Privacy-Preserving Fine-Grained EMR Access Control for IoMT: A Hybrid RBAC-Smart Contract Scheme With Attribute-Based Authorization

The widespread application of medical information systems has promoted the growth of personal electronic medical records (EMRs), which are typically produced in different medical institutions and stored in data centers. Consequently, the data owners no longer retain control over their medical data, nor can they establish access control rules for their EMRs. Therefore, this study designs a patient-centered EMR access control system that integrates decentralized smart contracts and role-based access control (RBAC) to provide fine-grained data access control. In this system, we integrate an RBAC model to achieve user-permission definition and adopt a personalized data access policy definition mechanism to achieve patient-centered data access control. The proposed system allows data owners to define a series of data access policies through smart contracts, achieving decentralized management of data access control permissions. In addition, we analyze the security features of this scheme and design a series of comparative experiments to evaluate the performance. The experimental results show that this system can efficiently achieve access control of personal EMRs and has higher reliability compared to traditional cloud-based EMR sharing systems.