Healthcare Data Security and Privacy Protection Framework Based on Dual Channel Blockchain

Abstract

The integration of blockchain technology with healthcare digitalization has the potential to improve data management, reduce administrative costs, increase data security and privacy, and enhance querying capabilities. However, in the traditional blockchain model, all data and transactions are processed and stored in a single, unified ledger, and all participants have access to the same data, which raises privacy concerns and poses congestion issues with an increased number of transactions. It becomes even more problematic in healthcare, where data confidentiality is essential. In literature, centralized storage utilizing cloud-based solutions is employed to manage large volumes of data, restricting information sharing beyond the institution. Additionally, the direct storage of massive data on the blockchain impacts the performance and scalability of the system. In this paper, to address these issues and ensure the security and rapid retrieval of healthcare information, a framework is proposed, which involves the implementation of a dual-channel blockchain architecture combined with two robust cryptographic algorithms, i.e., Rivest-Shamir-Adleman (RSA) and Advanced Encryption Standard (AES). These encryption techniques deliver safe data transmission via RSA and efficient data storage via AES, offering a secure mechanism to prevent unauthorized access and data breaches. In addition, private data collection is incorporated to securely store confidential patient information, guaranteeing privacy, security, and limited access. Also, an Access Control List (ACL) is defined for different users to implement access permissions, i.e., grant and revoke access to viewers while sharing information. Moreover, an off-chain storage InterPlanetary File System (IPFS) is used to improve scalability. The performance evaluation is performed by conducting experimental simulations, where critical performance indicators such as throughput and latency are measured across different transaction rates, channels, and rate controllers. Moreover, the proposed framework classifies smart contract functions into query and invoke/write transactions, enhancing the efficiency of data retrieval. Further, the functionality and security analysis of the proposed framework is discussed. The results demonstrate that the proposed approach is highly capable of preserving security and privacy standards while also assuring efficient management and accessibility of data in healthcare applications.