Self-sovereign management scheme of personal health record with personal data store and decentralized identifier

Abstract

Conventional personal health record (PHR) management systems are centralized, making them vulnerable to privacy breaches and single points of failure. Despite progress in standardizing healthcare data with the FHIR format, hospitals often lack efficient platforms for transferring PHRs, leading to redundant tests and delayed treatments. To address these challenges, we propose a decentralized PHR management system leveraging Personal Data Stores (PDS) and Decentralized Identifiers (DIDs) in line with the Web 3.0 model. Our system features secure interoperability and personal identification masking. Interoperability is achieved through DID digital certificates for verifying PDS addresses and a dynamic access key (AK) system to minimize credential exposure. Data de-identification, including anonymization and encryption, ensures privacy and prevents unauthorized access. We developed a prototype using the Solid open-source library and Hyperledger Aries protocol. Testing showed efficient performance, with DID validations and AK generation under one second, and data operations for 500 MB-sized PHRs completing in two seconds. De-identification processes were both effective and timely. The system demonstrated the ability to manage PHRs securely, empower users with control over their healthcare data, facilitate seamless and secure data transfer between patients and medical entities, and prevent exposure of sensitive information. This approach advances decentralized PHR management, supporting improved healthcare outcomes and patient experiences in the digital era.