A Secure Architecture for Interoperable Personal Health Records (PHR) Based on Blockchain and FHIR

Patients need different information for routine checkups and have to manage their health records in form of PHRs for quality healthcare provision. PHRs have potential to enable patients play active role to access self-care facilities of the 21st century [1]. Online knowledge resources empower patients and paradigm shift is seen making them primary owners and managers of their health data instead of large healthcare providers. Consequently, this would lead towards improved health outcome by enhancing communication between healthcare providers and a patient to be more responsible. The outcomes would be of significant value for patients especially in chronic illness management with primary care providers [2]. Some improvements are observed in the chronic diseases, such as diabetic management in the study, by the usage of PHRs along with other interventions. Initiative of the United States in enabling transformation of Electronic Health Records (EHRs) and PHRs into explainable information is important. It leads us to look into relevant products to maximize the clinical value of these tools. There is increasing interest in the digitization of EHRs but barriers are mainly centered on healthcare providers [3]. There is need for active engagement of patients managing their digital health information and to investigate the usage of PHRs. The paper [3] proposed Trustable social contractual model, which emphasizes the need of perceived benefits versus perceived privacy control of using PHRs. Trust belief is crucial for the adoption of PHR as it would win the patients who have perceived benefits and privacy concerns. In the paper [4], authors emphasize on preserving confidentiality of the patient's data. Patients put it as major concern for adoption of the PHR. The users trust on security and confidentiality is related to storage and transmission of their data. These concerns become more relevant when the PHR vendors are not in compliance with Health Insurance Portability and Accountability Act (HIPAA). According to the authors, users’ concerns for privacy and security become major hindrance in the adoption and interoperability of PHR for sharing accross multiple systems.

Therefore, there is need to design a PHR [5] system with privacy and security on top of interoperability to address users' main concerns to improve the adoption. The goal of this paper is to propose a system to allow secure sharing of PHRs among different hospitals, physicians and insurance agencies. The available systems are inadequate in medical records sharing as they lack security and interoperability infrastructure. Our proposition is aimed to provide a trusted system, which facilitates PHRs or EHRs sharing between different health service providers with the consent of the patients. The framework proposed would be built on top of two technologies, namely; block-chain and HL7 FHIR standard.

Blockchain is an immutable, oftentimes open, distributed ledger between parties and provides a secure channel for transaction, exchanging data using smart contracts [6-8]. Block-chain mechanism would ensure EHRs are handled in decentralized manner ensuring its security and privacy Blockchain manages confidentiality, authenticity as well as the data-sharing mechanism in a sophisticated manner [9]. Block-chain can be used to improve Healthcare applications to store health records clinical trial data for insurance claims. Block-chain is transforming the health care system by improving secure access of the patient information [10-11]. HL7 is a standards body to exchange health care data electronically. The FHIR has common representation of data and metadata.

The paper is structured further, where section 2, compares the existing solutions in the ‘Literature Review’ and align the gaps with our proposed approach. Section 3 elaborates the proposed system defining users in terms of; patients, doctors, hospitals/clinics and insurance companies. It outlines non-functional requirements and the system architecture. Section 4, evaluates the proposed system with respect to its functional design. Section 5 concludes with the future research directions.

Researchers [12] suggested a mechanism for storing the data of health records in wearable devices based on blockchain technology, which provides privacy for the patient. In the proposed model, patients’ health records are encrypted using both private and public keys. During normal scenarios, patients’ biometric signatures are used as the private key. In emergency cases, the public/private key combinations are used for decryption. Architecture is designed to support security and interoperability. The fragmented data is stored in nodes. However, when users ask for a transaction a verification process is activated to verify the user identity. This checks if there are any malicious activities carried out on the data. Additionally, it keeps monitoring the users to protect the system from any suspicious actions. This paper focused on heterogeneous data, especially in storing health records using blockchain on cloud storage [13]. Blockchain platform are used to store, manage and retrieve huge amounts of data securely and accurately. Their system architecture is built as a decentralized and distributed network. Esposito et al. [14] elaborated the transition in the health sector, particularly with the emergence of cloud storage for storing patients’ data electronically. Blockchain is used to provide security for patient records. Patients get the provision to access their data at all times. Single point of failure is avoided and data is stored in a secure and efficient method. Ethereum permission less programmable mechanism in block-chain is open source and allows the user to create as well as execute the code involving arbitrary algorithms [15]. DApps (decentralized applications) are developed using Ethereum facility. It is fairly complex with different capabilities to perform arbitrary operations to develop DApps.. Ethereum virtual machine accounts are created and controlled with the help of private key of the user. Hyperledger is also available as open-source to develop permissioned blockchains applications. This hyperledger is the 1st programmable framework for Blockchain system and users can to execute distributed applications independent of native cryptocurrency.

Uddin et al. [16] gave a system to share health data based on blockchain technology. In a blockchain network, some nodes called miners are responsible for calculating the hash value for blocks. In their proposed system, one miner is to be selected by the user based on the same parameters (e.g., miner quality), instead of multiple miners. The proposed architecture considers that every patient has to have a wearable device that is used to retrieve health-related information. However, there is a lack of details concerning the block validation process and authentication protocols. Zhang et al. [17] observed a huge improvement in terms of storing patient health records, which started with a manual system and transformed into a digital system. There are two types of blockchain on which the proposed system relied which are; private and consortium. Private blockchain network keeps the health records data, while the consortium blockchain is used to create the secure data indexes which is stored in the private blockchain. The proposed platform stores and manages huge healthcare data with ease and accuracy and also provides security for the stored data. Azaria et al. [6] studied the need to convert manual health records to digital health records. The focus was on inherent security and protecting the privacy of PHRs. The system achieves authentication, confidentiality and accountability for the required data sharing by using blockchain. The stakeholder and service provider are considered as minors who are responsible for validating any new block or modification. The proposed system requires permission to serve in a secure channel. It securely decentralizes medical records. Dubovitskaya et al. [18] observed that data on health records are sensitive and critical which needs an appropriate mechanism to share among different stakeholders. The focus for this model was cancer patients. The system architecture contains various nodes, database storages and Application Programming Interfaces (APIs). It provides high privacy for the health records of patients by two databases local and cloud based. Cancer-related data is found in the local database, where, categorical data resides in the cloud. Different databases contain both the data which is encrypted with symmetric key pairs varying from patient to patient.

Zhou et al. [19] proposed a system that serves the data stored by insurance companies. The proposed system uses blockchain to provide privacy and reliability to the stakeholders. This framework is for the users/givers of healthcare facilities; patients, emergency units and insurance agents. This architecture contains three layers for; users, system management and storage. The user layer is the interface of the system to users providing various services. The second layer is an essential part of the framework which consists of rules and connections to achieve the transaction successfully. The third layer is for patient data stored in the cloud. Blockchain has a pivotal role to secure the system from any attack or malicious activities. Fan et al. [20] also use blockchain in decentralizing and securing data. Researchers in [21] proposed a blockchain-based framework for interoperable EHRs that address secure data storage, credibility and management issues. It emphasizes the importance of compliance with national and international EHR standards such as HIPAA and HL7. The framework aims to enhance the security and user control of stored records without relying on centralized storage. Lee et al. [22] developed blockchain architecture for PHR exchange. It ensures confidentiality, integrity and availability of health records. It uses Health Level 7 Fast Healthcare Interoperability Resource (HL7 FHIR) standards for exchanges. The platform allows users to upload, view and, authorize exchanges of their PHRs. It enhances patient self-management and reduces healthcare infrastructure burdens. Gohar et al. [23] presents a block-chain based system for secure/efficient management of health records. It focuses on data integrity and patient privacy. It highlights the potential of blockchain to enhance the security and interoperability of health data. It provides a detailed analysis of various blockchain frameworks and their applications in healthcare. The proof-of-concept study combines HL7, FHIR and, SNOMED-CT (Systematized Nomenclature of Medicine Clinical Terms) vocabularies to achieve semantic and structural interoperability [24]. It demonstrates the effectiveness of a PHR system for bidirectional communication with EHRs. It ensures 0% data loss and reliable performance during data transfer. Hoang et al. [25] explores the use of blockchain technology to secure and manage health records, emphasizing the importance of data privacy and integrity. It discusses various blockchain frameworks and their applications in healthcare. It provides insights into the challenges and benefits of integrating blockchain into health information systems. Roehrs et al. [26] reviews the potential of blockchain technology to improve the security, privacy and interoperability of EHR. It discusses the challenges and benefits of integrating blockchain into health information systems. It provides a comprehensive analysis of blockchain's impact on healthcare. Khan et al discusses the applications, challenges and solutions of using blockchain and generative AI in healthcare [27]. The study also addresses scalability, energy usage and interoperability issues. Kim et al. [28] investigates the use of blockchain technology in healthcare, focusing on its ability to secure patient data and improve the efficiency of health data exchanges. It provides a comprehensive analysis of blockchain's impact on healthcare systems. Karthikeyan et al. [29] provides an overview of blockchain applications in healthcare and emphasizes the importance of data security and patient privacy. It includes case studies and practical implementations of blockchain in health information systems.

It is clear from the literature review that PHR has become an important tool in healthcare. It allows patients to actively get involved in their healthcare. It provides better access to health services. However, there are challenges in terms of achieving interoperability, security and privacy simultaneously for the widespread adoption of PHR. HL7 and its FHIR standards have made advances in addressing interoperability. However, there exists a gap in ensuring robust security and privacy. Blockchain can facilitate health data sharing solutions and enhance data security and confidentiality. Their integration with FHIR-compliant PHR systems need to be explored further. The following sections present the architecture of proposed system that bridges this gap. The proposed architecture is a blockchain based and is HL7-compliant PHRs providing core FHIR functional requirements.

Proposed System

The proposed system is designed to meet several essential functional requirements. These requirements fulfill the needs of its various stakeholders. The stakeholders are patients, health technicians/doctors and insurance companies. These requirements are outlined below:

Patient Requirements

Patients should be able to create an account, update their personal information, upload documents and add insurance details. These functionalities aim to enhance the quality of services offered by the system. It establishes communication between patients and healthcare providers. It increases patient awareness of current health issues, ensures privacy and provides a secure channel for exchanging PHR data.

Health Technician/Doctor Requirements

Health technicians and doctors should be able to create accounts and update patient information. The system supports various communication methods between health technicians, doctors, patients and insurance companies. Additionally, the system enables doctors to notify patients of urgent health related information.

Insurance Company Requirements

Insurance companies should be able to create accounts and update specific patient information relevant to the patient’s insurance policy for claim processing and approval. As an important beneficiary of the system, insurance companies benefit from secure and immutable communication channels with hospitals and clinics. The system also identifies and labels required information during user registration and access. Furthermore, it allows insurance companies to list their regulations and policies within the platform.

The proposed system must also fulfill several non-functional requirements to ensure its effectiveness and reliability for all stakeholders. These requirements are mentioned below:

• Security: The system ensures secure exchange, sharing, transfer and retrieval of medical records through blockchain technology, which uses hash functions to encrypt data
• Privacy and Integrity: The system safeguards PHRs from unauthorized access or misuse and uses blockchain properties to prevent data tampering or alteration
• Interoperability: The system supports efficient sharing of PHRs by using an FHIR interface. It ensures that data is readable and understandable by all healthcare providers
• Scalability: As the amount of patient data is growing, the system is designed to be extensible and capable of handling large-scale data
• Availability: The system ensures 24/7 operational access to PHRs for all users
• Usability: The system provides a user-friendly interface for managing PHRs
• Serviceability: The system enables PHRs to deliver a range of services tailored to the needs of different stakeholders

System Architecture

Overall organization and major components of the proposed systems are elaborated in Figure 1. The proposed architecture is a conceptual model which shows the structure and behavior of the system by representing the internal component and how they interact with each another. It assists in determining how features connect with databases to serve information that is relevant to a user. The system shows interaction of users: Patients with doctors in hospitals and sharing of profiles with insurance companies. This profile and PHRs sharing scheme is taking place on top of FHIR and using private blockchain mechanism.

Figure 1: Proposed system architecture

Evaluation of Proposed System

The proposed system has been successfully implemented using blockchain and FHIR within a client-server model. Significant effort was dedicated to developing the foundational architecture, which serves as the core of the system. A key achievement of the project is the implementation of the server side for personal health records (PHRs) utilizing blockchain technology. The system's foundation involves creating a blockchain network that connects multiple nodes across hospitals and clinics. This network was developed using Spyder IDE for Python, with Postman API employed for testing. The system is managed by a central authority, such as the Ministry of Health, which oversees the addition, deletion, or updating of health providers within the network. Consequently, the blockchain is designed to:

Add a New Node (hospital/clinic) to the Network

The system administrator can add new nodes by providing the necessary information to integrate the hospital or clinic into the blockchain network, as illustrated in Table 1 and Figure 2.

Table 1: Add a new node (hospital/clinic) to network

Figure 2: Add a new node (hospital/clinic) to network

Register Patient Information to a Specific Block

The system administrator can register a patient by entering detailed information, including medical history, identity and contact methods. The registration process is completed by assigning specific values to the required fields, as shown in Table 2 and Figure 3.

Table 2: Register patient info to a specific block

Figure 3: Register patient info to a specific block

The proposed system presents a decentralized architecture to facilitate patients, healthcare providers and insurance companies to securely register, store and manage PHRs in compliance with the FHIR schema. It secures PHR data by using private blockchain to ensure the security and privacy of the PHRs. It provides smooth interoperability and data sharing with hospitals, clinics and insurance companies. Cloud-based model makes robust security, privacy and interoperability possible to deliver innovative solutions to address hitherto elusive critical data security, privacy and interoperability conditions impeding the broad adoption of PHR systems.

Blockchain together with the FHIR standard ensures a high level of security in data exchange. FHIR standards complement the blockchain by providing the necessary rules defining the security and trust of patient information. These rules prevent alterations to health data and other content as long as one or complete authorization keys are present during the process of data exchange. The proof of concept aims to display the potential of implementation of the proposed architecture to improve healthcare data management. This will foster trust, transparency and efficiency in healthcare information systems.

In the future work, Cloud technology for healthcare presents solutions that focuses on data security [30]. The proposed blockchain based system, if fully developed, will be an excellent foundation for future initiatives in developing Clinical Decision Support Systems (DSS), powered by Machine Learning and Generative AI. These systems bestowed with the vital qualities of automating data analysis; they are designed to improve diagnosis and, thus, raise overall patient care by delivering secure and interconnected health records.

Funding statement

This work was supported by the Deanship of Scientific Research, Vice Presidency for Graduate Studies and Scientific Research, King Faisal University, Saudi Arabia [Grant No. KFU250699].

1. Kim, Jeongeun et al., “History and trends of "Personal health record" Research in ” Healthcare Informatics Research, vol. 17, no. 1, March 2011, pp. 3-17. https://e-hir.org/journal/view.php? number=621.

2. Tenforde, Mark et al., “The value of personal health records for chronic disease management: What do we know?.” Family Medicine, 43, no. 5, May 2011, pp. 351-354. https://pubmed.ncbi.nlm.nih.gov/ 21557106/.

3. Li, Han et al., “Examining the decision to use standalone personal health record systems as a trust-enabled fair social contract.” Decision Support Systems, 57, January 2014, pp. 376-386. https://dl.acm. org/doi/10.1016/j.dss.2012.10.043.

4. Wang, Tiankai and Diane Dolezel, “Usability of web-based personal health records: An analysis of consumers' perspectives.” Perspectives in Health Information Management, 13, April 2016. https://pub med.ncbi.nlm.nih.gov/27134611/.

5. Fylan, Fiona et al., “Making it work for me: Beliefs about making a personal health record relevant and useable.” BMC Health Services Research, 18, June 2018. https://pmc.ncbi.nlm.nih.gov/articles/ PMC6001055/.

6. Azaria, Asaph, et al., “Medrec: Using blockchain for medical data access and permission management.” Proceeding of the 2nd International Conference on Open and Big Data (OBD), August 22-24, 2016, IEEE, Vienna, Austria,, pp. 25-30. https://ieeexplore.ieee.org/ document/7573685.

7. Chen, Guang, et al., “Exploring blockchain technology and its potential applications for ” Smart Learning Environments, vol. 5, no. 1, January 2018. https://slejournal.springeropen.com/articles/10. 1186/s40561-017-0050-x.

8. Crosby, Michael, et al., “Blockchain technology: Beyond bitcoin.” Applied Innovation Review, vol. 10, 2016, pp. 6-19.

9. Swan, Melanie, “Blockchain thinking: The brain as a decentralized autonomous corporation [Commentary].” IEEE Technology and Society Magazine, 34, no. 4, December 2015, pp. 41-52. https://iee explore.ieee.org/document/7360255.

10. Anjum, Ashiq, et al., “Blockchain standards for compliance and trust.” IEEE Cloud Computing, 4, no. 4, October 2017, pp. 84-90. https:// ieeexplore.ieee.org/document/8066010.

11. Alhadhrami, Zainab, et al., Introducing Blockchains for Healthcare. Proceeding of the International Conference on Electrical and Computing Technologies and Applications (ICECTA). November 21-23, 2017, IEEE, Ras Al Khaimah, United Arab Emirates.

12. High, Donald R. et al., Obtaining a medical record stored on a blockchain from a wearable deviceS. Patent Application No. 15/840,589 2018, https://patentimages.storage.googleapis.com/c6/06/ 52/dae62db211fa50/US20180167200A1.pdf.

13. Kaur, Harleen et al., “A proposed solution and future direction for blockchain-based heterogeneous medicare data in cloud environment.” Journal of Medical Systems, 42, no. 8, 2018. https://link.springer. com/article/10.1007/s10916-018-1007-5.

14. Esposito, Christian, et al., “Blockchain: A panacea for healthcare cloud-based data security and privacy?.” IEEE Cloud Computing, 5, no. 1, March 2018, pp. 31-37. https://ieeexplore.ieee.org/ abstract/document/8327543.

15. Bhutta, Muhammad Nasir Mumtaz et al., “A survey on blockchain technology: Evolution, architecture and ” IEEE Access, vol. 9, April 2021, pp. 61048-61073. https://ieeexplore.ieee.org/ document/9402747.

16. Uddin, Md Ashraf et al., “A patient agent to manage blockchains for remote patient monitoring.” Transforming Healthcare Through Innovation in Digital Health, 254, 2018, pp. 105-115. https:// ebooks.iospress.nl/publication/50451.

17. Zhang, Aiqing and Xiaodong Lin, “Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain.” Journal of Medical Systems, 42, no. 8, June 2018. https://link.springer.com/article/10.1007/s10916-018-0995-5.

18. Dubovitskaya, Alevtina et al., “Secure and trustable electronic medical records sharing using blockchain.” AMIA Annual Symposium Proceedings, 2017, April 2018, pp. 650-659. https://pmc.ncbi. nlm.nih.gov/articles/PMC5977675/.

19. Zhou, Lijing et al., “MIStore: A blockchain-based medical insurance storage system.” Journal of Medical Systems, 42, no. 8, July 2018. https://pubmed.ncbi.nlm.nih.gov/29968202/.

20. Fan, Kai et al., “Medblock: Efficient and secure medical data sharing via blockchain.” Journal of Medical Systems, 42, no. 8, June 2018. https://pubmed.ncbi.nlm.nih.gov/29931655/.

21. Reegu, Faheem Ahmad et al., “Blockchain-based framework for interoperable electronic health records for an improved healthcare system.” Sustainability, 15, no. 8, April 2023. https://www.mdpi. com/2071-1050/15/8/6337.

22. Lee, Hsiu-An et al., “An architecture and management platform for blockchain-based personal health record exchange: Development and usability study.” Journal of Medical Internet Research, 22, no. 6, June 2020. https://pubmed.ncbi.nlm.nih.gov/32515743/.

23. Gohar, Ahmad Nabil et al., “A patient-centric healthcare framework reference architecture for better semantic interoperability based on blockchain, cloud and ” IEEE Access, vol. 10, August 2022, pp. 92137-92157. https://ieeexplore.ieee.org/document/9869824.

24. Chatterjee, Ayan et al., “HL7 FHIR with SNOMED-CT to achieve semantic and structural interoperability in personal health data: A proof-of-concept study.” Sensors, 22, no. 10, May 2022. https:// pubmed.ncbi.nlm.nih.gov/35632165/.

25. Hoang, Hien Do et al., “A blockchain-based secured and privacy-preserved personal healthcare record exchange system”. Proceeding of the 2021 IEEE International Conference on Machine Learning and Applied Network Technologies (ICMLANT), 2021, IEEE, Soyapango, El Salvador.

26. Roehrs, Alex et al., “OmniPHR: A distributed architecture model to integrate personal health records.” Journal of Biomedical Informatics, 71, July 2017, pp. 70-81. https://pubmed.ncbi.nlm.nih.gov/ 28545835/.

27. Mazhar, Tehseen et al., “Generative AI, IoT and blockchain in healthcare: Application, issues and solutions.” Discover Internet of Things, 5, no. 1, January 2025. https://link.springer.com/article/ 10.1007/s43926-025-00095-8.

28. Kim, Tong Min et al., “Self-sovereign management scheme of personal health record with personal data store and decentralized identifier.” Computational and Structural Biotechnology Journal, 28, November 2024, pp. 16-28. https://pubmed.ncbi.nlm.nih.gov/ 39868001/.

29. Karthikeyan, V. et al., Creative strategies to protect patients’ health records and confidentiality using blockchain technology Blockchain Enabled Solutions for the Pharmaceutical Industry, pp. 275-318, 2024, https://colab.ws/articles/10.1002%2F9781394287970.ch14.

30. Sachdeva, Sonali et al., “Unraveling the role of cloud computing in health care system and biomedical sciences.” Heliyon, 10, no. 7, April 2024. https://pmc.ncbi.nlm.nih.gov/articles/PMC11004887/.