Article Preview
Top1. Introduction
Electronic medical record (EMR) sharing can effectively increase the quality of medical services and reduce the cost of medical care (Liu, Wang, Jin and Li, 2019; Ismail and Materwala, 2020). However, the storage and access of patient medical data are generally managed and controlled by single hospitals (Zhou et al., 2021; Kuo, 2011) In addition, each hospital tends to store its medical data on a cloud server, which hinders medical data sharing.
In traditional cloud-based medical data sharing schemes, medical data are stored in a centralized cloud server controlled by a hospital (Bu et al., 2021). While the hospital’s ability to control medical data resources is strong, the patients’ ability to control medical data resources is weak. This asymmetric structure introduces several security risks; for example, a hospital may arbitrarily tamper with medical data, and the cloud server may be maliciously attacked, which is prone to association with doctor‒patient conflicts(Zhang et al., 2018). Furthermore, the controlled access of medical data in most existing schemes, as well as in actual medical environments, is controlled by hospitals. Hospital nodes use the strong computing ability of cloud servers to process medical data in areas such as access control (Liu, Zhang, Ling and Liu, 2018; Jin et al., 2018), while patient nodes have weak computing ability and low participation in medical data access control (Li, Yu, Zheng, Ren, and Lou, 2013), resulting in an asymmetric control structure. Medical data contain both patient medical record information and hospital treatment protocols. Medical record information often contains patients’ sensitive private information. If such privacy information is leaked, the patient can suffer irreversible losses (El-Meniawy, Rizk, Ahmed and Saleh, 2022).
We aim to solve the aforementioned two asymmetrical problems of traditional cloud-based medical data sharing schemes. By using the distributed storage, tamper-proof, and traceability features of blockchain (Fan et al., 2020; Wang, Tian and Zhu, 2018; Huang, Zhu, Xiao, Sun and Huang, 2020) for the first asymmetric problem, this paper innovatively proposes a cooperation model of cloud and chain (CMCC) for secure medical data sharing wherein a blockchain stores index information for medical data during the request and authorization phases. A cloud server stores electronic medical data ciphertext. Using the CMCC to solve the second asymmetry problem, we design a specific on-chain authorization method based on SM2 and proxy re-encryption. This method realizes patients’ access control of their medical data and ensures the traceability and nonrepudiation of medical data access records. The major contributions of this article are as follows: