GDPR-Compliant Personal Health Record Sharing Mechanism with Redactable Blockchain and Revocable IPFS

The use of IoT technology in collecting personal health records (PHR) within the eHealth environment is a growing trend. However, data integrity is a concern as cloud service providers (CSPs) often cannot guarantee it. Blockchain technology offers a solution to guarantee data integrity and traceability. However, the immutability of traditional blockchain conflicts with GDPR's requirements. To address scalability and privacy concerns, we have designed a comprehensive scheme that integrates the redactable blockchain with the existing revocable IPFS mechanism. Our scheme overcomes the disadvantage of residual downloading information in the traditional blockchain. Additionally, we have developed an enhanced proxy re-encryption scheme that simplifies access control for physicians without the need for complex group key management. Unlike traditional blockchains and P2P file sharing systems, our PHR platform allows for selective removal of records and files while maintaining auditable logs. Evaluation results demonstrate that our proposed scheme effectively enhances the exclusive revocation feature with acceptable overheads. To the best of our knowledge, this is the first work to provide the merit of fully complete record and file revocation on a blockchain-based system.