APPROACH TO A DECENTRALIZED PHYSICIAN-ORIENTED EHR ARCHITECTURE WITH CRYPTOGRAPHIC PROTECTION

Abstract

Modern electronic health record (EHR) systems face challenges related to security, privacy, and accessibility, especially in centralized architectures where there are risks of database compromise, data leakage, and limited interoperability between institutions and/or data storage nodes. Distributed systems in which servers operate autonomously without requiring constant connectivity demand decentralized solutions with cryptographic protection and minimal user-side requirements. A physician-centric approach enables medical institutions to optimize workflow within a trusted environment while preserving transparency for patients regarding data access.

The proposed architecture combines local physician nodes with a shared archival registry node used for long-term data storage and patient access. Protection is achieved through envelope encryption with combined DEKs, daily rotation of server keys, and internal hash chains for detecting unauthorized modifications. The system supports profile migration between nodes, exchange of signed data within a local network, and offloading of completed records to the registry to optimize resource usage.

A key principle is transparency: any data decryption is accompanied by a patient notification, and if the notification subsystem is unavailable, the operation is not performed. Access is logged with identification of the entity performing the decryption. Profile creation begins on the physician’s node: data are encrypted with a combined DEK, and hash chains ensure integrity. Two independently encrypted copies of the user key enable administrators to restore access without exposing key material. Data exchange between physicians occurs within the local network with signature verification, making the system resilient to failures.