B-PACIoT: A Hybrid Blockchain-Based Framework for Scalable, Secure and Privacy-Preserving EHR Management in IoT-Driven Healthcare
Securing the Electronic Health Records (EHRs) in Blockchain based Internet of Things (IoT) healthcare systems remains a big challenge due to the computational constraints, privacy concerns, and scalability limitations. This paper introduces Blockchain-based Privacy-preserving, Access-controlled, and Cost-efficient IoT Healthcare Framework (B- PACIoT), a novel three-layer framework that uniquely integrates the zk-Rollups-based transaction batching, Ciphertext-Policy Attribute-Based Encryption )CP-ABE( based access control, and edge-assisted Advanced Encryption Standard with 128-bit key )AES-128( decryption to deliver the scalable, privacy-preserving, and cost-efficient EHR management solutions in Blockchain and IoT driven healthcare. Unlike the existing IoT frameworks, our B-PACIoT offloads heavy decryption tasks to edge servers while maintaining the privacy using Zero-Knowledge proofs (zk-SNARKs), which is significantly reducing the computational load on IoT devices. Our framework used zk-Rollups in transaction management for enabling the aggregation of multiple access transactions into a single blockchain proof, minimizing the on-chain overhead and finally improving the throughput. Decentralized Interplanetary File System (IPFS) network is used for secure storage of encrypted EHRs and on-chain ethereum smart contracts are used to manage the metadata anchoring and fine-grained access control. Experimental results proven that, our B-PACIoT framework reduced the transaction costs by 90%, improved the retrieval efficiency by 40%, and achieved the 99.8% of fault-tolerant availability through IPFS replication. Moreover, our B-PACIoT lowers the decryption latency by 85% when compared to the traditional on-chain models. These outcomes from experiments are emphasizing that our B-PACIoT is not just technically novel and but also practically an effective solution for next-generation EHR management in IoT-driven healthcare.
[1] Abou-Nassar E., Iliyasu A., El-Kafrawy P., Song O., and et al., “DITrust Chain: Towards Blockchain-Based Trust Models for Sustainable Healthcare IoT Systems,” IEEE Access, vol. 8, pp. 111223-111238, 2020. https://doi.org/10.1109/ACCESS.2020.2999468
[2] Akkaoui R., Hei X., and Cheng W., “EdgeMediChain: A Hybrid Edge Blockchain- Based Framework for Health Data Exchange,” IEEE Access, vol. 8, pp. 113467-113486, 2020. https://doi.org/10.1109/access.2020.3003575
[3] Akkas M., Sokullu R., and Cetin H., “Healthcare and Patient Monitoring Using IoT,” Internet of Things, vol. 11, pp. 100173, 2020. https://doi.org/10.1016/j.iot.2020.100173
[4] Ali A., Manar H., Mabrouk M., and Zrigui M., “Proposal of a Modified Hash Algorithm to Increase Blockchain Security,” in Proceedings of the Procedia Computer Science, Athens, pp. 3265-3275, 2023. https://doi.org/10.1016/j.procs.2023.10.320
[5] Al-Sumaidaee G., Alkhudary R., and Zilic Z., “Decentralized Storage for Big Data in Healthcare Between Reality and Ambition: IPFS and Sia,” in Proceedings of IEEE International Conference on Big Data (Big Data), Osaka, pp. 6578-6580, 2022. https://doi.org/10.1109/bigdata55660.2022.10020 670
[6] Anusuya R., Dhanaraj K., Ghanasiyaa S., Harshini K., and et al., “Privacy-Preserving Blockchain- Based EHR Using ZK-Snarks,” in Proceedings of the Communications in Computer and Information Science, Coimbatore, pp. 109-123, 2022. https://doi.org/10.1007/978-3-031-15556- 7_8
[7] Attaran M., “Blockchain Technology in Healthcare: Challenges and Opportunities,” 544 The International Arab Journal of Information Technology, Vol. 23, No. 3, May 2026 International Journal of Healthcare Management, vol. 15, no. 1, pp. 70-83, 2022. https://doi.org/10.1080/20479700.2020.1843887
[8] Azbeg K., Ouchetto O., and Andaloussi S., “Access Control and Privacy-Preserving Blockchain-Based System for Diseases Management,” IEEE Transactions on Computational Social Systems, vol. 10, no. 4, pp. 1515-1527, 2022. https://doi.org/10.1109/tcss.2022.3186945
[9] Azbeg K., Ouchetto O., and Andaloussi S., “BlockMedCare: A Healthcare System Based on Iot, Blockchain and IPFS for Data Management Security,” Egyptian Informatics Journal, vol. 23, no. 2, pp. 329-343 2022. https://doi.org/10.1016/j.eij.2022.02.004
[10] Bin Saleem W., Ali H., and AlSalloom N., “A Framework for Securing EHR Management in the Era of Internet of Things,”in Proceedings of the 3rd International Conference on Computer Applications and Information Security, Riyadh, pp. 1-5, 2020. https://doi.org/10.1109/iccais48893.2020.9096788
[11] Chawla S. and Gupta N., “Performance Analysis of the Proxy-Based and Collusion-Resistant Revocable CPABE Framework,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 35, no. 1, pp. 378-387, 2024. https://doi.org/10.11591/ijeecs.v35.i1.pp378-387
[12] Datta j., Ananya S., Deepak M., Mungara N, and Sarasvathi V., “Framework for Brute-Force Attack Detection Using Federated Learning,” in Proceedings of the Broadband Communications, Networks and Systems, Hyderabad, pp. 64-73, 2025. https://doi.org/10.1007/978-3-031-81168-5_7
[13] De Oliveira M., Verginadis Y., Reis L., Psarra E., and et al., “AC-ABAC: Attribute-Based Access Control for Electronic Medical Records During Acute Care,” Expert Systems with Applications, vol. 213, pp. 1-12, 2023. https://doi.org/10.1016/j.eswa.2022.119271
[14] Dhulavvagol P., Totad S., and Anagal A., “SHARD-FEMF: Adaptive Forensic Evidence Management Framework Using Blockchain Sharding and IPFS,” The International Arab Journal of Information Technology, vol. 21, no. 2, 2024. DOI:https://doi.org/10.34028/iajit/21/2/1
[15] Dragnoiu A. and Olimid R., “Towards an Identity Management Solution on Arweave,” arXiv Preprint, vol. arXiv:2412.13865v3 pp. 1-38, 2024. https://doi.org/10.48550/arxiv.2412.13865
[16] Egala S., Pradhan A., Dey P., BadarlaV., and Mohanty S., “Fortified-Chain 2.0: Intelligent Blockchain for Decentralized Smart Healthcare System,” IEEE Internet of Things Journal, vol. 10, no. 14, pp. 12308-12321, 2023. https://doi.org/10.1109/jiot.2023.3247452
[17] ElSayed Z., Abdelgawad A., and Elsayed N., “Cybersecurity and Frequent Cyber Attacks on IoT Devices in Healthcare: Issues and Solutions,” arXiv Preprint, vol. arXiv:2501.11250v1, pp. 1-7, 2025. https://doi.org/10.48550/arxiv.2501.11250
[18] Gao H., Huang H., Xue L., Xiao F., and Li Q., “Blockchain-Enabled Fine-Grained Searchable Encryption With Cloud-Edge Computing for Electronic Health Records Sharing,” IEEE Internet of Things Journal, vol. 10, no. 20, pp. 18414-18425, 2023. https://doi.org/10.1109/jiot.2023.3279893
[19] Guidi B., Michienzi A., and Ricci L., “Evaluating the Decentralisation of Filecoin,” in Proceedings of the 3rd International Workshop onDistributed Infrastructure for the Common Good, pp.13-18, 2022. https://doi.org/10.1145/3565383.3566108
[20] Hamouid K. and Mohammedi M., “Dynamic and Flexible Access Control for IoT-Enabled Smart Healthcare,” International Symposium on Networks, Computers and Communications HAL (Le Centre pour la Communication Scientifique Directe), Doha, Qatar, pp. 1-6, 2023. https://doi.org/10.1109/isncc58260.2023.103239 89
[21] Husnain G., Ullah Z., Mohmand M., Qadir M., and et al., “HealthChain: A BlockchaināBased Framework for Secure and Interoperable Electronic Health Records (EHRs),” IET Communications, vol. 18, no. 19, pp. 1451-1473 2024. https://doi.org/10.1049/cmu2.12839
[22] Immanuel S., Jenefa A., Naveen V., Santhiya P., and et al., “CloudSec Innovation: Enhanced Data Security with Multi-Tier Encryption Systems,” in proceedings of the 8th International Conference on Inventive Systems and Control, Coimbatore, pp. 582-587, 2024. https://doi.org/10.1109/icisc62624.2024.00102
[23] Jayabalan J. and Jeyanthi N., “Scalable Blockchain Model Using Off-Chain IPFS Storage for Healthcare Data Security and Privacy,” Journal of Parallel and Distributed Computing, vol 164, no. 8, pp. 152-167, 2022. https://doi.org/10.1016/j.jpdc.2022.03.009
[24] Jun M., “Platform Framework for Blockchain- Enhanced Healthcare AIoT Systems,” Frontiers in Communications and Networks, vol. 6, pp. 1- 18, 2025. https://doi.org/10.3389/frcmn.2025.1538965
[25] Jyosthna P., Mandapati A., Teja M., Ray S., and Kumar B., “Enhancing Security and Flexibility with Combined RBAC and ABAC Access Control Models,” in Proceedings of the 10th International Conference on Communication and Signal Processing, Melmaruvathur, pp. 576-581, 2024. https://doi.org/10.1109/iccsp60870.2024.10543482
[26] Kacem T., Tossou S., and Muir A., “Detecting Cyber Attacks in Healthcare IoT Systems,” in Proceedings of the International Conference on AI B-PACIoT: A Hybrid Blockchain-Based Framework for Scalable, Secure and Privacy-Preserving ... 545 x Data and Knowledge Engineering, Tokyo, pp. 80-85, 2024. https://doi.org/10.1109/aixdke63520.2024.00022
[27] Kaushal R. and Kumar N., “Exploring Hyperledger Caliper Benchmarking Tool to Measure the Performance of Blockchain Based Solutions,” in Proceedings of the 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), Noida, pp. 1-6, 2024. https://doi.org/10.1109/icrito61523.2024.10522188
[28] Kumar M., Mukherjee P., Verma S., Kavita., and et al., “BBNSF: Blockchain-Based Novel Secure Framework Using RP2-RSA and ASR-ANN Technique for IoT Enabled Healthcare Systems,” Sensors, vol. 22, no. 23, pp. 1-16, 2022. https://doi.org/10.3390/s22239448
[29] Kundu R., Gehrmann C., and Kihl M., “A Comprehensive Robustness Analysis of Storj DCS Under Coordinated DDoS Attack,” in Proceedings of the IEEE 29th International Conference on Parallel and Distributed Systems, Ocean Flower Island, pp. 659-666, 2023. https://doi.org/10.1109/icpads60453.2023.00102
[30] Liang X., Liu Y., and Ning J., “An Access Control Scheme with Privacy-Preserving Authentication and Flexible Revocation for Smart Healthcare,” IEEE Journal of Biomedical and Health Informatics, vol. 28, no. 6, pp. 3269-3278, 2024. https://doi.org/10.1109/jbhi.2024.3391218
[31] Mohanakrishnan S. and Gokila S., “Etherdoc: Ensuring Security and Integrity for Digital Certificates using Blockchain,” in Proceedings of the International Conference on Visual Analytics and Data Visualization, Tirunelveli, pp. 218-225. 2025. https://doi.org/10.1109/icvadv63329.2025.10960954
[32] Mole J. and Shaji R., “Ethereum Blockchain for Electronic Health Records: Securing and Streamlining Patient Management,” Frontiers in Medicine, vol. 11, pp. 1-17, 2024. https://doi.org/10.3389/fmed.2024.1434474
[33] Moody G. and Mark R., “The Impact of the MIT- BIH Arrhythmia Database,” IEEE Engineering in Medicine and Biology Magazine, vol. 20, no. 3, pp. 45-50, 2001. https://doi.org/10.1109/51.932724
[34] Myrzashova R., Alsamhi S., Shvetsov A., Hawbani A., and Wei X., “Blockchain Meets Federated Learning in Healthcare: A Systematic Review with Challenges and Opportunities,” IEEE Internet of Things Journal, vol. 10, no. 16, pp. 14418-14437, 2023. https://doi.org/10.1109/JIOT.2023.3263598
[35] Ogundoyin I., Ogunbiyi D., Adebanji S., and Okeyode Y., “Comparative Analysis and Performance Evaluation of Cryptographic Algorithms,” UNIOSUN Journal of Engineering and Environmental Sciences, vol. 4, no. 1, pp. 39- 47, 2022. https://doi.org/10.36108/ujees/2202.40.0140
[36] Pal S., Hitchens M., Varadharajan V., and Rabehaja T., “Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things,” EAI Endorsed Transactions on Industrial Networks and Intelligent Systems, vol. 4, no. 13, pp. 1-18, 2018. https://doi.org/10.4108/eai.20-3-2018.154370
[37] Panda S. and Satapathy S., “An Investigation into Smart Contract Deployment on Ethereum Platform Using Web3.js and Solidity Using Blockchain,” in Proceedings of the Advances in Intelligent Systems and Computing, vol. 1407, pp. 549-561, 2021. https://doi.org/10.1007/978-981- 16-0171-2_52
[38] Pathak A., Al-Anbagi I., and Hamilton H., “Blockchain-Enhanced Zero Knowledge Proof- Based Privacy-Preserving Mutual Authentication for IoT Networks,” IEEE Access, vol. 12, pp. 118618-118636, 2024. https://doi.org/10.1109/access.2024.3450313
[39] Paul J., “Distributed Serverless Architectures on AWS,” Apress, 2023. https://doi.org/10.1007/978-1-4842-9159-7
[40] Praseed A. and Thilagam P., “Multiplexed Asymmetric Attacks: Next-Generation DDoS on HTTP/2 Servers,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1790-1800, 2020. https://doi.org/10.1109/tifs.2019.2950121
[41] Rashid M., Parah S., Wani A., and Gupta S., “Securing E-Health IoT Data on Cloud Systems Using Novel Extended Role Based Access Control Model,” in Proceedings of the Internet of Things, Springer, pp. 473-489, 2020. https://doi.org/10.1007/978-3-030-37468-6_25
[42] Rizzardi A., Sicari S., Jesus F., Cevallos M., and Coen-Porisini A., “IoT-Driven Blockchain to Manage the Healthcare Supply Chain and Protect Medical Records,” Future Generation Computer Systems, vol. 161, no. 1, pp. 415-431, 2024. https://doi.org/10.1016/j.future.2024.07.039
[43] Rohini K, Subramanian R., and Soman G., “Improving Data Security and Scalability in Healthcare System Using Blockchain Technology,” Scalable Computing Practice and Experience, vol. 25, no. 5, pp. 3440-3452, 2024. https://doi.org/10.12694/scpe.v25i5.3164
[44] Salunkhe V. and Rajkumar S., “Integrating Zk- Rollup and Blockchain for Scalable and Secure Healthcare Data Management,” SSRN, pp. 1-21, 2025. https://doi.org/10.2139/ssrn.5070850
[45] Samantray B. and Reddy H., “A Novel Secure Supply Chain for Smart Healthcare Systems: An Approach to Leverage Blockchain, Keccak-256, and ZKP for Drug Safety Assurance,” Peer-to- 546 The International Arab Journal of Information Technology, Vol. 23, No. 3, May 2026 Peer Networking and Applications, vol. 18, no. 1, pp. 1-17, 2024. https://doi.org/10.1007/s12083- 024-01832-6
[46] Shah W., “Preserving Privacy and Security: A Comparative Study of Health Data Regulations- GDPR vs. HIPAA,” International Journal for Research in Applied Science and Engineering Technology, vol. 11, no. 8, pp. 2189-2199, 2023. https://doi.org/10.22214/ijraset.2023.55551
[47] Shi G., Qi M., Zhong Q., Li N., and et al., “MedAccessX: A Blockchain-Enabled Dynamic Access Control Framework for IoMT Networks,” Sensors, vol. 25, no. 6, pp. 1-28, 2025. https://doi.org/10.3390/s25061857
[48] Singh M., Kumar S., Garg T., and Pandey N., “Penetration Testing on Metasploitable 2,” International Journal of Engineering and Computer Science, vol. 9, no. 5, pp. 25014-25022, 2020. https://doi.org/10.18535/ijecs/v9i05.4476
[49] Sowjanya K., Dasgupta M., and Ray S., “A Lightweight Key Management Scheme for Key- Escrow-Free ECC-Based CP-ABE for IoT Healthcare Systems,” Journal of Systems Architecture, vol. 117, pp. 102108, 2021. https://doi.org/10.1016/j.sysarc.2021.102108
[50] Sridhar S., Ascigil O., Keizer N., Genon F., and et al., “Content Censorship in the InterPlanetary File System,” arXiv Preprint, vol. arXiv:2307.12212v2, pp. 1-17, 2023. https://doi.org/10.48550/arxiv.2307.12212
[51] Velmurugan S., Prakash M., Neelakandan S., and Martinson E., “An Efficient Secure Sharing of Electronic Health Records Using IoT-Based Hyperledger Blockchain,” International journal of Intelligent Systems, vol. 2024, no.1, pp. 1-16, 2024. https://doi.org/10.1155/2024/6995202
[52] Waheed N., Rehman A., Nehra A., Farooq M., Tariq N., and et al., “FedBlockHealth: A Synergistic Approach to Privacy and Security in IoT-Enabled Healthcare Through Federated Learning and Blockchain,” in Proceedings of the IEEE Global Communications Conference, Kuala Lumpur, pp. 3855-3860, 2023. https://doi.org/10.1109/globecom54140.2023.104 37356
[53] Xie M., Fu Q., Hong H., Ren Z., and et al., “ABBDAC: A Novel Attribute-Based Blockchain Data Access Control Scheme in Cloud Environment,” IEEE Internet of Things Journal, vol. 11, no. 24, pp. 40218-40228, 2024. https://doi.org/10.1109/jiot.2024.3452785
[54] Yang C., Kuo H., and Cheng H., “Ensuring FHIR Authentication and Data Integrity by Smart Contract and Blockchain Enabled NFT,” in Proceedings of the 7th International Conference on Medical and Health Informatics, Kyoto, pp. 123-128, 2023. https://doi.org/10.1145/3608298.3608322
[55] Yuan M., Wang D., Zhang F., Wang S., and et al., “An Examination of Multi-Key Fully Homomorphic Encryption and Its Applications,” Mathematics, vol. 10, no. 24, pp. 1-20, 2022. https://doi.org/10.3390/math10244678
[56] Zhang K., Patki N., and Veeramachaneni K., “Sequential Models in the Synthetic Data Vault,” arXiv Preprint, vol. arXiv:2207.14406v1, pp. 1- 17, 2022. https://doi.org/10.48550/arxiv.2207.14406
[57] Zhou L., Diro A, Saini A., Kaisar S., and Hiep P., “Leveraging Zero Knowledge Proofs for Blockchain-Based Identity Sharing: A Survey of Advancements, Challenges and Opportunities,” Journal of Information Security and Applications, vol. 80, pp. 1-20, 2024. https://doi.org/10.1016/j.jisa.2023.103678
[58] Zilong D. and Alobaedy M., “Blockchain-Based Healthcare Data Management: Analysis and Evaluation of Security, Scalability, and Compliance for Electronic Health Records (EHRs),” in Proceedings of the 5th International Conference on Advances in Electrical, Electronics and Computing Technology, Guangzhou, pp. 1-7, 2025. https://doi.org/10.1109/EECT64505.2025.10966949