Decentralized Security in Blockchain-Based Digital Health Systems: Self-Sovereign Identity, Access Control, and Auditing with Smart Contracts

The expansion of Digital Health brings increasing data privacy and security challenges, mainly due to data collection by service providers and third parties. The decentralized approach of Self-Sovereign Identity emerges as a solution, offering users direct control over their data. This paper proposes the SmartMed system for controlling access to private medical data by attribute-based access control implemented on smart contracts. The paper investigates the performance limitations of the Ethereum, Besu, and HyperLedger Fabric blockchain platforms in controlling access to medical data. The proposal develops smart contracts to perform attribute-based access control and to store log records on the blockchain, highlighting the detailed performance analysis on both tested platforms. The results reveal the superiority of the HyperLedger Fabric platform over Ethereum and Besu, indicating a higher transaction throughput. Our proposal innovates by proposing a system based on smart contracts to guarantee the authenticity of medical data, complemented by the use of Keycloak in managing access to healthcare systems.