limitations

Blockchain faces two significant challenges when it comes to storing large amounts of information: scalability and privacy. The data stored on the blockchain is visible to all authorized users, which can be a concern for healthcare organizations that need to keep sensitive patient information confidential. Additionally, storing a patient's entire medical history, records, visits, lab results, and other reports on the blockchain can put a lot of strain on its storage capacity [30].

Many people still don't fully understand blockchain technology, as it is a relatively new and constantly evolving field. This lack of awareness and understanding can make it challenging to adopt blockchain in healthcare. Furthermore, transitioning from traditional EHR systems to blockchain would require a significant effort, as clinics and healthcare organizations need to adapt their systems to use this new technology.

Because blockchain technology is still new and rapidly developing, there are no established standards for it. This means that implementing it in the healthcare industry requires additional time and effort. To ensure that blockchain is used effectively and safely, international authorities need to create standardized guidelines to help with the normalization process of this technology.

3 Proposed solution

The system architecture diagram presented in “Fig. 1” illustrates the utilization of a Hyperledger blockchain network for storing and managing medical records. The network comprises different members, each equipped with their own client application, enabling them to interact with the blockchain and retrieve the medical records stored within. There are multiple implementation of the blockchain network using different cloud providers and the use of custom installation of blockchain and the clients.

Fig. 1
figure 1

System architecture diagram

Arvind et al. [30] implemented a solution using IBM could and Kubernetes container. Our proposed solution uses Amazon Web Services and the serverless concepts this gives us the ability to not pay only idle resources and the ability to scale up and down based on the traffic. It provides a significant performance results as we will see in the results section.

Within the Hyperledger blockchain network, the system assigns different roles and permissions to its members to ensure proper management and access to medical records.

Member A, representing a patient, is granted the privilege to access and view only their own personal medical record. Additionally, they have the authority to update their address information, allowing them to keep their contact details up to date.

Member B, which represents a healthcare facility, possesses more extensive permissions. They have the authority to create and update comprehensive medical records for one or more patients. This includes the ability to input and modify various aspects of the patients' records, such as medical history, diagnoses, treatments, and test results. Furthermore, Member B can also add patient admission details, including relevant dates and procedures.

Member C, an enforcement agency, has a specific role within the network. Their primary responsibility is to request and retrieve authentic medical records for investigative purposes. This enables them to access relevant patient information when conducting investigations or legal proceedings. However, their access is limited to retrieving records and does not extend to modifying or altering any information within the records.

By assigning specific roles and permissions to each member, the Hyperledger blockchain network ensures that only authorized individuals or entities can perform actions related to medical records. This helps maintain the privacy, security, and integrity of the data stored within the network, while allowing appropriate access for different stakeholders. Ensuring the security and integrity of the Hyperledger blockchain network is of utmost importance, and it requires the implementation of robust measures to control network access and regulate actions performed on the blockchain. To achieve this, two fundamental processes come into play: authentication and authorization.

Authentication is the process of verifying the identities of users or devices seeking access to the network. It ensures that only authenticated entities are granted entry. This verification can involve various methods such as username/password authentication, digital certificates, or biometric identification. By validating user or device identities, the network can establish trust and ascertain the legitimacy of participants.

Authorization, on the other hand, determines the specific actions or operations that authenticated users or devices are permitted to undertake within the network. It defines the boundaries of their access and specifies the level of control they have over the blockchain. Authorization can be based on predefined roles, permissions, or access control lists. By enforcing authorization policies, the network ensures that only authorized actions are carried out, preventing unauthorized modifications or breaches.

These authentication and authorization measures are integrated into the client applications utilized by network members. The client applications are responsible for validating user identities through appropriate authentication mechanisms and verifying their authorization status. This validation process occurs before granting access to the blockchain network. By leveraging the authentication and authorization functionalities within the client applications, the network guarantees that only authenticated and authorized users can access the network resources and perform actions on the blockchain.

In the paper, while the focus is primarily on the backend infrastructure of the blockchain-based medical record system, it is essential to recognize the significance of the front-end layer in presenting the system to users and facilitating their interaction with it. The front-end layer serves as the user interface, enabling users to access and utilize the functionalities of the system.

The front-end layer can be implemented through various user interface components such as web applications or mobile apps, providing users with a familiar and intuitive interface. It is crucial to design the front-end layer to be user-friendly, visually appealing, and responsive to ensure a positive user experience.

One key aspect of the front-end layer is user authentication and registration. This allows users to securely access the system by verifying their identities through credentials, such as usernames and passwords, or other authentication methods like biometrics. By implementing robust authentication mechanisms, the front-end layer helps ensure that only authorized users can access the system and interact with medical records.

Once authenticated, users can utilize the system's features and functionalities. These can include searching and retrieving medical records, updating personal information, viewing data visualizations or reports, and communicating with healthcare professionals or other users within the system. The front-end layer should provide an intuitive and seamless interface for users to perform these actions efficiently.

Furthermore, the front-end layer should prioritize user privacy and data security. This can be achieved through measures such as data encryption during transmission between the client application and the backend infrastructure. User interfaces should also adhere to best practices in secure development to prevent common vulnerabilities, ensuring the protection of sensitive user information.

Design considerations for the front-end layer should also account for the diverse user base of the system. Different user roles, such as patients, healthcare professionals, and enforcement agencies, may have distinct needs and permissions within the system. Role-based access control can be implemented to enforce appropriate access levels and restrictions, ensuring that users can only perform actions for which they have authorization.

In summary, the front-end layer of the blockchain-based medical record system plays a crucial role in presenting the system to users and facilitating their interaction with it. By providing a user-friendly interface, implementing robust authentication mechanisms, offering comprehensive features and functionalities, and prioritizing user privacy and data security, the front-end layer contributes to the overall success and usability of the system.

3.1 Implementation

The architectural diagram in “Fig. 1”, shows the infrastructure of our framework. The framework is divided into four main layers:

  1. 1.

    The blockchain network: contains of the Fabric ordering service and one or more members

    1. a.

      The ordering service ensures transactions have been endorsed properly by the designated member peer nodes and produces new blocks of transactions in a deterministic order, broadcasting them to each peer to be recorded in distributed ledgers.

    2. b.

      Each member in the consortium has its own certificate authority for managing the identities of those who are authorized to access the network and peer nodes that endorse transactions and store blockchain data. To ensure high availability and support failover the peer nodes are provisioned in separate availability zones. This infrastructure is managed by AWS and accessed by each member over a VPC endpoint using AWS Private Link to ensure security and protect the network.

  2. 2.

    The identity service: service using Amazon Cognito to support the authentication (AuthN) and authorization (AuthZ) of the application user who tries to access the blockchain network via the client application. It is responsible for the Role Based Access Control (RBAC) mapping for application users.

  3. 3.

    The authorization and client layer: To increase security and abstraction, we have added an additional layer that allows users to interact with the blockchain using the HTTPS protocol. The smart contract (chaincode) level should handle most of the shared business logic among consortium members, while the client layer will interact with the chaincode through AWS Lambda functions. These functions have access to the network through a private VPC link and Amazon Identity Access Management Service, and the tokens required to access the network are stored in Amazon Secret Manager. Each Lambda can only access the token for its assigned member, which is controlled by IAM. In front of the Lambda functions, we use AWS API Gateway to make them accessible through HTTPS protocol. This API layer authenticates users against the identity service before allowing them to invoke the service. Once the request is received by the Lambda function from API Gateway, the user is authenticated and authorized to retrieve their secrets from AWS Secret Manager, after which the Lambda function can invoke the chaincode on behalf of the user.

  4. 4.

    The frontend layer: that allows our end users to interact with our system via a browser.

The solution described above reduces the operational overhead to maintain the infrastructure and decouples the application business layer from the underlying Hyperledger network. In addition, the serverless design supports scalability to handle large volume of transactions and no need to pay for idle resources, thus enabling high cost-optimization. It’s also secure as the blockchain networks are not accessible outside the VPC. Only authorized Lambda functions can access the network by retrieving the assigned tokens once a user is authorized. Denial of service attacks are handled by enabling throttling on the API Gateway layer to make sure that unexpected traffic is blocked.

Roles and permissions descriptions:

  • Admin:

    • Has full access to all users and system resources.

  • Medical Facility:

    • Create, read, and update patient medical records.

    • Create, read, and update patient visits.

    • Grant and revoke access to enforcement authority for a given patient record.

  • Patient:

    • Read their own personal information.

    • Update address or phone number for their record.

  • Enforcement Authority:

    • Read patient visits history.

4 Results and discussions

Our proposed solution consists of four distinct client access points, or endpoints, each offering a different level of access. The four endpoints are:

  • Admin Users at admin. < url > .com

  • Medical Facility Users at medical. < url > .com

  • Patient Users at patient. < url > .com

  • Enforcement Users at enforcement. < url > .com

This design allows for the addition of extra security measures, as needed. For instance, the admin endpoint could be restricted to access only from within a secure intranet, rather than being accessible from the internet.

4.1 Admin client

Only administrators can add new users or members to the network:

  • The lambda function has been granted permission to access the admin password stored in AWS Secrets Manager, which is exclusively for this lambda, through IAM. If the lambda doesn't have access to the admin password, an access denied error will be displayed and recorded in the logs.

  • User identity and authorization to access the resource will be verified through Amazon Cognito by using their own username and password. This serves as the first line of security.

4.1.1 Experiment 1: create new member

The HTTP request is composed of the following components:

  • URL: admin. < url > .com/members

  • HTTP Method: POST

  • Payload: {“memberName”: “new-member-01”, “certificate-authority”: “file location on s3”}

The experiment used the request above with three different use cases as follow:

  • Valid user with write access:

    • Username: admin-read-write

    • Results:

      • Http Response Code: 200

      • Http Response: {“member-id”: “m-ksq47y4se”}

  • Valid user with read only permission:

    • Username: admin-read-only

    • Results:

      • HTTP Response Code: 403

      • HTTP Response: Not Authorized

  • Invalid user not in the admin group

    • Username: facility-01

    • Results:

      • HTTP Response Code: 403

      • HTTP Response: Not Authorized

4.1.2 Experiment 2: list existing member(s)

In this experiment we covered listing existing members by trying the list members endpoint using Get method and the http request is composed of the following components:

  • URL: admin. < url > .com/members

  • Http Method: GET

  • Payload: none

The experiment used the request above with three different use cases as follow:

  • Valid user with write access:

    • Username: admin-read-write

    • Results:

      • Http Response Code: 200

      • Http Response: [{“member-id”: “m-1”}, {“member-id”: “m-2”},{“member-id”: “m-3”}]

  • Valid user with read only permission:

    • Username: admin-read-only

    • Results:

      • Http Response Code: 200

      • Http Response: [{“member-id”: “m-1”}, {“member-id”: “m-2”},{“member-id”: “m-3”}]

  • Invalid user not in the admin group

    • Username: facility-01

    • Results:

      • HTTP Response Code: 403

  • HTTP Response: Not Authorized

4.2 Medical facility can create electronic health records

This lambda function has been authorized by the client to:

  • Access the medical facility VPC endpoint through IAM.

  • Access the public/private access secrets that are managed and controlled through IAM.

  • This lambda function does not have access to any other VPC endpoints or the administrator password.

  • The blockchain will revoke any administrator operations if all other layers are bypassed, with the certificate authority for this member permitting both read and write operations.

4.2.1 Experiment 3: create patient

The HTTP request is composed of the following components:

  • URL: facility. < url > .com/patients

  • Http Method: POST

  • Payload: { “name”: “John Smith”, “gender”: “M”, “nationalId”: “4,749,123,238,763”, …}

The experiment used the request above with three different use cases as follow:

  • Valid user with write access:

    • Username: facility-01-read-write

    • Results:

      • Http Response Code: 200

      • Http Response: {“id”: “123”, “version”: “0”, …}

  • Valid user with read only permission:

    • Username: facility-01-read-only

    • Results:

      • HTTP Response Code: 403

      • HTTP Response: Not Authorized

  • Patient user not in the facility group:

    • Username: patients-01

    • Results:

  • HTTP Response Code: 403

  • HTTP Response: Not Authorized

  • Admin user not in the facility group:

    • Username: admin-read-write

    • Results:

      • HTTP Response Code: 403

      • HTTP Response: Not Authorized

4.2.2 Experiment 4: view patient personal record

In this experiment we covered listing existing members by trying the list members endpoint using Get method and the http request is composed of the following components:

  • URL: facility. < url > .com/members

  • Http Method: GET

  • Payload: none

The experiment used the request above with four different use cases as follow:

  • Valid user with write access:

    • Username: facility-01-read-write

    • Results:

      • Http Response Code: 200

      • Http Response: {“id”: “12”, “version”: “0”, …}

  • Valid user with read only permission:

    • Username: facility-01-read-only

    • Results:

      • Http Response Code: 200

      • Http Response: {“id”: “12”, “version”: “0”, …}

  • Valid patient user but not in the facility group and trying to access the record from the facility client endpoint:

    • Username: johnsmith-u1

    • Results:

      • HTTP Response Code: 403

      • HTTP Response: Not Authorized

  • Valid admin user not in the facility group:

    • Username: admin-read-write

    • Results:

      • HTTP Response Code: 403

      • HTTP Response: Not Authorized

4.3 Enforcement authority users cannot modify records

This lambda function is only client authorized to:

  • Access the enforcement authority member VPC endpoint via IAM.

  • Access to the public/private access secrets stored in the secret manager controlled via IAM.

This lambda function doesn’t have access to any other VPC endpoints or other secrets such as the administrator, the medical facility, or the patient endpoints. The Certificate Authority for this member allows only read operations and any write operations will be revoked if all other layers are bypassed. The authorization rules for this client are controlled via role-based mapping for given patient, and the authorization layer validates the correct mapping. If the enforcement authority hasn’t been explicitly granted access to a patient, the identity service will return a not authorized error message and will not invoke the blockchain network.

4.4 Medical patients can update their address or phone number

This lambda function is only client authorized to:

  • Access the patient member VPC endpoint via IAM.

  • Access to the public/private access secrets stored in the secret manager controlled via IAM.

  • This lambda function doesn’t have access to any other VPC endpoints or other secrets such as the administrator or the medical facility.

  • The Certificate Authority for this member allows only read operations and any write operations will be revoked if all other layers are bypassed.

4.5 Blockchain network is not accessible outside of the VPC

The blockchain is accessible via VPC endpoint. By default, this endpoint is not accessible via the internet, and this gives us an ability to allow the traffic only with the VPC. In addition to those other services requires an explicit access roles within the IAM policies. In this solution we only allow the four clients listed earlier to access the network.

4.6 Performance analysis

After executing and verifying all the security experiments. We have simulated the performance on this network for a medical facility. As the solution provides four different operations for a patient, we wanted to cover a mix of the four operation for a normal day. Using Gatling open source library we wrote a script that an experiment starting with 10 concurrent users and ramping up the users up to 2000 in 100 s to have up 20 concurrent users for a given operation. The experiment took a total of 3 m 56 s. All request passed with up to 33 concurrent users per second (refer Table 1).

Table 1 Performance results

While executing the performance test, it was important for us to track the memory and CPU utilization of the peer node to make sure that the instance is healthy and can handle the load as presented in “Figs. 2 and 3”. The results shows that the proposed is well performing and can handle the load for real life scenarios. This solution is unique as it leverages Amazon Web Services serverless which supports scaling up and down based on the volume for the http client layer.

Fig. 2
figure 2

Peer Node Memory Utilization

Fig. 3
figure 3

Peer Node CPU Utilization

4.7 Challenges and limitations

While the proposed cloud-based solution for secure and shareable healthcare data management using blockchain technology offers numerous benefits, it is important to acknowledge and address the potential challenges and limitations associated with its implementation. This section delves into some of these challenges, including regulatory concerns, data migration issues, and the adoption of the system by various entities.

4.7.1 Regulatory compliance

One significant challenge is ensuring compliance with regulatory frameworks governing healthcare data, such as HIPAA or GDPR. These regulations impose strict requirements on data privacy, security, and access control. Implementing the proposed framework must align with these regulations, requiring thorough understanding and integration of compliance measures. Adhering to the necessary regulations while leveraging the benefits of blockchain technology can be a complex task that requires careful planning and robust security measures.

4.7.2 Data migration

The migration of existing healthcare records to the blockchain-based system can present technical and logistical challenges. Healthcare organizations typically possess vast amounts of legacy data stored in different formats and systems. Ensuring a seamless and accurate transfer of data to the new system while maintaining data integrity and security requires careful planning, data cleansing, and validation processes. Moreover, the migration process should not disrupt the ongoing operations and services provided by healthcare organizations, adding further complexity to the task.

4.7.3 Adoption and interoperability

The successful adoption of the proposed system relies on the active participation and collaboration of various entities within the healthcare ecosystem, including healthcare facilities, enforcement agencies, and patients themselves. Encouraging these entities to embrace the new system may face resistance to change, particularly if they have invested heavily in existing infrastructure and processes. Interoperability challenges may arise when integrating the blockchain-based system with legacy systems and databases, potentially requiring the development of standardized interfaces or data exchange protocols.

4.7.4 Security and scalability

As with any technological solution, ensuring robust security measures is crucial. Blockchain technology itself is known for its security advantages, but the implementation and configuration of the system must be designed with best practices in mind to prevent vulnerabilities. Additionally, as the system grows and more healthcare entities join the network, scalability becomes a concern. Ensuring the system can handle the increasing volume of data and transactions without compromising performance or introducing bottlenecks requires careful design and monitoring.

4.7.5 Cost and resources

Implementing and maintaining a blockchain-based system for healthcare data management can involve significant costs, including infrastructure, development, and ongoing operational expenses. Moreover, the deployment of such a system may require skilled personnel with expertise in blockchain technology, security, and data management. The availability of necessary resources, both financial and human, should be carefully considered to ensure the sustainability of the system.

By acknowledging these challenges and limitations, stakeholders can proactively address them during the planning and implementation phases, improving the chances of successful adoption and deployment of the proposed cloud-based solution.

5 Conclusion

The usage of blockchain technology is rapidly expanding across multiple fields, not just in cryptocurrency or financial sectors. This expansion has helped researchers to address and overcome blockchain challenges such as performance, cost, implementation, and additional security requirements. Therefore, we analyzed various solutions and implementations of blockchain in healthcare. By leveraging multiple services provided by AWS and its cloud service, we implemented a novel solution that enables easy integration and future data services necessary for analyzing patient data. In this paper, we propose a novel cloud-based solution for measuring the security and shareability of patients' data on the AWS cloud. With our implementation, the security challenges related to healthcare data storage and access via blockchain have been addressed and improved. We measured our results by providing an authorization matrix and verified the expected outcomes by building scripts to validate and verify the matrix.

6 Future enhancements and features

As the proposed system aims to address the challenges in healthcare data storage and access using blockchain technology, it is important to consider potential future enhancements and features that can further improve the system's functionality, scalability, and security. This section discusses several areas of potential development and expansion, showcasing the system's ability to evolve and adapt to future needs.

6.1 Integration of artificial intelligence and machine learning

One promising avenue for future enhancement is the integration of artificial intelligence (AI) and machine learning (ML) algorithms into the system. By leveraging AI and ML techniques, the system can analyze vast amounts of medical data and provide personalized recommendations, predictive insights, or decision support tools for healthcare professionals. This can enable more accurate diagnoses, personalized treatment plans, and improved patient outcomes.

6.2 Interoperability with other healthcare systems

To enhance collaboration and data exchange among different healthcare providers, the system can be extended to incorporate interoperability with other healthcare systems or electronic health record (EHR) platforms. By establishing seamless integration and standardized data formats, healthcare professionals can access and share patient data across different entities, ensuring continuity of care and facilitating comprehensive medical record management.

6.3 Advanced consensus mechanisms and privacy-preserving techniques

As blockchain technology continues to evolve, it is important to explore advanced consensus mechanisms and privacy-preserving techniques to address scalability and privacy concerns. For example, integrating more efficient consensus algorithms like Proof-of-Stake (PoS) or Practical Byzantine Fault Tolerance (PBFT) can improve the system's scalability and transaction throughput. Additionally, the adoption of privacy-preserving techniques such as zero-knowledge proofs or secure multi-party computation can ensure sensitive patient data remains confidential while still enabling data sharing and analysis.

6.4 Enhanced security measures

To bolster the system's security, future enhancements can focus on implementing additional security measures. This could include multi-factor authentication for user access, advanced encryption techniques for data protection, and robust auditing mechanisms to track and monitor data access and modifications. Continuous vulnerability assessments and regular security updates should also be integrated to address emerging threats and ensure the system remains resilient against evolving cybersecurity risks.

6.5 Integration of emerging technologies

Exploring the integration of emerging technologies can further enhance the system's capabilities. For instance, the integration of Internet of Things (IoT) devices can enable real-time data collection and monitoring of patients' vital signs, facilitating remote patient monitoring and proactive healthcare interventions. Similarly, the adoption of blockchain-compatible smart contracts can automate and enforce healthcare agreements, such as consent management or insurance claims processing, ensuring transparency, trust, and efficiency in healthcare transactions.

6.6 Scalability and performance optimization

As the system scales to accommodate a larger user base and increased data volume, efforts can be directed towards optimizing scalability and performance. This could involve implementing sharding techniques to partition the blockchain and distribute the workload across multiple nodes, adopting off-chain storage solutions for non-critical data, or utilizing cloud-based infrastructure to dynamically scale resources based on demand.

By including a discussion on potential future enhancements and features, the paper highlights the system's capacity for growth and adaptation. It demonstrates a forward-thinking approach, encouraging further research and innovation in the field of blockchain-based healthcare systems. The outlined directions provide valuable insights and possibilities for future development, ensuring the system remains relevant and effective in addressing the evolving needs of healthcare data management.