Electronic Medical Records (EMRs) are mandatory in Indonesia following the Ministry of Health regulation, which raises significant challenges in data security and patient-centric access control. Current implementations rely on centralized healthcare systems or third-party vendors, creating risks of unauthorized access, data leakage, and uncertain data integrity. To address these issues, this study proposes DecMed, a decentralized EMR management framework built on IOTA Distributed Ledger Technology (DLT). DecMed integrates Capability-Based Access Control (CapBAC), Proxy Re-Encryption (PRE), and the InterPlanetary File System (IPFS) to enforce patient ownership of medical data. Patients actively grant or revoke access, define access duration, and selectively share data with healthcare personnel. The system is implemented using smart contracts in the Move programming language on the IOTA ledger, while encrypted clinical data is stored on IPFS. Evaluation through unit testing of various unauthorized access scenarios demonstrates that DecMed effectively enforces fine-grained access rules, preserves data confidentiality and integrity, and ensures compliance with national healthcare requirements.
Purnama et al. (Tue,) studied this question.